Daily Tech Digest - February 08, 2020

Cultural Transformation Is Needed Before Traditional Banks Can Go Digital

Traditional banks and other financial institutions need to go through a cultural transformation before they can successfully undergo a digital transformation, according to the chief technology advocate at Starling Bank, whose statements came during a recent panel discussion. The recent debate, which was an initiative supported by widely-used messaging service Slack, was held on February 6 in London. It covered several 21st century developments including ongoing digital transformation efforts, the future of work and jobs, and how professionals will communicate and work cooperatively on projects. Slack’s panel included commentary from Stuart Templeton, head of Slack’s UK division, Jason Maude, chief technology advocate at Starling Bank, Flora Coleman, head of government relations at TransferWise, ... While speaking about recent digital transformation efforts, Maude noted that he thinks it might be possible for traditional financial institutions to adapt to change, however, it would definitely be challenging for them to do so.

Cybersecurity Priorities Are A Matter Of Perspective

A new report sponsored by Authentic8 reveals some concerning cybersecurity insights.
Cybersecurity and compliance are crucial for organizations—but they are also challenging. The threat landscape is constantly growing and shifting, making it difficult to stay one step ahead of attackers and adequately defend networks and data. A survey of cybersecurity professionals at Black Hat USA 2019 in August of last year found that 65% believe their organization will have to respond to at least one major cybersecurity breach in the next year. Addressing cyber threats and compliance mandates is even harder if the effort is not coordinated. The report from Real Time Research Reports, sponsored by Authentic8, examines survey results from 163 senior level compliance, legal, and IT managers from financial services companies or law firms with clients in the financial industry. Among the organizations that took part in the survey, it seems that these three teams each view both the issues of cybersecurity and compliance and how to address them through their own skewed lens. In other words, every problem is a “nail” that only their particular “hammer” can solve.

Ransomware installs Gigabyte driver to kill antivirus products

Gigabyte's fault resides in its unprofessional manner in which it dealt with the vulnerability report for the affected driver. Instead of acknowledging the issue and releasing a patch, Gigabyte claimed its products were not affected. The company's downright refusal to recognize the vulnerability led the researchers who found the bug to publish public details about this bug, along with proof-of-concept code to reproduce the vulnerability. This public proof-of-concept code gave attackers a roadmap to exploiting the Gigabyte driver. When public pressure was put on the company to fix the driver, Gigabyte instead chose to discontinue it, rather than releasing a patch. But even if Gigabyte had released a patch, attackers could have simply used an older and still vulnerable version of the driver. In this case, the driver's signing certificate should have been revoked, so it wouldn't be possible to load the driver's older versions either. "Verisign, whose code signing mechanism was used to digitally sign the driver, has not revoked the signing certificate, so the Authenticode signature remains valid,"

A new money-laundering rule is forcing crypto exchanges to scramble

A person holding a smartphone with a cryptocurrency trading app open. A laptop sits on the desk in the background.
Critics have argued that the new rule is onerous because it calls on the industry to build a completely new technical infrastructure for sharing information. Because of the pseudonymous nature of cryptocurrency, it’s not necessarily obvious to exchanges, for instance, when a customer is sending money to another exchange. All they can see is a string of letters and numbers, so the sender could just as well be transferring money to another wallet the same person controls. Now exchanges will somehow have to identify themselves. Others have argued that the rule will drive would-be money launderers to use services and tools that are harder to police. Nonetheless, the industry has been left with no choice but to come up with something like the SWIFT network, but for crypto. And they’ve got to come up with something fast; FATF plans to review its progress in June. According to a new, detailed look inside the process by CoinDesk, thorny questions remain about how exactly exchanges should transmit information to each other. Should that process use a blockchain, or rely on a more traditional, centralized design?

White House reportedly aims to double AI research budget to $2B

Artificial Intelligence Learning
Simply doubling the budget isn’t a magic bullet to take the lead, if anyone can be said to have it, but deploying AI to new fields is not without cost and an increase in grants and other direct funding will almost certainly enable the technology to be applied more widely. Machine learning has proven to be useful for a huge variety of purposes and for many researchers and labs is a natural next step — but expertise and processing power cost money. It’s not clear how the funds would be disbursed; It’s possible existing programs like federal Small Business Innovation Research awards could be expanded with this topic in mind, or direct funding to research centers like the National Labs could be increased. Research into quantum computing and related fields is likewise costly. Google’s milestone last fall of achieving “quantum superiority,” or so the claim goes, is only the beginning for the science and neither the hardware nor software involved have much in the way of precedents.

Top Tech for Mobile Banking? GPS.

As the banking industry moves toward fully real-time solutions, with millisecond response times and immediate access to funds, precise time becomes vital. As banks continue to pursue modernization of batch-based, memo-post core solutions – which tended to use the server time for transactional timestamps – those date and time stamps, as well as location stamps, become the most important pieces of data the solutions maintain with a transaction. GPS is globally available, can be checked from anywhere, and is free for everyone to use – including banks and their mobile banking solutions. Cell towers use GPS signals to place phone activity; ATMs and cash registers use GPS data for transactions; and stock exchanges use GPS to regulate the trades that go into stock portfolios and investment funds. GPS technology not only identifies positioning; it can be used to ensure systems all over the world agree on the exact time. When you withdraw cash from an ATM or swipe your card or wearable at a store, the underlying systems need to determine (and agree upon) the exact time that the transaction occurs, for example, to prevent accounts from being overdrawn.

Why 2020 Will Be the Year Artificial Intelligence Stops Being Optional for Security

Cyber defense professionals leverage AI systems.
There has always been tension between the need for better security and the need for higher productivity. The most usable systems are not secure, and the most secure systems are often unusable. Striking the right balance between the two is vital, but achieving this balance is becoming more difficult as attack methods grow more aggressive. AI will likely come into your organization through the evolution of basic security practices. For instance, consider the standard security practice of authenticating employee and customer identities. As cybercriminals get better at spoofing users, stealing passwords and so on, organizations will be more incentivized to embrace advanced authentication technologies, such as AI-based facial recognition, gait recognition, voice recognition, keystroke dynamics and other biometrics. The 2019 Verizon Data Breach Investigations Report found that 81 percent of hacking-related breaches involved weak or stolen passwords. To counteract these attacks, sophisticated AI-based tools that enhance authentication can be leveraged.

Academics steal data from air-gapped systems using screen brightness variations

The method relies on making small tweaks to an LCD screen's brightness settings. The tweaks are imperceptible to the human eye, but can be detected and extracted from video feeds using algorithmical methods. This article describes this innovative new method of stealing data, but readers should be aware from the start that this attack is not something that regular users should worry about, and are highly unlikely to ever encounter it. Named BRIGHTNESS, the attack was designed for air-gapped setups -- where computers are kept on a separate network with no internet access. Air-gapped computers are often found in government systems that store top-secret documents or enterprise networks dedicated to storing non-public proprietary information. Creative hackers might find a way to infect these systems -- such as using an infected USB thumb drive that's plugged into these systems -- but getting data out of air-gapped networks is the harder part. This is where a team of academics at the Ben-Gurion University of the Negev in Israel have specialized themselves.

5 Mistakes Startups Make And How To Avoid Them

Mistakes for startups to avoid.
The most common mistake founders make when starting out is hiring people just like themselves. The danger in this unconscious bias, Weinstein says, is that without people who challenge the founder’s thinking, companies fail to identify new opportunities or to spot risks until it’s too late. The most successful startups hire people who bring a diversity of ideas, backgrounds and (complementary) skillsets, he says. Weinstein also cautions founders against hiring too many people too quickly. “Run lean,” he says. For early-stage technology startups, for example, there tend to be two critical roles: “one person who builds the product and the other who sells it.” ... Startups are notorious for overestimating the demand for their products and not knowing how to bring their big ideas to market. Both de Beco and Weinstein urge B2B startups in particular to document their “paths to profitability,” conducting rigorous analyses that challenge their initial market estimates. That analysis requires a deep understanding of the strengths and weaknesses of competitors and, above all, determining the company’s proprietary advantage in each market segment it’s looking to penetrate.

A new implant for blind people jacks directly into the brain

This was possible thanks to a modified pair of glasses, blacked out and fitted with a tiny camera. The contraption is hooked up to a computer that processes a live video feed, turning it into electronic signals. A cable suspended from the ceiling links the system to a port embedded in the back of Gómez’s skull that is wired to a 100-electrode implant in the visual cortex in the rear of her brain. Using this, Gómez identified ceiling lights, letters, basic shapes printed on paper, and people. She even played a simple Pac-Man–like computer game piped directly into her brain. Four days a week for the duration of the experiment, Gómez was led to a lab by her sighted husband and hooked into the system. Gómez’s first moment of sight, at the end of 2018, was the culmination of decades of research by Eduardo Fernandez, director of neuroengineering at the University of Miguel Hernandez, in Elche, Spain. His goal: to return sight to as many as possible of the 36 million blind people worldwide who wish to see again. Fernandez’s approach is particularly exciting because it bypasses the eye and optical nerves.

Quote for the day:

"Before you are a leader, success is all about growing yourself. When you become a leader, success is all about growing others" -- Jack Welch

No comments:

Post a Comment