Daily Tech Digest - May 06, 2021

What’s the hype in hyperautomation?

Gartner predicted that hyperautomation would be one of the top strategic technology trends from 2020 onwards, but that doesn’t necessarily mean that manufacturers must buy into the hype. The first thing to do to understand whether end-to-end automation can deliver substantial business value, is to create a roadmap that clearly aligns business goals with the automation tools needed to reach them. Gartner suggests considering three key objectives — revenue, costs and risks. According to these parameters, manufacturers might want to think about which technologies can drive revenue by enhancing customer engagement, increasing output, and automating repetitive tasks. They should then redesign processes to reduce the cost of poor quality and streamline production. Finally, they might need to consider the compliance risks of inefficient processes — for example, feeding parts to a machine manually might be not only inefficient but also risky, and it might therefore violate safety regulations. A careful consideration of these factors should give manufacturers a clearer idea of whether or not hyperautomation can significantly boost productivity and give them the competitive edge they might be lacking without it.


How to Secure the Connected & Automated Mobility (CAM) Ecosystem

Under a new regulation set by the United Nations, car manufacturers are required to secure vehicles against cyberattacks. With the upcoming transposition of the United Nations' regulations into EU policy, the new regulation on cybersecurity will be mandatory in the European Union for all new vehicle types from July 2022 and will become mandatory for all new vehicles produced, regardless of the type, from July 2024. It is important to remember that the UNECE Regulations and related ISO standards do not apply to all CAM stakeholders. The types of vehicles the regulation applies to include passenger cars, vans, trucks and buses, light four-wheeler vehicles if equipped with automated driving functionalities from level 3 onwards. The report is intended to support the work of the European Commission and the EU Member States’ competent authorities in the transposition of the UN cybersecurity regulation into EU policy. Decision-makers who are responsible for the protection of security and resilience of the CAM ecosystem at EU level will find in the report the relevant cybersecurity measures and key challenges they need to consider to draft their cybersecurity baseline.


Security probe of Qualcomm MSM data services

Mobile Station Modem (MSM) is an ongoing series of a 2G/3G/4G/5G-capable system on chips (SoC) designed by Qualcomm starting in the early 1990s. MSM has always been and will be a popular target for security research because hackers want to find a way to attack a mobile device remotely just by sending it a SMS or crafted radio packet. But 3GPP protocols are not the only entry point into the modem. Android also has an ability to communicate with the modem processor through the Qualcomm MSM Interface (QMI). MSM is managed by the Qualcomm real-time OS (QuRT) that cannot be debugged or dumped even on rooted Android devices. QuRT’s integrity is ensured by the TrustZone. There is only one possible way to dynamically probe the modem, namely to use a vulnerability. There have been several successful attempts to patch the QuRT by exploiting vulnerabilities in the Qualcomm Trusted Execution Environment (QTEE) or Linux-kernel. The latest compromised SoC is MSM8998 (Pixel 2). In our research, we fuzzed MSM data services so we could find a way to patch QuRT on modern SoCs directly from Android.


5 Ways to Be a Leader Your Employees Will Respect

Transparent communication is the ability to have open, sincere and direct dialogue. But there's a fine line between transparency and rudeness. Keep empathy at the top of your mind. When done right, transparent communication is one of the foundational practices to showing inclusive leadership, and your new hire will appreciate you for it. It's important to remember that your words matter, especially when you're in a position of power. So assess how your employees react to your messaging and continually adjust language and tone as needed. Everybody has different communication preferences, so keep a close eye on what you say and how. Flexibility is the model of the future. We all learned the importance of flexible workplace systems this past year, which will continue in our post-pandemic world. Flexible schedules in hybrid or remote-work situations allow employees who are also caregivers the space in their day to ensure family comes first. Companies like Google and Facebook have already announced hybrid-style workplaces starting in the fall of 2021. Companies like Slack and Twitter say employees never need to return to the office. 


Emerging open cloud security framework has backing of Microsoft, Google and IBM

While they’ve pulled in some of the big cloud vendors, they’ve also got large companies who consume cloud services like FedEx, Pfizer and Goldman Sachs. Conspicuously missing from the group is AWS, the biggest player in the cloud infrastructure market by far. But Lippis says that he hopes, as the project matures, other companies including AWS will join. “There’s lots of security programs and industry programs that get out there and that people are asking them to join, and so some companies want to wait to see how well this pans out [before making a commitment to it],” Lippis said. His hope is, that over time, Amazon will come around and join the group, but in the meantime they are working to get to the point where everyone in the community will feel good about what they’re doing. The idea is to start with security alerts and find a way to build a common format to give companies the same kind of system they have in the data center to track security alerts in the cloud. The way they hope to do that is with this open dialogue between the cloud vendors and the companies involved with the group.


How to apply a Zero Trust approach to your IoT solutions

Securing IoT devices presents a couple of additional layers of complexity because of the incredible diversity in design, hardware, operating systems, deployment locations, and more. For example, many are “user-less” and run automated workloads, presenting challenges when integrating into existing identity and access management tools. Many IoT devices have also been deployed using infrastructure and equipment not originally designed for a connected world or have limited capabilities and connectivity, making them challenging to secure. And because IoT devices are typically deployed in diverse environments—ranging from inside factories or office buildings to remote worksites or critical infrastructure—they’re exposed in unique ways and can offer high-value targets to attackers. ... Securing IoT solutions with a Zero Trust security model starts with non-IoT specific requirements—specifically ensuring you have implemented the basics to securing identities, their devices, and limit their access. These include explicitly verifying users, having visibility into the devices they’re bringing on to the network, and being able to make dynamic access decisions using real-time risk detections.


IQ tests: are humans getting smarter?

From the algorithms that make our social media accounts function to the sleep-tracking technology in our smartwatches, the world has never seemed so technologically advanced and developed. Which is why it would be easy to assume that with each generation, humans are getting smarter. But is this the case? It’s a question many scientists have pondered, particularly so given that throughout the 20th century the average score on IQ tests around the world increased significantly – especially in the west. This increase was around three IQ points per decade – meaning we are technically living with more geniuses on the planet than ever before. This increase in IQ scores and the seeming tendency for intelligence levels to increase over time is known as the Flynn effect (named after the late US-born educator, James Flynn). And improvements in health and nutrition, better education and working conditions, along with recent access to technology have all contributed. Indeed, in the 19th century, for example, industrialisation created large overcrowded cities with poor health outcomes and premature death.


10 digital transformation metrics to measure success in 2021

Metrics tied to business case realization have or are morphing into continuous value realization. On-time/on-budget delivery metrics are evolving into measuring flexibility in adjusting to scope. “Before COVID, the world was already contemplating a move from project-thinking to product-thinking,” says Kelker, whose firm is also tracking continuous value realization across 400 companies. “The pandemic has hastened this – we have multiple clients who are now interested in aligning, earmarking, allocating, and spending budgets in line with the product-aligned agile delivery.” ... Matching revenue to specific marketing efforts, for example, will be important. “This includes the gambit of how digital transformation investments can help reduce customer churn, enhance customer acquisition, and improve the brand experience,” says Nitish Mittal, vice president at Everest Group. “For instance, in retail, providing a frictionless direct-to-consumer commerce experience is a key imperative.” For some businesses, determining how technology innovation generally is impacting revenues will be helpful. “In all of my conversations with CEOs, CDOs, and CMOs, they are pivoting away from cost containment and back toward capturing market share and providing value,” says Belliappa.


Global Phishing Attacks Spawn Three New Malware Strains

The malware ecosystem used by UNC2529 consists of either a downloader (Doubledrag) or an Excel document with an embedded macro; a dropper (Doubledrop); and a backdoor (Doubleback). The infection starts with phishing emails that are rigged with a link to download a malicious payload that contains a JavaScript downloader with code that’s heavily obfuscated in order to evade analysis. Once it’s executed, Doubledrag tries to download a dropper – Doubledrop – in the second stage of the attack chain. Doubledrop is an obfuscated PowerShell script designed to plant a backdoor into memory. It has two flavors: a 32-bit and a 64-bit instance of the Doubleback backdoor. With all that set up, the backdoor gets to work inserting plugins and reporting back to its controllers. “The backdoor, once it has the execution control, loads its plugins and then enters a communication loop, fetching commands from its C2 server and dispatching them,” Mandiant describes. “One interesting fact about the whole ecosystem is that only the downloader exists in the file system. The rest of the components are serialized in the registry database, which makes their detection somewhat harder, especially by file-based antivirus engines.”


The ethical implications of chatbots

The most reasonable of the motives above is arguably point two. The research related to this patent could be hugely beneficial in ways we haven’t even conceived of yet. However, the unforeseen has no moral compass and the fact is that it could also be used for nefarious purposes outside of the original intent of its creators. You might think I have seen one too many Hollywood movies. However, if you think of the already burgeoning list of morally ambiguous ways in which technology is used, it is not so much science fiction, as it is science fact. Just one example is bias in Artificial Intelligence (AI) algorithms. While AI can help doctors interpret test results more accurately in certain instances, these algorithms are trained on historical data that has our inherent human biases built in. So when studies such as this show that black patients would have gotten better life-saving medical care “if their kidney function had been estimated using the same formula as for white patients”, we should probably take notice and do something about it. In addition to simply creating your digital zombie doppelganger, does this technology potentially open the pandora’s box for identity theft?



Quote for the day:

"It is easy to lead from the front when there are no obstacles before you, the true colors of a leader are exposed when placed under fire." -- Mark W. Boyer

No comments:

Post a Comment