Daily Tech Digest - January 25, 2019

Within the Microsoft Cyber Defense Operation Center (CDOC), we focus on these dependencies with teams that coordinate threat intelligence, security monitoring and incident response by exploiting both the common, and unique capabilities of each specialization. It is here that we leverage our global workforce of more than 3,500 security professionals across our product development teams, information security groups, and legal teams to protect our cloud infrastructure and services, products and devices, and internal resources. The engineering teams behind our commercial security solutions, like Azure Security Center (ASC), also take advantage of the Cyber Defense Operation Center (CDOC) community to test hypotheses and pre-flight solutions in a real-world environment. This model is based on a closed-loop system of intelligence, defense, and control that streamlines our security capabilities for more than 200 cloud services, over 100 datacenters, millions of devices, and over a billion customers around the globe.

Stealthy New DDoS Attacks Target Internet Service Providers

An analysis of DDoS data during Q3 2018 by Nexusguard showed attackers trying to overwhelm targeted sites, and even entire ISP -- aka communications provider (CSP) -- networks, by spreading attack traffic across a large number of IP prefixes. Unlike a typical volumetric attack on a single IP address, many of the DDoS campaigns that Nexusguard analyzed involved attackers contaminating legitimate traffic across hundreds of IP addresses with small bits of junk. The attack traffic within each IP address was small enough to avoid detection by DDoS mitigation tools but big enough to take down a targeted site once converged, Nexusguard said in a report published this week. For example, the average attacks involved just 33.2 Mbps of traffic per targeted IP making it hard for service providers to detect and mitigate the traffic. In total, about 159 autonomous systems - most belonging to service providers - were targeted in "bit-and-piece" attacks in Q3 of 2018.

Establish a configuration management strategy to guide transition

No matter the returns on the technology, enterprise IT organizations frequently encounter problems with a configuration management strategy. Various internal teams select different configuration management tools. Team members resist the burden of a steep learning curve with a new tool. Or people stick with their habits because they are simply too busy or distracted with existing work to change. "There are high performers who tend to have their own tastes, [and] there are others who are trying to catch up to that," said Suranjan Chatterjee, global head of the cloud apps, microservices and API unit at Tata Consultancy Services. He cited "a lot of tensions and sensitivities" when diverse teams in a large group must collaborate. To increase automation and win the war on configuration drift, IT organizations should prepare a solid configuration management strategy and evaluate tools specifically based on how easily they onboard and support users.

A human-centred agenda for the future of work

Technology, including artificial intelligence, robotics and sensors, entails countless opportunities to improve work. The extraction of knowledge through data mining can assist labour administrations to identify high-risk sectors and improve labour inspection systems. Blockchain technology could make it easier for companies and the social partners to monitor working conditions and labour-law compliance in supply chains. But digital technology also creates new challenges for decent work. Digital labour platforms provide new sources of income to many workers in different parts of the world, yet the dispersed nature of the work across international jurisdictions makes it difficult to establish workers’ rights. The work on platforms is sometimes poorly paid—even below prevailing minimum wages—and no official mechanisms are in place to address unfair treatment. Thus I introduced into the commission the idea of an international governance system for digital-labour platforms, which would require platforms (and their clients) to respect certain minimum rights and protections.

How can individual employees prepare for the future of work?

Individuals should be aware of traits that will help them prepare for the future and will also make it easier to develop these soft skill areas, one of which is self-awareness. “This self-awareness around purpose is a prime source of energy, resilience and clarity when it comes to dealing with all the choices, challenges and changes around us,” said Empey. “It also helps with a second key point, which is being ‘open’ to change, other points of view, other ways of doing things and so on.” A third strategy he suggests is authentic networking – that is, being quite deliberate in seeking a connection with those who can be of value to you, and you helping them in a generous, mutual and non-favour-expecting way. Individual employees should also remember that it’s not all about the skills we need at work. “The last point I would make is around health and wellbeing,” said Empey.

Cybercriminals Home in on Ultra-High Net Worth Individuals

The conclusions drawn by Glasswall mirrors research conducted by UK-based Campden Wealth, which found that 28% of the UHNW families reported having been the victim of one or more cyberattacks. While UHNW families have an estimated net worth of at least $30 million, Campden Wealth recommends that those setting up single-family offices have wealth of $150 million or more. Many of the families that open single-family offices have far in excess of $150 million, with their average net worth standing at $1.2 billion, according to the Campden Wealth/UBS Global Family Office Report. Dr. Rebecca Gooch, Campden Wealth's director of research, says phishing was the most common type of attack, followed by ransomware, malware infections, and social engineering. She says UHNW individuals are targeted in a variety of ways including via their operating businesses, family offices, or through the family members themselves. More than half the attacks were viewed as malicious.

Poor practices expose 24 million financial records

The records were stored in an Elasticsearch cluster which contained 51GB of what appeared to be OCR credit and mortgages reports, Diachenko said in a blog post. “The documents contained highly sensitive data, such as social security numbers, names, phones, addresses, credit history and other details which are usually part of a mortgage or credit report,” he said. “This information would be a goldmine for cyber criminals, who would have everything they need to steal identities, file false tax returns, get loans or credit cards.” The exposed data was eventually traced to a data and analytics company called Ascension in Fort Worth, Texas, with the help of TechCrunch, which first reported Diachenko’s findings. According to parent company Rocktop Partners, Ascension shut down the server in question after learning of a “server configuration error” that “may have led to exposure of some mortgage-related documents”.

Microservices and the Saga Pattern

Microservices are not new in the market, they have been a part of our day to day life for a while now, so here in this post, I would like to share with you my understanding of what microservices are and what the Saga Pattern is, which is widely used with the microservices. We will start with what exactly we mean when we say: (i) we need a microservice, (ii) what it means to be reactive, and then (iii) dig into the concept of Saga patterns, with respect to a distributed system along with an easy to understand real-life example. ... For example, if we are preparing a product like a Restaurant application, then we would be creating several small microservices like the Orders, Customers, Reservations, etc., which would perform specific tasks around a specific functionality of the Restaurant application, and would be interacting if and only if we need to have the functionalities come together and that, to, only through their exposed APIs. For now, we can think of an API as endpoints of a service which are exposed for use to the outside world

Is customer information safer with a blockchain database?

Spring Labs is spearheading a group of prominent fintech lenders that will use a blockchain-based, peer-to-peer network to share consumer information to help with identification verification on loan applications. Avant, OnDeck Capital and SoFi are among 16 companies currently testing the network, called the Spring Protocol, which is scheduled to go live in the second half of this year. Part of the idea behind Spring’s system is to have a central database lenders can access without replicating critical consumer information on multiple systems, said John Sun, president and chief product officer for Spring Labs. While Spring doesn’t identify as a pure blockchain firm, he said it’s the best way to safeguard and store the information. “We have this solution that does certain things and we asked ourselves what is the best technology to build it that way,” Sun said. “It just so happens that for parts of the protocol and the technology stack, blockchain really is the best way to accomplish what we wanted to do.”

Adding Agile to Lean at Toyota Connected

Thurlow argued that the need to be more flexible, adaptable, and nimble is now a necessity, and no longer an option. Toyota needed to add agility into Lean Product Development. As Thurlow stated: "We took the best of breed agile learning and combined that with decades of lean thinking from the creators at Toyota and established an approach we currently call Scrum The Toyota Way." Every team member has had formal training, followed by continuous coaching in the workplace through a dedicated team of Scrum Masters and Coaches who are independent from the product delivery teams, he said. Coaches are embedded with the teams, but report externally ensuring they have checks and balances. Toyota Connected is building a pattern library of tools and techniques they have created or identified that work in various contexts. Just as The Toyota Production System never stops improving, Scrum The Toyota Way evolves endlessly, said Thurlow.

Quote for the day:

"Leadership is working with goals and vision; management is working with objectives." -- Russel Honore

No comments:

Post a Comment