Daily Tech Digest - May 21, 2019

Top 10 Features to Look for in Automated Machine Learning

Following best practices when building machine learning models is a time-consuming yet important process. There are so many things to do ranging from: preparing the data, selecting and training algorithms, understanding how the algorithm is making decisions, all the way down to deploying models to production. I like to think of the machine learning design and maintenance process as being comprised of ten steps (see the diagram above). But, if I want to save time, increase accuracy, and reduce risk, I don’t manually go through the entire machine learning process in order to build my machine learning models. Instead, I turn to automated machine learning, using clever software that knows how to automate the repetitive and mundane steps, and freeing me up to do what humans are best at: communication, applying common sense, and being creative. And, to get the most out of automated machine learning, I want it to automate each and every one of the 10 steps. So, here’s my guide to what to look for in an automated machine learning system. ... Look for an automated machine learning platform that can automatically engineer new features from existing numeric, categorical, and text features. You will want a system that knows which algorithms benefit from extra feature engineering and which don’t, and only generates features that make sense given the data characteristics.

What is an enterprise wide agile transformation and why CIOs should lead it

digital transformation butterfly metamorphosis change gap
Agile practices change the nature of how teams define their customers, align on implementation strategies, debate priorities and commit to getting work done. Agile teams with a history of consistent delivery and demonstrating a strong partnership with their customers can change the culture. Instead of top-down priorities and timelines, teams align on strategic goals and produce business outcomes with incremental deliveries. CEOs are looking for smarter, faster and more innovative organizations that can propel growth, enable winning customer experiences, compete with analytics and drive efficiencies with automation. ... They want more efficient and higher quality operations, smarter sales teams closing more strategic deals and financial groups reporting and forecasting in near real time. And CEOs don’t know how to get there. They are increasingly relying on their leaders and staff to pave the journey for them. CIOs who have excelled at delivering results and culture change with agile practices in IT have the opportunity to extend the practice, culture and mindset as an enterprise wide way of operating.

Why Enterprise Blockchain Projects Fail

Social coordination marks a key point of failure for enterprise blockchain projects.
For one, there is a general lack of vision and understanding that plagues many blockchain projects. Blockchain, like other technologies, does not live in a vacuum devoid of any significant linkage to organizational and societal norms, design, dysfunction and purpose. When you add in years of pent up inertia and entrenched behaviors present in organizations and markets, means that just because something new can evoke positive change, does not mean it will. For this, a clear organizational vision and deep technical and strategic understanding of where blockchain is fit for purpose can go a long way. Unfortunately, many project leaders are hardly conversant in blockchain, let alone the other array of emerging technologies they must intersect with in order to extract maximum value and autonomy. Perhaps the biggest point of failure, is the general lack of cyber hygiene present in many early blockchain projects. The second major point of failure and perhaps the hardest to overcome is blockchain’s social, organizational and market coordination issue.

Redis-Based Tomcat Session Management

Redis is an in-memory open-source data project. In fact, it is the most popular in-memory database that is currently available. In particular, Redisson can be used as a Redis Java client. Redisson uses Redis to empower Java applications for companies' use. It is intended to make your job easier and develop distributed Java applications more efficiently. Redisson offers distributed Java objects and services backed by Redis. Redisson's Tomcat Session Manager allows you to store sessions of Apache Tomcat in Redis. It empowers you to distribute requests across a cluster of Tomcat servers. This is all done in non-sticky session management backed by Redis. Alternative options might serialize the whole session. However, with this particular Redis Tomcat Manager, each session attribute is written into Redis during each invocation. Thanks to this advantage, Redisson Session Manager beats out other Redis-based managers in storage efficiency and optimized writes. Tomcat Session Management, in this way, is used in the most ideal way possible.

Research indicates the only defense against killer AI is not developing it

Research indicates the only defense against killer AI is not developing it
If you’re thinking killer robots duking it out in our cities while civilians run screaming for shelter, you’re not wrong – but robots as a proxy for soldiers isn’t humanity’s biggest concern when it comes to AI warfare. This paper discusses what happens after we reach the point at which it becomes obvious humans are holding machines back in warfare. According to the researchers, the problem isn’t one we can frame as good and evil. Sure it’s easy to say we shouldn’t allow robots to murder humans with autonomy, but that’s not how the decision-making process of the future is going to work. The researchers describe it as a slippery slope: If AI systems are effective, pressure to increase the level of assistance to the warfighter would be inevitable. Continued success would mean gradually pushing the human out of the loop, first to a supervisory role and then finally to the role of a “killswitch operator” monitoring an always-on LAWS.

RegTech solutions can mitigate risk while aiding regulatory compliance

World Insurance Report 2019
While regulations continuously evolve; the costs of non-compliance are skyrocketing. Therefore, to adhere to stringent mandates and norms, banks and PSPs are turning to advanced technological capabilities for support. The result? Regulatory Technology (RegTech) tools, solutions, and firms are gaining mainstream popularity among financial institutions looking to redefine and streamline compliance processes across jurisdictions, lines of business and client bases. RegTech digital solutions collect intelligence through data analytics, predictive modeling, and statistical tools. This functionality is particularly important when it comes to proactively addressing multiple regulations versus taking a one-at-a-time approach that may result in several remediation measures. It is no surprise that firms’ RegTech spending is expected to average 48% annual growth over the next five years, expanding from $10.6 billion in 2017 to $76.3 billion in 2022. RegTech drastically improves the efficiency of compliance-related processes, data aggregation, data analysis, and tailored need-based offerings.

The Best Reason for Your City to Ban Facial Recognition

We’re not prepared as a society to ensure that facial recognition will be used responsibly and without discriminatory effects. We’re not prepared as individuals for a world in which we can be automatically tracked and identified wherever we go without our knowledge or consent. Even if we were ready, the technology itself isn’t: Experts both inside and outside the technology industry acknowledge that the artificial intelligence underlying facial recognition systems still struggles with accuracy, particularly when it comes to identifying the faces of people of color — which is to say, the people who are most likely to be affected by it. In a test last year by the ACLU, Amazon’s facial recognition software falsely matched the faces of 28 members of U.S. Congress to the mug shots of people who had been arrested. The mismatches disproportionately affected representatives of color. Perhaps most important, our governments and law enforcement agencies are not prepared to guard against abuses of the technology or the data it produces, to ensure it is kept confidential, or to constrain its use to the appropriate situations.

Building Digital-Ready Culture in Traditional Organizations

Recognizing the immense scalability of digital solutions, digital leaders typically focus on creating impact, assuming that profit will follow. At their best, these companies revolutionize how people and organizations interact, reinvent industries, and break the power of entrenched gatekeepers. The other three values support that mission. Speed helps companies stay ahead of competitors and keep up with rapidly changing customer desires. Openness encourages employees to challenge the status quo and work with anyone who can help them achieve their goals quickly. Autonomy gives people the freedom to do what’s right for the company and its customers without waiting for formal approval at every turn. Together, these values can foster an engaged, empowered workforce where employees feel a personal responsibility to constantly change the company — and often the world. The values of high-performing digital companies frame their essential practices: rapid experimentation, self-organization, data-driven decision-making, and an obsession with customers and results.

Why data governance matters – and who should own it?

tug of war
CIOs say that all that own, manage and/or rely on data to make decisions, should be involved in data governance. A financial services CIO said, “to use Gramm-Leach-Bliley Act (GLBA) terms, this includes data managers and regulation monitors. They must be at the table. In the end, this could include someone from just about every business area.” For many organizations, the legal department is a key stakeholder to align with and ensure the organization is meeting necessary governance requirements. Data can pose legal challenges. The longer you keep data, the more data can be used in e-discovery. While the business may want to keep data forever, there is a risk in not defining and enforcing data retention as part of a data governance program. Data governance stakeholders, for this reason, often include leaders from operations, sales, marketing, HR, accounting/finance. The C-suite leaders need to play a role. Where they exist, information governance and records management functions need to be included.

Data Pipeline Automation: The Next Step Forward in DataOps

The emerging DataOps field borrows many concepts from DevOps techniques used in general software engineering, including a focus on agility, leanness, and continuous delivery, Eckerson Group writes. The core difference is that it’s implemented in a data analytics environment that touches many data sources, data warehouses, and analytic methodologies. “As data and analytics pipelines become more complex and development teams grow in size,” Eckerson and Ereth write, “organizations need to apply standard processes to govern the flow of data from one step of the data lifecycle to the next – from data ingestion and transformation to analysis and reporting. The goal is to increase agility and cycle times, while reducing data defects, giving developers and business users greater confidence in data analytics output.” There are a handful of vendors delivering shrink-wrapped solution in this area, and not (yet) many open source tools. While DataOps is growing in recognition and need, the tools that supported automated data pipeline flows are relatively new, Eckerson Group writes.

Quote for the day:

"Leadership is not a solo sport; if you lead alone, you are not leading." -- D.A. Blankinship

Daily Tech Digest - May 20, 2019

Extreme launches autonomous network strategy at Extreme Connect

ExtremeAI Security. The software gathers data from a variety of sources to detect errant network traffic and report the anomaly to network operators. Extreme runs on its servers the security algorithms that analyze network, application and device data to identify malicious traffic. ExtremeAI Security gathers traffic flow data from NetFlow-enabled switches and routers. The software also draws IoT device data from Extreme's Defender for IoT and application data from Extreme Analytics. The fourth source of information is third-party threat feeds that provide continuous updates on blacklisted URLs and malicious IP addresses. Defender for IoT identifies IoT devices and assists network managers in setting security policies for groups of connected hardware, which could include medical devices, surveillance cameras or point-of-sale systems. Extreme Analytics draws application telemetry from a sample of network traffic flow to monitor application performance and notify managers when it falls below a set baseline. Extreme includes both in its list of Elements products.

Agile Vs Kanban: What’s the Difference?

Agile is a beneficial method for projects where the final goal is not set. As the project progresses, the development can adapt as per the requirements of the product owner. Kanban is about reducing waste and removing activities that never add value to the team. ... Kanban process is nothing but a Board, which is called "Kanban Board." Agile methodology is a practice which promotes continuous iteration of development and testing throughout SDLC life-cycle. Kanban process visualizes the workflow which is easy to learn and understand. The goal of the Agile method is to satisfy the customer by offering continuous delivery of software. In Kanban method, shorter cycle times can deliver features faster. In the agile method, breaking the entire project into smaller segments helps the scrum team to focus on high-quality development, testing, and collaboration. Kanban scrum needs very less organization set-up changes to get started. In Agile methodologies, Sprint planning can consume the team for an entire day.

Google sees Gmail as key to its collaboration plans

gmail google
Google faces strong competition as demand for team collaboration tools continues to soar; its rivals have already attracted significant numbers of users. Slack has 10 million daily active users, including 85,000 paid business customers, while Microsoft Teams, which like Hangouts Chat is available as part of a suite subscriptions, is used in 500,000 organizations. Facebook’s Workplace has more than 30,000 paid organizations and about 2 million users in total. It’s not clear how widely Hangouts Chat is actually used. The app is available as part of G Suite subscriptions, of which there are 5 million customers, but Google doesn’t break out stats for the messaging platform. Google’s offering appears to lag behind others in the market. “Based on our volume of conversations with clients, there isn’t much customer momentum with Hangouts Chat,” said Larry Cannell, a research director at Gartner. By integrating Hangouts Chat with Gmail, Google could spur greater adoption, said Angela Ashenden, a principal analyst at CCS Insight, providing an opening for adoption of the chat tool.

6 steps to avoiding an automation 'trap' by putting process first

Intelligent automation presents a powerful new lever with which to digitally transform an enterprise and fundamentally change how work gets done. By combining a wide range of techniques to enable the digitization, processing and evaluation of information, companies can improve the performance of a function, the effectiveness of the employees involved and, ultimately, the experience of the customer. Unfortunately, many attempts to implement intelligent automation disappoint because companies try to automate their current environment, rather than optimizing that environment to best leverage new tools and truly enable their workforce. One flawed approach focuses on finding applications for specific tools, much like a hammer looking for a nail. Certain steps might be automated, but they are fragmented across the existing flow, yielding fragmented capacity that can’t easily be realized as a benefit. Another common pitfall occurs when a process includes tasks that the tool isn’t intended to address, yet the tool is applied anyway, overextending its capabilities and introducing the risk of instability.

The Next Wellness Trend Should Be Google Spreadsheets

Spreadsheets in particular make it immediately clear—simply by opening and glancing at a document—when you’ve been neglecting your good habits. My philodendron houseplant needs regular, consistent watering to thrive, and so does a goal-tracking spreadsheet, which otherwise appears riddled with holes made of missing data. The motivation to fill out the spreadsheet is baked into the form: All those sad, empty boxes need to be filled in, and only you can do it, by completing whichever task you’ve set out for yourself and then marking it as done in the correlated column. “Rather than fall into patterns of procrastination that just breed more stress and hopelessness, a brief and specific to-do list can help you stay on track,” says Hershenberg. “When you make any steps toward that item on your to-do list, you can and should celebrate that effort. Finding a sense of accomplishment from things that are hard to do is an important part of improving depressed mood and low motivation.”

Killer SecOps Skills: Soft Is the New Hard

At just about every customer site, we are asked to help train SOC managers to do a better job of communicating technical information to non-technical executives. This is hard enough to do when you have time to prepare what you want to say, so imagine how stressful it can be to explain the nuances of a ransomware situation to a CFO or CEO when a decision on whether or not to pay the ransom needs to be made in a matter of minutes. ... SOC teams must be able to collect and disseminate information and tasks across multiple teams. For example, when correlating information about a new attack, clues usually come from multiple sources: network and endpoint experts, malware analysts, operations teams, and additional team members. Incident responders must not only communicate effectively and succinctly, they must be able to delegate to and project manage multiple teams that may have limited understanding of cybersecurity, and under accelerated timelines where broken communication channels can have irreversible negative consequences.

The case for general excellence

There’s no denying that in the modern world, the explosion of knowledge (and the efficiency of capitalism) promotes specialization. If you break a tooth, after all, I would suggest you see my wife, the dentist, rather than me, the generalist. Unfortunately, increasing specialization can have the paradoxical effect of narrowing horizons and limiting innovation to incremental advances. The scientific grant funding system seems to reinforce this syndrome. In medicine, where the spread of specialization is most obvious, patients in the U.S. often get good results on complex procedures (at very high prices), while the health of the population at large suffers. Does that mean expertise has no value? Of course not. But someone needs to see the big picture. Citing economist Robin Hogarth, Epstein relates a useful distinction here between the different kinds of arenas people work in. Chess and golf are “kind” learning environments: “Patterns repeat over and over, and feedback is extremely accurate and usually very rapid.” These environments tend to have strict and unchanging rules, and they reward repetition. Practice may not make perfect, but it certainly makes better.

In the 'post-digital' era, disruptive technologies are must-haves for survival

Organizations can best learn from companies – regardless of industry – that are exploring leveraging more than one DARQ capability to unlock value. This is where true disruption lies: those exploring how to integrate these seemingly standalone technologies together will be better positioned to reimagine their organizations and set new standards for differentiation within their industries. Volkswagen is an excellent example. The company is using quantum computing to test traffic flow optimization, as well as to simulate the chemical structure of batteries to accelerate development. To further bolster the results from quantum computing, the company is teaming up with Nvidia to add AI capabilities to future models. Volkswagen is also testing distributed ledgers to protect cars from hackers, facilitate automatic payments at gas stations, create tamper-proof odometers, and more. And the company is using augmented reality to provide step-by-step instructions to help its employes service cars.

AI vs. Machine Learning vs. Deep Learning

AI vs machine learning vs deep learning
Deep learning describes a particular type of architecture that both supervised and unsupervised machine learning systems sometimes use. Specifically, it is a layered architecture where one layer takes an input and generates an output. It then passes that output on to the next layer in the architecture, which uses it to create another output. That output can then become the input for the next layer in the system, and so on. The architecture is said to be "deep" because it has many layers. To create these layered systems, many researchers have designed computing systems modeled after the human brain. In broad terms, they call these deep learning systems artificial neural networks (ANNs). ANNs come in several different varieties, including deep neural networks, convolutional neural networks, recurrent neural networks and others. These neural networks use nodes that are similar to the neurons in a human brain. Neural networks and deep learning have become much more popular over the last decade in part because hardware advances, particularly improvements in graphics processing units (GPUs), have made them much more feasible.

Black Hat Q&A: Bruce Schneier Calls For Public-Interest Technologists

I spend four chapters laying out the different government interventions that can improve cybersecurity in the face of some pretty severe market failures. They're complex, and involve laws, regulations, international agreements, and judicial action. The subsequent chapter is titled "Plan B," because I know that nothing in those four chapters will happen anytime soon. And I don't even think my Plan B ideas will come to pass. There are a lot of reasons for this, but I think the primary one is that technologists and policy makers don't understand each other. For the most part, they can't understand each other. They speak different languages. They make different assumptions. They approach problem solving differently. Give technologists a problem, and they'll try the best solution they can think of with the idea that if it doesn't work they'll try another -- failure is how you learn. Explain that to a policy maker, and they'll freak. Failure is how you never get to try again. Solving this requires a fundamental change in how we view tech policy. It requires public-interest technologists.  

Quote for the day:

"Take time to deliberate; but when the time for action arrives, stop thinking and go in." -- Andrew Jackson

Daily Tech Digest - May 19, 2019

Delivering Business Value Through AI To Impact Top Line, Bottom Line And Unlock ROI

Business leaders need to realize AI’s potential to unlock new sources of revenue in addition to improving customer targeting and loyalty. One of these ways is data monetization. What is data monetization? Simply put, data monetization refers to the act of generating measurable economic benefits from available data resources. According to Gartner, there are two distinct ways in which business leaders can monetize data. The most commonly seen method from the two is Direct Monetization. The way to realize value from this avenue involves directly adding AI as a feature to existing offerings. ... Use cases discovered in this arena span social media sentiment mining, programmatic selection of advertising properties, measuring effectiveness of marketing programs, ensuring customer loyalty and intelligent sales recommendations. AI also has huge potential to drive businesses to explore and exploit eCommerce platforms as a credible channel for sales and to help drive the digital agenda forward.

Has the UK government's cloud-first policy served its purpose?

The obvious concern in all this is that, if the cloud-first mandate is revoked completely, central government IT chiefs might start falling back into bad procurement habits, whereby cloud becomes an afterthought and on-premise rules supreme again. Maybe that is an extreme projection, but there are signs elsewhere that some of the behaviours that G-Cloud, in particular, was introduced to curb could be starting to surface again. One only has to look at how the percentage of deals being awarded to SMEs via G-Cloud has started to slide of late, which has fed speculation a new oligopoly of big tech suppliers is starting to form, who will – in time – dominate the government IT procurement landscape. Where G-Cloud is concerned, there are also rumblings of discontent among suppliers who populate the framework that it is becoming increasingly side-lined for a number of reasons. There are semi-regular grumbles from suppliers that suggestions they have made to CCS or GDS about changes they would like made to the framework being ignored, or not being acted on as quickly as they would like.

There are several reasons why enterprise security threats -- especially malware attacks -- are on the rise, Kudelski Security's Kizziah said. "One of the most interesting is criminal groups' adoption of the latest, freely available malcode, which is quite advanced, easy to modify for different specific purposes, and modular, so it can use different techniques to infect an endpoint," Kizziah said. With over two billion known malware out there and with new malware being introduced every single day, it is impossible to achieve a reasonable level of protection with the traditional approaches to cybersecurity, which is focused on "chasing the bad," Nyotron's Kolga said. Instead, businesses should refocus their efforts on the "ensuring good" approach, Kolga said. This can be achieved through whitelisting approaches for application control and OS behavior, he added. ... Cybercriminals will always find a way to infiltrate businesses, Kujawa believes. He advised companies to adopt a mindset that is not focused solely on prevention. Enterprises should have a plan in place for when threat actors gain access to networks, so that they can protect the most important data with additional layers of security and to ensure that business operations are not disrupted.

FBI and Europol Disrupt GozNym Malware Attack Network

Authorities say this investigation was the result of cooperation between the U.S. and Bulgaria, Germany, Georgia, Moldova and Ukraine. An unusual aspect of the investigation is that charges were brought against suspects in the countries where they reside based, in part, on evidence gathered by the FBI and German authorities. "The prosecutions are based on shared evidence acquired through coordinated searches for evidence in Georgia, Ukraine, Moldova and Bulgaria, as well as from evidence shared by the United States and Germany from their respective investigations," the U.S. Justice Department says. Authorities say five suspects remain at large. All are believed to be in Russia, which did not cooperate with the investigation. The GozNym takedown involved close cooperation between the U.S. Department of Justice and counterparts abroad, supported by coordination from Europol, backed by Eurojust, the EU's agency for handling judicial cooperation on criminal matters among EU member states' agencies.

Demystifying Quantum Computing

Importantly, quantum computers aren’t suited for all problems. There are instances where classical computers can perform just as well as a quantum machine. Thus, quantum computers won’t replace classical computers; they’ll operate alongside them. However, more work and research remains to be done. Current quantum computers aren’t powerful or accurate enough yet to offer an advantage over classical computers. Today they can maintain entanglement for just 90 microseconds, and the algorithm can only run during this short timeframe. In quantum computers with superconducting qubits, the chip must be cooled to close to absolute zero, meaning that it must be totally isolated from the environment. Any outside noise or heat is enough to cause an entangled system to collapse. These limitations will have to be overcome before businesses can start using the technology widely. To date, the quantum computers that exist have been used largely for studying quantum computing and developing its potential use cases. Once quantum computers exceed the capabilities of classical computers, they’ll reach what is called quantum supremacy, and the true quantum era will be at hand. 

The Evolution Of The Chief Data Officer

data brain
“CDOs have emerged from one of two camps: IT or business,” she says. “CDOs that have risen through the ranks of a technology organisation recognise the value of data and see how it can be applied to improve the business. One of their biggest challenges is in building trust and credibility with business leaders, while pushing risk averse technologists outside their comfort zones.” “Meanwhile, CDOs who come from the business side of an organisation have been frustrated with how slow IT may have been to respond to requests for self service analytics, new types of data such as the IoT, and the evolution to AI. They are willing to take more risks and innovate faster because they know that the business livelihood depends upon it. Their biggest challenge is learning just enough of the technology—and there is a lot of it, which changes rapidly—to be respected by IT and to make the right decisions.” For all CDOs, regardless of background, the overarching aim is to create a business culture that is driven by data. How this is achieved may vary according to individual or organisation, but the end goal is the same: capture data, understand it, keep it safe, and use it to make the business better.

Only 9% of companies warn employees about IoT risks

IoT-related data breaches specifically caused by an unsecured IoT device or application increased from 15% in 2017 to 26% in the last year, the report found. It's possible that this number is actually larger, as most organizations said they are not aware of every unsecure IoT device or application in their environment, or introduced by third-party vendors, it noted. Despite these risks, only 9% of companies said their organizations currently inform and educate employees and third parties about the dangers created by IoT devices. The majority of organizations surveyed lack centralized accountability to address and manage IoT risks, according to the report. Only 21% of board members report that they are highly engaged in security practices, and understand third-party and cybersecurity risks in general. About one-third (32%) of the organizations surveyed said no single person or department is responsible for managing or implementing corrective actions to manage IoT risks, the report found.

Podcast: Adopting public cloud as a culture

The key for improved cloud adoption is opening the lines of communication, bridging the divides, and gaining new levels of understanding. As in the restaurant analogy, the chef says, “Well, I can add these ingredients, but it will change the flavor and it might increase the cost.” And then the finance people say, “Well, if we make better food, then more people will eat it.” Or, “If we lower prices, we will get more economies of scale.” Or, “If we raise prices, we will reduce volume of diners down.” It’s all about that balance―and it’s an open discussion among and between those three parts of the organization.  This is the digital transformation we are seeing across the board. It’s about IT being more flexible, listening to the needs of the end users, and being willing to be agile in providing services. In exchange, the end users come to IT first, understand where the cloud use is going, and can IT be responsive? IT knows better what the users want. It becomes not just that they want solutions faster but by how much. They can negotiate based on actual requirements.

The Power Of Hidden Teams

A recent Cisco study yielded comparable data. And according to Jones, “We can see from our data that teams with more-frequent check-ins have dramatically higher levels of engagement; so, moving forward, we are going to keep experimenting with smaller, more patient-centered, more agile teams, and keep investigating the link between span of control and patient outcomes — and all because we can see the link between attention, teams, and patient care.” The most-engaged teams — and the most-effective team leaders — understand that the currency of engagement is real, human attention. This helps us answer a long-standing question about the optimal span of control in all organizations. Some research puts the number at eight to 10, whereas some workplaces, such as call centers, push the limits with spans as great as 70 team members to one supervisor. Pinpointing the check in, and the frequent attention it provides, as the key driver of engagement shows that “span of control” is more accurately span of attention. The research reveals that for people to be engaged, the span of control must allow each team leader to check-in, one on one, with each team member every week of the year.

Attackers Exploit WhatsApp Flaw to Auto-Install Spyware

The U.K.'s National Cyber Security Center - the public-facing arm of GCHQ - has published guidance for all WhatsApp users. "The NCSC ... always recommends that people protect their device by installing updates as soon as they become available," it says. "The NCSC also recommends that people switch on automatic updates to install them as quickly as possible." Likewise, the Indian Computer Emergency Response Team, Cert-IN, has warned that attackers could launch further attacks. It's urging all users to upgrade immediately to latest version of WhatsApp. Questions remain about what exactly the exploit might allow attackers to do. For example, could they use it to escape Apple's iOS sandbox, and does updating eliminate any access they may now enjoy to a device? "Does updating the app remove whatever malware was placed on phone? Did they manage to pivot out of the app? I haven't seen any technical analysis of the malware yet so genuinely interested," says Alan Woodward, a professor of computer science at the University of Surrey.

Quote for the day:

"And how does one lead? We lead by doing; we lead by being." -- Bryant McGill