The Service Factory of the Future
The service factory of the future will break the compromise between
personalization and industrialization by leveraging standard service bits:
small elements of service, such as a chatbot or an online shopping cart.
Service bits will increasingly consist of “microservices”—digitized service
offerings or processes—that are accessed through APIs and either created
in-house or procured from ecosystem partners. Bits can also be automated or
manual service activities based on legacy IT systems. By flexibly combining
service bits, the service factory of the future will be able to create
hyperpersonalized offerings and packages tailored to an individual’s needs,
preferences, and habits on the basis of a wide range of customer data.
Migration to the service factory of the future requires transformative change
in five critical dimensions: customer experience, service delivery, digital
technology, people and organization, and digital ecosystems. ... The service
factory of the future will enable providers to be predictive, preventive, and
proactive. It will anticipate customers’ needs and approach them with
solutions and hyperpersonalized experiences. More important, it will develop
capabilities to prevent service lapses from occurring in the first place.
FBI: BEC Scams Are Using Email Auto-Forwarding
The first was detected in August when fraudsters used the email forwarding
feature in the compromised accounts of a U.S.-based medical company. The
attackers then posed as an international vendor and tricked the victim to make
a fraudulent payment of $175,000, according to the alert. Because the targeted
organization did not sync its webmail with its desktop application, it was not
able to detect the malicious activity, the FBI notes. In a second case in
August, the FBI found fraudsters created three forwarding rules within a
compromised email account. "The first rule auto-forwarded any email with the
search terms 'bank,' 'payment,' 'invoice,' 'wire,' or 'check' to
cybercriminals' email accounts," the alert notes. "The other two rules were
based on the sender's domain and again forwarded to the same email addresses."
Chris Morales, head of security analytics at security firm Vectra AI, says
that in addition to reaping fraudulent payments, fraudsters can use
email-forwarding to plant malware or malicious links in documents to
circumvent prevention controls or to steal data and hold it for ransom. In in
a keynote presentation at Group-IB's CyberCrimeCon 2020 virtual conference in
November, Craig Jones, director of cybercrime at Interpol, noted that BEC
scammers are among the threat actors that are retooling their attacks to take
advantage of the COVID-19 pandemic.
Robots Can Now Have Tunable Flexibility & Improved Performance
Generally, the mechanics of obliging inflexibility variances can be massive
with ostensible territory, while curved origami can minimalistically uphold an
extended stiffness scale with on-demand flexibility. The structures shrouded
in Jiang and team’s research consolidate the collapsing energy at the origami
wrinkles with the bending of the panel, tuned by switching among numerous
curved creases between two points. Curved origami empowers a single robot to
achieve a variety of movements. A pneumatic, swimming robot created by the
team can achieve a scope of nine distinct movements, including quick, medium,
slow, straight and rotational developments, by essentially changing which
creases are utilized. The team’s exploration centered around joining the
folding energy at origami creases with the board bending, which is tuned by
moving along various creases between two points. With curved origami, a single
robot is equipped for undertaking different movements. For instance, the team
built up a swimming robot that had nine unique movements, for example, quick,
slow, medium, straight, and rotational. To achieve any of these, the creases
simply should be changed.
Migrating a Monolith towards Microservices with the Strangler Fig Pattern
One of the few benefits of the Zope framework is the fragile nature of the software has forced us to work in small increments, and ship in frequent small releases. Having unreleased code laying around for more than a few hours has led to incidents around deployment, like accidental releases or code being overwritten. So the philosophy has been "write it and ship it immediately". Things like feature toggles and atomic releases were second nature. Therefore, when we designed the wrapper and the new service architectures, feature toggles were baked in from the start (if a little crude in the first cuts). Therefore, from the early days of the project code was being pushed to live within hours of being committed. Moving to a framework like Flask enabled "proper" CI pipelines, which can perform actual checks on the code. Whilst a deployment into production is manually initiated, all other environment builds and deployment are initiated by a commit into a branch. The aim is to keep the release cadence the same as it has been with Zope. Changes are small, with multiple small deployments a day rather than massive "releases". We then use feature toggles to enable functionality in production.Misconfigured Docker Servers Under Attack by Xanthe Malware
“Once all possible keys have been found, the script proceeds with finding
known hosts, TCP ports and usernames used to connect to those hosts,” said
researchers. “Finally, a loop is entered which iterates over the combination
of all known usernames, hosts, keys and ports in an attempt to connect,
authenticate on the remote host and launch the command lines to download and
execute the main module on the remote system.” Misconfigured Docker servers
are another way that Xanthe spreads. Researchers said that Docker
installations can be easily misconfigured and the Docker daemon exposed to
external networks with a minimal level of security. Various past campaigns
have been spotted taking advantage of such misconfigured Docker installations;
for instance, in September, the TeamTNT cybercrime gang was spotted attacking
Docker and Kubernetes cloud instances by abusing a legitimate cloud-monitoring
tool called Weave Scope. In April, an organized, self-propagating cryptomining
campaign was found targeting misconfigured open Docker Daemon API ports; and
in October 2019, more than 2,000 unsecured Docker Engine (Community Edition)
hosts were found to be infected by a cyptojacking worm dubbed Graboid.
Finding rogue devices in your network using Nmap
Just knowing what ports are open is not enough, as many times, these services
may be listening on non-standard ports. You will also want to know what
software and version are behind the port from a security perspective. Thanks
to Nmap's Service and Version Detection capabilities, it is possible to
perform a complete network inventory and host and device discovery, checking
every single port per device or host and determining what software is behind
each. Nmap connects to and interrogates each open port, using detection probes
that the software may understand. By doing this, Nmap can provide a detailed
assessment of what is out there rather than just meaningless open ports. ...
Rogue DHCP servers are just like regular DHCP servers, but they are not
managed by the IT or network staff. These rogue servers usually appear when
users knowingly or unknowingly connect a router to the network. Another
possibility is a compromised IoT device such as mobile phones, printers,
cameras, tablets, smartwatches, or something worse, such as a compromised IT
application or resource. Rogue DHCP servers are frustrating, especially if you
are trying to deploy a fleet of servers using PXE, as PXE depends heavily on
DHCP.
Digital transformation, innovation and growth is accelerated by automation
Automation is a key digital transformation trend for 2021 and beyond. Here are
some key findings regarding the importance of process
automation. According to Salesforce, 81% of IT organizations will
automate more tasks to allow team members to focus on innovation over the next
12-18 months. McKinsey notes that 57% of organizations say they are at least
piloting automation of processes in one or more business units or functions.
And 31% of IT decision makers say that automation is a key business initiative
tied to digital transformation, per MuleSoft. Integration continues to be
a challenge for process automation. Sixty percent of line of business users
agree that an inability to connect systems, applications, and data hinders
automation initiatives. The future of automation is declarative programming.
"In 2021, we'll see more and more systems be intent-based, and see a new
programming model take hold: a declarative one. In this model, we declare an
intent - a desired goal or end state - and the software systems connected via
APIs in an application network autonomously figure out how to simply make it
so," said Uri Sarid, CTO, MuleSoft. McKinsey estimates that automation could
raise productivity in the global economy by up to 1.4% annually.
Why microlearning is the key to cybersecurity education
Most organizations are used to relatively “static” training. For example: fire safety is fairly simple – everyone knows where the closest exit is and how to escape the building. Worker safety training is also very stagnant: wear a yellow safety vest and a hard hat, make sure to have steel toed shoes on a job site, etc. The core messages for most trainings don’t evolve and change. That’s not the case with cybersecurity education and training: attacks are ever-changing, they differ based on the targeted demographic, current affairs, and the environment we are living in. Cybersecurity education must be closely tied to the value and mission of an organization. It must also be adaptable and evolve with the changing times. Microlearning and gamification are new ways to help encourage and promote consistent cybersecurity learning. This is especially important because of the changing demographics: there are currently more millennials in the workforce than baby boomers, but the training methods have not altered dramatically in the last 30 years. Today’s employee is younger, more tech-savvy and socially connected. Modern training needs to acknowledge and utilize that.Cut IT Waste Before IT Jobs
While it is impossible to fully correlate the impact of ITAM on job retention,
we can illustrate the opportunity with some simple sums. Starting with
Gartner’s latest Worldwide IT Spending Forecast, the total spend next year on
Data Center Systems, Enterprise Software, and Devices (the three areas of IT
spend that ITAM can address) will be $1.35 trillion. If ITAM can reduce this
spending by just 5% (which we have already said is a very conservative
estimate for the industry), that alone equates to over $67.7 billion of
potential savings from ITAM alone. If just some of these savings were applied
toward talent retention, they could protect hundreds of thousands of jobs
around the world. Before IT departments slash critical projects or lay off
staff, we urge them to look at their IT spend first to see where savings could
be made. Remember that cutting IT jobs doesn’t just reduce the bottom line, it
means the removal of talent, careers and institutional knowledge -- in
comparison to IT waste, which is removing unused or unwanted resources with no
impact whatsoever on delivery of services. What’s more, with many IT purchases
having been rushed through during the March/April period to support home
working, there is a high likelihood of “bloatware” across organizations that
could yield higher than average savings than you would typically expect in an
ITAM project.
Covid-19 vaccine supply chain attacked by unknown nation state
The X-Force team said its analysis pointed to a “calculated operation”
starting in September, spanning six countries and targeting organisations
associated with international vaccine alliance Gavi’s Cold Chain Equipment
Optimisation Platform (CCEOP). It was unable to precisely attribute the
campaign, but said that both precision targeting of key executives at relevant
organisations bore the “potential hallmarks of nation-state tradecraft”. IBM
senior strategic cyber threat analyst Claire Zaboeva wrote: “While attribution
is currently unknown, the precision targeting and nature of the specific
targeted organisations potentially point to nation-state activity. “Without a
clear path to a cash-out, cyber criminals are unlikely to devote the time and
resources required to execute such a calculated operation with so many
interlinked and globally distributed targets. Likewise, insight into the
transport of a vaccine may present a hot black-market commodity. ...”
According to IBM X-Force, the attacker has been impersonating an executive at
Haier Biomedical, a cold chain specialist, to target organisations including
the European Commission’s Directorate General for Taxation and Customs Union,
and companies in the energy, manufacturing, website creation and software and
internet security sectors.
Quote for the day:
"Every great leader can take you back to a defining moment when they decided to lead." -- John Paul Warren
No comments:
Post a Comment