Web 3.0: The New Internet Is About to Arrive
Some experts believe this decentralized Web, which is also referred to as Web
3.0, will bring more transparency and democratization to the digital world. Web
3.0 may establish a decentralized digital ecosystem where users will be able to
own and control every aspect of their digital presence. Some hope that it will
put an end to the existing centralized systems that encourage data exploitation
and privacy violation. ... As a user, you will have a unique identity on Web 3.0
that will enable you to access and control all your assets, data, and services
without logging in on a platform or seeking permission from a particular service
provider. You will be able to access the internet from anywhere for free, and
you will be the only owner of your digital assets. Apart from experiencing
the internet on a screen in 2D, users will also get to participate in a larger
variety of 3D environments. From anywhere, you could visit the 3D VR version of
any historical place you search, play games while being in the game as a 3D
player, try clothing on your virtual self before you buy.
Report: Aberebot-2.0 Hits Banking Apps and Crypto Wallets
Based on the Aberebot-2 creator's claim and Cyble's findings, the banking
malware's new variant appears to have multiple capabilities. It can steal
information such as SMS, contact lists and device IPs, and it also can perform
keylogging and detection evasion by disabling Play Protect - Google's safety
check that is designed to detect spurious apps, according to the researchers.
Cyble says the "new and improved" version of the banking Trojan can steal
messages from messaging apps and Gmail, inject values into financial
applications, collect files on the victim's device and inject URLs to steal
cookies. Medhe says that Aberebot-2.0 has 18 different permissions, including
internet permission, and 11 of the permissions are dangerous. One key difference
between the earlier and the latest version of the Aberebot malware, he says, is
the use of the Telegram API. "In the newer version, the malware author has
included features such as the ability to inject or modify values in application
forms, such as receiver details or the amount during financial transactions.
New Ransomware Variant Could Become Next Big Threat
Symantec's investigation of Yanluowang activity showed the former Thieflock
affiliate is using a variety of legitimate and open source tools in its
campaign to distribute the ransomware. This has included the use of PowerShell
to download a backdoor called BazarLoader for assisting with initial
reconnaissance and the subsequent delivery of a legitimate remote access tool
called ConnectWise. To move laterally and identify high-value targets, such as
an organization's Active Directory server, the threat actor has used tools
such as SoftPerfect Network Scanner and Adfind, a free tool for querying AD.
"The tool is frequently abused by threat actors to find critical servers
within organizations," Neville says. "The tool can be used to extract
information pertaining to machines on the network, user account information,
and more." Other tools the attacker is using in Yanluowang attacks include
several for credential theft, such as GrabFF for dumping passwords from
Firefox, a similar tool for Chrome called GrabChrome, and one for Internet
Explorer and other browsers called BrowserPassView.
Cloud computing is evolving: Here's where it's going next
"The era of multi-cloud is here, driven by digital transformation, cost
concerns and organizations wanting to avoid vendor lock-in. Incredibly, more
than half of the respondents of our survey have already experienced business
value from a multi-cloud strategy," said Armon Dadgar, co-founder and CTO,
HashiCorp in a statement. "However, not all organizations have been able to
operationalize multi-cloud, as a result of skills shortages, inconsistent
workflows across cloud environments, and teams working in silos." ... The
focus is now on overcoming the various barriers to successful multi-cloud
deployment, which include skills shortages and workflow differences between
cloud environments. Cloud spend management is a continuing issue, while
infrastructure automation tools are becoming increasingly important,
particularly when it comes to provisioning and application deployment. In five
years' time, we won't be talking about the pros and cons of hybrid/multi-cloud
architecture. Instead, the discussion will be all about enterprises as
efficient developers of industry-specific cloud-native apps, and automatic,
optimised and AI-driven workload deployment.
Recovering from ransomware: One organisation’s inside story
As far as the ransom demand itself was concerned, the service provider warned
that it was important Manutan not respond, even more so that it not pay. In
the case of this particular gang, as soon as the victim shows up to negotiate,
the criminals activate a three-week timer at the end of which – if there is no
resolution – they make good on a series of threats, disclosing the victim’s
sensitive information and irreparably destroying the data. Therefore, to
pretend that Manutan had not yet realised it had been attacked – in effect, to
play dead – would serve to buy it valuable time. In terms of actually paying,
this could make the gang ask for more and would not provide any guarantee that
the data would be recovered. “We spent time determining what data they had
recovered and the risk it posed. We concluded that it was not critical – for
example, they did not access our contracts with suppliers. Then we evaluated
our ability to put a functioning IT system back together, which we could do,
and we decided that we would not pay,” says Marchandiau.
How Decryption of Network Traffic Can Improve Security
Today, it’s nearly impossible to tell the good from the bad without the
ability to decrypt traffic securely. The ability to remain invisible has given
cyberattackers the upper hand. Encrypted traffic has been exploited in some of
the biggest cyberattacks and exploit techniques of the past year, from
Sunburst and Kaseya to PrintNightmare and ProxyLogon. Attack techniques such
as living-off-the-land and Active Directory Golden Ticket are only successful
because attackers can exploit organizations’ encrypted traffic. Ransomware is
also top of mind for enterprises right now, yet many are crippled by the fact
that they cannot see what is happening laterally within the east-west traffic
corridor. Organizations have been wary to embrace decryption due to concerns
around compliance, privacy and security, as well as performance impacts and
high compute costs. But there are ways to decrypt traffic without compromising
compliance, security, privacy or performance. Let’s debunk some of the common
myths and misconceptions.
5 (more) Common Misconceptions about Scrum
Many people think that Scrum Team members shouldn’t be assigned to a team
part-time. However, there is nothing in the Scrum Guide prohibiting it. There
are, of course, trade-offs for part-time Scrum Team members. If too many
individuals are part-time, the team may not accomplish as much meaningful work
during a Sprint. Additionally, with part-time members it can be more difficult
for the team to learn how much work they can achieve during a Sprint,
particularly if a member’s part-time status fluctuates. Moreover, if the
part-time members support multiple Scrum Teams, they can feel exhausted
attending numerous Daily Scrum meetings and splitting their focus. The Scrum
Team should consider these trade-offs when self-organizing into teams that
include part-time members. ... Timeboxes are an essential part of all Scrum
events because they help limit waste and support empiricism, making decisions
based on what is known. For example, the result of the Sprint Planning event
should be enough of a plan for the team to get started.
What Will AI Bring to the Cybersecurity Space in 2022
When you deploy AI to monitor your company network, for example, it creates an
activity profile for every user in that network. What files they access, what
apps they use, when, and where. If that behavior suddenly changes, the user is
flagged for a deep scan. This is a vast improvement in threat detection.
Currently, a lot of time is lost before an attack is even noticed. According
to IBM’s 2020 Data Breach Report, businesses take 280 days on average to
detect and contain a breach. That’s plenty of time for hackers to cause
massive damage. AI cuts that time short. It instantly spotlights
irregularities, allowing businesses to contain breaches fast. One of the major
issues with this, however, is the fact that there's always a strong risk that
some clean behaviors may appear as though they are problematic when they're
not. Current generation ML-based threat detection algorithms rely almost
exclusively on the adaptation of neural networks that more or less replicate
the perceived functioning of human thought patterns. These systems use
validation subroutines that crosscheck behavior patterns against previous
behaviors.
So far, only 9 countries have commercialized 5G mmWave. However, this is not
surprising given that, the main restriction of mmWave transmissions is their low
propagation range. Telecom companies would not employ the mmWave frequency band
for national coverage. Looking at telecom operators’ deployment strategies, we
can see that low-frequency bands (for example, 700 MHz) are used for national
coverage, whereas sub-6 GHz bands are utilized for city coverage, and mmWave is
used for megacity hotspots. ... One crucial part of deploying a large-scale 5G
network employing massive MIMO gear is that the radio must be lightweight and
have a compact footprint, as these characteristics will help operators save
significant money on overall deployment. This is where silicon comes in. Si’s
performance will have a huge influence on a radio’s essential aspects, such as
connection, capacity, power consumption, product size, and weight, and,
ultimately, cost. In the 5G system sector, all of these are critical.
7 ways to balance agility and planning
By building learning and development (L&D) into planning, your organization
can enhance employee engagement and investment in strategic goals. A Quantum
Workplace trend report found employee engagement was at its peak in 2020 (up 3
percent from 2019), with 77 percent of employees reporting high engagement.
Spring and fall of 2020 indicated the greatest engagement levels at 80 percent,
with a 7 percent drop by the summer of 2021. Leadership communication also
tapered off since the emergence of COVID, creating a downward trend in
employees’ transparency, communication, and leadership trust perceptions.
Consequently, many employees felt their career paths were stunted or unclear.
These findings underscore the importance of L&D in keeping employees engaged
and motivated and in fostering more consistent communication between managers
and their teams. From the organization’s perspective, employees are encouraged
to flex their adaptability muscles as they learn, galvanizing them to become
more agile and enabling the organization to pivot efficiently.
Quote for the day:
"It is, after all, the responsibility of
the expert to operate the familiar and that of the leader to transcend it." --
Henry A. Kissinger
No comments:
Post a Comment