Daily Tech Digest - July 02, 2021

Addressing the cybersecurity skills gap through neurodiversity

It’s time to challenge the assumption that qualified talent equals neurotypicality. There are many steps companies can take to ensure inclusivity and promote belonging in the workplace. Let’s start all the way at the beginning and focus on job postings. Job postings should be black and white in terms of the information they are asking for and the job requirements. Start by making job postings more inclusive and less constrictive in what is being required. Include a contact email address where an applicant can ask for accommodations, and provide a less traditional approach by providing these accommodations. Traditional interviews can be a challenge for neurodivergent individuals, and this is often the first hurdle to employment. For example, to ease some candidates’ nerves, you could provide a list of questions that will be asked as a guideline. More importantly, don’t judge someone based on their lack of eye contact. To promote an inclusive and belonging culture of neurodiversity in the workplace, the workplace should be more supportive of different needs.


Cost of Delay: Learn Why Your Organisation Is Losing Millions

Backlogs in business can cause a drop in revenue. This is why some experts say that if you want to make profit or save money, you have to prioritize your backlog in terms of money. Bear in mind that each product or project has different features or benefits. Consumers often think all these features are important. But the reality is that each feature takes a different time to create and implement. They also don’t have the same level of worth in the business. Prioritizing one means limiting or delaying the other. And every day that a feature is not in production means another day that the company is not profiting from it. By utilizing the Cost of Delay, the company can determine which feature will cost them the most by a delay in the delivery. It also sets a clear guideline on what projects would matter most for the company and other stakeholders without the friction of other decision making obstacles which bring us to the next point below. ... The MosCow method often puts everything in the “Must-Have” bucket. Imagine if your company has a limited resource and manpower. The quality of work and output will surely suffer.


Google releases new open-source security software program: Scorecards

These Scorecards are based on a set of automated pass/fail checks to provide a quick review of many open-source software projects. The Scorecards project is an automated security tool that produces a "risk score" for open-source programs. That's important because only some organizations have systems and processes in place to check new open-source dependencies for security problems. Even at Google, though, with all its resources, this process is often tedious, manual, and error-prone. Worse still, many of these projects and developers are resource-constrained. The result? Security often ends up a low priority on the task list. This leads to critical projects not following good security best practices and becoming vulnerable to exploits. The Scorecards project hopes to make security checks easier to make security easier to achieve with the release of Scorecards v2. This includes new security checks, scaled up the number of projects being scored, and made this data easily accessible for analysis. For developers, Scorecards help reduce the toil and manual effort required to continually evaluate changing packages when maintaining a project's supply chain. 


Kubernetes Fundamentals: Facilitating Cloud Deployment and Container Simplicity

Kubernetes has made containers so popular, they are threatening to make VMs (virtual machines) obsolete. A VM is an operating system or software program that imitates the behavior of a physical computer, and can run applications and programs as though it were a separate computer. A virtual machine can be unplugged from one computer, and plugged into another, bringing its software environment with it. Both containers and VMs can be customized and designed to any specifications desired and provide isolated processes. Both VMs and containers offer complete isolation, providing an environment for experimentation that will not affect the “real” computer. Typically, containers do not include a guest operating system, and usually come with only the application code, and only run the necessary operations needed. This is made possible by using “kernel features” from the physical computer. A kernel is the core program of a computer operating system, and has complete control over the entire system. On most computers, it is often the first program (after the bootloader) to be loaded on start-up.


IoT is the Key to Reopening Safe Workplaces

By implementing IoT connected devices for predictive cleaning, building managers can improve the overall efficiency and cleanliness of shared spaces. For example, IoT sensors can notify facility managers when soap dispensers and towels are running low so they can replace them immediately without a manual check. Predictive cleaning can lower infection rates and costs by enabling on-demand and as-needed cleaning to ensure common areas such as restrooms and conference rooms are safe for employees to use. Freespace created a Cleanreader solution that works by using sensors to collect occupancy data. It provides facility managers and cleaning staff with the data they need to ensure that desks, meeting rooms and communal areas are cleaned and disinfected between users. Our expectation as workers and consumers has reached a new baseline. We want to be able to see what businesses are doing to be safe and to know they are addressing how to avoid future impacts of this pandemic or any future major health crisis. Clearly, workers are concerned about the safety of their work environments. OSHA data shows more than 60,000 COVID-19-related complaints have been filed to the agency’s state and federal offices, as of March 28, 2021.


The Most Prolific Ransomware Families: A Defenders Guide

DomainTools researchers feel that it is important to remind readers that all of these groups make alliances, share tools, and sell access to one another. Nothing in this space is static and even though there is a single piece of software behind a set of intrusions there are likely several different operators using that same piece of ransomware that will tweak its operation to their designs. The playbook of the affiliate programs that many of these ransomware authors run is to design a piece of ransomware and then sell it off for a percentage of the ransom gained. Think of it as a cybercrime multi-level marketing scheme. Often there is a builder tool that allows the affiliate to customize the ransomware to their needs for a specific target which at the same time tweaks the software slightly so it can evade standard, static detection mechanisms. This article’s intent is not to dive deep into tracking individual affiliates or into each of the stages of a piece of packed malware (looking at you, CobaltStrike), but just to the top level of software used and their relations. Lastly, we must mention that access for the ransomware is often being provided by an initial backdoor or botnet, frequently called an initial access broker.


The next frontier of digital transformation: Are you onboard?

All the transformations are going to bring a lot of confidential data online and some in the public domain. This data will need sufficient protection from getting hacked and misused. So the next big digital transformation will be in the field of cybersecurity. Mathias cautions on the safety of customer data while adopting digital as a means of business. “Brands have to be very sensitive to data privacy concerns of consumers even as they need to provide a real time intuitive experience. This is a fine balance that many brands struggle with, as in the digital world users expect similar levels of customer experience from a local on-line retailer as they would from global giants like Amazon,” he adds. Tibrewala also noted that customer data is becoming more important than ever before. “Brands will need to invest in technologies like customer data platform and marketing automation to assimilate customer data; generate a single view of the customer across online and offline channels, and then use machine intelligence to provide the customer with the best possible solution for their requirement.”


Using collections to make your SQL access easier and more efficient

Collections are essentially indexed groups of data that have the same type—for instance arrays or lists (arrays, for instance, are collections of index-based elements). Most programming languages in general provide support for collections. Collections reduce the number of database calls due to caching (cached by the collections themselves) of regularly accessed static data. Reduced calls equals higher speed and efficiency. Collections can also reduce the total code needed for an application, further increasing efficiency. Each element in a collection has a unique identifier called a subscript. Collections come with their own set of methods for operating on the individual elements. PL/SQL includes methods for manipulating individual elements or the collection in bulk. ... Earlier versions of PL/SQL used what were known first as PL/SQL tables and later index-by tables. In a PL/SQL table, collections were indexed using an integer. Individual collection elements could then be referenced using the index value. Because it was not always easy to identify an element by its subscript, PL/SQL tables evolved to include indexing by alphanumeric strings.


Single page web applications and how to keep them secure

The architecture of SPAs presents new vulnerabilities for hackers to exploit because the attack surface shifts away from the client-layers of the app to the APIs, which serve as the data transport layer that refreshes the SPA. With multi-page web apps, security teams need to secure only the individual pages of the app to protect their sensitive customer data. Traditional web security tools such as web application firewalls (WAFs) cannot protect SPAs because they do not address the underlying vulnerabilities found in the embedded APIs and back-end microservices. For example, in the 2019 Capital One data breach, the hacker reached beyond the client layer by attacking Capital One’s WAF and extracted data by exploiting underlying API-driven cloud services hosted on AWS. SPAs require a proper indexing of all their APIs, similar to how multi-page web apps require an indexing of their individual pages. For SPAs, vulnerabilities begin with the APIs. Sophisticated hackers will often begin with multi-level attacks that reach through the client-facing app and look for unauthenticated, unauthorized, or unencrypted APIs that are exposed to the internet to hack and extract customer data.


Could cryptocurrency be as big as the Internet?

As with every nascent technology, of course, we are not yet seeing all of cryptocurrency’s potential. Yet, the winds of change are blowing. Payments is one small aspect of what Bitcoin and cryptocurrencies enable. With the unique ability of having programmatically financial instruments, the ecosystem of technology being built on top of that foundation is enabling diverse new use cases. Solutions like the Lightning Network on top of Bitcoin for fast, small payments, or collateral-based loans for fast liquidity, start to create possibilities beyond the foundational aspects of bitcoin and other cryptos. This could not have come at a better time. Following the pandemic, large retailers are increasingly determined to move to a 100% cashless model. For them, the cost of handling cash across thousands of different stores is an added expense that they want to divest. Moving to more digital payment structures, including the adoption of cryptocurrencies, is a path many will start to follow over the next year. Yet, there are also security benefits to consider as well. The cryptographic certainty of cryptocurrencies adds an extra security layer for financial institutions by eliminating forgery risk or counterparty risk that any other current financial instrument has today.



Quote for the day:

"Leadership has a harder job to do than just choose sides. It must bring sides together." -- Jesse Jackson

No comments:

Post a Comment