Daily Tech Digest - July 02, 2020

Israel Finally Readying a Fintech ‘Regulatory Sandbox’

A draft of the law calls for the sandbox, formally called an Experimental Environment, to be operated by a committee comprising officials from the Bank of Israel’s banks supervision division, the Capital Markets, Savings and Insurance Authority, the Israel Securities Authority and the Anti-Money Laundering Authority. It will have the authority to create a “regulatory playground” of up to two years, with the option of extending it for a second two years. The sandbox will offer two tracks to participating companies – a licensing track for firms that need approvals from one or more regulators and an escort track for all others. Companies in the licensing track will be able to apply to regulators to awards them adjusted or less stringent regulations for a limited period of time. One example of a less stringent rule would be to drop the requirement for a minimum number of clients. Firms in the escort track will benefit mainly from easier terms for meeting anti-money laundering rules. Finance Ministry officials said they hope this will lower the risk startups assume vis-a-vis the law and enable the Bank of Israel to ensure they get access to banking services.

The importance of 5G, AI and embracing new technologies in a post-Covid world

AI remains an ever-developing technology where the potential is still being realised with smart factories, smart farms and smart cities soon to become the norm in the coming years. A smooth transition to an AI-enhanced workplace will involve frontline staff to identify those tasks best suited to automation, empowering them to contribute to making a difference in their business. AI-powered machines will be able to interpret the real world in the same context as we can. One such application will be to help autonomous vehicles navigate poor road and weather conditions, which will make a potentially huge difference to road safety. AI will allow businesses to boost productivity, increase agility and flexibility, spur innovation and be the root of digital transformation. AI is not just about robots, computing and smart factories, it’s also about real applications in people’s everyday lives. For example, Huawei has developed StorySign, a mobile application to help deaf children learn to read in a fun and engaging way. It is a global initiative and in Ireland, the company worked with the Irish Deaf Society to help develop it for the Irish market because technology should be used to encourage digital inclusion for all.

Vulnerable drivers can enable crippling attacks against ATMs and POS systems

As part of their research project, the Eclypsium researchers found a vulnerability in a driver used in an ATM model from Diebold Nixdorf, one of the largest manufacturers of devices for the banking and retail sectors. The driver enables applications to access the various x86 I/O ports of such a system. ATMs are essentially computers with specialized peripherals like the card reader, PIN pad, network interfaces or the cash cassettes that are connected through various communication ports. By gaining access to the I/O ports through the vulnerable driver, an attacker can potentially read data exchanged between the ATM's central computer and the PCI-connected devices. Moreover, this driver can be used to update the BIOS, the low-level firmware of a computer that starts before the operating system and initializes the hardware components. By exploiting this functionality, an attacker could deploy a BIOS rootkit that would survive OS reinstallations, leading to a highly persistent attack. To the researchers' knowledge, the vulnerability hasn't been exploited in any real-world attack, but based on their discussions with Diebold, they believe the same driver is used in other ATM models as well as POS systems.

Lessons from COVID-19 Cyberattacks: Where Do We Go Next?

One thing that's interesting to note is that we haven't seen a lot of shift in terms of innovative or novel techniques and tricks. While approaches have certainly been sophisticated, bad actors have tended to rely on old standards (such as social engineering and ransomware). That's because if the old tricks still work, they aren't likely to change tactics until they see their success rate dropping. Cybercriminals are leveraging well-known advanced attack techniques and layers of obfuscation — which means they have a decent likelihood of breaking into networks and should be treated accordingly. Again, it all goes back to the heightened sense of fear and anxiety that the pandemic has ushered in. Bad actors are all too aware that when people's guards are down, they may not be practicing best-in-class cyber hygiene. The importance of due diligence cannot be stressed enough. Some might argue that too much caution can be counterproductive, but it's certainly less counterproductive than having your entire company shut down because someone didn't double and triple check before clicking that file.

Android security: This fake message about a missed delivery leads to data-stealing malware

The fake applications are built using WebView and designed to look like the real thing. After the application is downloaded – which requires the user to allow installation from unknown sources - the fake page will redirect to the legitimate website in an effort to help stop the victim being suspicious about what they've just downloaded. The malware also asks for a number of permissions it requires to operate – but given so many legitimate applications ask for extensive use of the device anyway, the victim is unlikely to give it a second thought. Once installed, FakeSpy can monitor the device to steal various forms of information, including name, phone number, contacts, bank and cryptocurrency wallet details, as well as monitoring text messages and app usage. FakeSpy also exploits the infection to spread itself, sending the postal-themed phishing message to all victim's contacts, indicating this isn't a targeted campaign, a financially driven cyber-criminal operation looking to spread as far and wide as possible with the aim of making as much money as possible from stolen bank information and other personal credentials.

How Edge Computing and 5G Work Together

Ericsson’s Head of Marketing and Communications for Networks, Cecilia Atterwall, says that 5G will unleash new ways of solving problems. She also adds that “it’s a combination of devices, content, 5G access networks, edge computing and high-performance distributed 5G core capabilities that make these innovations possible.” It’s not an understatement to say that everyone relies on edge computing in one way or another, if not already, then at least in the near future and going forward. However, it’s definitely grown to be an absolute necessity for many key industries and even autonomous vehicles. For example, edge computing is utilized for industrial manufacturing purposes, within smart cities, AI, and even self-driving cars. The reason behind its use and importance boils down to its ability to assist IoT devices in low-bandwidth environments, ensuring that data is processed as quickly as possible. Reducing network latency is especially crucial when it comes to the computing processes behind the successful operation of self-driving cars. For example, Tesla cars are equipped with computers that process the data obtained by the vehicle’s sensors — allowing for this technology to function on a split-second basis.

Why is Site Reliability Engineering Important?

“The term SRE surely has been introduced by Google, but directly or indirectly several companies have been doing stuff related to SRE for a long time, though I must say that Google gave it a new direction after coining the term ‘SRE.’ I have a clear view on SRE as I believe it walks hand-in-hand with DevOps. All your infrastructure, operations, monitoring, performance, scalability and reliability factors are accounted for in a nice, lean and automated system (preferably); however this is not enough. Culture is an important aspect driving the SRE aspects, along with business needs. As the norm ‘to each, his own’ goes, SRE is no different. It is easy to get inspired from pioneer companies, but it’s impossible to copy their culture and means to replicate the success, especially with your ‘anti-patterns’ and ‘traditional’ remedial baggage. Do you have similar infrastructure and business needs as the company showcasing brilliant success with SRE? No. Can it help you? Absolutely. The key factor here is to recognize what is important to your success blueprint after understanding the fundamentals of it and find your own success factors considering your cultural needs. Your strategy and culture need to walk together, just like your guiding (strategy) and driving (culture) factors.”

IT Career Paths You May Not Have Considered

Data analytics, DevOps, artificial intelligence and intelligent automation are just a few of the other possibilities. "You don't need to leave IT to leave IT," said Rials. "AI is a path I'd recommend for seasoned IT professionals. I think more people are on the green side and they're struggling versus a seasoned IT professional who can offer some insights." Cloud vendors are constantly innovating, so whatever skills you have now are probably very narrow compared to tomorrow's possibilities. In addition to IaaS-related roles, there are many other options including cloud-first application development (platform as a service), AI and machine learning, autonomous systems, robotics, cloud security, serverless architectures, cloud migration, and cloud engineering. Cloud is also a great launching pad for a new venture if you're so inclined. You can run, but you can't hide. Business and technology have become so interdependent that no matter how far you move away from IT, it will always find you. Of course, that's not to say you can't change your role. ... "I've seen people who said, 'I want to leave IT, I'm done,' and even though they may have become a project manager or the manager of another department, everyone knows they're still the technology expert, which is not a bad thing."

Cisco bumps up ISR/ASR router performance and capacity

The new ASR ESP-X module features the third generation of Cisco’s Quantum Flow processor, a Layer 3 forwarding ASIC. The ESP-X provides customers more than 265 Gbps of IPv4 and IPv6 throughput, along with IPSec that is more than 2X better performing than previous generations of the processor, according to Vitalone. Cisco ASR 1000s typically reside at the WAN edge of an enterprise data center or large office, as well as in service provider Points of Presence (POPs). The routers use the ESPs to aggregate multiple traffic flows and network services, including encryption and traffic management, and forward them across WAN connections at line speeds. The ESP-aX can reach more than 2X better scale compared to previous generations for classic network address translation (NAT), carrier-grade NAT and zone based firewall, an important capability for edge locations that experience bandwidth demands in great bursts or waves, Vitalone said. Cisco also introduced the 1100 Terminal Services Gateway, a secure remote console for customers needing Out of Band Management tools. Like the ASR devices, the 1100 runs Cisco’s IOS XE software and lets customers securely manage a variety of networking, compute, internet of things (IoT), and other devices.

How Outsourcing Practices Are Changing in 2020: An Industry Insight

Co-sourcing is an approach where companies hire an external team that acts as their internal team and the two parties work in collaboration. Both the internal and external teams work together, side-by-side to create value. Together, they share the risks, face issues, and come up with quick solutions. Motivating both the parties, co-sourcing will help improve the IT outcome achieved from outsourcing. This approach vests their interests in co-creating new values to gain a competitive edge. Even during unrest, they can easily go through their contract and ensure that the work is not hampered. Their interests will be focused on the outcome of the collaboration and not in either completing the task for the client or just delegating a task for completion. The IT sector is erupting with new advanced digital products created by two organizations coming together from different parts of the globe. They can delegate the development of their most important IT projects, enterprise architecture, or other core competencies to the external team while keeping the management at their end. More focus is on delivering a product that delivers profits for both parties.

Quote for the day:

"Leadership does not always wear the harness of compromise." -- Woodrow Wilson

No comments:

Post a Comment