Daily Tech Digest - September 25, 2020

Polish police shut down hacker super-group 

According to reports in Polish media, the hackers have been under investigation since May 2019, when they sent a first bomb threat to a school in the town of Łęczyca. Investigators said that an individual named Lukasz K. found the hackers on internet forums and hired them to send a bomb threat to the local school, but make the email look like it came from a rival business partner. The man whose identity was spoofed in the email was arrested and spent two days in prison before police figured out what happened. ... Investigators said that when the hackers realized what was happening, they then hacked a Polish mobile operator and generated invoices for thousands of zlotys (the Polish currency) in the name of both the detective and the framed businessman. ... Investigators said that from infected users, the hackers would steal personal details, which they'd use to steal money from banks with weak security. In case some banks had implemented multiple authentication mechanisms, the group would then use the information they stole from infected victims to order fake IDs from the dark web, and then use the IDs to trick mobile operators into transferring the victim's account to a new SIM card.

All the Way from Information Theory to Log Loss in Machine Learning

In 1948, Claude Shannon introduced the information theory in his 55-page-long paper called “A Mathematical Theory of Communication”. The information theory is where we start the discussion that will lead us to the log loss which is a widely-used cost function in machine learning and deep learning models. The goal of the information theory is to efficiently deliver messages from a sender to a receiver. In the digital age, the information is represented by bits, 0 and 1. According to Shannon, one bit of information sent to the recipient means to reduce the uncertainty of the recipient by a factor of two. Thus, information is proportional to the uncertainty reduction. Consider the case of flipping a fair coin. The probability of heads being the side facing up, P(Heads), is 0.5. After you (the recipient) are told that the heads is up, P(Heads) becomes 1. Thus, 1 bit of information is sent to you and the uncertainty is reduced by a factor of two. The amount of information we get is the reduction in uncertainty which is the inverse of the probability of events. The number of bits of information can easily be calculated by taking log (base2) of the reduction in uncertainty.

From adoption to understanding: AI in cyber security beyond Covid-19

Businesses have begun to recognise the promise of AI / ML, and as cyber attacks continue to increase globally, more are adopting these advanced tools to protect themselves. In a survey we conducted among IT decision-makers across the United States and Japan back in 2017, we discovered 74% of businesses in both regions were already using some form of AI or ML to protect their organisations from cyber threats. In our most recent report published this year, we took the pulse of 800 IT professionals with cyber security decision-making power across the US, UK, Japan, Australia and New Zealand. In the process, we discovered that 96% of respondents now use AI/ML tools in their cyber security programs – a significant increase from three years ago! But we weren’t expecting to uncover a pervasive lack of awareness around the benefits of these technologies. Despite the increase in adoption rates for these technologies, our most recent survey found that more than half of IT decision-makers admitted they do not fully understand the benefits of these tools. Even more jarring was that 74% of IT decision-makers worldwide don’t care whether they’re using AI or ML, as long as the tools they use are effective in preventing attacks.

COVID-19 widens the digital innovation gap

"Our findings point to an overconfidence on the part of business leaders that their CMS has the necessary functions to support omnichannel and content orchestration, while builders say they feel disempowered and frustrated." One telling stat the study found is that only 34% of content creators said they can control all the content across digital channels without developer assistance, while 74% of digital leaders think their CMS enables this, Contentful said. Additionally, two-thirds of business leaders believe they are behind competitors in delivering new digital experiences, the company said. "They struggle with maintaining content and brand consistency across channels, hiring qualified talent, juggling multiple systems, and managing a mountain of existing content while simultaneously building more, more, more." Eighty-three percent of respondents believe customers expect an omnichannel digital experience and 88% think brand consistency across these experiences is important, the study said. "This aligns with industry research that shows consistent, connected digital experiences are important throughout the customer lifecycle."

Set up continuous integration for .NET Core with OpenShift Pipelines

Have you ever wanted to set up continuous integration (CI) for .NET Core in a cloud-native way, but you didn’t know where to start? This article provides an overview, examples, and suggestions for developers who want to get started setting up a functioning cloud-native CI system for .NET Core. We will use the new Red Hat OpenShift Pipelines feature to implement .NET Core CI. OpenShift Pipelines are based on the open source Tekton project. OpenShift Pipelines provide a cloud-native way to define a pipeline to build, test, deploy, and roll out your applications in a continuous integration workflow. ... You will need cluster-administrator access to an OpenShift instance to be able to access the example application and follow all of the steps described in this article. If you don’t have access to an OpenShift instance, or if you don’t have cluster-admin privileges, you can run an OpenShift instance locally on your machine using Red Hat CodeReady Containers. Running OpenShift locally should be as easy as crc setup followed by crc start. Also, be sure to install the oc tool; we will use it throughout the examples.

Kubernetes Operators in Depth

There's lots of reasons to build an operator from scratch. Typically it's either a development team who are creating a first-party operator for their product, or a devops team looking to automate the management of 3rd party software. Either way, the development process starts with identifying what cases the operator should manage. At their most basic operators handle deployment. Creating a database in response to an API resource could be as simple as kubectl apply. But this is little better than the built-in Kubernetes resources such as StatefulSets or Deployments. Where operators begin to provide value is with more complex operations. What if you wanted to scale your database? With a StatefulSet you could perform kubectl scale statefulset my-db --replicas 3, and you would get three instances. But what if those instances require different configuration? Do you need to specify one instance to be the primary, and the others replicas? What if there are setup steps needed before adding a new replica? In this case an operator can configure these settings with an understanding of the specific application.

How to Become a Cyber Security Engineer?

Once you’ll get done with all these required skills, now it’s time to do the practical implementation and gain some hands-on experience in this particular field. You can opt for several internships or training programs to get the opportunities of working on live projects real-time environment. Furthermore, you can apply for some entry-level jobs as well in the Cyber Security domain such as Cyber Security Analyst, Network Analyst, etc. to gain the utmost exposure. Meanwhile, this professional experience will not only allow you to understand the core functioning of the Cyber Security field such as the design & implementation of secure network systems, monitoring, and troubleshooting, risk management, etc. but is also crucial for building a successful career as a Cyber Security Engineer as almost every company requires a professional experience of around 2-3 years while hiring for the Cyber Security Engineers. ... Here comes one of the most prominent parts of this journey – Certifications!! Now, there is a question that often arises in the minds of individuals that if a person is having an appropriate skill set along with the required experience then why would he need to go for such certifications?

Microsoft announces cloud innovation to simplify security, compliance, and identity

Our compliance cloud solutions help customers more easily navigate today’s biggest risks, from managing data or finding insider threats to dealing with legal issues or even addressing standards and regulations. We’ve listened to customers and invested heavily in a set of solutions to help them modernize and keep pace with the evolving and complex compliance and risk management challenges they face. One of our key investment areas is the set of Data Loss Prevention products in Microsoft 365. We recently announced the public preview of Microsoft Endpoint Data Loss Prevention (DLP), which means customers can now identify and protect data on devices. Today, we are announcing the public preview of integration between Microsoft Cloud App Security and Microsoft Information Protection, which extends Microsoft’s data loss prevention (DLP) policy enforcement framework to third-party cloud apps—such as Dropbox, Box, Google Drive, Webex, and more—for a consistent and seamless compliance experience Customers struggle to keep up with the constantly changing regulations around data protection. 

Blockchain / Distributed Ledger Technology (DLT)

Blockchain technologies including DLTs are a wonderful example how an ingenious combination of several (known) technologies was able (in 2009) to create a wholly new approach to a very old (database) problem: namely, how to reliably replicate state in an unreliable or even adversarial environment. The generalization of the notions of (i) crypto currencies (such as Bitcoin) to wholly generic crypto assets and (ii) of simple crypto token-moving transactions into smart contracts executing between untrusting parties goes beyond naïve database paradigms such as stored procedures. Today, many different DLTs exist, each optimizing different sets of nonfunctional requirements. Furthermore, the so-called “blockchain trilemma” of simultaneously providing scalability, security, and decentralization, has not been fully solved today. (Bitcoin providing ca. 5 transactions per second, Ethereum ca. 10 tps). Blockchain and DLTs are still a considerably overhyped technology looking for business problems they solve better than any existing alternative (e.g., a central SaaS). Despite many claims to the contrary, almost no real productive use cases exist except crypto exchanges.

Blockchain’s untapped potential in revolutionising procurement

Ardent supporters of this technology argue that it is the most significant innovation since the dawn of the internet. Today, blockchain technology has found adoption in nearly every industry, including retail, healthcare and manufacturing. Blockchain technology started in 2008 as a platform on which cryptocurrencies, such as bitcoin, function. Since then blockchain technology has undergone continuous improvement, finding numerous use-cases and applications. Don & Alex Tapscott, authors of Blockchain Revolution (2016), describe blockchain as “an incorruptible digital ledger of economic transactions that can be programmed to record not just financial transactions but virtually everything of value”. Utilizing sophisticated algorithms, it maintains an immutable log of information and is able to securely transfer digital assets between network participants. The distributed ledger is accessible to all nodes on the network and everyone is able to access the same information. New information can be appended but the original data cannot be altered.

Quote for the day:

"The role of leadership is to transform the complex situation into small pieces and prioritize them." -- Carlos Ghosn

No comments:

Post a Comment