BotenaGo Botnet Code Leaked to GitHub, Impacting Millions of Devices
Researchers also found additional hacking tools, from several sources, collected
in the same repository. Alien Labs called the malware source code “simple yet
efficient,” able to carry out malware attacks with a grand total of a mere 2,891
lines of code (including empty lines and comments). In its November writeup,
Alien Labs noted that BotenaGo, written in Google’s open-source Golang
programming language, could exploit 33 vulnerabilities for initial access. The
malware is light, easy to use and powerful. BotenaGo’s 2,891 lines of code are
all that’s needed for a malware attack, including, but not limited to,
installing a reverse shell and a telnet loader used to create a backdoor to
receive commands from its command-and-control (C2) operator. Caspi explained
that BotenaGo has automatic setup of its 33 exploits, presenting an attacker a
“ready state” to attack a vulnerable target and infect it with an appropriate
payload based on target type or operating system. The source code leaked to
GitHub and depicted below features a “supported” list of vendors and software
used by BotenaGo to target its exploits at a slew of routers and IoT devices.
The best IT skill for the 2020s? Become an 'evergreen' learner
For starters, the "soft" skills will matter in the months and years ahead. These
include professional skills such as communication, leadership, and teamwork,
says Don Jones, vice president of developer skills at Pluralsight. Then there is
a need for "tech-adjacent skills, like a familiarity with project management and
business analysis." Jones urges an "evergreen" approach to skills mastery, as
technology evolves too quickly to commit to a single platform or solution set.
"The biggest-impact skill is the ability to learn," he says. "There's no single
tech skill you can invest in that won't change or be outdated in a year; your
single biggest skill needs to be the ability to update skills and learn new
skills." This also means placing a greater emphasis on emotional intelligence,
as many emerging systems will be built on artificial intelligence, analytics, or
automation that mimic human processes, therefore augmenting human workers.
"Anyone can be taught to swap out memory, but the skill of communication and
responding to human emotion is not a skill so easily taught," says Chris
Lepotakis
Three things Web3 should fix in 2022
Web3 backers love to talk about how blockchain networks are computers that can
be programmed to do anything you imagine, given superpowers by the fact that
they are also decentralized. Ethereum was the first of these computers to get
real traction, but it was quickly overwhelmed by traffic. Traffic is managed by
charging fees to use the computer, and the fees to complete a single transaction
on the Ethereum network can run over $100. Imagine spending $75 to create a
“free” Facebook account and another $75 every time you wanted to post something,
and you have a sense of what it would be like to participate in a social network
on the blockchain today. Ethereum is in the midst of a transformation designed
to make it more efficient — which is to say, faster, less expensive, and less
wasteful of energy. In the meantime, technologists routinely appear announcing
that they have built a more efficient blockchain. Solana, for example, is a
company that raised $314 million last year to build what it calls “the fastest
blockchain in the world.” With that in mind, let’s check in on how the fastest
blockchain in the world was doing on Sunday, when the aforementioned crypto
crash led many people to use it to buy and sell assets.
Five Data Governance Trends for Organizational Transformation in 2022
There is a growing challenge to better govern data as it increases in variety
and volume, and there is an estimate that 7.5 septillion gigabytes of data is
generated every single day. Moreover, in organizations, silos are getting
created through multiple data lakes or data warehouses without the right
guidelines, which will eventually be a challenge in managing this data growth.
To achieve nimbleness, we can simplify the data landscape by using a semantic
fabric, popularly called data fabric, based on a strong Metadata Management
operating model. This can further make data interoperable between divisions and
functions while working to a competitive advantage. Data fabric simplifies Data
Management, across cloud and on-premise data sources, even though data is
managed as domains. In addition, data democratization can be a strong enabler
for managing data across domains with ease and making data available as well as
interoperable. Allowing business users to source and consume relevant data for
their instantaneous reporting or generation of insights can reduce significant
turnaround time in acquiring or sourcing data traditionally.
How the metaverse could impact the world and the future of technology
The metaverse could potentially use virtual reality, or augmented reality as we
know it now, to immerse users in an alternate world. The technology is still
being developed, but companies like Meta say they are building and improving
these devices. Meta's Oculus Quest, now in its second model, is one such device.
"When you're in the metaverse, when you're in a virtual reality headset, you
will feel like you're actually sitting in a room with someone else who can see
you, who can see all of your nonverbal gestures, who you can respond to and
mimic," Ratan said. Immersive worlds and creating online avatars is nothing new,
as games like Grand Theft Auto Online, Minecraft and Roblox have already created
virtual universes. Meta's announcement last October aims to go beyond
entertainment, and create virtual workspaces, homes and experiences for all
ages. "What's happening now is the metaverse for social media without gaming,"
Ratan said. "The new metaverse is designed to support any type of social
interaction, whether that's hanging out with your friends or having a business
meeting."
Use the Drift and Stability of Data to Build More Resilient Models
Data drift represents how a target data set is different from a source data set.
For time-series data (the most common form of data powering ML models), drift is
a measure of the “distance” of data at two different instances in time. The key
takeaway is that drift is a singular, or point, measure of the distance between
two different data distributions. While drift is a point measure, stability is a
longitudinal metric. We believe resilient models should be powered by data
attributes that exhibit low drift over time — such models, by definition, would
exhibit less drift-induced misbehavior. In order to manifest this property,
drift over time, we introduce the notion of data stability. Stable data
attributes drift little over time, whereas unstable data is the opposite. We
provide additional details below. Consider two different attributes: the daily
temperature distribution in NYC in November (TEMPNovNYC) and the distribution of
the tare weights of aircraft at public airports (AIRKG). It is easy to see that
TEMPNovNYC has lower drift than AIRKG; one would expect lesser variation between
November temperatures at NYC across various years, than between the weights of
aircrafts at two airports.
How to become an AI influencer
An influencer has huge responsibilities to fill. As someone with a big
following, it is important to understand the kind of impact they can have on
their target audience, especially if they are young or just starting out in
their career. Venkat Raman, co-founder of Aryma Labs, a data consulting
firm, lists down a few things influencers should keep in mind while creating
their content. Don’t give false hopes An influencer should not give people
false hopes. He adds, “I see many posts and tweets where some influencers
proclaim that one does not need to know advanced math to break into data
science. The poor aspirants believe it, and when they face the tough curriculum,
they give up. I think we need to be honest. This will help set the correct
expectations.” ... Many influencers in the field teach statistics through their
content. Statistics is one of the core foundations of data science. Raman adds,
“I have seen even the most popular YouTubers teach statistics wrongly.” The
foundation can’t be left shaky. The influencers owe it to their audience to
teach the right stuff. Unfortunately, in the chase for ‘number of followers’ and
pressure to create content every now and then, they end up creating substandard
content.
‘Dark Herring’ Billing Malware Swims onto 105M Android Devices
On the technical side, once the Android application is installed and launched, a
first-stage URL is loaded into a webview, which is hosted on Cloudfront,
researchers said. The malware then sends an initial GET request to that URL,
which sends back a response containing links to JavaScript files hosted on
Amazon Web Services cloud instances. The application then fetches these
resources, which it needs to proceed with the infection process — and
specifically, to enable geo-targeting. “One of the JavaScript files instructs
the application to get a unique identifier for the device by making a POST
request to the “live/keylookup” API endpoint and then constructing a final-stage
URL,” according to the analysis. “The baseurl variable is used to make a POST
request that contains unique identifiers created by the application, to identify
the device and the language and country details.” The response from that
final-stage URL contains the configuration that the application will use to
dictate its behavior, based on the victim’s details. Based on this
configuration, a mobile webpage displayed to the victim, asking them to submit
their phone number to activate the app (and the DCB charges).
4 ways to mature your digital automation strategy
Immature strategies focus on simple tasks. It’s a great place to start, but to
get the most out of automation, it needs to grow. To evolve these task-based
automations into automated workflows, applications and systems need to
communicate with each other. Steadily adding connected systems provides the
opportunity to build increasingly complex, end-to-end workflows. As more
processes are connected, you will need a platform to manage the increasing
complexity. Fortunately, vendors in different segments of enterprise IT are
converging with offerings of business process automation (BPA) suites that
include integration libraries and automation and workflow capabilities. This
trend provides support for organizations building out their strategies and
validates the importance of automation paired with connectivity. RPA bots are
very popular because they are powerful and easy to use. This is both a blessing
and a curse because RPA is often used when it shouldn’t be, leading to poorly
designed processes.
Integrating IoT in Your Business
If you look at the LoRaWAN ecosystem as a whole, we now have a few hundred
hardware partners that have created off the shelf products. So the first one, we
say, okay, just don’t start, build your own hardware, look at it, look what’s
there. And of course, we have experience with a lot of these devices and we’ve
highlighted them. And of course, we also know as a company, which ones are
higher quarter quality, and which are of lesser quality. But this abundance of
availability make sure that you can choose, and also make sure there’s a market.
Second, if you wanna move into, let’s say custom hardware development, because
the sensor is not out there, or because you wanna build up IP or because it’s, I
mean, you can think of many reasons. What you now see is that with, in the
LoRaWAN ecosystem, there’s a lot of libraries, there’s a lot of tools, a lot of
modules, that also makes it easier to build your own hardware. So we’ve started
off with an open code initiative called a generic node, where we were offering
the ecosystem, that’s a example of how we feel what should be the perfect
LoRaWAN device and you can use it for inspiration or we can help you
further.
Quote for the day:
"A company is like a ship. Everyone
ought to be prepared to take the helm." -- Morris Wilks
No comments:
Post a Comment