Daily Tech Digest - June 16, 2020

Gamaredon Group Using Fresh Tools to Target Outlook

In the analysis of the new tools that Gamaredon is now deploying, ESET researchers found that the hacking group is able to now compromise Outlook using a custom Visual Basic for Applications - VBA - project file that contains malicious macros. While using malicious macros to compromise Outlook is not unusual, Gamaeredon's use of VBA is different, says Jean-Ian Boutin, head of threat research at ESET. "What stands out in this one is the fact that they used some novel tools," Boutin tells Information Security Media Group. "The Outlook VBA project used to send emails from the compromised inbox to contacts in the address book is something we've never seen before. The macro injection module is quite interesting too. All in all, they've shown a creativity we've not seen from them in the past." The attack starts when a targeted device is first compromised with a phishing email that contains a malicious Word or Excel attachment. It's these attachments that contain a Virtual Basic script that will stop the Outlook process and disable security tools, including those designed to protect the VBA project function, according to the report.

How voice tech could shape the post-pandemic workplace

Though voice-based digital assistants such as Amazon Alexa or Google Home have often been seen as home-based, Amazon has been pushing Alexa into the corporate world with Alexa for Business in the U.S., offering integrations that use voice commands for tasks such as managing meetings, controlling conference room devices and even setting the room temperature. Pre-pandemic, many businesses may have seen those capabilities as “nice to have” features, according to the 451 Research report. But if social distancing measures remain in place long-term, these integrations could become critical for any company wanting to bring employees back into a physical office space. “Beyond the idea that [a company could] bring in a third of the workforce for month one, and then bring in another batch of the workforce, or rotate the workforce, I don't think people have started to look at the different contact points of, say, the furniture or how employees will be engaging with the built environment,” Mullen said, adding that it’s likely the business handshake is now a thing of the past.

DevSecOps vs. Agile Development: Putting Security at the Heart of Program Development

The difference between DevSecOps and agile development methodologies can be understood in reference to one aspect of software development: security. When, where and who implements security in software development varies between the two approaches. Agile development methodologies focus on iterative development cycles, in which feedback is continuously reintegrated into ongoing software development. However, even in mature agile development processes, security is still often added to software as an afterthought. This should not be read as blaming software developers for often underestimating the potential harm from malware or overlooking the importance of cybersecurity.  Rather, in many firms, it is simply not the responsibility of developers to think about the security implications of their code, because software will be passed to the security team before release. DevSecOps takes security and puts it on the same level as continuous integration and delivery.

Six Former eBay Employees Charged with Aggressive Cyberstalking Campaign

According to the charging documents, the victims of the cyberstalking campaign were a Natick couple who are the editor and publisher of an online newsletter that covers ecommerce companies, including eBay, a multinational ecommerce business that offers platforms for consumer-to-consumer and business-to-consumer transactions. Members of the executive leadership team at eBay followed the newsletter’s posts, often taking issue with its content and the anonymous comments underneath the editor’s stories. It is alleged that in August 2019, after the newsletter published an article about litigation involving eBay, two members of eBay’s executive leadership team sent or forwarded text messages suggesting that it was time to “take down” the newsletter’s editor. In response, Baugh, Harville, Popp, Gilbert, Zea, Stockwell, and others allegedly executed a three-part harassment campaign. Among other things, several of the defendants ordered anonymous and disturbing deliveries to the victims’ home, including a preserved fetal pig, a bloody pig Halloween mask, a funeral wreath...

Ripple20 vulnerabilities will haunt the IoT landscape for years to come

These vulnerabilities -- collectively referred to as Ripple20 -- impact a small library developed by Cincinnati-based software company Treck. The library, believed to have been first released in 1997, implements a lightweight TCP/IP stack. Companies have been using this library for decades to allow their devices or software to connect to the internet via TCP/IP connections. Since September 2019, researchers from JSOF, a small boutique cyber consultancy firm located in Jerusalem, Israel, have been looking at Treck's TCP/IP stack, due to its broad footprint across the industrial, healthcare, and smart device market. Their work unearthed serious vulnerabilities, and the JSOF team has been working with CERT (computer emergency response teams) in different countries to coordinate the vulnerability disclosure and patching process. In an interview with ZDNet last week, JSOF said this operation involved a lot of work and different steps, such as getting Treck on board, making sure Treck has patches on time, and then finding all the vulnerable equipment and reaching out to each of the impacted vendors.

First Four Finnish GDPR Fines Set A New Tone For Data Protection Supervision

Controllers have been relying on a certain legal certainty and status quo expectations in their data processing practices, as well as in their attempts in fending off unexpected supervision measures after the enactment of the GDPR. In general, businesses have been surprised by the lack of active guidance from the data protection authorities. In the Transparency Case, the controller had referred to demonstrated compliance under previous Finnish data protection legislation. The company also contended that since the Ombudsman had looked into the company's processing activities in 2017 without any further action until 2020, the company should have been able to trust the lawfulness of its conduct. However, these arguments were not accepted by the Collegial Body and the decision stressed that it was for the controller to monitor and assess compliance with new requirements pursuant to the GDPR. 

This project is using fitness trackers and AI to monitor workers' lockdown stress

The pilot scheme at PwC came about following discussions between Cameron and associates at IHP Analytics, a boutique analytics firm that specializes in human performance in elite sports. The firm, which has worked alongside professionals in Formula 1 racing and Olympic cycling, is aiding the development of the underlying platform, which it eventually hopes to offer to external clients. "One of the areas, even before COVID, that we knew was developing fast was a deeper understanding of human performance and human wellness," Cameron says. "We want to marry these two together to do something positive for our people." Vicki Broadhurst, a senior manager at PwC, volunteered for the trial in order to help her understand how her physical activity linked to her cognitive performance and how she felt. She tells TechRepublic that her participation in the trial stemmed from her own interest in the role of artificial intelligence in psychometric testing, as well as wanting to remain active during lockdown. "I wanted to take part in something that would challenge me to be more active whilst I was at home all the time, as well as give me targets to work towards," she says.

Q&A on the Book Leveraging Digital Transformation

Now, the digital age has evolved to the 2nd machine age. The machine becomes more powerful with the evolution of computers that see outstanding and evergrowing storage and processing capacity, as well as networking evolution, beyond other aspects. Thanks to the fast increasing power of the computer, a very important domain in computing that was hibernating due to computer limitations back then, suddenly wakes up and thrives on the machine’s newfound power. I am talking about artificial intelligence. Now, not only are computers more powerful, but they can be given a brain with artificial intelligence, therefore becoming smart. As a result, the intelligent computer can take over many of the jobs that humans used to do. This is the 2nd machine age, the age when the machine becomes smarter and smarter. The possibilities the 2nd machine age offers are countless because it allows the transforming of every sector, every business, everything, and even us humans. There is no limit because anyone and everyone can innovate and further build on previous innovations. 

Assembling A Top-Notch AI Team

If anything, the roles of the data scientist or the ML engineer are perhaps the first to focus on. They will be essential for the ultimate success of an AI model. “If you are building a team from scratch, pay top dollar to hire a senior ML engineer as an anchor and leader, then surround them with your best internally applicable talent,” said Jocelyn Goldfein, who is a managing director at Zetta Ventures Partners. In terms of recruiting the technical talent, you need to be expansive. Look to your own network, say with LinkedIn. Get to know new graduates who have advance degrees, even those that are not just for computer science. “Traditional data scientist backgrounds–statistics, math, computer science–are more commonly being augmented with engineers, physicists, economists, psychologists, and so on,” said Justin Silver, who is a data scientist manager and AI strategist at PROS. “Recruiting from a pool of candidates with varying technical backgrounds can yield an AI team comprised of a wide, rich set of perspectives for solving problems. This technical diversity also makes collaboration more interesting and fun and encourages team members to effectively communicate their ideas

How will technology change investment landscape going forward?

Large banks understand what’s coming, but it’s difficult to act. “So somebody makes a presentation to the bank board saying, ‘Hey, we should do this.’ And the board members say, ‘Well, you’re saying we should spend all this money to basically cannibalize our business and make a lot less money?’ That’s a really tough sell.” There will also be a shakeout in asset management, Harvey says, where having access to better data and the ability to interpret that data will be a key competitive edge. Pension funds that use external managers should be asking questions about how many full-time equivalents those managers have on machine-learning teams. “And that answer better be more than one,” he says. “And if it’s zero, that’s potentially enough to walk away.” But while fintech will be disruptive, it will also have very positive outcomes like reducing costs, which is the easiest way to create alpha, Harvey says. Indeed, the reduction of costs generates positive alpha. “It’s often the case [that] you work really hard, you’ve got some forecasts, you’re able to do better than your benchmark, but that is just eaten up with cost. So it looks like you just meet the benchmark or maybe even underperform.”

Quote for the day:

''A good plan executed today is better than a perfect plan executed tomorrow.'' -- General George Patton

No comments:

Post a Comment