Daily Tech Digest - November 26, 2019

Exploit kits, or EKs, are web-based applications hosted by cyber-criminals. EK operators usually buy web traffic from malvertising campaigns or botnet operators. Traffic from malicious ads or hacked websites is sent to an EK's so-called "gate" where the EK operator selects only users with specific browsers or Adobe Flash versions and redirects these possible targets to a "landing page." Here is where the EK runs an exploit -- hence the name exploit kit -- and uses a browser or Flash vulnerability to plant and execute malware on a user's computer. But in a report released last week, Malwarebytes researchers say EK operators are changing their tactics. Instead of relying on dropping malware on disk and then executing the malware, at least three of the nine currently active EKs are now using fileless attacks. A fileless attack relies on loading the malicious code inside the computer's RAM, without leaving any traces on disk. Fileless malware has been around for more than half a decade, but this is the first time EKs are broadly adopting the technique.

Samsung adds two modems to help enable wider 5G rollout

"Samsung has tapped its leadership in semiconductor and network technology–and combined it with its expertise in 5G research and development–to introduce one of the industry's first SoC 5G New Radio modems: the S8600 and S9100," Johnston wrote. ASICs based System-on-a-Chip (SoC) product designs have become popular because they are more power efficient and have increased operating frequency capabilities, addressing the high-volume, mass production requirements that the industry is now demanding. "These new modems support two architectural options for operators. The S8600 powers Samsung's Digital Unit in separated radio-digital configurations for both 4G and 5G, while the S9100 powers Samsung's 5G integrated Access Unit," he added in his blog post about the new modems. Johnston added that most companies are opting for more power-conscious circuits that are permanent and application-specific, as opposed to circuitry that needs to be programmed or reconfigured. The new Samsung tools will help support 5G networks that are easier to enable, smaller in size and more efficient in how they use power, he said.

The Impact of Cloud Computing on the Insurance Industry

the cloud computing in insurance
Companies that use cloud systems greatly reduce the cost of purchasing hardware and software, thanks to on-demand and pay-per-use optics. They no longer have to buy local servers and data centers, which require specialized personnel to manage and maintain, and which take up physical space and consume electricity 24 hours a day, 7 days a week. And, since most services are provided on-demand, you can have access to abundant computing resources quickly, easily, and with the flexibility your business needs, and without an expensive hardware or software investment. All of this is in favor of optimizing performance and internal processes, also because, by hosting platforms, software, and databases remotely, you’re able to free up memory and computing power on individual machines within the organization. Optimization and efficiency also apply to the production of documents, such as policies, forms, and contracts of various kinds.

T-Mobile data breach affects more than 1 million customers

Few details of the breach have been made public, other than the fact that it was a cyber attack and that approximately 1.5% of T-Mobile’s 75 million customers were affected – about 1.1 million. T-Mobile added that the suspicious activity was initially spotted at the beginning of November, with criminal hackers accessing the information of prepaid wireless account holders. Although the organisation promptly reported the incident to the authorities, it has waited until now to inform customers and the public – presumably to ensure it had all the facts straight. There are few things worse than announcing the details of a data breach only to later find that things are much worse than you initially thought. This happens all too often, with organisations facing an initial backlash, then adding fuel to the fire with more bad news. Because the breach occurred in the US rather than the EU, it isn’t subject to the GDPR (General Data Protection Regulation), which would have required T-Mobile to inform customers within 72 hours of learning about it.

Why the IT4IT™ Standard is Key to Driving Business Value for CIOs

The IT4IT standard provides the CIO with a holistic overview on what his organization is doing well, what needs improvement, as well as highlighting how to improve upon the gaps across the business. Three use cases that support transformation that the IT4IT standard helps accelerate are re-architecting to co-create strategy with the business; rationalizing the application portfolio to reduce waste and free up funds for innovation programs; and driving automation by analysizing and selecting integration points for automation to improve the quality and speed of product and service delivery. The pressure to continually innovate and adopt the most effective solutions is likely to remain in today’s business landscape. But in order to create real value, today’s CIO must not only focus on innovation but on empowering the IT system to work as a competitive driver. They must think holistically and prioritize the management of IT processes to meet the demands of customers, increased competition as well as a changing business climate.

Adoption of Cloud-Native Architecture, Part 1: Architecture Evolution and Maturity

Software design practices like DDD and EIP have been available since 2003 or so and some teams then had been developing applications as modular services, but traditional infrastructure like heavyweight J2EE application servers for Java applications and IIS for .NET applications didn't help with modular deployments. With the emergence of cloud hosting and especially PaaS offerings like Heroku and Cloud Foundry, the developer community had everything it needed for true modular deployment and scalable business apps. This gave rise to the microservices evolution. Microservices offered the possibility of fine-grained, reusable functional and non-functional services. Microservices became more popular in 2013 - 2014. They are powerful, and enable smaller teams to own the full-cycle development of specific business and technical capabilities. Developers can deploy or upgrade code at any time without adversely impacting the other parts of the systems.

Why your CEO’s personal risk taking matters

People expect CEOs to be risk takers, which makes sense given the nature of the job. That belief may be why corporate boards have been relatively forgiving of the kind of eccentric, grandiose, and sometimes dangerous behavior that the media laps up — and that the public and investors question when it is exposed. After all, it matches the “risk seeker” stereotype. But the #MeToo movement and the occasionally egregious behavior of bubble-economy CEOs suggests that times are changing. Boards and shareholders want to be confident not only that CEOs are comfortable taking business risks, but that they have good judgment about which risks to pursue and when to take a pass. “CEOs meaningfully outscore other executives in embracing risk, while still scoring within an optimal range,” the executive search firm Russell Reynolds concluded in a 2016 study based on an analysis (pdf) of psychometric profiles of more than 6,000 CEOs. The best-in-class CEOs also score high on judgment and low on self-promotion; they project a collected demeanor.

The top technologies that enabled digital transformation this decade

Forrester recently said that enterprises across the world are increasingly turning to automation for a variety of tasks that used to be handled by humans. This is changing the workforce on a fundamental level, prompting fears in the next decade of mass job losses. But the field is also making enterprises better in a variety of concrete ways. Dangerous, time-consuming jobs at factories are increasingly being done by an army of robots, keeping people away from positions that have historically been damaging to their health. This has even bled into other fields like customer service, where many companies now use automated systems to respond to basic questions and complaints from consumers. Part of what's spurring the increase in automation is the advancement of artificial intelligence (AI), which is equipping robots and machines with a wider set of capabilities. Enterprises are using AI for everything from security to human resources, allowing computers to handle tasks that have become costly or redundant. While fears of automation and AI are very real, recent studies have shown that people actually like the introduction of automation and are generally happy computers or robots can handle menial tasks.

State police: We've been testing Spot robot dogs for use in dangerous situations

As per the agreement, MSP's bomb squad wanted to evaluate Spot in "law-enforcement applications, particularly remote inspection of potentially dangerous environments which may contain suspects and ordinances". The loan of Spot was uncovered by the American Civil Liberties Union (ACLU) of Massachusetts, which filed a public records request shortly after discovering a Facebook post by the Massachusetts State Police about an event on July 30 where it would explore the use of robotics in law-enforcement operations. An MSP spokesperson told WBUR that Spot was used as a "mobile remote observation device" that provided police with images of suspicious devices or potentially dangerous situations, such as where an armed suspect might be hiding. "Robot technology is a valuable tool for law enforcement because of its ability to provide situational awareness of potentially dangerous environments," state police spokesman David Procopio wrote. Spot has a 360-degree camera, crash protection, and can work tough environments. It has a top speed of 3mph and can carry a payload of 14kg, or 31lb.

Looking into an intelligent cloud future

Looking into an intelligent cloud future
Self-balancing deployment models. Now we have public clouds, private clouds, traditional on-premises systems, edge-based computing, and more, and all these platforms can run systems and store data. The platforms will have many more capabilities in 10 years, and thus the core question becomes, What do you run, where? Hopefully, we’ll have self-migrating and self-balancing workloads figured out by next decade. Core enabling technology will determine where workloads and data sets should reside and move them there using automated back-end systems. This means that when you deploy an application workload on any type of system, the workload will understand what resources are available to it and self-migrate to the most optimal available platform. Criteria for the platform of choice will include lowest costs, fastest performance, and location closest to the application and data consumers. Punitive security automation. Hackers are getting more creative about how they attack systems in the public clouds. Right now, public cloud security is better than traditional system security, so hackers still focus on traditional systems as easy prey.

Quote for the day:

"Education makes people difficult to drive, but easy to lead; impossible to enslave, but easy to govern." -- Lorn Brougham

No comments:

Post a Comment