Daily Tech Digest - March 04, 2020

A Cyber View Of Smart Cities

No single cybersecurity solution on the market today provides automated remediation, and while options such as SOAR attempt to orchestrate responses, the reality is that most are simple isolation and reactive patching routines. While cyber vendors tout machine learning and AI systems, those efforts are focused on cleaning out noise from incoming information and attempting to find anomalies. None provides any level of remediation that does not require a human to directly run that effort. Not only are these cybersecurity tools not providing automated remediation, but they are also architected in such a way that they disrupt when they make changes and are unable to move into a full remediation capability down the road. For modern cybersecurity, smart cities are a zero-sum game that will never reach the levels of protection that will be required. The final insult is the future wherein AI, already much faster than humans, will be used to attack these already improperly protected smart cities. 

Programming code abstract technology background of software developer and  Computer script
The platform has been tested with private developers and startups in the US and in France, Joubert said. So far, the feedback has been good with two suggested areas of improvement, he said. Testers said they want to see enhanced coverage so the platform can generic more specific unit tests, and they want to see an increase in the number of languages Ponicode is supporting, according to Joubert. "We're trying to make it very smooth and integrated for developers," he said. "It's really, really important that the developer keeps control." Generating unit tests is complex because developers need to first understand the function and what the intention is inside the code. Then they have to generate a test case and then give some values to tell the function what to do, he said. The third task is generating specific values to test properly. "We created an algorithm that trains the AI to generate unit tests," Joubert said. With Ponicode, developers can run their app in VS Code because the platform will understand how it can be tested; choose easily among the suggestions generated by the platform, and increase coverage in a click, without writing a single line of code, he said.

The Missing Piece In Quantum Computing And IoT

white jigsaw puzzle piece on pink background
Using the key principles of quantum computing mentioned earlier, we can create quantum key distribution, the most secure way to encrypt and decrypt information – and thereby send messages securely – that has been developed to date. This is true for several reasons. For one, quantum cryptology such as this utilises a property of quantum physics called entanglement. Maria Korolov explains this process as when ‘two particles become entangled so that they have the same state, and then one of these particles is sent to someone else. When the recipient looks at the particle, it’s guaranteed to be the same state as its twin…the state of the two entangled particles, while identical, is also random.’ As such, entanglement allows you to send an encryption key in the form of two ‘identical, random particles’, which can be used to send messages using symmetric encryption. This method doesn’t require a means of transmission and, as such, it becomes more difficult for information to leak. Encryption is therefore made considerably stronger.

Cryptocurrency Bourses Win India Case Against Central Bank Curbs

A three-judge bench headed by Justice Rohinton F. Nariman agreed with petitions by cryptocurrency exchanges, start ups and industry bodies that had challenged the Reserve Bank of India’s April 2018 decision to ban banks from offering any services to support digital currencies. The court struck down the RBI’s curbs on Wednesday. The ruling is an opportunity for virtual currency investors and businesses in India to push against stricter rules being planned by a skeptical government, and potentially raises hope for projects such as Facebook Inc.’s Libra cryptocurrency. The Supreme Court is separately hearing another case, in which it will decide on regulations for digital currencies, and Wednesday’s judgment weakens the case for strict norms. “Cryptocurrencies are an exciting technology that needs to be carefully studied,” said Vaibhav Kakkar, a partner at law firm L&L Partners. “With this order, there is a likelihood of more mature and balanced regulation of cryptocurrencies and the fintech sector as a whole.”

What is the difference between LoRa and LoRaWAN?

LoRa, or Long Range, is a proprietary, low-power and long-range wireless technology that uses license-free wireless spectrum -- much like Wi-Fi uses the unlicensed 2.4 GHz and 5 GHz frequencies. The exact frequency LoRa uses depends on the physical location of a deployment. For example, LoRa uses the 915 MHz band in North America and the 868 MHz band in Europe. Thus, it's important to know which frequencies can be legally used in each LoRa deployment location. From a range perspective, LoRa can communicate up to 10 km away under optimal, line-of-sight conditions. ... LoRaWAN is an open, cloud-based protocol -- designed and maintained by the LoRa Alliance -- that enables devices to communicate wirelessly with LoRa. Essentially, LoRaWAN takes LoRa wireless technology and adds a networking component to it, while also incorporating node authentication and data encryption for security. From an enterprise IT deployment perspective, LoRaWAN networks are ideal for IoT devices that continuously monitor the status of something and then trigger alerts back to gateways when the monitored data surpasses a specified threshold.

'Malware-free' attacks now most popular tactic amongst cybercriminals

The increasing popularity of malware-free attacks underscored the need for organisations not to rely solely on antivirus tools, said CrowdStrike. The security vendor defined malware-free attacks as those in which files or file fragments are not written to disk. These could be attacks where codes executed from memory or where stolen credentials are tapped to enable remote logins. It added that malware-free attacks typically require various detection techniques to identify and intercept, such as behavioural detection and human threat hunting. The 2020 threat report also saw more incidents of ransomware and ransom demands from cybercriminals who, increasingly, conducted data exfiltration, which enabled them to exploit sensitive data that was proprietary information or potentially embarrassing for victims. In addition, nation-state adversaries last year targeted a range of industries, but were especially interested in the telecommunications sector, which saw increased attack frequency from nations such as China and North Korea, noted CrowdStrike. State actors from China, in particular, were keen to target the industry in a bid to steal intellectual property and competitive intelligence, said the US security vendor.

How IT Leaders Can Attract and Retain the Right Talent

Image: tomertu - stockadobe.com
Beyond looking to recent graduates, consider untapped pools of talent to diversify your workforce. While often overlooked because of “lack of relevant technical experience,” veterans offer skills that could greatly impact your existing teams, including strong leadership, productivity and decision-making capabilities. We can look to companies like Salesforce for inspiration: Its veteran program Vetforce connects the military community with open IT positions. Another pool of talent often left behind are those who have taken time off and want to restart their careers, including parents with new children or those who had to care for a loved one in a time of need. For example, we partnered with Path Forward to offer returnship programs. These programs help professionals with five or more years of work experience, and who have been out of the paid workforce for a minimum of two years, to bridge their transition back into the workforce. We have found excellent, talented employees through this channel. Once you have a candidate in mind, ask the right interview questions to determine their potential fit on your team.

Could Crypto Exchanges, Wallets Be Targetted With Banking Trokans?

Using Remote Access Trojans (RATs), hackers can reportedly bypass security infrastructure on smartphones, enabling cybercriminals to carry out transactions directly from the infected mobile devices. According to the report, hackers are already using banking trojans like Hydra and Gustuff to attack crypto exchanges and wallets. Using Hydra’s screencast capabilities, cybercriminals can remotely monitor real-time activities on the infected mobile devices. Hydra also allows hackers to clone the infected device, providing access to stored financial information. As part of its report, ThreatFabric revealed that rogue actors are using Hydra to hack crypto wallets on platforms like Binance, Bitfinex, and Coinbase among others. With Gustuff, hackers have access to keylogging and browser overlay attack vectors allowing rogue actors to trick victims into entering their financial details on fake websites that closely resemble their real banking or crypto exchange platforms. According to ThreatFabric, Gustuff’s potential target is also currently expanding to include crypto wallets like Electrum, Blockchain.com, and Xapo.

AI for Payment Optimization: Current Practices and Use Cases

AI for Payment Optimization: Current Practices and Use Cases
Fraud detection is a major problem in the financial world as it slows down payment processing. Furthermore, it can be difficult to detect, using standard methods, in accounts with a large number of payments on a daily basis. A good example of how AI is used in fraud detection comes from VISA, one of the largest digital payment processors in the world. They’ve been using AI systems for the last 25 years, which allowed the system to improve and learn as the technology got better. Their artificial intelligence system for payment authorization and fraud detection learns user behavior and understands patterns. So, whenever an activity is not according to a user’s profile, it is being flagged as suspicious. Once a transaction is considered suspicious, VISA’s AI connects with the bank that issued the card letting them know about the situation. From here, the bank will either block the transaction (based on the risk assessment made by VISA) or send a text message asking the account owner to confirm that he/she initiated the transaction. 

Parliament: New cyber security label for smart devices

From robot vacuum cleaners to smart light bulbs, connected devices are poised to surge in popularity.
Announced by Singapore's Senior Minister of State for Communications and Information (MCI) Janil Puthucheary in Parliament on Tuesday (March 2), the initiative aims to address this "growing area of concern". "The scheme will raise consumer awareness of more secure products and aims to encourage manufacturers to adopt additional cyber security safeguards," said Dr Janil during the debate on MCI's budget. To be launched later this year, the scheme will initially be voluntary, administered by the Cyber Security Agency of Singapore. Singapore's labelling scheme will follow the European Union's standard for IoT devices, which spells out the minimum standards for manufacturers, including having no default passwords and ensuring that there are regular software updates over the air without user supervision. Singapore is among the first group of countries to adopt the standard. CSA said that the labels will indicate the security provisions present in the smart devices. More details will be announced later.

Quote for the day:

"Leaders dig into their business to learn painful realities rather than peaceful illusion." -- Orrin Woodward

No comments:

Post a Comment