Daily Tech Digest - January 29, 2022

BotenaGo Botnet Code Leaked to GitHub, Impacting Millions of Devices

Researchers also found additional hacking tools, from several sources, collected in the same repository. Alien Labs called the malware source code “simple yet efficient,” able to carry out malware attacks with a grand total of a mere 2,891 lines of code (including empty lines and comments). In its November writeup, Alien Labs noted that BotenaGo, written in Google’s open-source Golang programming language, could exploit 33 vulnerabilities for initial access. The malware is light, easy to use and powerful. BotenaGo’s 2,891 lines of code are all that’s needed for a malware attack, including, but not limited to, installing a reverse shell and a telnet loader used to create a backdoor to receive commands from its command-and-control (C2) operator. Caspi explained that BotenaGo has automatic setup of its 33 exploits, presenting an attacker a “ready state” to attack a vulnerable target and infect it with an appropriate payload based on target type or operating system. The source code leaked to GitHub and depicted below features a “supported” list of vendors and software used by BotenaGo to target its exploits at a slew of routers and IoT devices.

The best IT skill for the 2020s? Become an 'evergreen' learner

For starters, the "soft" skills will matter in the months and years ahead. These include professional skills such as communication, leadership, and teamwork, says Don Jones, vice president of developer skills at Pluralsight. Then there is a need for "tech-adjacent skills, like a familiarity with project management and business analysis." Jones urges an "evergreen" approach to skills mastery, as technology evolves too quickly to commit to a single platform or solution set. "The biggest-impact skill is the ability to learn," he says. "There's no single tech skill you can invest in that won't change or be outdated in a year; your single biggest skill needs to be the ability to update skills and learn new skills." This also means placing a greater emphasis on emotional intelligence, as many emerging systems will be built on artificial intelligence, analytics, or automation that mimic human processes, therefore augmenting human workers. "Anyone can be taught to swap out memory, but the skill of communication and responding to human emotion is not a skill so easily taught," says Chris Lepotakis

Three things Web3 should fix in 2022

Web3 backers love to talk about how blockchain networks are computers that can be programmed to do anything you imagine, given superpowers by the fact that they are also decentralized. Ethereum was the first of these computers to get real traction, but it was quickly overwhelmed by traffic. Traffic is managed by charging fees to use the computer, and the fees to complete a single transaction on the Ethereum network can run over $100. Imagine spending $75 to create a “free” Facebook account and another $75 every time you wanted to post something, and you have a sense of what it would be like to participate in a social network on the blockchain today. Ethereum is in the midst of a transformation designed to make it more efficient — which is to say, faster, less expensive, and less wasteful of energy. In the meantime, technologists routinely appear announcing that they have built a more efficient blockchain. Solana, for example, is a company that raised $314 million last year to build what it calls “the fastest blockchain in the world.” With that in mind, let’s check in on how the fastest blockchain in the world was doing on Sunday, when the aforementioned crypto crash led many people to use it to buy and sell assets.

Five Data Governance Trends for Organizational Transformation in 2022

There is a growing challenge to better govern data as it increases in variety and volume, and there is an estimate that 7.5 septillion gigabytes of data is generated every single day. Moreover, in organizations, silos are getting created through multiple data lakes or data warehouses without the right guidelines, which will eventually be a challenge in managing this data growth. To achieve nimbleness, we can simplify the data landscape by using a semantic fabric, popularly called data fabric, based on a strong Metadata Management operating model. This can further make data interoperable between divisions and functions while working to a competitive advantage. Data fabric simplifies Data Management, across cloud and on-premise data sources, even though data is managed as domains. In addition, data democratization can be a strong enabler for managing data across domains with ease and making data available as well as interoperable. Allowing business users to source and consume relevant data for their instantaneous reporting or generation of insights can reduce significant turnaround time in acquiring or sourcing data traditionally.

How the metaverse could impact the world and the future of technology

The metaverse could potentially use virtual reality, or augmented reality as we know it now, to immerse users in an alternate world. The technology is still being developed, but companies like Meta say they are building and improving these devices. Meta's Oculus Quest, now in its second model, is one such device. "When you're in the metaverse, when you're in a virtual reality headset, you will feel like you're actually sitting in a room with someone else who can see you, who can see all of your nonverbal gestures, who you can respond to and mimic," Ratan said. Immersive worlds and creating online avatars is nothing new, as games like Grand Theft Auto Online, Minecraft and Roblox have already created virtual universes. Meta's announcement last October aims to go beyond entertainment, and create virtual workspaces, homes and experiences for all ages. "What's happening now is the metaverse for social media without gaming," Ratan said. "The new metaverse is designed to support any type of social interaction, whether that's hanging out with your friends or having a business meeting."

Use the Drift and Stability of Data to Build More Resilient Models

Data drift represents how a target data set is different from a source data set. For time-series data (the most common form of data powering ML models), drift is a measure of the “distance” of data at two different instances in time. The key takeaway is that drift is a singular, or point, measure of the distance between two different data distributions. While drift is a point measure, stability is a longitudinal metric. We believe resilient models should be powered by data attributes that exhibit low drift over time — such models, by definition, would exhibit less drift-induced misbehavior. In order to manifest this property, drift over time, we introduce the notion of data stability. Stable data attributes drift little over time, whereas unstable data is the opposite. We provide additional details below. Consider two different attributes: the daily temperature distribution in NYC in November (TEMPNovNYC) and the distribution of the tare weights of aircraft at public airports (AIRKG). It is easy to see that TEMPNovNYC has lower drift than AIRKG; one would expect lesser variation between November temperatures at NYC across various years, than between the weights of aircrafts at two airports.

How to become an AI influencer

An influencer has huge responsibilities to fill. As someone with a big following, it is important to understand the kind of impact they can have on their target audience, especially if they are young or just starting out in their career. Venkat Raman, co-founder of Aryma Labs, a data consulting firm, lists down a few things influencers should keep in mind while creating their content. Don’t give false hopes An influencer should not give people false hopes. He adds, “I see many posts and tweets where some influencers proclaim that one does not need to know advanced math to break into data science. The poor aspirants believe it, and when they face the tough curriculum, they give up. I think we need to be honest. This will help set the correct expectations.” ... Many influencers in the field teach statistics through their content. Statistics is one of the core foundations of data science. Raman adds, “I have seen even the most popular YouTubers teach statistics wrongly.” The foundation can’t be left shaky. The influencers owe it to their audience to teach the right stuff. Unfortunately, in the chase for ‘number of followers’ and pressure to create content every now and then, they end up creating substandard content.

‘Dark Herring’ Billing Malware Swims onto 105M Android Devices

On the technical side, once the Android application is installed and launched, a first-stage URL is loaded into a webview, which is hosted on Cloudfront, researchers said. The malware then sends an initial GET request to that URL, which sends back a response containing links to JavaScript files hosted on Amazon Web Services cloud instances. The application then fetches these resources, which it needs to proceed with the infection process — and specifically, to enable geo-targeting. “One of the JavaScript files instructs the application to get a unique identifier for the device by making a POST request to the “live/keylookup” API endpoint and then constructing a final-stage URL,” according to the analysis. “The baseurl variable is used to make a POST request that contains unique identifiers created by the application, to identify the device and the language and country details.” The response from that final-stage URL contains the configuration that the application will use to dictate its behavior, based on the victim’s details. Based on this configuration, a mobile webpage displayed to the victim, asking them to submit their phone number to activate the app (and the DCB charges).

4 ways to mature your digital automation strategy

Immature strategies focus on simple tasks. It’s a great place to start, but to get the most out of automation, it needs to grow. To evolve these task-based automations into automated workflows, applications and systems need to communicate with each other. Steadily adding connected systems provides the opportunity to build increasingly complex, end-to-end workflows. As more processes are connected, you will need a platform to manage the increasing complexity. Fortunately, vendors in different segments of enterprise IT are converging with offerings of business process automation (BPA) suites that include integration libraries and automation and workflow capabilities. This trend provides support for organizations building out their strategies and validates the importance of automation paired with connectivity. RPA bots are very popular because they are powerful and easy to use. This is both a blessing and a curse because RPA is often used when it shouldn’t be, leading to poorly designed processes. 

Integrating IoT in Your Business

If you look at the LoRaWAN ecosystem as a whole, we now have a few hundred hardware partners that have created off the shelf products. So the first one, we say, okay, just don’t start, build your own hardware, look at it, look what’s there. And of course, we have experience with a lot of these devices and we’ve highlighted them. And of course, we also know as a company, which ones are higher quarter quality, and which are of lesser quality. But this abundance of availability make sure that you can choose, and also make sure there’s a market. Second, if you wanna move into, let’s say custom hardware development, because the sensor is not out there, or because you wanna build up IP or because it’s, I mean, you can think of many reasons. What you now see is that with, in the LoRaWAN ecosystem, there’s a lot of libraries, there’s a lot of tools, a lot of modules, that also makes it easier to build your own hardware. So we’ve started off with an open code initiative called a generic node, where we were offering the ecosystem, that’s a example of how we feel what should be the perfect LoRaWAN device and you can use it for inspiration or we can help you further. 

Quote for the day:

"A company is like a ship. Everyone ought to be prepared to take the helm." -- Morris Wilks

No comments:

Post a Comment