For a general Windows user, resetting a lost or forgotten administrative password can be a bit troublesome if you don’t have the proper tools and techniques to reset it, depending on the underlying OS that you’re using. However, there are several third-party free password recovery tools available in the market that can help you reset your password, but that’s not our syllabu here. In this guide, we show you how to reset & recover a lost or forgotten Windows password using a simple Sticky Keys trick.
Sticky Keys enables users to enter key combinations by pressing keys in sequence rather than simultaneously. This is desirable, especially for users who cannot press the keys in combination due to some physical challenges. Although the method of enabling Sticky keys helps simplify various tasks, its system files can be replaced.
You can replace an Ease of Access system file like sethc.exe, with a Command Prompt, and then use cmd.exe to make system changes.
Before proceeding with this method, please make a note of the following:
So if you have a backup it will be good for you.
TIP: Our Ease Of Access Replacer lets you replace Ease of Access button in Windows with useful tools, including CMD.
For resetting the password, you will need a Windows PE bootable drive which can be used to access the command prompt where you will have to set the new password.
Follow the below steps once you have the Windows PE DVD booted and ready.
1. Boot from the Windows PE DVD and open Command Prompt from the Advanced troubleshooting menu.
2. Enter the drive letter where your Operating System is installed, which is usually the C: Drive. Initially, you should be on X: drive which is the default residence for Windows PE.
3. Type in the below command after replacing C with the drive where Windows is installed on your PC.
copy C:\Windows\system32\sethc.exe C:\
4. After taking the backup of the original file, run the below command to replace it in the original location.
copy /y C:\Windows\system32\cmd.exe C:\windows\system32\sethc.exe
The above command should replace the sethc.exe file with the cmd.exe file.
5. Now, restart your PC and navigate to the screen where it requires a password. Press the SHIFT key 5 times.
6. A command prompt window should open where you can enter the below command and reset your account password. You can get the list of current users on your PC by using the command net user.
net user your_account new_password
Well, that’s it! You should be able to reset the password now.
Once you are in, you should replace the cmd.exe file with the original sethc.exe system file.
Read: How to bypass Administrator password in Windows.
Ask a longtime Windows user to share their biggest frustrations about the operating system, and you'll probably get an earful about the headaches of installing and maintaining apps. And for good reason!
For starters, it can be a challenge to find trustworthy downloads. If you're not paying close attention to the results in your search engine, it's easy for a malware author to trick you into clicking a link on a copycat site that installs the app you wanted plus a little something extra. In exact years, this type of search poisoning campaign has been brutally effective at targeting people who are using Google to try to find popular apps like Zoom, TeamViewer, and VLC Media Player.
Also: Windows on Arm redux: Can Microsoft deliver a silicon surprise before year's end?
Even if you find a legit download, keeping that app up to date can be a hassle. And if you miss an important security update, you can find yourself vulnerable to malicious intruders.
If you'd like to reduce the risk of encountering those scenarios and generally simplify your Windows app management burden, allow me to introduce the Windows Package Manager, aka Winget.
All my Linux-centric followers are doing double-takes right now. Wait, a package manager for Windows? Isn't that a Linux thing?
Also: Is Windows 10 too popular for its own good?
Well, yes. In case you haven't noticed, Microsoft has gotten serious about open source in exact years, and one of the results is the Microsoft Community Package Manifest Repository. That's a trustworthy, properly vetted collection of installer files that can be managed with the help of an open-source command-line tool called Winget.
Winget works with all currently supported versions of Windows 10 and Windows 11. Yes, you're going to have to open a command prompt, such as a PowerShell session or a Cmd.exe window, to use Winget. But it's shockingly easy, once you get proficient with a few basic techniques. Trust me, it's worth it.
Also: Here's why Windows PCs are only going to get more annoying
Make sure you're signed in using an account in the administrator's group, then right-click Start and click the appropriate option: Windows PowerShell (Admin) on Windows 10, Terminal (Admin) on Windows 11.
At the resulting command line, you can simply type winget and press Enter to see all your options.
That syntax gives you an idea of what you can accomplish here. Use winget list, for example, to see a list of every program installed on your PC, including those from the Microsoft Store and those that are included with a default installation of Windows.
You can use Winget to download and install a Windows desktop program by adding the install command.
If you're using Windows 10, one of the first things I suggest is using Winget to replace the built-in Windows PowerShell app with the newer, more capable, cross-platform PowerShell 7 and Windows Terminal. (Both are included by default when you install Windows 11.)
Use these commands:
winget install Microsoft.PowerShell
winget install Microsoft.WindowsTerminal
(They're not case-sensitive, so don't worry about capitalization.)
Winget is capable of searching the repository so you can find a program using part of its name or the name of the developer.
If you're looking for Apple's iTunes, for example, you can find it using the following command:
winget search iTunes
As you can see, that search turns up the program you wanted as well as a few others that have iTunes in their name or saved as a tag. Use winget install Apple.iTunes to download and install the app immediately.
(Hint: Mozilla Firefox and every channel of Google Chrome are also available with Winget, so if you're setting up a new PC and want to install either browser, use winget install Mozilla.Firefox or winget install Google.Chrome.
Also: How to downgrade from Windows 11 to Windows 10 (there's a catch)
To see every app available from a publisher, add the --id command (note the two hyphens before the command) followed by the string you want to search for. This command returns a very long list showing every program in the repository that includes Microsoft in its full name: winget search --id Microsoft
If you prefer a web-based search interface, try https://winget.run, which puts a friendlier face on the search results.
The search results page returns a wealth of information about the package you're looking for, including the full command line that you can use to install it. This example includes the command to install Microsoft's free PowerToys utility using the -e and --id switches; together, those options force Winget to use an exact match for the package ID.
Finally (and best of all) you can use Winget to automatically check for apps for any update it's capable of managing. Use the command winget upgrade to see a list of programs that have newer versions available for installation. Using that list, you can update each one manually, or use this command to automate the entire process:
winget upgrade --all
Best of all, this process works on supported apps even if they were originally installed the old-fashioned way, by downloading a full Installer and running Setup. It even works for the many Microsoft runtime libraries (Visual C++ Redistributable packages) that apps install along the way.
I make it a point to check for updates using Winget at least once a month. You should, too.
In June, Russian ransomware group Cuba attacked an organization servicing US critical infrastructure. The cyberattack failed despite the group's use of multiple CVEs, off-the-shelf tools, unique malware programs, and evasion methods.
Cuba is a financially motivated threat actor known for big money ransomware attacks primarily targeting US organizations. In its latest known campaign discovered by BlackBerry, it targeted an American critical infrastructure provider as well as a systems integrator in Latin America.
In the process, the gang exploited two vulnerabilities (CVE-2020-1472 "Zerologon" and CVE-2023-27532), deployed two of its signature malwares (BUGHATCH and BURNTCIGAR) and two off-the-shelf software programs (Metasploit and Cobalt), alongside plenty more programs and techniques dedicated to intrusion and evasion.
The first sign that something was wrong came in May, when an administrator-level login was performed in the target's network using Remote Desktop Protocol (RDP). There was no evidence of any prior failed login attempts or any kind of brute-forcing or exploiting vulnerabilities. Exactly how the attacker obtained valid credentials is not clear, but the BlackBerry researchers noted that Cuba has used initial access brokers to obtain credentials in the past.
Once inside the network, Cuba deployed BUGHATCH, its own custom downloader. BUGHATCH establishes a connection to a command-and-control (C2) server, then downloads attacker payloads. (It can also execute files and commands.) One of BUGHATCH's downloads this time, for example, was Metasploit, which it used to cement its foothold in the target environment.
To escalate privileges and obtain administrator access, the group exploited Zerologon, a 3-year-old vulnerability in Windows' Netlogon Remote Protocol. But Cuba didn't stop with just one vulnerability – it also exploited a high severity 7.5 CVSS-scored bug in the Veeam backup software, with the goal of siphoning the credentials held within its config file.
Cuba's second proprietary malware – BURNTCIGAR – is perhaps its most interesting, used to carry out Bring Your Own Vulnerable Driver (BYOVD) attacks. It exploits the I/O control codes used for communicating with drivers in order to terminate kernel-level processes en masse. In this case, BURNTCIGAR eliminated more than 200 processes largely associated with anti-malware and endpoint products.
Beyond zeroing out anti-malware and endpoint protections, Cuba covered its tracks by moving slowly and deliberately over a period of two months inside of the network.
"It seems it was part of the OpSec not to raise suspicion, by delaying between each action inside of the victim's network," explains Dmitry Bestuzhev, senior director of CTI at BlackBerry. "It's not like they were working minute to minute, hour to hour. It's doing something and then just waiting for a week, and then doing something again."
Since its discovery in 2019, Cuba has been one of the world's most profitable ransomware outfits. According to data from CISA, as of August 2022 the group compromised 101 entities – 65 in the US and 36 elsewhere, demanding a total of $145 million in ransom payments and receiving around $60 million.
The group uses Cuban Revolution references and iconography in its code and its leak site, but ample evidence suggests its members are, in fact, of Russian origin. Prior research revealed a translation mistake in a ransom note suggesting Russian language origins, as well as a 404 error on the group's website that, translated from Russian, read, "Oh, this is 404! blablabla 404 blablabla."
BlackBerry's investigation uncovered further hints of poor Russian translations, as well as a feature for disabling the malware on any host computer operating in Russian or with a Russian keyboard.
To defend against the Russian Cuba, Bestuzhev recommends that organizations place an emphasis on detection technologies, prompt and perhaps automated patching, and investing in advanced threat intelligence.
And if all of that fails, then quick and decisive action must be taken because "if there is a delay – because of the weekend or a lack of resources – it may lead to suffering huge losses," he warns.
The final group Bergeron and Bilodeau observed is the most haphazard: the bards. These people, the researchers say, may have purchased access to the RDP and are using it for a variety of reasons. One person the researchers watched Googled the “strongest virus ever,” Bergeron says, while another tried to access Google Ads.
Others simply tried (and failed) to find porn. “We can see the beginner level he is in, as he searched for porn on YouTube—nothing appears, of course,” Bergeron says, since YouTube doesn’t permit pornography. Multiple sessions were spotted trying to access porn, the researchers say, and these users were always writing in Farsi, indicating they may be trying to access porn in places where it is blocked. (The researchers weren’t able to determine conclusively where many of those accessing the RDP were doing so from.)
Despite this, watching the attackers reveals the way they behave, including some more peculiar actions. Bergeron, who has a PhD in criminology, says the attackers were sometimes “very slow” at doing their work. Often she was “getting impatient” while watching them, she says. “I’m like: ‘Come on, you're not good at that’ or 'Go faster’ or ‘Go deeper,’ or ‘You can do better.’”
In one case, the attacker was dawdling and repeatedly sketching out rectangles on the desktop with their mouse. “It feels like they are on the phone or talking to someone and fooling around,” Bergeron says. In another instance, a password one of the attackers generated may have included their own name.
Bilodeau says the research has provided a wealth of intelligence and information. Often, cybersecurity researchers and those dealing with hackers have to rely on technical logs, which reveal little about the individuals behind the attacks. “We see them install Telegram and they log in on the compromised system,” he says. This can potentially reveal phone numbers, which in turn can be used to identify people, country codes, and more information. “We collect credentials and stuff we, unfortunately, cannot legally use,” he says. Such details could potentially be useful for law enforcement agencies.
There’s also not a huge amount of automation by the attackers, Bilodeau says. Many of those accessing the systems manually click around the system to see what they can find, rather than using tools that could automatically scan the remote desktop.
As well as revealing the behavior of hackers, the research also highlights how frequently RDP is attacked. Stockley, from Malwarebytes, says a exact search he did showed around 2.5 million RDPs are online. Previously, he set up 10 RDPs as honeypots for hackers, and it took one minute and 24 seconds for attackers to start trying to break in. All 10 had been attacked after just 15 hours. “It's an absolute bonanza for cybercriminals,” Stockley says. Attempts to force passwords happened every seven seconds, he says.
GoSecure’s Bilodeau says he believes others should roll out their own traps. For companies, he says, it can show the kind of hackers that may be trying to break into their systems and help convince CEOs to invest more in cybersecurity. In the future, Bilodeau says, GoSecure may start to include files that could be encrypted into the RDP, to encourage more ransomware criminals to spend time in the system. He doesn’t worry that revealing that GoSecure has been recording criminals will stop them. If anything, it may make them change their behavior because they’re being monitored. “If they're more careful, they're going to be slower,” Bilodeau says. “We are raising their cost of attack.”
LAS VEGAS — Microsoft's OneDrive file-sharing program can be used as ransomware to encrypt most of the files on a target machine without possibility of recovery, partly because the program is inherently trusted by Windows and endpoint detection and response programs (EDRs).
"What if I told you that there is a way to encrypt all of your sensitive data, all of your user files, without actually encrypting a single file on your computer?" SafeBreach's Or Yair asked the audience during his presentation at the Black Hat security conference here last on Aug. 10. "And what if I can do that while I'm not even executing code on your computer? And what if I told you that not even a single malicious executable needs to be present on your computer while I do that?"
Microsoft has patched OneDrive so that this attack no longer works on OneDrive client versions 23.061.0319.0003, 23.101.0514.0001 and later. Yair has packaged his OneDrive attack process into an automated tool called DoubleDrive, which works on older version of OneDrive and is available on GitHub at https://github.com/SafeBreach-Labs/DoubleDrive.
"When I started this research, I wanted to create a fully undetectable-by-design ransomware," Yair explained. "I figured I needed a double-agent program."
Local agents from cloud-storage and syncing services such as Dropbox, Google Drive or iCloud would be good candidates, he said. Files could be encrypted in the cloud, which would then be mirrored on the targeted machine.
"They synchronize files on the machine with those online, and they're mass drive applications by default," Yair added.
Read more of SC Media's coverage from Black Hat 2023 here.
None of those were as promising as OneDrive, which has been automatically installed on Windows since 2013 and is touted by Microsoft as a ransomware fail-safe.
"For Microsoft, OneDrive is that shelter against ransomware," Yair said. "It recommends storing your important files on OneDrive."
However, to attack a target machine, he explained, you first need to get into the targeted user's OneDrive account. This was easier than Yair expected.
"OneDrive was so helpful that it just wrote its access token in its logs," he said. "The logs aren't immediately readable, but they can be deciphered using a program found on GitHub that will reveal the access token."
It also turns out that any process running with the current user's permissions can access the user's OneDrive account. Yair managed to exfiltrate the access token by uploading it to the targeted user's OneDrive account, then using OneDrive's Share File feature to email it to himself. (One catch is that the attacker needs to have a valid Microsoft account too.)
"Anyway, we've gained access to the victim's OneDrive account," Yair said. "That lets us create a no-code ransomware that doesn't even run on the victim's computer."
But what about all the files that aren't in the victim's OneDrive folder? How would you encrypt those?
Yair explained that OneDrive lets you create symbolic links called "junctions" inside the OneDrive folder that link to files outside the folder. Files outside the folder can also be synced and encrypted.
Encrypting as many personal files as possible isn't the end of the story. By default, Yair said, OneDrive keeps at minimum 500 previous versions of every file it has handled — even those that have been moved to the Recycle Bin. That feature is there so that victims of ransomware can quickly recover files.
To make recovery much more difficult, Yair said, he had to move all the encrypted files in OneDrive into the Recycle Bin, empty the Recycle Bin, and then recreate the encrypted files in OneDrive. That wasn't possible with OneDrive on Windows, Yair found — but he was able to pull it off using the OneDrive Android client.
That procedure makes file recovery from OneDrive impossible. However, Yair had to contend with yet another anti-ransomware mechanism, this one on the target machine itself: shadow copies. If there's room on the drive, Windows automatically makes hidden copies of each file to aid in ransomware recovery.
Yair found that he could leverage Microsoft SharePoint to gain control of the victim's storage drive and delete shadow copies in the command line. The victim has to be an administrator for this to work, but Yair got around this by exploiting user access controls.
There was one more catch, and it was not completely surmountable. Most EDR programs, including Microsoft Defender for Endpoint, prevent deletion of shadow copies for obvious reasons.
However, Yair said he found two that didn't. Cybereason's protection against shadow-copy deletion could be switched off, and Yair was able to fiddle with SentinelOne's EDR so that it permitted shadow-copy deletion as well.
The victim likely won't know that all of this is happening until it's too late.
"OneDrive even is supposed to have ransomware detection built-in, but I got no notification for my own [OneDrive-based] ransomwware," Yair said. "Also, you can just turn off OneDrive's ransomware-detection setting."
He ran a very impressive demonstration, first manually locating and extracting the OneDrive access token on a target virtual machine. Yair then used his automated DoubleDrive tool to encrypt all the files on the target machine's OneDrive folder, empty the cloud folder, empty the Recycle Bin and delete shadow copies so all the victim had left were the encrypted files on the target machine.
Naturally, this got a round of applause from the Black Hat audience.
"The takeaways are that absolutely no process should be inherently trusted," Yair said. "We should also prepare for more next-gen ransomware like this, and we should invest more in separating access features and security features."
Most of the EDR solutions that Yair contacted about shadow-copy deletion updated their software, he said, although there were a few that didn't respond. He also said that while the OneDrive client has been patched, some of the other techniques he used are still possible in Windows.
The very detailed slides for Yair's Black Hat presentation can be viewed at https://i.blackhat.com/BH-US-23/Presentations/US-23-Yair-One-Drive-Double-Agent-Clouded-OneDrive-Turns-Sides.pdf.
Purpose: An overview of enteral feeding tubes, drug administration techniques, considerations for dosage form selection, common drug interactions with enteral formulas, and methods to minimize tube occlusion is given.
Summary: Enteral nutrition through a feeding tube is the preferred method of nutrition support in patients who have a functioning gastrointestinal tract but who are unable to be fed orally. This method of delivering nutrition is also commonly used for administering medications when patients cannot swallow safely. However, several issues must be considered with concurrent administration of oral medications and enteral formulas. Incorrect administration methods may result in clogged feeding tubes, decreased drug efficacy, increased adverse effects, or drug–formula incompatibilities. Various enteral feeding tubes are available and are typically classified by site of insertion and location of the distal tip of the feeding tube. Liquid medications, particularly elixirs and suspensions, are preferred for enteral administration; however, these formulations may be hypertonic or contain large amounts of sorbitol, and these properties increase the potential for adverse effects. Before solid dosage forms are administered through the feeding tube, it should be determined if the medications are suitable for manipulation, such as crushing a tablet or opening a capsule. Medications should not be added directly to the enteral formula, and feeding tubes should be properly flushed with water before and after each medication is administered. To minimize drug–nutrient interactions, special considerations should be taken when administering phenytoin, carbamazepine, warfarin, fluoroquinolones, and proton pump inhibitors via feeding tubes. Precautions should be implemented to prevent tube occlusions, and immediate intervention is required when blockages occur.
Conclusion: Successful drug delivery through enteral feeding tubes requires consideration of the tube size and placement as well as careful selection and appropriate administration of drug dosage forms.
When oral intake is inadequate or not recommended for a prolonged period of time, patients may require an alternative method of feeding, either enterally or parenterally. Enteral nutrition (EN) through a feeding tube is the preferred method of nutrition support for patients with a functioning gastrointestinal (GI) tract. EN offers several theoretical advantages over parenteral nutrition, including lower cost, greater convenience, decreased infectious complications, and enhanced host immune function. Another beneficial effect includes improved maintenance of GI mucosal structure and function, which could possibly prevent gut atrophy and bacterial translocation.[1,2,3,4]
Another advantage of enteral feeding tubes is that they provide convenient access to the GI tract; therefore, these devices are frequently used for medication administration in patients who cannot swallow safely. Several issues must be considered with concurrent administration of oral medications and enteral formulas, particularly continuous tube feeding, because incorrect administration methods may result in clogged feeding tubes, decreased drug effectiveness, increased adverse effects, or drug–formula incompatibilities. This article provides a general overview of enteral feeding tubes, drug administration techniques, considerations for dosage form selection, common drug interactions with enteral formulas, and methods to minimize tube occlusions.
A ransomware attack on an educational institution causes more than just class disruption. It can result in lost teaching hours, financial strain, and compromised personal data. In the K-12 system, a closed school forces parents to request time off work and stretches limited school finances.
For college and university students, a ransomware attack may result in stolen personal data right as students start their professional lives.
Ransomware attacks have increased alarmingly, with reported K-12 incidents between 2018–2021 have risen from 400 in 2018 to an accumulated total of over 1,300, and we don’t need to look far to see how they’ve harmed the education sector.
A exact Truman State University ransomware attack caused several days of shutdowns and the engagement of external security teams. In Pennsylvania, the Penncrest school district found itself the target of a ransomware attack leading to multiple days of no internet access and disruption of school routines, impacting local families.
We’ll explore the steps IT teams at education institutes can take (and local government should support) in order to protect the people in their care from disruption and stolen data.
Once a ransomware attack has begun, it’s often too late to do anything about it. The sobering reality is that 100s of GB of data encrypt in under 5 minutes with Lockbit 2.0, and it’s only getting faster. Organizations are usually left with two bad options.
The first (and not recommended) option is to pay the ransom, then hope the cybercriminals decrypt your systems, don’t sell your data, and don’t return for another attack.
Alternatively, you will need to rebuild your IT systems from scratch, which can be expensive and time consuming considering the typically small IT departments many schools and universities have.
Putting security measures into place to prevent an attack in the first place is the best defense, and there are several attack vectors that IT can watch for early warnings. Many attackers take the path of least resistance, and monitoring the easiest routes makes a threat actor's job that much harder.
Though not comprehensive, here are several areas to consider closely monitoring:
Logging in is easier than hacking in. Attackers can quickly exploit compromised passwords, especially when people re-use them across multiple personal and work accounts. For instance, a threat actor can purchase lists of compromised credentials then use social media to narrow down who works in a school.
Institutions implementing multi-factor authentication make this attack more difficult, but not impossible.
Tools such as Specops Password Policy with Breached Password Protection (BPP) check an institution’s Active Directory against a constantly updated list of over 3 billion unique compromised passwords – even those being used in attacks right now. This allows IT teams to close off hundreds of possible attack routes into their institution.
Specops Password Policy with Breached Password Protection is popular with schools, universities, and local governments due to cost-effectiveness, quick implementation, and ease of end-user use.
It allows institutions to create custom password policies, enforce compliance requirements, block compromised passwords, and help users create stronger passwords in Active Directory with dynamic, informative client feedback. Few solutions offer such a simple way to bolster password security and prevent attackers from gaining a foothold and instigating a ransomware attack.
Open remote connections are a vulnerability waiting for exploitation. The 2022 Unit 42 Incident Response Report notes that RDP is a common target. Requiring a VPN or Zero-Trust Authentication gateway is necessary for any school, university, or local government to connect to internal systems remotely.
Even school print servers are unsafe if unpatched and exposed to the internet. For example, a exact PaperCut NG and PaperCut MF vulnerability led to increased ransomware attacks from the Bl00dy Ransomware Gang.
Focusing protection on systems that do not expose additional entry beyond what’s necessary keeps threat actors at bay. Minimizing the number of external services to monitor makes the job of school IT departments manageable.
It’s not uncommon for overworked school IT departments to have old accounts, forgotten users, and overprivileged service accounts floating around. These forgotten accounts might seem harmless, but they’re a tempting target for threat actors.
Going unnoticed, a compromise of an old account might not trigger a response since the owner may be long gone. Implementing a proper user lifecycle policy from on-boarding to off-boarding keeps old accounts from potential compromise.
Similarly, overprivileged accounts are endemic to nearly every IT organization. Creating a single privileged account to run multiple services may mean less work and monitoring. But when compromised, an overprivileged service account offers many footholds into a school or university network.
By “right-sizing” accounts through the concept of least-privileged access and separation of duties, a compromised account is far less likely to cause devastation across the network.
Even the best prevention strategies may not stop a determined adversary from sneaking a phishing email with ransomware executable to an unsuspecting student or IT administrator. Once downloaded, an unprotected endpoint may provide all that is needed to spread the ransomware throughout the school’s network.
Below are several common steps to take when hardening a Windows endpoint:
Preventing an endpoint from further compromise may quickly stop a ransomware attack. This prevention avoids the need to restore systems from backups.
If the worst has happened, and a ransomware attack has taken down a school’s network, up-to-date and offline-stored backups are crucial to getting the students back in the classroom.
By keeping backups offline, segmented, or “air-gapped,” a successful ransomware attack will not affect those backups allowing a clean restore.
Backing up an entire institution can be difficult and incur significant storage costs. However, not doing so could be even more costly, as threat actors may demand millions of dollars for restoration.
IT administrators must continuously test backups, verify recovery procedures are in place, and gauge the difficulty of a full restore to be ready in the event of an incident.
The FBI (Federal Bureau of Investigation), CISA, and the MS-ISAC warned about Vice Society and the threat it poses to education sectors in a joint Cybersecurity Advisory (CSA):
“School districts with limited cybersecurity capabilities and constrained resources are often the most vulnerable; however, the opportunistic targeting often seen with cyber criminals can still put school districts with robust cybersecurity programs at risk. K-12 institutions may be seen as particularly lucrative targets due to the amount of sensitive student data accessible through school systems or their managed service providers.”
Ransomware is a growing and costly problem for schools and their students. Local governments can support schools and universities by funding the right security tools and techniques for ransomware detection, prevention, and mitigation.
Although there are no foolproof ways to prevent every ransomware attack, a comprehensive security plan incorporating the above steps will stop most attacks and go a long way towards prevention.
You can get started with back to school security by trying out Specops Password Policy for free here.
Sponsored and written by Specops Software
Carlos M. Meléndez is the COO and cofounder of Wovenware, a Maxar Company, offering AI and software development services.
More than 350 tech executives and scientists signed a joint statement to express their concerns and warn of the dangers of artificial intelligence (AI), going so far as to say it poses an “extinction risk” on par with pandemics and nuclear war. Released by the nonprofit organization, the Center for AI Safety, some of the biggest names in technology signed the statement, including leaders from Open AI, Microsoft and Google, the very companies that stand to gain the most from generative AI.
Yet many people remain concerned about the dangers of AI. A Yale CEO Summit survey found that 42% of attending executives believe that AI has the potential to be an extinction risk, able to destroy humanity within 10 years.
What has yet to be clearly defined is what is meant by the term “extinction risk.” Many pundits speculate that it can be caused by bad actors leveraging its massive data sets to create bioweapons or introduce new viruses. It also could mean using it to hack into mission-critical computer systems or release deliberately false information that could cause panic across the globe. In another scenario, AI that becomes highly accurate could become a problem unto itself. Imagine an AI algorithm that is so committed to eradicating a specific disease that it destroys everything in its path.
While many of these doomsday scenarios may never come to pass, AI does have the power to cause the dangers that are being discussed. Part of the problem is that the technology is moving faster than what anyone could have predicted. Take, for example, ChatGPT, the popular generative AI solution from OpenAI. When given the CPA exam by Accounting Today magazine in April, it failed miserably, but within a few short weeks, it passed with flying colors.
As tech players, large and small, join the generative AI bandwagon, building massive data sets that were inconceivable just a few short months ago, there’s clearly a need for regulatory oversight.
In October of 2022, the White House Office of Science and Technology Policy released a Blueprint for an AI Bill of Rights to require privacy and equity when using or building AI. It identified five principles that should guide the design, use and deployment to protect the American public. These guidelines include:
• Safe and effective systems: AI solutions should be thoroughly tested to evaluate concerns, risks and potential impact.
• Algorithmic discrimination protection: Solutions should be designed in an equitable way to remove the possibility of bias.
• Data privacy: People should have agency over how their data is used and protected against violations of privacy.
• Notice and explanation: There should be clearly stated transparency when AI is being used.
• Human alternatives, considerations and fallback: You should be able to opt out of interactions with AI in favor of a human alternative.
Since this blueprint was established and ChatGPT and other generative AI solutions were released, the Biden administration has been meeting regularly so that they can better understand it and develop strategies to regulate it.
In mid-June of 2023, the European parliament drafted its own regulations for the safe use of AI, and it’s inching closer to passing it. “The AI Act” bans real-time facial recognition in public places, the use of scoring systems and models that use manipulative techniques, full disclosure when generative AI systems have developed content and a means to show data lineage if asked.
But while it’s clear what needs to be included in the code of conduct for building transparent, fair, safe and unbiased AI, how to enforce it is the million-dollar question. Below are some considerations.
Much like the Good Manufacturing Practices (GMP) regulations established by the FDA for life sciences companies, clearly outlined guidelines need to be developed and communicated to companies that want to earn a “good AI practices” designation. This will require oversight by a federal agency comparable to the FDA, charged with conducting inspections and gathering required documentation from any company developing AI solutions.
Whether generative AI is being used to develop content, marketing materials, software code or research, it should be required that there is a highly visible public disclaimer that indicates that parts or all of it were machine-generated.
Google and its AI research laboratory DeepMind recommended several steps to ensure that “high-risk AI systems” provide detailed documentation about their solutions. Among those recommendations that I find most important is that risk assessment from independent organizations should be mandatory.
When AI is making decisions that affect people’s lives, individuals should be able to have an adequate explanation of how the algorithm arrived at a decision.
When deploying AI in a public cloud, it should be required that you not only have permission from the federal government but that the federal government has people whose sole job is to closely monitor the cloud and the projects being deployed there and making it impossible for evil AI to enter.
It’s important that all software engineering and data science students complete the required studies in AI ethics before they can work in the industry. A type of AI ethics certification could be created and enforced. Much like the Hippocratic Oath, in which a physician promises they will “first do no harm,” a data scientist must also vow to do the same when building AI solutions.
We’re in the midst of one of the biggest technology developments in history, and generative AI has the potential to revolutionize all aspects of society for the good and possibly for the bad. As with all other major turning points in history, however, humans need to be driving the bus; using judgments based on fairness, transparency and respect for people first and foremost; and vowing to leverage the potential of AI for the good.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?