Daily Tech Digest - February 12, 2022

Speeding Time to Value: The ‘Just in Time’ Data Analytics Stack

JIT analytics signals an end to the era of data consolidation in which data management was based on organizations moving data into warehouses, data lakes and data lakehouses. By leveraging a variety of approaches, including data materialization, query tool abstractions, and data virtualization, this new analytics era obsoletes the need to move data to store it in one place for analysis. JIT represents a substantial evolution in fundamental data strategy that not only results in better, timelier analytics, but protects the enterprise from numerous shortfalls. Costs (related to data pipelines, manual code generation, etc.) are reduced, boosting resource conservation. Moreover, organizations decrease a considerable amount of risk related to regulations and data privacy by not constantly copying data from one setting to another, which potentially exposes it to pricy noncompliance penalties. ... Best of all, the business logic — schema, definitions, end-user understanding of data’s relation to business objectives — is no longer locked in silos but is transported to the data layer for greater transparency and usefulness.

Why DeFi could signal the beginning of the end of traditional Fintech

This is to be expected with current processes that require analogue or legacy methods of ID verification. This is where the interoperability of the likes of blockchain come in; providing unimpeachable data to prove identity/provenance, and in doing so both removing the need for slow processes and accelerating the rate of transactions. Interoperability is where identifies are portable across ecosystems. For instance, in gaming, progress and identifies can move across different gaming dApps. In finance, that would be a single, immutable identity used for everything, with less requirement to prove a customer is who they say they are as their interoperable identity is trusted by all providers. Lending, payments, proof of identity, trading; all will become decentralised, and much faster. Then there’s NFTs. Transforming ownership of assets with irrefutable proof, as well as ushering in a new asset class – that of digital. For example, we could well see the rise of tokenised invoices. Invoice beneficiaries could sell parts or whole of the invoice on an NFT marketplace within seconds. 

Cybercriminals Swarm Windows Utility Regsvr32 to Spread Malware

“Threat actors can use Regsvr32 for loading COM scriptlets to execute DLLs,” they explained in a Wednesday writeup. “This method does not make changes to the Registry as the COM object is not actually registered, but [rather] is executed. This technique [allows] threat actors to bypass application whitelisting during the execution phase of the attack kill chain.” ... As a class, .OCX files contain ActiveX controls, which are code blocks that Microsoft developed to enable applications to perform specific functions, such as displaying a calendar. “The Uptycs Threat Research team has observed more than 500+ malware samples using Regsvr32.exe to register [malicious] .OCX files,” researchers warned. “During our analysis of these malware samples, we have identified that some of the malware samples belonged to Qbot and Lokibot attempting to execute .OCX files…97 percent of these samples belonged to malicious Microsoft Office documents such as Excel spreadsheet files.” Most of the Microsoft Excel files observed in the attacks carry the .XLSM or .XLSB suffixes, they added, which are types that contain embedded macros.

Sardine’s algorithm helps crypto and fintech companies detect fraud

Sardine, a compliance platform for fintech companies, primarily serves neobanks, NFT marketplaces, crypto exchanges and crypto on-ramps. Its 50+ customer roster includes Brex, FTX, Luno and Moonpay, the company says. “The use case for all our customers is essentially that they’re all using us to prevent fraud when money is being loaded into a wallet,” CEO and co-founder Soups Ranjan told TechCrunch in an interview. When customers move money to their wallet via credit card, debit card or ACH transfer, Sardine assigns a risk score to the card or bank account being used through an algorithm and assumes fraud liability for the transaction. The company has long offered these two features, but it announced today that it is unveiling instant ACH transfer capabilities, allowing customers to bypass the traditional three- to seven-day waiting period to access their funds. Sardine will do this by pre-funding the consumer’s crypto purchase in their wallet and taking on the fraud, regulatory and compliance risk associated with the waiting period.

Is DeFi signalling the great financial evolution?

DeFi presents a revolutionary new frontier for opening fresh opportunities in improving the global finance markets. From a utility perspective, its technology alone presents improved speed and security to facilitate financial transactions — internationally. Moreover, this use case alone is a highly-developed feature that sees constant pursuit of uptake and improvement by popular cryptocurrency projects such as Stellar (XLMUSD). Additionally, DeFi sets a fascinating new precedent for enabling access to financial services. While bank accounts are the expected norm within most developed societies, the World Bank estimates that up to 1.7 billion people in the world do not have access to an account of their own. As a result, the emergent term within discussions around DeFi sees its examples championed by those in favour of enabling access among users who don’t transact via traditional bank accounts, now commonly referred to as the ‘unbanked’. As the concept continues to evolve, the question of how DeFi can be regulated will no doubt continue to be a pressing topic globally.

Cyprus: The Concept Of Control In DeFi Arrangements

With regard to DeFi arrangements specifically, the FATF Guidelines recognize that a DeFi application, that is, the underlying software, is not a CASP in accordance with FATF standards, as these do not apply to software or technology. Despite this, it is possible for persons such as creators, owners and operators of such applications to qualify as a CASP, if they are found to be providing or actively facilitating CASP services. Their classification or not as the obliged entity for AML/CFT law purposes will be based on whether they maintain control or sufficient influence over the arrangement. Owners or operators are often distinguished by their relationship to the activities undertaken by the arrangement. Control or sufficient influence may be exercised in a number of ways, for example, setting parameters, holding an administrative key, retaining access to the platform or collecting fees or realizing profit. It is emphasized that a person may be found to be exercising sufficient control or influence over a DeFi arrangement even in instances where other parties are involved in the provision of the service, or where part of the process is automated.

The AI edge chip market is on fire, kindled by 'staggering' VC funding

Edge AI has become a blanket term that refers mostly to everything that is not in a data center, though it may include servers on the fringes of data centers. It ranges from smartphones to embedded devices that suck micro-watts of power using the TinyML framework for mobile AI from Google. The middle part of that range, where chips consume from a few watts of power up to 75 watts, is an especially crowded part of the market, said Demler, usually in the form of a pluggable PCIe or M.2 card. "PCIe cards are the hot segment of the market, for AI for industrial, for robotics, for traffic monitoring," he explained. "You've seen companies such as Blaize, FlexLogic -- lots of these companies are going after that segment." But really low-power is also quite active. "I'd say the tinyML segment is just as hot. ..." Most of the devices are dedicated to the "inference" stage of AI, where artificial intelligence makes predictions based on new data. Inference happens after a neural network program has been trained, meaning that its tunable parameters have been developed fully enough to reliably form predictions and the program can be put into service.

If Scrum isn’t agile, a SaaS solution could be

There are certain situations where a software development organization simply can’t be agile. The first is where there is a fixed deadline. If there is a deadline, you almost certainly can’t make adjustments that may be necessary to finish the project. Changes to what you are coding almost always mean a change to the date. What happens if, when you do the sprint review with the customer, the customer asks for changes? You can’t roll back a whole sprint, redo the work in a different way, and then still ship according to a contracted date. If you can’t adapt to changing requirements, then you aren’t being agile. The second is when there is a fixed cost. This works very similarly to what I described in the previous paragraph — if you are only getting paid a set amount to do a project, you can’t afford to redo portions of the work based on customer feedback. You would very likely end up losing money on the project. Bottom line: If you have a fixed deadline or a fixed amount of time, you can’t strictly follow Scrum, much less the Agile Principles.

Can an AI be properly considered an inventor?

Thaler, an advocate of recognizing these devices as inventors, clearly believes the time has come, stating, “It’s been more of a philosophical battle, convincing humanity that my creative neural architectures are compelling models of cognition, creativity, sentience, and consciousness. … The recently established fact that DABUS has created patent-worthy inventions is further evidence that the system ‘walks and talks’ just like a conscious human brain.” (We should bear in mind, however, that an “author” in copyright is not an identical legal construction with that of an “inventor” in the domain of patents, but they are closely related concepts.) We also need to consider that the South African patent system does not involve an examination of the substance of an application, but unlike in a lot of countries leaves both first consideration and final resolution of patent validity to the courts, and so the patent grant was in some sense automatic and not policy-driven.) Importantly, the U.S., the U.K., and the European Patent Offices (all of which do preliminary consideration of patentability) rejected this same patent application on the basis of its ineligibility. 

MoleRats APT Flaunts New Trojan in Latest Cyberespionage Campaign

The campaign uses various phishing lures and includes tactics not only to avoid being detected but also to ensure that its core malware payload only attacks specific targets, Proofpoint researchers wrote in the report. Some of the attacks observed by the team also delivered a secondary payload, a trojan dubbed BrittleBush, they said. NimbleMamba, delivered as an obfuscated .NET executable using third-party obfuscators, is an intelligence-gathering trojan researchers believe is a replacement for previous malware used by TA402, LastConn. “NimbleMamba has the traditional capabilities of an intelligence-gathering trojan and is likely designed to be the initial access,” researchers wrote. “Functionalities include capturing screenshots and obtaining process information from the computer. Additionally, it can detect user interaction, such as looking for mouse movement.” MoleRats is part of the Gaza Cybergang, an Arabic speaking, politically motivated collective of interrelated threat groups actively targeting the Middle East and North Africa.

Quote for the day:

"Leadership is a process of mutual stimulation which by the interplay of individual differences controls human energy in the pursuit of a common goal." -- P. Pigors

No comments:

Post a Comment