Security teams need data that helps them prioritize remediation based on business risk as well as information that guides and drives process improvement. Data should help them identify weak spots and refocus remediation efforts for the most at-risk technology impacting the most critical business areas. For example, if a scanner identifies a SQL injection in line 7 or a patch needed on the Red Hat box, that information doesn't convey the specific product impacted, the owner, or the business criticality for the organization. Does one of those vulnerabilities pose more of a risk to keeping the lights on than the other? Which needs immediate attention if the team can't fix both concurrently? Another consideration is the fluctuating criticality of impacted technology depending on the enterprise's business cycle. For example, many retailers see increased risk during holiday shopping seasons, while grocery chains introduce new products on a monthly basis that can cause priorities to shift across multiple IT and business units. For these situations, teams need better data to facilitate making decisions based on business expectations in real time. Next, the remediation team needs an understanding of how a particular fix could impact operations.
A chatbot uses AI to simulate conversations with end-users in natural language. This type of bot may be used on a website, messaging application, or mobile app, and it fosters communication between machines and humans. Cybercriminals can transform a chatbot into an “evil bot” and use it to scan an organization’s network for other security vulnerabilities that could be exploited at a future date. With an evil bot at their disposal, cybercriminals can steal an organization’s data and use it for malicious purposes. An evil bot can also disguise itself as a legitimate human user and gain access to another user’s data. Over time, the bot can be used to accumulate data about a targeted victim from public sources and the dark web. A transactional bot acts on behalf of a human and lets a customer make a transaction within the context of a conversation. The bot cannot understand information outside the conversation – instead, the bot serves one specific purpose, and it provides a customer the ability to quickly and conveniently complete a transaction. Transactional bots are likewise not hacker-proof. If cybercriminals access a transactional bot, they can use it to collect customer data. They can also use the bot to conduct fraudulent transactions or prevent an organization from utilizing the bot to respond to customer concerns, questions, and requests.
Some companies are planning for most work to take place remotely in future, including US-based file host service operator Dropbox, which in October announced its intention to go ‘virtual-first’. “We had some reservations about a hybrid model because you get two very different employee experiences that could result in issues with inclusion or inequities with respect to performance or career trajectory,” says its global head of channels, Simon Aldous. With most people working remotely, new starters doing likewise will be included in the conversation, he adds. Dropbox runs a two-day initial induction, held virtually since the start of the pandemic, followed by training and networking events over the first 90 days. It has also set up virtual ways to build relationships such as CoffeeBox, designed to recreate chats with colleagues in coffee shops. “We randomly assign a Zoom room with four other Dropboxers to casually connect,” says Aldous. The company has also run more open forums and ‘at home’ chats with its leaders. It also plans to turn existing office space it rents in San Francisco, Seattle, Austin and Dublin into Dropbox Studios, designed for collaboration such as team meetings and group events and with no desks for individual working.
Wee observed that network engineering and software development principles are coming together, meaning that organizations will soon need to build teams with skills and credentials in both areas. "We expect to see hiring managers adapt by keeping an eye out for these credentials as they shift toward new workforce priorities and needs," Wee said. "Employing DevOps practices with trained and certified talent allows companies to proficiently respond to business demands, shorten time-to-market, and accelerate digital transformation." ... One of the biggest issues facing DevOps leaders this year will be deciding how to deploy and manage artificial intellicene applications. "AI doesn't fit well with the patterns and tools that we've developed," said Mike Loukides, vice president of emerging technology content at learning services firm O'Reilly Media. "In 2021, we'll see new tools for things like model versioning and management, data versioning and management, testing non-deterministic systems, and more," he predicted. AI system development promises to be challenging for DevOps teams accustomed to tackling conventional IT projects. "Models are built, trained, tested, and validated based on different data sources; these are the main stages the current DevOps pipeline would need to incorporate," observed Hasan Yasar
CISA believes that the threat actors were able to defeat MFA authentication protocols as part of a 'pass-the-cookie' attack in which attackers hijack an already authenticated session using stolen session cookies to log into online services or web apps. The agency also observed attackers using initial access gained after phishing employee credentials to phish other user accounts within the same organization by abusing what looked like the organization’s file hosting service to host their malicious attachments. In other cases, the threat actors were seen modifying or setting up email forwarding rules and search rules to automatically collect sensitive and financial information from compromised email accounts. "In addition to modifying existing user email rules, the threat actors created new mailbox rules that forwarded certain messages received by the users (specifically, messages with certain phishing-related keywords) to the legitimate users’ Really Simple Syndication (RSS) Feeds or RSS Subscriptions folder in an effort to prevent warnings from being seen by the legitimate users," CISA added. The FBI also warned US organizations about scammers abusing auto-forwarding rules on web-based email clients in Business Email Compromise (BEC) attacks.
Many businesses prefer to employ a dedicated in-house IT manager or team, as this often increases reliability and response times to issues. However, it is simply unaffordable for many start-ups and SMEs. Employing an in-house team means covering salaries, onboarding costs, benefits and more. Given the inconsistent nature of IT demand, it is more financially viable to outsource work to a vendor as and when needed. Managing an IT environment comes down to defining priorities. Those who prioritise speed and access — for example, e-commerce businesses – may look to invest heavily into an internal team, minimising the risk of downtime which could impact customers. However, it is not always a case of one or the other. Businesses’ needs are likely to change over time and, for many, a mix of in-house and outsourcing provides convenience and financial stability. An in-house IT director may be tasked with building out the business’ IT infrastructure and managing system performance, while unexpected issues or projects are outsourced to an IT provider, so not to impact daily work or disrupt employees. ... Compared with employing an in-house IT manager, businesses are able to harness the knowledge and labour-power of a wider team of IT specialists, all while only paying a set fee as and when needed.
Netherlands-based Europol said its dedicated dark web team – which works with law enforcement both inside and outside the European Union (EU) – was delivering a “completed, coordinated approach” to disrupting the underground illegal economy, including information-sharing, support and expertise, new tools, tactics and techniques, and target and threat identification. “The team also aims to enhance joint technical and investigative actions, and organise training and capacity-building initiatives, together with prevention and awareness-raising campaigns – a 360° strategy against criminality on the dark web,” the organisation said. “A shared commitment across the law enforcement community worldwide and a coordinated approach by law enforcement agencies have once again proved their effectiveness. The scale of the operation at Europol demonstrates the global commitment to tackling the use of the dark web as a means to commit crime.” IntSights cyber threat intelligence adviser Paul Prudhomme said the end of DarkMarket removed a key enabler for the cyber criminal underworld. “Dark web marketplaces such as this now-defunct website serve as key enablers for cyber criminals,” he told Computer Weekly in emailed comments.
The Rogue RAT is being offered for sale or rent in darknet forums, Check Point says in its new report. Once a hacker uses the Trojan, portrayed to victims as a legitimate app, to infect a device, the malware can exfiltrate data, such as photos, location information, contacts and messages. It also can download additional malicious payloads, including mobile ransomware. "When Rogue successfully gains all of the required permissions on the targeted device, it hides its icon from the device's user to ensure it will not be easy to get rid of it. If all of the required permissions are not granted, it will repeatedly ask the user to grant them," the Check Point report notes. "If the user tries to revoke the admin permission, an onscreen message designed to strike terror in the heart of the user appears: 'Are you sure to wipe all the data?'" The Rogue RAT takes advantage of a targeted device's Android Accessibility Services, which are designed to assist users with disabilities, according to the report. These services generally run in the background but can access apps and other components within an Android device. By accessing these services, hackers can gain control over a device without the victim knowing, the report notes.
Video conferencing is great, but it's not a replacement. In some cases it may be contributing to more stress during an already stressful time. Not long after Zoom became a verb, "Zoom fatigue" became a much discussed affliction, with plenty of articles written about best practices to avoid it. Consider that we may now just be in version 1.0 of work-from-home collaboration technology. Chat software and video conferencing will become the primitive antecedents to the technology that will enable the workplace of the future. Just what will those technologies look like? Will you be able to project your hologram for conference calls and messages like in Star Wars? In an interview conducted last year about CIO priorities for 2021, Forrester VP and research director Matthew Guarini told InformationWeek that when things settle down after the pandemic, organizations will have 3x the number of home workers than they did pre-pandemic. In pre-pandemic times, extraverts and those in the physical office had an advantage over home workers. But the playing field will be more level with so many more people working from home. It will be up to the CIOs to improve the way the company collaborates and engages. One of those new technologies will be virtual worlds, like Second Life.
Quote for the day:
"Open Leadership: the act of engaging others to influence and execute a coordinated and harmonious conclusion." -- Dan Pontefract