No matter how good your internal IT security team is, no matter whether you have an internal or external pentesting team, you need a bug bounty program and responsible vulnerability disclosure program as a key part of your IT security. I’ve been with firms that decided, wrongly, they didn’t need a bug bounty program. Each, after years of negative lessons learned, started a bug bounty program. They could have saved themselves some pain by starting one earlier. Every company should consider and deploy all three of these types of programs. I’ve known many otherwise good-hearted hackers who grew frustrated, and even resentful, because a company didn’t have an easy way to report a bug they found, didn’t effectively respond to the outreach, or incorrectly told the hacker that their big find wasn’t a big deal. If you make it hard for good people to report serious things, you’re just asking for trouble. If you don’t already have these functions as a mature part of your organization, you can only benefit by getting involved with a company, crowdsourcing or not, that can help you to set them up.
The good news is that cloud computing, including a new breed of cloud-based autonomous (self-tuning, self-repairing, self-updating) platform services powered by machine learning, finally gives CIOs the needed technical framework to start pulling their organizations out of the 80/20 spending rut and accelerate their pace of innovation. By offloading much of the onerous maintenance and security work to expert cloud service providers or to the cloud systems themselves, IT organizations can “free up their imaginations,” while getting access to a range of emerging technologies, says Oracle Senior Vice President Steve Daheb. Consider an HR example. At auto parts retailer AutoZone, newly automated processes for employee background checks and onboarding, made possible by its Oracle HCM Cloud application, already are freeing up company HR and store managers to do less administrative work and more value-added work, such as identifying candidates who are a good fit with the company’s distinctive, go-the-extra-mile customer service culture.
Citrix Research, in their study, has revealed that a third of the large UK companies were affected by Cryptojaking incidents in July 2018. The survey was participated by 750 British IT leaders, cryptojacking steals processing cycles from workstations, servers, IoT devices and other computing devices in order to collectively mine cryptocurrency. Instead of an elaborate malware with complex functionality, the cybercriminals create and or take-over a legitimate website for it to host cryptojacking virus, which will do hashing attempts in hopes to mine cryptocurrency at the expense of the machine. All of these mining events happen without the users realizing its presence, a stark contrast to ransomwares that by design need to announce its existence to the users. The period of time between infection and eventual detection is wider with cryptojacking malware. Bitcoin and its derivatives are mined using a computing device, but it needs enough time and processing power to do so these days. The longer the detection time, the better chance that the cryptojacking malware will successfully mine virtual coins.
If cryptocurrency is going to live up to its hype, it will need to attract users from all professions, backgrounds, and ages. Today, according to an eToro report, most cryptocurrency users are 18- to 35-year-old males working in sales, marketing, IT, and financial services. In other words, cryptocurrency is a trend for people who are already working in a tech-savvy environment. But if such a system’s orientation process targets only these users, anyone who is not tech savvy would likely be lost from the very beginning. Of course, this barrier to entry is just one part of a bigger problem. Crypto enthusiasts are aware that these currencies need to reach a critical mass of users before they are really useful as currencies. Currently, even those who are creating accounts and purchasing cryptocurrency frequently are not using cryptocurrency for its ostensible purpose—buying things! Some individuals may have gotten rich by treating cryptocurrency as an investment vehicle and riding early speculative fluctuations, but this actually presents yet another obstacle for potential users. Investment markets are not user friendly.
The teenager, who legally cannot be named because he is a juvenile offender, pleaded guilty in Australian Children's Court on Thursday to multiple hack attacks against Apple as well as to downloading 90 GB of sensitive information from the company and accessing customers' accounts, Melbourne, Australia-based daily newspaper The Age reported, citing statements made in court. The report says that the boy began his year-long hacking spree when he was 16 years old, motivated in part by his love of Apple gear and hope to one day work for the technology giant. The court heard that after a tipoff from the FBI, the Australian Federal Police last year obtained a search warrant and raided the teenager's family home in Melbourne. "Two Apple laptops were seized and the serial numbers matched the serial numbers of the devices which accessed the internal systems," a prosecutor told the court, The Age reported.
“There’s a large gap between the capabilities neural networks show in research and the practical challenges in actually getting them to run on the platforms where most applications run,” Ng noted in a statement on the company’s launch in 2016. “Making these algorithms work in your app requires fast enough hardware paired with precisely tuned software compatible with your platform and language. Efficient plus compatible plus portable is a huge challenge—we can help.” For Intel, this could mean using Vertex’s IP to help build its own applications, or potentially applications for of its customers. It’s not clear how much funding Vertex.AI had raised. Investors included Curious Capital, which focused on pre-seed and seed-stage funding for startups in the Pacific Northwest; and the Creative Destruction Lab, an accelerator focused on machine learning startups based in Toronto. Intel doesn’t break out revenues specifically for its Artificial Intelligence Product Group, a business unit it established in March 2017
The Australian government on Tuesday proposed a law called the Assistance and Access Bill 2018. If it becomes law, the act would require people to unlock their phones for police or face up to ten years in prison (the current maximum is two years). It would empower police to legally bug or hack phones and computers. The bill would force carriers, as well as companies such as Apple, Google, Microsoft and Facebook, to give police access to the private encrypted data of their customers if technically possible. Failure to comply would result in fines of up $7.3 million and prison time. Police would need a warrant to crack, bug or hack a phone. The bill may never become law. But Australia is just one of many nations affected by a new political will to end smartphone privacy when it comes to law enforcement. If you take anything away from this column, please remember this: The landscape for what’s possible in the realm of police searches of smartphones is changing every day.
In almost every type of business process, unstructured information is created, required, or exchanged. And while the creator or recipient of that content will likely understand its full context and thus its importance, only too soon that memory fades, and the content is effectively lost to the organization. Even if an individual recollects the content’s existence and location, no connection is maintained between the content itself and the context of the business process that made it relevant in the first place. Further complicating matters, stakeholders – increasingly spread across various global locations – often collaborate using multiple environments or applications, making complete visibility nearly impossible. What’s more, because the majority of team communication occurs through email, a lot of project-relevant content and key audit-trail information is lost or invisible through normal productivity tools.
Regardless of the reason an organization undertakes a digital transformation—be it to glean operational insights, change the way it engages with customers or to set the stage for other emerging technologies such as machine learning and artificial intelligence—it needs reliable data as its foundation. And that requires robust data governance. Some consider data governance essential only for cross-departmental collaboration—such as sharing customer data. But it also plays a key role in turning taking seemingly unrelated sources of data and turning into insightful sources of information. Data governance uses a set of defined roles, processes and policies to help manage data assets and ensure their integrity, accuracy and security. Without these structures and controls, data assets lose much of their strategic value. Without effective data governance, no-one can be certain about what data assets a company has, who controls them, what information they can provide and how they should be used.
Quote for the day:
"Leadership is intangible, and therefore no weapon ever designed can replace it." -- Omar N. Bradley