Daily Tech Digest - March 07, 2019

Why Wi-Fi needs artificial intelligence
Over time, I expect AI to lead to fully autonomous networks where the AI runs the wired and wireless network. However, I don’t expect businesses to embrace the concept of a “self-driving network” immediately. Instead, the initial wave of AI as a network management tool will be to assist the engineer by providing recommendations coupled with automated basic tasks, including troubleshooting and a problem avoidance. Engineers shouldn’t fear AI or worry about the technology replacing them. Instead, they should look at it as their best friend because it will free up huge amounts of time, as much of the heavy lifting will be done by machines. The access edge, particularly the wireless network, is growing in importance. But at the same time, it is being pushed to do more because more devices are connecting to it, resulting in orders of magnitude more data traversing the network. Manual operational methods have never worked and certainly will not work in a hyper-connected world. AI-based systems are becoming mandatory to keep the performance of Wi-Fi high and to shed the reputation that flaky Wi-Fi is the norm.

5 trends driving the design of next-generation data centers

The efficiency of data centers is both an environmental concern and a large-scale economic issue for operators. Enterprises in diverse industries from automotive design to financial forecasting are implementing and relying on machine-learning in their applications, which results in more expensive and high-temperature data center infrastructure. It’s widely known that power and cooling represent the biggest costs that data center owners have to contend with, but new technologies are emerging to combat this threat. ... One of the most successful technologies that data center operators have put into practice to improve efficiency is monitoring software that implements the critical advances made in machine learning and artificial intelligence. Machines are much more capable of reading and predicting the needs of data centers second to second than their human counterparts, and with their assistance operators can manipulate cooling solutions and power usage in order to dramatically increase energy efficiency.

“When you are in a disaster recovery situation, you do not want the new person trying out the wings,” says Bruce Beam, chief information officer at (ISC)². Unfortunately, the number of cyber security positions outweighs the number of available cyber security professionals. The demand for cyber security professionals has outpaced supply in recent years, due to emerging threats and organisations increasing the amount of business they conduct online. According to a study, the number of organisations that reported shortages in the cyber security skills of their staff has increased over the past four years. In 2014, approximately 23% of organisations indicated this was a challenge, but this has now risen to more than 50%. Much of this rise has been due to the increasing workload of cyber security teams. Continuing professional development (CPD) has been used to ensure that skills remain relevant. 

Open Source Benefits to Innovation and Organizational Agility

To understand how organizations use open source today, Andrew Aitken presented the state of open source in the context of its evolution from the founders until today. Aitken identified four generations. Generation one, initiated in the early 70s, is represented by the evangelists and thought leaders who founded the open source movement, Richard Stallman, Linus Torvalds, Eric Raymond, etc. Their purpose was to make software free to allow anybody to contribute to their improvement. Generation two consists of influencers, such as Marc Fleury, Marten Mickos, Larry Augustin, who began to think about how to commercialize open source and launched the first few commercial open source companies. Generation three of open source started with the proliferation of the internet and the vast amount of data that became available to organizations. Dotcoms created new technologies to manage data and started open-sourcing their software. 

"If the insurer knows our drivers are always driving well on safer routes, then we might be able to bring down our premium," says Gifford. "So, there's opportunities like that when it comes to using blockchain — and that's just an example. But success in blockchain is all about getting partners on board." Gifford says effective partnerships are critical to Wincanton's broader development efforts. The firm launched an innovation programme called W² Labs last March, which gets startups to develop innovative solutions to the firm's challenges. Wincanton also uses its internal development team and works with external consultants, such as IBM and PA Consulting. The broader aims of these combined efforts is to produce what Gifford refers to as the Internet of Transport. These developments focus on three key areas. First, Winsight, an app that enables a paperless cab, so all the paper lorry drivers normally carry, such as routes and proof of delivery, is wrapped up into a single piece of software on a smart device.

"DevOps Institute is thrilled to share the research findings that will help businesses and the IT community understand the requisite skills IT practitioners need to meet the growing demand for T-shaped professionals," said Jayne Groll, CEO of DevOps Institute. "By identifying skill sets needed to advance the human side of DevOps, we can nurture the development of the T-shaped professional that is being driven by the requirement for speed, agility and quality software from the business." Automation, process, and soft skills were the top three most important skills categories, according to the report. Soft skills—including collaboration and cooperation, problem-solving, interpersonal skills, and sharing and knowledge transfer—are equally important as technical skills to DevOps practitioners, highlighting the need for well-rounded candidates in this field. "The reality of the DevOps world is one that is frequently changing," Erin Lovern, director of global talent acquisition at CloudBees, said in the report.

IoT Expands the Botnet Universe

Botnets comprised of vulnerable IoT devices, combined with widely available DDoS-as-a-Service tools and anonymous payment mechanisms, have pushed denial-of-service attacks to record-breaking volumes. At the same time, new domains such as cryptomining and credentials theft offer more opportunities for hacktivism. ... A new piece of malware that takes advantage of Android-based devices exposing debug capabilities to the internet. It leverages scanning code from Mirai. When a remote host exposes its Android Debug Bridge (ADB) control port, any Android emulator on the internet has full install, start, reboot and root shell access without authentication. Part of the malware includes Monero cryptocurrency miners (xmrig binaries), which are executing on the infected devices. Radware’s automated trend analysis algorithms detected a significant increase in activity against port 5555, both in the number of hits and in the number of distinct IPs. 

Clearer North Korean link to global infrastructure malware campaign

The researchers were able to get a rare look at the workings of a nation state cyber espionage campaign after being handed a command and control server for the campaign by one of the government’s targeted. This provided an opportunity to conduct a detailed analysis of code and data from the server responsible for the management of the operations, tools and tradecraft behind the campaign, previously thought to have run from October to November 2018. The analysis led to the identification of several previously unknown command-and-control centres and indicates that Sharpshooter began as early as September 2017, targeted a broader set of organisations in more industries and countries, and that it is currently ongoing. “McAfee Advanced Threat Research analysis of the command-and-control server’s code and data provides greater insight into how the perpetrators behind Sharpshooter developed and configured control infrastructure, how they distributed the malware, and how they stealthily tested campaigns prior to launch,” said Raj Samani

Cisco uncorks 26 security patches for switches, firewalls

network security lock padlock breach
While the 26 alerts describe vulnerabilities that have a Security Impact Rating of “High,” most –23 – affect Cisco NX-OS software, and the remaining three involve both software packages. The vulnerabilities span a number of problems that would let an attacker gain unauthorized access, gain elevated privileges, execute arbitrary commands, escape the restricted shell, bypass the system image verification checks or cause denial of service (DoS) conditions, Cisco said. It has released software fixes for all the vulnerabilities, and none of the problems affect Cisco IOS software or Cisco IOS XE software, the company said. Information about which Cisco FXOS Software and Cisco NX-OS Software releases are vulnerable and what to do about it is available in the fixed software section of the advisory. ... A couple vulnerabilities in the Nexus software could let attackers gain elevated privileges on the switches and execute nefarious commands. The first weakness is due to an incorrect authorization check of user accounts and their associated group ID, Cisco wrote.

Artificial intelligence and cybersecurity: Attacking and defending

Social engineering remains one of the most common attack vectors. How often is malware introduced in systems when someone just clicks on an innocent-looking link? The fact is, to entice the victim to click on that link, quite a bit of effort is required. Historically, it’s been labor-intensive to craft a believable phishing email. Days and sometimes weeks of research, and the right opportunity, were required to successfully carry out such an attack. Things are changing with the advent of AI in cyber. Analyzing large data sets helps attackers prioritize their victims based on online behavior and estimated wealth. Predictive models can go further and determine willingness to pay the ransom based on historical data, and even adjust the size of pay-out to maximize the chances and, therefore, revenue for cybercriminals. Imagine all the data available in the public domain, as well as previously leaked secrets, through various data breaches are now combined for the ultimate victim profiling in a matter of seconds with no human effort.

Quote for the day:

"Leaders keep their eyes on the horizon, not just on the bottom line." -- Warren G. Bennis

No comments:

Post a Comment