CISA Orders Agencies to Mitigate Pulse Secure VPN Risks
CISA is ordering agencies to use the Pulse Connect Secure Integrity Tool to
check the integrity of file systems and take further action as necessary. Ivanti
developed the tool, which helps organizations determine if malicious activity is
taking place. "CISA has determined that this exploitation of Pulse Connect
Secure products poses an unacceptable risk to federal civilian executive branch
agencies and requires emergency action," according to the emergency directive.
"This determination is based on the current exploitation of these
vulnerabilities by threat actors in external network environments, the
likelihood of the vulnerabilities being exploited, the prevalence of the
affected software in the federal enterprise, the high potential for a compromise
of agency information systems, and the potential impact of a successful
compromise." The Biden administration has been responding to a series of
security incidents, including the SolarWinds supply chain attack, which led to
follow-on attacks on nine government agencies and 100 companies and exploits of
flaws in on-premises Microsoft Exchange email servers.
Why DevSecOps Should Strive for Effective Enforcement Measures
Applications today – especially in modern development environments – extensively
use APIs to share and consume sensitive data, which are just as vulnerable and
require dedicated surgical technology to make sure there is no token abuse,
excessive utilization, or data theft using injections. Other than API security
Many services rely on integrating or serving bots and need to make a clear
distinction between the good bots and bots with malicious intent. For the sake
of being accepted by AD&D, RASP is vulnerable to some attacks denial of
service is just one example. From a DevOps point of view, applying security
enforcement is risky. It can affect the user experience or maybe even break the
flow, leading to runtime errors. The software development lifecycle (SDLC) has
many blind spots in security, especially in today’s hybrid, multi-cloud
architecture. For this very reason, many technologies provide alerts which is
great. There is some fatigue from tools that only provide visibility. Automated
security testing, vulnerability scanners of webservers, Operating Systems, and
even container images come short on actual enforcement, making the developer
take a few steps back and patch. When such alerts come in mass, it is much
harder to prioritize and address them all.
The strange bedfellows of AI and ethics
There is a tendency to assume that computers cannot be biased – but that is
not the case. AI-based systems learn from the data that they are fed. If we
feed them the “wrong” data, we can inadvertently build in biases that we may
not even notice. For example, historically, there have been more men than
women in technology jobs. It is a very short step from that data to a position
where a hiring algorithm learns that men are more likely to do a technology
job, and then “decides” that men must be better than women in those jobs. The
good news is that we can manage this. We can, and should, be aware of our own
biases. However, we should also build diverse teams to work with AI, as a way
of ensuring that we surface more of the inadvertent biases – the ones that we
don’t even notice because they have become norms. It is not going to be enough
to respond to developments in AI. We need to be proactive in setting up
ethical safeguards to protect us all. A recent webcast from SAS Canada on AI
and ethics recommends that organisations should develop a code of conduct
around AI and foster AI literacy. They should also establish a diverse ethics
committee to manage and oversee development and implementation processes.
REvil Ransomware Gang Threatens Stolen Apple Blueprint Leak
The extortion threat was unveiled Tuesday, hours before Apple was scheduled to
make a series of major new product announcements. REvil published a number of
alleged blueprints for Apple devices, which it claimed to have stolen from
Taiwanese manufacturer Quanta Computer, which builds computing devices for a
number of vendors. "In order not to wait for the upcoming Apple presentations,
today we, the REvil group, will provide data on the upcoming releases of the
company so beloved by many," the REvil gang says in a post to its data leak
site. "Tim Cook can say thank you Quanta," it adds, referring to Apple's CEO.
REvil claims that its previous ransom demands have been rebuffed by Quanta.
"From our side, a lot of time has been devoted to solving this problem. Quanta
has made it clear to us that it does not care about the data of its customers
and employees, thereby allowing the publication and sale of all data we have,"
REvil says. Quanta and Apple didn't immediately respond to a request for
comment. REvil's data-leak site further lists Cisco, Dell, HP, Siemens, Sony
and Toshiba as being among the other manufacturers with which Quanta works.
Five Habits Of Highly Successful COOs
The best COOs are effective at building trust with their CEO. This trust
allows them to be brutally honest with the leader of their company and gives
the endless ideas created by the CEO a filter. This is not No. 1 by accident.
The foundation of any great CEO and COO relationship is trust, and all the
successful COO I’ve seen have a track record of building genuine trust with
their CEOs and with prior teammates before climbing the ranks to second in
command. This allows the CEO to confidently pass anything off of his/her plate
to the COO so they can focus on the tasks that are the highest and best use of
the CEO’s time. One of the most common key responsibilities of the COO is to
attract, hire and retain high performers. The COO is basically the hub of the
organization and it’s critical they have their finger on the talent pulse. The
best-in-class COOs are always hiring. They understand that hiring top talent
is one of the most important functions of the company. In addition to hiring
high performers, they also spend significant time developing their highest
performers. It can be so easy to focus your time and attention on only the
lowest performers, but the most effective COOs take the time to continue
developing the top 20% in addition to the rest of the team.
Advice for Aspiring Data Scientists
Some ideas for what to include in your portfolio: analyses, code gists,
webapps, data documentation and blogs (+ README files!). You don’t need all of
these by any means but if I had to choose two, I’d choose a webapp and
accompanying blog post. A webapp is a great way to show your ability to link
together different pieces of software and create something dynamic, hosted on
the web. But why a blog? As I argued in my last post, communication is one of,
if not the most important aspects of your job as a data scientist. Written
communication is especially vital, and even more so if your job is remote. A
well-written blog post (with linked code) allows the reader to get a sense of
how you communicate, code, and think. If they get good signal from this, they
will want to talk with you. This matters because getting your resume looked at
is the hardest step in the job search process, so if you can increase your
chances of conversion here, you’ll be in a great place. You may now be
wondering how to get inspiration for your portfolio. What about starting with
a cool dataset you see referenced on Twitter or Kaggle? Are there any data
quality issues like leakage, truncation, missing data? How do they impact an
analysis?
Cloud archiving: A perfect use case, but beware costs and egress issues
There are still issues that may inhibit the move to the cloud. While there are
many examples of companies that want the move to boost operating expenditure
and cut down on capital expenditure, there are instances of organisations that
want to maintain the latter for accountancy reasons. And, says Betts, there
are organisations that have pulled everything back from the cloud because it’s
easier to control costs. Some companies have been reluctant to move to the
cloud for off-site archiving because of a perceived lack of cloud skills –
this may apply particularly to small and medium-sized enterprises (SMEs). But,
as Betts points out, there’s still a need for skills if they’re going to
implement an on-premise policy, so it’s not such a straightforward swap. SMEs
may well lack some of these specialist skills too, and may find it
particularly the case when adhering to GDPR compliance. It is clear there are
plenty of advantages to archiving in the cloud. By freeing CIOs from the pain
of choosing a hardware medium for long-term storage, moving to the cloud
offers greater flexibility.
A Reference Architecture for Fine-Grained Access Management on the Cloud
The key insight underpinning this architecture is the delegation of user
authentication to a single service (the Access Controller) rather than placing
that responsibility with each service to which the user may need access. This
kind of federation is commonplace in the world of SaaS applications. Having a
single service be responsible for authentication simplifies user provisioning
and de-provisioning for application owners and accelerates application
development. The Access Controller itself will typically integrate with an
identity provider, such as Auth0 or Okta, for the actual authentication
sequence, thus providing a useful abstraction across a wide array of providers
and protocols. Ultimately, the identity provider guarantees non-repudiation of
the user’s identity in the form of a signed SAML assertion, a JWT token, or an
ephemeral certificate. This obviates the need to rely on a trusted subnet as a
proxy for the user’s identity. It also allows configuring access policies down
to the granularity of a service unlike VPNs which permissively grant users
access to all services on the network.
Why Big Data is Crucial for Agricultural Growth
Big data technologies have significantly increased the amount of information
modern farmers possess for enhancing the efficiency of agricultural
production. But what’s even more important than collecting and analyzing data
is the ability to pull out the most important insights from it. The large
number of variables affecting crop yield creates a wide range of possibilities
for interpretation. This includes data on crop health, growth uniformity,
stage of growth, etc. Having all of this data automatically collected and
analyzed in one online tool enables farmers to make the most accurate
predictions on crop yields. Such tools can use different algorithms for
assessing the yield potential taking into account weather conditions,
historical yield data, and other necessary information. Based on yield
forecasts, farmers can timely perform field activities to impact it, plan its
storage and sales. Ultimately, yield prediction enables growers to decide
which crop to plant, where, and when, based on the accurate analysis of
historical and current data. Environmental threats and global climate change
have a huge impact on the agricultural sphere.
Building Confidence with Data Resilience
The first step in any digital transformation journey starts with the data and
the development of a foundational storage layer. Resilience starts with data,
too. It is the fuel that drives the company and it permeates every aspect of
the technical infrastructure, from storage to AI, across the hybrid cloud,
from the core data center to the edge. Lose data and you can lose your ability
to function and, often, lose money. A recent study by KPMG found that cyber
security risk will pose the greatest threat to a company’s growth over the
next three years. The KPMG 2021 CEO Outlook Pulse Survey surveyed 500 CEOs in
11 markets around the world. Organizations like Pitney-Bowes, the University
of California, San Francisco, and the many others are living proof of the
risks. But breaches tell only part of the story. According to a recent report
by Harvard Business Review, the mean time it took businesses in 2019 to
discover a cyberattack was 196 days. Cloud migrations are only compounding the
challenge and risk by 51%, according to the report. The point is, for most
organizations, the problem is not only losing data and vital corporate
information, but also not realizing it for six months.
Quote for the day:
"Always remember that you are
absolutely unique. Just like everyone else." -- Margaret Mead
No comments:
Post a Comment