Sharp rise in SMB cyberattacks by Russia and China
Over the last several weeks, there has been a sharp rise in activity from
countries with consistently high levels of both attempted and successful attacks
originating within their borders — Russia and China. The vast volumes of data
analyzed suggests these countries may even be coordinating attack efforts. Per
analysis available, attack trend lines that compare Russia and China show almost
the exact same pattern. Juxtaposed to a chart from Germany indicates that it is
not even close to the same pattern, leading to educated speculation that these
countries could be coordinating efforts. According to the Brookings Institute,
“The U.S. National Security Strategy declares Russia and China the two top
threats to U.S. national security. At the best of times, U.S.-Russia ties are a
mixture of cooperation and competition, but today they are largely adversarial…
Russia’s increasingly close relationship with China represents an ongoing
challenge for the United States. While there is little that Washington can do to
draw Moscow away from Beijing, it should not pursue policies that drive the two
countries closer together, such as the trade war with China and rafts of
sanctions against Russia.”
Threat intelligence: why it matters, and what best practice looks like
While no two organisations are the same, one useful way to think about deploying
threat intelligence is to focus on three stages: monitoring, integration and
analysis. In the early days of a project threat intelligence strategy, it’s
unlikely that you’ll have the relevant expertise, time, or resources that are
necessary to support proactive intelligence analysis yet. However, by collecting
information from various sources and monitoring them for threat indicators
relevant to your business, it’s possible to drive significant value. This could
include things like leaked corporate credentials, mentions of your product on
the dark web or looking for typosquats of your corporate brands in domain name
registrations that are important as you begin your journey. The intelligence
gained from doing so could help to inform the IT department for password resets,
phishing email campaigns targeting employees and accelerate efforts to verify
potential security incident efforts. Next comes integration.
A Proposal For Type Syntax in JavaScript
When we’ve been asked "when are types coming to JavaScript?", we’ve had to
hesitate to answer. Historically, the problem was that if you asked developers
what they had in mind for types in JavaScript, you’d get many different
answers. Some felt that types should be totally ignored, while others felt
like they should have some meaning – possibly that they should enforce some
sort of runtime validation, or that they should be introspectable, or that
they should act as hints to the engine for optimization, and more! But in the
last few years we’ve seen people converge more towards a design that works
well with the direction TypeScript has moved towards – that types are totally
ignored and erasable syntax at runtime. This convergence, alongside the broad
use of TypeScript, made us feel more confident when several JavaScript and
TypeScript developers outside of our core team approached us once more about a
proposal called "types as comments". The idea of this proposal is that
JavaScript could carve out a set of syntax for types that engines would
entirely ignore, but which tools like TypeScript, Flow, and others could
use.Have smart wearables increased productivity of employees in the hybrid working environment?
Smartwatches offer myriads of features that help individuals take charge of
their daily tasks and complete them quicker and with ease. From using the
voice commands to dictate emails to sending short messages or to track their
physical movements, water intake, SpO2, heart rate, stress, breathing
exercises, stretching, etc., these devices have enabled us to tirelessly
complete tasks without compromising on fitness and health. SpO2 has emerged as
an important measure for fitness over the last two years. It is satisfying to
keep a check on it from time to time just in case any medical assistance is
required. On the other hand, earbuds let you answer calls hands free, which
makes it easier to make notes or go on with other tasks, thereby boosting
productivity. Features like ANC and ENC take care of the background noise to
further enhance the quality of audio experience. And in case, you’re out
running an errand during office hours, and forget a crucial meeting that was
scheduled, your smartwatch will notify you. You can also pick up the call via
your earbuds while you drive back home, and it is really happening out there.
Best Practices for Running Stateful Applications on Kubernetes
/filters:no_upscale()/articles/kubernetes-stateful-applications/en/resources/4image1-1646437036290.jpg)
A common approach is to run your stateful application in a VM or bare metal
machine, and have resources in your Kubernetes cluster communicate with it.
The stateful application becomes an external integration from the perspective
of pods in your cluster. The upside of this approach is that it allows you to
run existing stateful applications as is, with no refactoring or
re-architecture. If the application is able to scale up to meet the workloads
required by the Kubernetes cluster, you do not need Kubernetes’ fancy auto
scaling and provisioning mechanisms. The downside is that by maintaining a
non-Kubernetes resource outside your cluster, you need to have a way of
monitoring processes, performing configuration management, performing load
balancing and service discovery for that application. ... A second, equally
common approach is to run stateful applications as a managed cloud service.
For example, if you need to run a SQL database with a containerized
application, and you are running in AWS, you can use Amazon’s Relational
Database Service (RDS). 3 DevSecOps Practices to Minimize Impact of the Next Log4Shell
Security is tough to get right, and it’s made more difficult by market
pressures, cloud complexity and the growing prevalence of open source
libraries. This has expanded the typical enterprise’s cyberattack surface to
many times its size of several years ago. It has also provided more
opportunities for potentially critical vulnerabilities to enter the
development cycle and then persist into production. Log4Shell is the poster
child for that problem. As a result, it’s more important than ever that we pay
more than lip service to the concept of security as a shared responsibility
within the organization. “Shared responsibility” is often used to mean greater
boardroom buy-in, or in the context of behavioral change among staff, but it’s
just as important in IT departments. We need developers to become more skilled
in building secure products, but we also need to ensure apps in production
continue running securely. Breaking down the silos between developers,
operations and security teams will drive true DevSecOps practices. To get
there, organizations should unify teams around a centralized platform that
gives them visibility and control.Forrester predicts RPA software market growth will begin to flatten next year
Forrester is predicting that some of the money going to RPA software today
will begin to shift to broader AI automation solutions. It’s worth noting that
while RPA has robotic in its name, it’s not really AI in a true sense. The
bots in this case are more like scripts completing a set of highly manual
tasks. By comparison, no-code automation solutions make it easy to create a
workflow, presumably without consulting help. AI provides a way to
intelligently implement tasks and take steps based on the data instead of
moving through a set of highly defined hard-coded work. This decline is coming
in spite of investor enthusiasm for the market from investors who valued
UiPath at $35 billion when it raised $750 million last year, its last private
fundraise prior to its IPO. Today the company’s market cap sits at close to
$15 billion, certainly a precipitous drop in value, even taking into
consideration the big hit software companies have been taking in the stock
market over the last year. Meanwhile, we also saw some pretty significant
consolidation as companies like SAP bought Signavio, ServiceNow acquired
Intellibot and Salesforce snagged Servicetrace, as several examples.The rise of confidential blockchains
Cryptoeconomics has long been founded upon the proof-of-work consensus
algorithm. This algorithm has proven to be truly resilient to Byzantine
attacks. But there are downsides. First, the performance of proof-of-work
blockchains remains poor. Bitcoin, for example, still operates at seven
transactions per second. Second, proof-of-work blockchains are also extremely
energy-intensive. Today, the process of creating Bitcoin consumes around 91
terawatt-hours of electricity annually. This is more energy than is used by
Finland, a nation of about 5.5 million people. While, there is a section of
commentators that consider this to be a necessary cost of protecting the
global cryptocurrency system, rather than just the cost of running a digital
payment system. There is another section that thinks that this cost could be
done away with by developing proof-of-stake consensus protocols, as they
deliver much higher throughput of transactions. Indeed, the proof-of-stake
blockchains built on the Tendermint framework deliver upwards of 10,000
transactions per second. However, proof-of-stake blockchains also have some
downsides.Teaming is hard because you’re probably not really on a team
Real teams are all about solving the hardest, most complex problems. A diverse
set of perspectives and skills is required to untangle these sorts of
problems, for which there is no obvious solution. Members of a real team trust
each other and work toward a common goal. Real teams are thoughtful, they
argue, and they push each other to do better. They require nimble leaders who
prioritize building connections within the team. They create clear boundaries
that reinforce a strong sense of trust. They have a shared purpose and clear
norms. And, importantly, they produce a collective output. If you see a group
of people focusing intently on solving a single, very complex problem, you’re
probably looking at a real team. Working groups are all about efficiency. Most
people spend most of their productive time in working groups. We’ll say it
again: there is nothing wrong with being in a working group. In fact, working
groups are often best suited to the tasks at hand. Managers of working groups
focus heavily on techniques to make their collaboration more
efficient. How machine learning can course-correct inherent biases in recruiting
Often, if the job opening is attractive, there may be hundreds of people
applying for a single position. Toward the end of the hiring process, all of
the candidates are more than good enough to do the job but they don’t make the
final cut. How hiring managers decide between them is often on minute
mistakes. These are an underutilised resource for HR teams when recruiting.
These candidates have already proven themselves, but historically there hasn’t
been an easy way to match them with other companies who would likely hire them
based on their performance. Joonko has developed a platform that is made up
entirely of silver medalists, pre-qualified candidates who have passed at
least two stages of the recruiting process, and match these candidates with
future jobs, thus saving significant time in the recruiting process. ...
“Silver medalists were already vetted by their peers, and the conversation
with the candidates could be more around the specific needs of the
organisation, without the excruciating part of the interview process.”Quote for the day:
"Leaders need to strike a balance between action and patience." -- Doug Smith
No comments:
Post a Comment