Daily Tech Digest - March 05, 2018

Israel Developing Cutting Edge AI Crime-Fighting Tools

Cyber hackers [illustrative]
Alsheikh said that the police’s Cyber Unit, which was created to lead the national effort to combat cybercrime, would collaborate with the university’s cybersecurity experts to improve police enforcement and prevention capabilities. “The cooperation will enable the police to bring technology to bear more effectively in enforcing the law and fighting crime – whether cybercriminals or traditional criminals – by turning a threat into an opportunity,” Alsheikh said. Ben-Gurion has in recent years become a recognized international leader in cybersecurity and big data research with a national initiative to promote Beersheba as the “Cyber Capital of Israel.” The Center joins Cyber@BGU (CBG), a shared research platform for the most innovative and technologically challenging cyber-related projects run in collaboration with multi-national companies and government organizations. Among others, the CBG includes the Cyber Security Research Center, a joint initiative with the Israel National Cyber Bureau and Telekom Innovation Laboratories, in partnership with Deutsche Telekom.

A Secure Development Approach Pays Off

There's often a belief that security slows down the development process, which ultimately affects time to delivery. But by avoiding security until the end of the process, there's a huge risk that vulnerable products will be released. Clearly, neither option is ideal. This is where automation comes in. Ideally, you need transparent integration and full automation of the security solution at all stages of the development process. As opposed to conducting the process manually, automating the process will provide findings and feedback continuously with every alteration in the code analyzed without the need for human intervention. The code can then either be returned to developers or virtually fixed, and a patch issued for the source code — all automatically. Automation solves a number of the old problems associated with traditional SSDLC processes — it means security is a core element throughout and doesn't slow down DevOps.

How Modern Infrastructure And Machine Intelligence Will Disrupt The Industry

Cloud computing has fundamentally changed the IT infrastructure landscape. The attributes like self-service, pay-by-use, elasticity and automation added a new dimension to infrastructure management. Modern infrastructure is not the same as cloud computing. It is predominantly driven by emerging use cases, and business problems that cloud alone cannot adequately address. The rise of containers, container orchestration, microservices, cloud-native architectures, container-defined-storage and container-defined-networking lead us to the next phase of infrastructure. Next-generation infrastructure will be built on the firm foundation laid by containers. Like the way VMs abstract the underlying physical hardware, containers will make virtual machines irrelevant. Container images will become the de facto mechanism for packaging, distributing and deploying software. With containers becoming the new VMs, Infrastructure as a Service (IaaS) will gradually transform into Container as a Service (CaaS).

Understanding the difference between machine learning and predictive analytics

A simple machine learning algorithm that uses the data of employee satisfaction ratings between 1 and 100 against their salaries as training data is a perfect business application even though most other real life applications are a lot more complex involving trillions of dimensions. Instead of simply plotting a predictive satisfaction curve against salary figures for the various employees as predictive analytics will suggest, the machine learning algorithm automatically assimilates huge random training data upon entry, and the prediction results are affected by any added training data. All this aims at moving towards more real-time accuracy and more helpful predictions. This machine learning algorithm like all others apply self-learning and automated recalibration in response to pattern changes in the training data making machine learning a lot more reliable for real time predictions than other artificial intelligence concepts. Repeatedly increasing or updating the bulk of training data guarantees better predictions.

Fintech and RegTech win over compliance skeptics

Eight-three percent of respondents reported having a positive view of fintech, innovation and digital disruption. This is almost double the 2016 results, where only 42 percent reported a positive view. – Susannah Hammond
The challenges for firms range from the need to have the appropriate skill sets at all levels of the business, to the capability to be able to evaluate possible RegTech, fintech or InsurTech solutions. Give your organization the tools to manage heightened global regulatory pressure with Conflicts Compliance All of which is set against a background of a near universal need to revamp legacy systems, while also implementing and embedding massive regulatory rulebook changes. Against this backdrop, Thomson Reuters Regulatory Intelligence undertook it’s second global survey to assess the impact of developments in RegTech and fintech on the role and remit of the compliance function in financial services firms. ... The biggest financial technology challenge for firms in the coming year is the need to upgrade legacy systems along with cyber resilience and technology risks. On the benefit side, the deployment of fintech is expected to lead to improvements in efficiency and productivityproviding greater commercial opportunities.

Sensor-as-a-service, run by blockchain, is coming for IoT
In the case of Nokia’s sensor-as-a-service offering, which it alternately calls IoT for Smart Cities, the company says parking, trash management, environmental sensing, smarter lighting, and security (e.g., video surveillance) are primary commodities that MNOs can offer municipalities. They use existing base station sites, also known as towers. Enterprises may also want access to that kind of data, Nokia says. That could include weather forecasting operations, healthcare and insurance. Smart cars and drones will also require better municipal data, the company says. There’s minimal capital expense, and the blockchain “anonymized, private and secure micro-transactions” pays the MNO from the city coffers. Nokia, not the MNO, performs all of the edge gateway and sensor installation. Data is stored on Microsoft Azure, Amazon Web Services (AWS), or a private cloud. The Nokia AVA platform or a choice of Amazon IoT or Microsoft IoT performs the data transfer. 

Innovation these days seems to be all about thinner bezels, or face authentication. Which is impressive from a technology standpoint. But these aren’t features that fundamentally change how we interact with our devices. New cameras give us incredibly advanced technology, and pictures that are slightly better than previous models. While that’s true with the Apples and Samsungs of the world, it’s not true with some of the smaller, more interesting players. In recent days, a smattering of truly innovative, mostly enterprise-focused and business-friendly phones have emerged that enable us to do amazing new things. ... The Light Phone 2 is a 4G LTE phone with an e-ink display. It’s designed to function as a second phone for times when you want to leave your full smartphone behind. This is a great phone for on-site security, enabling the user to make and receive voice calls, send and receive SMS text messages and do other basic functions. You can’t use the Light Phone 2 to take pictures, use social media, register location or do anything else that might compromise company secrets.

Getting an ROI for Your IoT Cybersecurity Investment

A certain amount of spending on, say, helping employees better understand the risk IoT cybersecurity poses to their organization might be helpful, additional spending might not be. “People will tell you: ‘User education is a good thing. It makes people more aware. It seems like a place to spend money.’ “And what ends up happening with education spending is that, to a certain degree, it works,” Ramzan said. But ultimately, spending on cybersecurity education will fail in neutralizing cyber threats or preventing end users from making security errors.Normally, we tend to think about security in terms of big buckets of things such as prevention, education, detection and response The same principle applies to threat prevention. An organization could spend vast amounts of money trying to prevent attacks with the theory that would keep them safe. “But in practice, there is a lot of stuff you still won’t be able to prevent no matter how much money you spend,” Ramzan said. “At this point, it is better to do things like invest in detection and response.”

Sophisticated RedDrop Malware Targets Android Phones

android malware
“RedDrop is one of the most sophisticated pieces of Android malware that we have seen in broad distribution,” said Wandera in an overview of its research published Wednesday. “Not only does the attacker utilize a wide range of functioning malicious applications to entice the victim, they’ve also perfected every tiny detail to ensure their actions are difficult to trace.” Wandera told Threatpost it’s unsure how many Android devices may be infected with the malware. “One thing we have noticed is that the pace of attempted infections appears to be accelerating,” Wandera said. Since the company initially identified the malware, the company has blocked roughly 20 further requests by infected apps to reach the criminal’s distribution network – where additional malware would be downloaded from. The apps are being promoted via ads displayed on the popular Chinese search engine Baidu. Researchers said those who click on the ads are “taken to huxiawang[.]cn, the primary distribution site for the attack.

Millions of Office 365 Accounts Hit with Password Stealers

Tens of millions of people have been affected by these phishing emails, Shi says, and attackers evade detection by crafting different emails. "What they do is they rotate the content of the email; they rotate sender information," he continues. Signature-based systems won't catch these messages because changing the characteristics of malicious emails changes their fingerprint. Password theft is increasing overall, a sign of attackers shifting their goals and strategies, Shi explains. Ransomware was big last year; this year, password stealers are appearing in phishing emails, browser extensions, and other programs as criminals hunt login data. It's all part of a broader trend of sneaky spearphishing and targeted attacks, he says. Usernames and passwords grant access to multiple systems and applications a particular user is attached to, as well as social media sites and contact lists to fuel future attacks. "Some attackers try to be like a sleeper cell on your system," Shi notes. 

Quote for the day:

"The good you do today may be forgotten tomorrow. Do good anyway." -- Kent Keith

No comments:

Post a Comment