Daily Tech Digest - August 24, 2019

Smishing and vishing: How these cyber attacks work and how to prevent them

Smishing, an SMS phishing attack / Vishing, a voice phishing attack by phone
We’re on our guard a bit more with email nowadays because we’re used to receiving spam and scams are common, but text messages and calls can still feel more legitimate to many people. As we do more of our shopping, banking, and other activities online through our phones, the opportunities for scammers proliferate. To avoid becoming a victim you have to stop and think. “Common sense is a general best practice and should be an individual’s first line of defense against online or phone fraud,” says Sjouwerman. Although the advice on how to avoid getting hooked by phishing scamswas written with email scams in mind, it applies to these new forms of phishing just as well. At root, trusting no one is a good place to start. Never tap or click links in messages, look up numbers and website addresses and input them yourself. Don’t give any information to a caller unless you’re certain they are legitimate – you can always call them back. It’s better to be safe than sorry, so always err on the side of caution. No organization is going to rebuke you for hanging up and then calling them directly (having looked up the number yourself) to ensure they really are who they say they are.

Serverless architect emerges as in-demand job role

Along with the traits of serverless systems, there are specific skills that budding serverless architects should have. Justin Pirtle, specialist solutions architect at Amazon Web Services, recently described the skills it takes to master serverless architecture.(In his post, he also points to relevant AWS resources:)  "With the move to microservices-based architectures, decomposing monolithlic applications and decoupling dependencies is more important than ever," Pirtle says. "When building event-driven architectures, whether you're looking for simple queuing and message buffering or a more intricate event-based choreography pattern, it's valuable to learn about the mechanisms to enable asynchronous messaging and integration," Pirtle points out. "In distributed microservices architectures, you must design coordinated transactions in different ways than traditional database-based ACID transactions, which are typically implemented using a monolithic relational database," he explains. "Instead, you must implement coordinated sequenced invocations across services along with rollback and retry mechanisms."

Stop Focusing On Big Data And Start Focusing On Smart Data

“Big data” isn’t as important as “smart data” or the “right data.” Companies are getting excited over the notion of big data, but it’s ultimately only as good as the insights you get out of it. And in order to get actionable insights out of it, you have to combine big data with small data. The small data provides the context and calibration that big data can’t do on its own. When you combine the two, you get smart data. Through big data, they’ve been able to create specific audience segments and to tailor products and services precisely to meet those needs. They are getting as close to personalization as we can today and it’s working. Another industry that is doing this well is digital advertising. Programmatic ad buying has allowed personalization of digital ads, delivering much more relevant content for each individual consumer. Remember the days of “banner blindness” when ads were either intrusive or were just glossed over on websites. Now it’s almost as if have been seamlessly integrated into the content. Companies today are more often than not starting with the data and seeing what they find. It’s equivalent to finding a needle in a haystack. Start with the business drivers, the fundamentals and the strategy, and work backwards to figure out the best data sets that uncover the insights you need to help steer your direction.

What you need to know before implementing edge computing

Gartner's Gill highlights the problems with many edge devices running insecure software platforms that are unpatched against known exploits, citing the ease with which CCTV cameras were hijacked by Mirai malware as just one example. "There are a lot of devices out there that have pretty marginal security, and if what we're talking about is building a critical application that relies on thousands or even millions of devices, we've got to ensure some kind of end-to-end security all the way back into the core," he says. "This brings up fascinating questions when dealing with edge device manufacturers about 'How do we gauge the extent to which their security meets our enterprise security? How do we gauge how it fits in with our overall identity and access management scheme?'," Gill adds. Eric van Hensbergen, who leads the software and large-scale systems research at chip designer Arm, says: "Historically at the extreme edge there's tonnes of gadgets that you buy that are a couple of bucks and the companies that are making these don't put an investment into security."

Bill Gates Says This Type of AI Will Be Worth “10 Microsofts”

Image Source: Getty Images.
"Machine learning drives our algorithms for demand forecasting, product search ranking, product and deals recommendations, merchandising placements, fraud detection, translations, and much more. Though less visible, much of the impact of machine learning will be of this type - quietly but meaningfully improving core operations." With Amazon's success, other retailers have been forced to up their games as well. Walmart Chief Data Officer Bill Groves mentioned at a tech conference last month how his company uses NVIDIA hardware and machine learning for product forecasting, supply chain management, and understanding consumer behavior, "So when the customer comes in the product they want is sitting on the shelf." A great non-retail example of the power of machine learning is Facebook, which uses it to determine what goes in your news feed and what advertisements you might respond to. Facebook benefits tremendously from the network effect, which makes a service more valuable as the number of users grows. And this company has one of the largest caches of consumer data in the world.

How to Prepare for Data Breach Notifications under GDPR

The GDPR rulebook notably does not list technological requirements for entities covered by the law, nor does it make recommendations in this respect. However, it does imply that some technical measures must be adopted to comply with some of its requirements. Chief among those is the requirement to record relevant information for post-breach analysis: “In order to comply with their obligations under the Article 5(2) principle of accountability as well as the requirement to record relevant information under Article 33(5), controllers should be able to demonstrate to the DPC when and how they became aware of a personal data breach. The DPC recommends that controllers, as part of their internal breach procedures, have a system in place for recording how and when they become aware of personal data breaches and how they assessed the potential risk posed by the breach,” the guide clarifies. One way entities covered by the GDPR can fill this gap is to invest in solutions based on Network Traffic Analytics (NTA).

Security tokens aren’t yet worth the hype

One of the major undercurrents propelling interest in STOs and ICOs has been poor returns in traditional asset classes, like equities and bonds, since the global financial recession of 2008. The cost of issuance has also increased, particularly in the U.S. with post-financial-crisis regulations. Throw in capital flight from countries such as China and Venezuela, and you have many investors hungry for alternative avenues where they can earn better returns. Proponents suggest that security tokens are cheaper than traditional financing models because they can raise funds directly from investors, cutting out expensive middlemen. Since the tokens are automated through coded programs, there is no need for middle-office staff to manage contracts. Security tokens also have a liquidity advantage, as the barriers for buyers to participate in the market are lower. With more buyers, assets are more likely to sell at a fair price. Comparatively, many financial instruments today suffer from low liquidity because they are limited by geography or siloed markets.

'Silence' Gang Ramps Up Bank Assaults

The criminal group has now become "one of the most sophisticated threat actors targeting the financial sector not only in Russia, but also in Latin America, Europe, Africa and especially Asia," Mirkasymov adds. Silence has launched at least 16 new campaigns against banks over the last 12 months, according to Group-IB's threat intelligence team. Those have included campaigns in India, Russia, Kyrgysztan, Costa Rica, Bulgaria, Chile and Ghana. It also was behind a $3 million attack on Dutch-Bangla Bank in May, allegedly using so-called "money mules" to withdraw money from ATM's infected with Silence's malware. Group-IB researchers have seen Silence's communication and control servers communicating with unidentified IPs in the United States and Canada, he notes. But they haven't yet detected a successful Silence attack in either country. "It does not mean, however, that Silence will never try their hand attacking organizations in North America at some point," he says. "They are growing rapidly, and in just one year have significantly increased the geographical scope of their attacks."

Huawei unleashes AI chip, touting more compute power than competitors

The launch comes almost a year after Huawei first announced last October plans to release a full suite of AI products including chips, development toolkit, and cloud services. It added that this portfolio would be further expanded later to encompass an AI acceleration card, AI appliance, and AI server. Speaking at the official launch Friday, Huawei's rotating chairman Eric Xu said: "Everything is moving forward according to plan, from R&D to product launch. We promised a full-stack, all-scenario AI portfolio and today we delivered, with the release of Ascend 910 and MindSpore. This also marks a new stage in Huawei's AI strategy." According to Xu, MindSpore would be released to the open source community in the first quarter of 2020 as part of efforts to drive the adoption of AI.  With the launch, Huawei appears to suggest it is business-as-usual amidst ongoing trade tensions between its Chinese government and the US.  Xu said its business had been less impacted by the trade restrictions than originally thought and it was "fully prepared" to work with US sanctions.

UK cybersecurity agency warns devs to drop Python 2 due to looming EOL & security risks

pythonThe UK National Cyber Security Centre (NCSC) cited security risks and possible code breakage in existing apps as the primary reasons. "If you're still using 2.x, it's time to port your code to Python 3," the NCSC said. "If you continue to use unsupported modules, you are risking the security of your organisation and data, as vulnerabilities will sooner or later appear which nobody is fixing." "If you maintain a library that other developers depend on, you may be preventing them from updating to 3," the agency added. "By holding other developers back, you are indirectly and likely unintentionally increasing the security risks of others." The agency is urging companies and developers alike to migrate their code to the newer Python version. The NCSC's blog post includes a summary of Python 3's most attractive features, but also a list of tools that can help developers with the migration, such as Can I Use Python 3, 2to3, Six, and others. "If migrating your code base to Python 3 is not possible, another option is to pay a commercial company to support Python 2 for you," the NCSC said.

Quote for the day:

"If you don't demonstrate leadership character, your skills and your results will be discounted, if not dismissed." -- Mark Miller

No comments:

Post a Comment