Polish police shut down hacker super-group
According to reports in Polish media, the hackers have been under
investigation since May 2019, when they sent a first bomb threat to a school
in the town of Łęczyca. Investigators said that an individual named Lukasz K.
found the hackers on internet forums and hired them to send a bomb threat to
the local school, but make the email look like it came from a rival business
partner. The man whose identity was spoofed in the email was arrested and
spent two days in prison before police figured out what happened.
... Investigators said that when the hackers realized what was happening,
they then hacked a Polish mobile operator and generated invoices for thousands
of zlotys (the Polish currency) in the name of both the detective and the
framed businessman. ... Investigators said that from infected users, the
hackers would steal personal details, which they'd use to steal money from
banks with weak security. In case some banks had implemented multiple
authentication mechanisms, the group would then use the information they stole
from infected victims to order fake IDs from the dark web, and then use the
IDs to trick mobile operators into transferring the victim's account to a new
SIM card.
All the Way from Information Theory to Log Loss in Machine Learning
In 1948, Claude Shannon introduced the information theory in his 55-page-long
paper called “A Mathematical Theory of Communication”. The information theory
is where we start the discussion that will lead us to the log loss which is a
widely-used cost function in machine learning and deep learning models. The
goal of the information theory is to efficiently deliver messages from a
sender to a receiver. In the digital age, the information is represented by
bits, 0 and 1. According to Shannon, one bit of information sent to the
recipient means to reduce the uncertainty of the recipient by a factor of two.
Thus, information is proportional to the uncertainty reduction. Consider the
case of flipping a fair coin. The probability of heads being the side facing
up, P(Heads), is 0.5. After you (the recipient) are told that the heads is up,
P(Heads) becomes 1. Thus, 1 bit of information is sent to you and the
uncertainty is reduced by a factor of two. The amount of information we get is
the reduction in uncertainty which is the inverse of the probability of
events. The number of bits of information can easily be calculated by taking
log (base2) of the reduction in uncertainty.
From adoption to understanding: AI in cyber security beyond Covid-19
Businesses have begun to recognise the promise of AI / ML, and as cyber
attacks continue to increase globally, more are adopting these advanced tools
to protect themselves. In a survey we conducted among IT decision-makers
across the United States and Japan back in 2017, we discovered 74% of
businesses in both regions were already using some form of AI or ML to protect
their organisations from cyber threats. In our most recent report published
this year, we took the pulse of 800 IT professionals with cyber security
decision-making power across the US, UK, Japan, Australia and New Zealand. In
the process, we discovered that 96% of respondents now use AI/ML tools in
their cyber security programs – a significant increase from three years ago!
But we weren’t expecting to uncover a pervasive lack of awareness around the
benefits of these technologies. Despite the increase in adoption rates for
these technologies, our most recent survey found that more than half of IT
decision-makers admitted they do not fully understand the benefits of these
tools. Even more jarring was that 74% of IT decision-makers worldwide don’t
care whether they’re using AI or ML, as long as the tools they use are
effective in preventing attacks.
COVID-19 widens the digital innovation gap
"Our findings point to an overconfidence on the part of business leaders that
their CMS has the necessary functions to support omnichannel and content
orchestration, while builders say they feel disempowered and frustrated." One
telling stat the study found is that only 34% of content creators said they
can control all the content across digital channels without developer
assistance, while 74% of digital leaders think their CMS enables this,
Contentful said. Additionally, two-thirds of business leaders believe they are
behind competitors in delivering new digital experiences, the company said.
"They struggle with maintaining content and brand consistency across channels,
hiring qualified talent, juggling multiple systems, and managing a mountain of
existing content while simultaneously building more, more, more." Eighty-three
percent of respondents believe customers expect an omnichannel digital
experience and 88% think brand consistency across these experiences is
important, the study said. "This aligns with industry research that shows
consistent, connected digital experiences are important throughout the
customer lifecycle."
Set up continuous integration for .NET Core with OpenShift Pipelines
Have you ever wanted to set up continuous integration (CI) for .NET Core in a
cloud-native way, but you didn’t know where to start? This article provides an
overview, examples, and suggestions for developers who want to get started
setting up a functioning cloud-native CI system for .NET Core. We will use the
new Red Hat OpenShift Pipelines feature to implement .NET Core CI. OpenShift
Pipelines are based on the open source Tekton project. OpenShift Pipelines
provide a cloud-native way to define a pipeline to build, test, deploy, and
roll out your applications in a continuous integration workflow. ... You will
need cluster-administrator access to an OpenShift instance to be able to
access the example application and follow all of the steps described in this
article. If you don’t have access to an OpenShift instance, or if you don’t
have cluster-admin privileges, you can run an OpenShift instance locally on
your machine using Red Hat CodeReady Containers. Running OpenShift locally
should be as easy as crc setup followed by crc start. Also, be sure to install
the oc tool; we will use it throughout the examples.
Kubernetes Operators in Depth
There's lots of reasons to build an operator from scratch. Typically it's either
a development team who are creating a first-party operator for their product, or
a devops team looking to automate the management of 3rd party software. Either
way, the development process starts with identifying what cases the operator
should manage. At their most basic operators handle deployment. Creating a
database in response to an API resource could be as simple as kubectl apply. But
this is little better than the built-in Kubernetes resources such as
StatefulSets or Deployments. Where operators begin to provide value is with more
complex operations. What if you wanted to scale your database? With a
StatefulSet you could perform kubectl scale statefulset my-db --replicas 3, and
you would get three instances. But what if those instances require different
configuration? Do you need to specify one instance to be the primary, and the
others replicas? What if there are setup steps needed before adding a new
replica? In this case an operator can configure these settings with an
understanding of the specific application.
How to Become a Cyber Security Engineer?
Once you’ll get done with all these required skills, now it’s time to do the
practical implementation and gain some hands-on experience in this particular
field. You can opt for several internships or training programs to get the
opportunities of working on live projects real-time environment. Furthermore,
you can apply for some entry-level jobs as well in the Cyber Security domain
such as Cyber Security Analyst, Network Analyst, etc. to gain the utmost
exposure. Meanwhile, this professional experience will not only allow you to
understand the core functioning of the Cyber Security field such as the design
& implementation of secure network systems, monitoring, and
troubleshooting, risk management, etc. but is also crucial for building a
successful career as a Cyber Security Engineer as almost every company
requires a professional experience of around 2-3 years while hiring for the
Cyber Security Engineers. ... Here comes one of the most prominent parts of
this journey – Certifications!! Now, there is a question that often arises in
the minds of individuals that if a person is having an appropriate skill set
along with the required experience then why would he need to go for such
certifications?
Microsoft announces cloud innovation to simplify security, compliance, and identity
Our compliance cloud solutions help customers more easily navigate today’s
biggest risks, from managing data or finding insider threats to dealing with
legal issues or even addressing standards and regulations. We’ve listened to
customers and invested heavily in a set of solutions to help them modernize and
keep pace with the evolving and complex compliance and risk management
challenges they face. One of our key investment areas is the set of Data Loss
Prevention products in Microsoft 365. We recently announced the public preview
of Microsoft Endpoint Data Loss Prevention (DLP), which means customers can now
identify and protect data on devices. Today, we are announcing the public
preview of integration between Microsoft Cloud App Security and Microsoft
Information Protection, which extends Microsoft’s data loss prevention (DLP)
policy enforcement framework to third-party cloud apps—such as Dropbox, Box,
Google Drive, Webex, and more—for a consistent and seamless compliance
experience Customers struggle to keep up with the constantly changing
regulations around data protection.
Blockchain / Distributed Ledger Technology (DLT)
Blockchain technologies including DLTs are a wonderful example how an
ingenious combination of several (known) technologies was able (in 2009) to
create a wholly new approach to a very old (database) problem: namely, how to
reliably replicate state in an unreliable or even adversarial environment. The
generalization of the notions of (i) crypto currencies (such as Bitcoin) to
wholly generic crypto assets and (ii) of simple crypto token-moving
transactions into smart contracts executing between untrusting parties goes
beyond naïve database paradigms such as stored procedures. Today, many
different DLTs exist, each optimizing different sets of nonfunctional
requirements. Furthermore, the so-called “blockchain trilemma” of
simultaneously providing scalability, security, and decentralization, has not
been fully solved today. (Bitcoin providing ca. 5 transactions per second,
Ethereum ca. 10 tps). Blockchain and DLTs are still a considerably overhyped
technology looking for business problems they solve better than any existing
alternative (e.g., a central SaaS). Despite many claims to the contrary,
almost no real productive use cases exist except crypto exchanges.
Blockchain’s untapped potential in revolutionising procurement
Ardent supporters of this technology argue that it is the most significant
innovation since the dawn of the internet. Today, blockchain technology has
found adoption in nearly every industry, including retail, healthcare and
manufacturing. Blockchain technology started in 2008 as a platform on which
cryptocurrencies, such as bitcoin, function. Since then blockchain technology
has undergone continuous improvement, finding numerous use-cases and
applications. Don & Alex Tapscott, authors of Blockchain Revolution
(2016), describe blockchain as “an incorruptible digital ledger of economic
transactions that can be programmed to record not just financial transactions
but virtually everything of value”. Utilizing sophisticated algorithms, it
maintains an immutable log of information and is able to securely transfer
digital assets between network participants. The distributed ledger is
accessible to all nodes on the network and everyone is able to access the same
information. New information can be appended but the original data cannot be
altered.
Quote for the day:
"The role of leadership is to transform the complex situation into small pieces and prioritize them." -- Carlos Ghosn
No comments:
Post a Comment