In this interview at Black Hat Asia 2024, we spoke with Adrian Wood and Mary Walker, security engineers from Dropbox, about the critical issues surrounding AI security, backdoors, and malware.

Adrian and Mary explained that many users rely on pre-existing machine learning (ML) models from public repositories rather than creating their own. This introduces vulnerabilities similar to those found in open-source software. Using in-house data requires careful handling to avoid bias and unintended consequences, while third-party models can be compromised.

They emphasized that downloading and running models from the internet can introduce malware. Attackers can backdoor models to alter their functions or insert malicious code, posing significant threats, especially in sensitive industries.

Adrian and Mary also stressed the importance of understanding the ML environment, ensuring proper logging, and having incident response plans in place. Companies should prepare by conducting tabletop exercises and securing their supply chains.

For more educational information on machine learning: https://gist.github.com/5stars217/236bab5d1d8d50e9785a4136aca8cf20

--------

Dropbox, Security Engineer - Adrian Wood, aka threlfall, currently works for Dropbox on their red team. He has worked as a red team consultant for WHITEHACK, a company he founded, and later as a lead engineer for an offensive security research team at a US bank. His research recently has been in supply chain attacks on CI/CD and ML systems, which includes maintaining the offsec ml playbook and has presented on these topics at DEFCON 30, 31, the DEFCON AI village, Cackalackycon and more.

Dropbox, Security Engineer - Mary Walker, aka mairebear, currently works for Dropbox on their threat intelligence team; she splits her time at work between research (primarily focused on ML) and building tooling to help her team move faster. She's previously worked at a major online retailer on their malware analysis and forensics team, a US bank on their red team, and an energy company in their SOC. Her background is primarily in DFIR and malware analysis, with a keen interest in production environments.

Recorded 18th April 2024, 4.30pm, BlackHat Asia 2024, Singapore

#BHAsia #mysecuritytv #blackhat

Now in its fourth year we'll be starting this year's series at a heightened time of risk and significant activity across the security domain - the opening episodes will be discussing how these events impact private security and emergency services and what may be the broader requirements and implications.

To open the series, which will run regular episodes of live webinars, pre-recorded interviews and in-person events, we wanted to open with the current state of play – regional conflicts in the Middle East and Europe with a steadily growing risk of an Indo-Pacific conflict and how this will and may impact on the private security and emergency management sector.

In this episode we're joined by:

Paul Riley, Director, Foreign Risk at Curtin University

Bryan de Caries, CEO, Australian Security Industry Association

Dr Shannon Ford, Faculty of Humanties, Curtin University

Prof Sissel Jore, visiting Professor with Edith Cowan University

Webinar title: Requirements and implications on the private security sector in a phase of multi-region conflict

• Implications of war (and pre-war) in the Indo-Pacific and impacts on the private security sector

• Alignment and consistency of national security advice

• Trust in information systems and delivery/interpretation

• Current and required national response frameworks should war break out in the Indo-Pacific

• Learning outcomes from the Pandemic – what went wrong and what needs to change?

#mysecuritytv

Now in its fourth year we'll be starting this year's series at a heightened time of risk and significant activity across the security domain - the opening episodes will be discussing how these events impact private security and emergency services and what may be the broader requirements and implications.

To open the series, which will run regular episodes of live webinars, pre-recorded interviews and in-person events, we wanted to open with the current state of play – regional conflicts in the Middle East and Europe with a steadily growing risk of an Indo-Pacific conflict and how this will and may impact on the private security and emergency management sector.

In this episode we're joined by:

• Dr Malcolm Davis, Senior Analyst, ASPI

• Stephen Beaumont AM, Chair, Critical Infrastructure ISAC and

• Gill Savage, Senior Fellow, ASPI

Webinar title: Requirements and implications on the private security sector in a phase of multi-region conflict

• Implications of war (and pre-war) in the Indo-Pacific and impacts on the private security sector

• Alignment and consistency of national security advice

• Trust in information systems and delivery/interpretation

• Current and required national response frameworks should war break out in the Indo-Pacific

• Learning outcomes from the Pandemic – what went wrong and what needs to change?

#mysecuritytv

We speak with Alina Tan, Ethical Hacker and Security Architect based in Singapore.

Alina is a former Top 30 Women in Cybersecurity Singapore (now the Top Women in Security ASEAN Region Awards).

GISEC Global 2024 attracted more than 20,000 attendees from over 130 countries to the Dubai World Trade Center. Taking place over three days, April 23-25, the event provides a platform for more than 750 brands to showcase their innovations.

#gisec #gisecglobal #mysecuritytv #womenincybersecurity #topwomeninsecurityASEAN

We speak with Col Francel Margareth Padilla-Taborlupa, Armed Forces of the Philippines Spokesperson.

A C4S Officer with 27 years experience in Technology and Security, Francel is an International Lecturer, Moderator/Panelist and experienced Information Technology Professional with a demonstrated history of working in the Army Management Information Center catering to IS needs for the whole Armed Forces of the Philippines.

Francel is a former Top Women in Security ASEAN Region Awards finalist and Judge.

GISEC Global 2024 attracted more than 20,000 attendees from over 130 countries to the Dubai World Trade Center. Taking place over three days, April 23-25, the event provides a platform for more than 750 brands to showcase their innovations.

#gisec #gisecglobal #mysecuritytv #topwomeninsecurityASEAN #womenincybersecurity

We speak with THNG, Chin Hwee, Vice President, Public Safety & Security, ST Engineering and NG Yeow Boon, Deputy Chief Executive (Development), HTX at the inaugural Milipol Asia-Pacific - TechX Summit (MAP-TXS) that took place from 3 to 5 April 2024 at Sands Expo & Convention Centre, Singapore.

Co-organised by Singapore’s HTX, GIE Milipol, and Comexposium Singapore, the biennial event comes under the auspices of the Ministry of Home Affairs, Singapore and the Ministry of the Interior of France. Milipol Asia-Pacific’s trade exhibition will showcase the latest innovations in homeland security, and the TechX Summit will host prominent Government officials, industry leaders, and academia in a high-level conference.

For more information visit https://innovd.stengg.com/spotlight/milipolap-2024?utm_campaign=map24-pss&utm_source=mysec&utm_medium=banner&utm_content=static

#milipolap #milipol #mysecuritytv #stengineering

What are the strategic directions for AI in homeland security. Attending Milipol APAC and TechX Summit 2024, we speak with Physicist and former Yale University Professor, Dimitri Kusnezov, Under Secretary for S&T, US Department of Homeland Security.

Nominated by President Biden in 2021, Dimitri Kusnezov was the deputy under secretary for artificial intelligence and technology at DoE (Energy), leading efforts to drive the use of AI and machine learning across the department’s core missions.

Australia and the United States of America signed a treaty on cooperation in science and technology (S&T) for domestic security on 21 December 2005.

Recorded 4 April, 2024 at the Sands Expo & Convention Centre, Singapore.

#milipolap #mysecuritytv #DHS #homelandsecurity #ai #nationalsecurity #nationalsecurityscience

With the rapidly evolving challenges in global travel, trade, and security, we speak to Australian Border Force Commissioner, Michael Outram APM at the Milipol APAC and TechX Summit 2024 in Singapore.

We discuss how border security been affected by technology and the current landscape, emerging threats, and the importance of fostering collaboration between government and industry to ensure border management has the cutting-edge technologies to ensure security and efficiency.

Recorded 4 April 2024 at the Sands Expo & Convention Centre, Singapore.

#milipolap #maptxs #mysecuritytv #policing #customs #nationalsecurity