Multifactor Authentication Is Being Targeted by Hackers
Proofpoint found today’s phishing kits range from “simple open-source kits with
human-readable code and no-frills functionality to sophisticated kits utilizing
numerous layers of obfuscation and built-in modules that allow for stealing
usernames, passwords, MFA tokens, social security numbers, and credit card
numbers.” How? By sending phishing emails with links to a fake target website,
like a login page, to naive users. That, of course, is old news. Hackers have
been using that technique for ages. What this “new kind of kit” brings to the
table is a malware-planted MitM transparent reverse proxy. With this residing on
the target’s PC, it intercepts all the traffic including their credentials and
session cookies even if the connection is to the real site. ... One such
program, Modlishka, already automates these attacks. Polish security researcher
Piotr DuszyĆski, said of it, “With the right reverse proxy targeting your domain
over an encrypted, browser-trusted, communication channel one can really have
serious difficulties in noticing that something was seriously wrong.”
How to choose a cloud data management architecture
Multi-cloud models incorporate one of more services from more than one cloud
provider (and optionally may include on-premises or hybrid architectures). In
this scenario, the difference is that services from multiple cloud providers are
used. A DBMS offering and the applications that rely on it may be deployed both
on-premises and/or on one or more clouds. As such, all of the considerations of
hybrid cloud may apply with the added considerations of deploying software in
multiple cloud environments. These offerings have historically been limited to
independent software vendors (ISVs) rather than native CSPs, as the ISVs have
more of a vested interest in making sure that their software runs in as many
environments as possible. However, cloud service providers are increasingly
engaging in multi-cloud and intercloud scenarios. The multi-cloud scenario
generally appeals to end users who are concerned about cloud vendor lock-in and
want to be able to move their applications easily to a different cloud provider.
How blockchain investigations work
Knowing the exact entity behind a batch of addresses can be crucial, and
blockchain intelligence companies have ways of finding that. They aggregate
information from multiple sources, often using off-chain data to enrich their
understanding of transactions. They look at dark web forums, social media
posts, and court papers among others. "You can be on Facebook, and you see
[someone] soliciting funds in bitcoin and there's an address there," Redbord
says. That address is copied and can be associated with a cybercriminal ring,
a terrorist organization, or other illicit entities, depending on the case.
Such nuggets of information are gathered by blockchain intelligence companies
and stored for future references. "[We] are building a giant blacklist of
cryptocurrency addresses," Redbord adds. This process of categorizing
addresses is done in the background. Investigators using blockchain
intelligence software simply input the address corresponding to the payment.
Then, they can see the flow of digital money.
Will AI Ever Become Ubiquitous?
We’re entering an era where our personal data will be more valuable than ever,
and consumers are beginning to wake up to that fact. A report in 2019
indicates over 60 percent of respondents felt connected devices were “creepy,”
which will likely slow adoption of such devices. While all of this may sound
daunting, there are some interesting innovations addressing the pain points.
And you’re likely enjoying the benefits of this thinking without even
realizing it. To understand, we have to go into a room filled with networking
gear. Most of us are familiar with server rooms thanks to TV shows and movies
where we see some generic, but high-tech, “data center.” What most consumers
don’t realize is that companies don’t just upgrade all their data center
hardware at once. Just as you likely don’t buy a new router when you buy a new
laptop, data center components are swapped out over time, here and there, and
can wind up as a patchwork of vendors and services. Some time ago, network
administrators unified their management while allowing underlying systems to
micro-manage the individual components.
IoT Deployment – How to Secure and Deploy Internet of Things Devices
Many IoT devices are connected to the internet and can be accessed by hackers
from anywhere in the world. This makes them ripe for attack. Hackers can
exploit vulnerabilities in these devices to gain access to sensitive data or
even take control of them. Another issue is that many IoT devices are not
well-integrated into existing IT security frameworks. As a result, they may
not be properly protected against cyber threats. For example, many IoT devices
lack adequate firewalls and intrusion detection systems, making them
susceptible to attack. Finally, there is also a risk that malicious actors
could weaponize IoT devices for use in DDoS attacks or other cyberattacks. For
example, hackers could exploit vulnerabilities in smart TVs or other
internet-connected devices to launch a devastating DDoS attack against a
company or organization. To mitigate these security problems, organizations
should take steps to secure their IoT devices properly. They should ensure
that all devices have strong passwords and are routinely updated with the
latest security patches.
The Cloud Challenge: Choice Paralysis and the Bad Strategy of “On-Premising” the Cloud
Here is the troubling fact: most organizations know that the cloud is
different than on-prem, most of them also know the main differences. Yet, this
knowledge doesn’t translate into better solutions. That is because most
organizations face a challenge: "With all these cloud services out there,
which one to use in each scenario?" Too many choices can lead
developers/architects to some kind of decision paralysis. Instead of going
through the many choices, they just resort to the most familiar. In the case
of organizations who are used to building on-prem, this often means choosing
the old-stack without even considering the alternatives. Having tens of cloud
services is indeed a challenge (Azure has 400+ different services at the time
of writing this, each service might have tens of built-in capabilities).
However, it is still a good challenge to have. That is because if you’re not
dealing with resolving this challenge you’re effectively dealing with the
challenge of how to make the cloud behave like on-prem.
Software development is changing again. These are the skills companies are looking for
Today, good developers work across the stack – in fact, their success relies
on their ability to engage with a range of stakeholders to deliver business
outcomes, says Spencer Clarkson, chief technology officer at Verastar. "I
think what makes a good developer nowadays is that rounded understanding," he
says. "They need to be agile in working style, and also understand the concept
of doing Agile development – fail fast, develop quickly." That's something
that others recognise, too. Tech analyst Forrester says Agile delivery is
critical to successful digital transformations, yet the best enterprises go
even further. ... "Software development is now much more about gluing things
together rather than building something from scratch," he says. "There's lots
of good apps and products out there. It's how you glue them together – that's
your IP. People need to have that aptitude first and be multiskilled second."
Gartner also says organisations and their employees should be prepared to move
in multiple strategic directions at once due to the ongoing requirements for
innovation and digitisation.
Comparing Programming models: SYCL and CUDA
SYCL and CUDA serve the same purpose: to enhance performance through
processing parallelization in varied architectures. However, SYCL offers more
extendibility and code flexibility than CUDA while simplifying the coding
process. Instead of using complex syntax, SYCL enables developers to use ISO
C++ for programming. Unlike CUDA, SYCL is a pure C++ domain-specific embedded
language that doesn’t require C++ extensions, allowing for a simple CPU
implementation that relies on pure runtime rather than a particular compiler.
SYCL is a competitive alternative to CUDA in terms of programmability. With
SYCL, there’s no need for a complex toolchain to develop an application, and
the tools ecosystem is readily available, ensuring a hassle-free development
experience. SYCL doesn’t need separate source files for the host and device.
Instead, you can find the code for the host and the device in the same C++
source file. SYCL implementations are capable of splitting up this source
file, parsing the code, and sending it to the appropriate compilation
backend.
Ban predictive policing systems in EU AI Act, says civil society
As it currently stands, the AIA lists four practices that are considered “an
unacceptable risk” and which are therefore prohibited, including systems that
distort human behaviour; systems that exploit the vulnerabilities of specific
social groups; systems that provide “scoring” of individuals; and the remote,
real-time biometric identification of people in public places. However,
critics have previously told Computer Weekly that while the proposal provides
a “broad horizontal prohibition” on these AI practices, ...”. In their letter,
published 1 March, the civil society groups explicitly call for predictive
policing systems to be included in this list of prohibited AI practices, which
is contained in Article 5 of the AIA. “To ensure that the prohibition is
meaningfully enforced, as well as in relation to other uses of AI systems
which do not fall within the scope of this prohibition, affected individuals
must also have clear and effective routes to challenge the use of these
systems via criminal procedure, to enable those whose liberty or right to a
fair trial is at stake to seek immediate and effective redress,” it said.
IT leadership: 3 new rules for hybrid work
The very nature of the annual review sets up a dynamic where the manager
critiques and the employee is on the defensive. The employee often feels that
the manager focuses solely on shortcomings and not on achievements. They may
wonder, “Why didn’t my manager mention this issue when it actually happened?”
or “Why won’t my manager recognize the things I’ve done right?” The manager
may be new to the position and not entirely familiar with the employee, their
position, or work history, making a constructive review more challenging. In
addition, many managers simply are not trained to communicate, coach, and lead
effectively. With higher numbers of employees working remotely, reviews have
an added layer of difficulty especially if they aren’t done in person. Body
language can be harder to read. Without seeing the employee in action
day-to-day, the manager might not be aware of how productive they are. Zoom
fatigue can also cause many employees to remain silent rather than actively
participate.
Quote for the day:
"Leadership is about carrying on when
everyone else has given up." -- Gordon Tredgold
No comments:
Post a Comment