Daily Tech Digest - April 13, 2022

Build Data Factories, Not Data Warehouses

Organizations today can capture, store and query a remarkable breadth of data relevant to their business. They can democratize access to this data so that analyses, processes or products can depend on it. Data teams operate complex data factories to service the data needs of their organization. But they are often unable to control the quality of data produced. Data teams risk losing trust and becoming sidelined if they do not catch and address data quality issues before downstream users. Data leaders must take responsibility for data quality by defining and enforcing quality control standards. They need tools and processes that test data in ways that scale, both with the data itself and the people involved in producing and consuming it. These are complex challenges, but a tremendous amount of innovation is happening in the data community to address them. I look forward to a future where our data factories are transparent, fast, inexpensive, and produce data of outstanding quality!


Joint Law Enforcement Operation Dismantles RaidForums

The agencies involved in this case, dubbed Operation Tourniquet, include the US Justice Department’s Criminal Division and Office of International Affairs, the U.S. Secret Service’s Criminal Investigative Division, the FBI, the Criminal Division’s Computer Crime and Intellectual Property Section, the Joint Cybercrime Action Taskforce (Europol), the National Crime Agency (U.K.), the Swedish Police Authority, the Romanian National Police, the Portugal Judicial Police, the Internal Revenue Service Criminal Investigation and the Federal Criminal Police Office (Germany). “The takedown of this online market for the resale of hacked or stolen data disrupts one of the major ways cybercriminals profit from the large-scale theft of sensitive personal and financial information,” says assistant attorney general Kenneth A. Polite, Jr. of the Justice Department’s criminal division. “This is another example of how working with our international law enforcement partners has resulted in the shutdown of a criminal marketplace and the arrest of its administrator.”


10 examples of the metaverse for business and IT leaders

Early adopters want to figure out how to operate in the emerging digital world, some for fear of falling behind or missing out altogether, said Nicolas Avila, the CTO for North America at professional services firm Globant. What companies are calling "metaverse" varies wildly. Currently, no extended reality platform enables users' avatars to live, work and shop in what many are calling the next version of the internet. And it's unclear how and whether extended reality projects will converge and integrate to become that vision. The developing metaverse is also fraught with potential problems, from its associated greenhouse gas emissions to legal challenges. ... One promising business-focused metaverse use case centers extended reality's promise of helping workers do their job better, particularly through the use of AR. The fully realized metaverse should be able to stream information in ways that make workers more efficient and productive, Nguyen said. ... A worker could look at a traffic light that was reported broken, get details on that complaint and update its repaired status immediately.


Tarrask malware uses scheduled tasks for defense evasion

Microsoft observed HAFNIUM from August 2021 to February 2022, target those in the telecommunication, internet service provider and data services sector, expanding on targeted sectors observed from their earlier operations conducted in Spring 2021. Further investigation reveals forensic artifacts of the usage of Impacket tooling for lateral movement and execution and the discovery of a defense evasion malware called Tarrask that creates “hidden” scheduled tasks, and subsequent actions to remove the task attributes, to conceal the scheduled tasks from traditional means of identification. The blog outlines the simplicity of the malware technique Tarrask uses, while highlighting that scheduled task abuse is a very common method of persistence and defense evasion—and an enticing one, at that. In this post, we will demonstrate how threat actors create scheduled tasks, how they cover their tracks, how the malware’s evasion techniques are used to maintain and ensure persistence on systems, and how to protect against this tactic.


Quantum computing ecosystem expands in all directions

The quantum ecosystem is growing in all directions from academic to corporate boardrooms and producing new hardware, software and partnerships. Denis Mandich, CTO of quantum entropy startup Qrypt, said that the race to make qubits at scale is a winner-take-all competition. ... Quantum Brilliance is planning a joint research and development hub with La Trobe University and RMIT University to develop high-performance, scalable diamond-based quantum microprocessors. The Research Hub for Diamond Quantum Materials will develop fabrication techniques. Dr. Marcus Doherty is the co-founder and chief scientific officer of Quantum Brilliance, the head of the Diamond Quantum Science and Technology Laboratory at the Australian National University and the leader of the Australian Army’s quantum technology roadmap. Professor Chris Pakes, acting deputy vice chancellor for research and industry engagement at La Trobe University, said the partnership will use both universities’ expertise in diamond growth, surface imaging and engineering, and combine it with Quantum Brilliance’s industry experience and manufacturing capabilities.


Deep Learning Poised to ‘Blow Up’ Famed Fluid Equations

While this demonstration provided compelling evidence of a singularity, without a proof it was impossible to know for sure that it was one. Before Hou and Luo’s work, many simulations proposed potential singularities, but most of them disappeared when tested later on a more powerful computer. “You think there is one,” said Vladimir Sverak, a mathematician at the University of Minnesota. “Then you put it on a bigger computer with much better resolution, and somehow what seemed like a good singularity scenario just turns out to not really be the case.” That’s because these solutions can be finicky. They’re vulnerable to small, seemingly trivial errors that can accumulate with each time step in a simulation. “It’s a subtle art to try to do a good simulation on a computer of the Euler equation,” said Charlie Fefferman, a mathematician at Princeton University. “The equation is so sensitive to tiny, tiny errors in the 38th decimal place of the solution.” Still, Hou and Luo’s approximate solution for a singularity has held up against every test thrown at it so far, and it has inspired a great deal of related work, including full proofs of blowup for weaker versions of the problem.


The role of infrastructure as code in edge datacentre computing

Managing datacentre computing located at the edge of the corporate network is becoming as important as the management of centralised IT systems. There has always been a need to manage branch office IT and remote server rooms efficiently, because they are generally less resourced in terms of IT administrators on site, compared with the central IT function. There is now a groundswell of activity around managing the configuration of IT systems in the same way that source code is managed by software development teams. Scott McAllister, developer advocate at PagerDuty, says: “As IT infrastructure has progressively decoupled from physical machines we can touch, managing and provisioning that infrastructure has moved to software services in the cloud. Those services are built with robust user interfaces for manual configuration. However, handling those configurations at scale is tedious and can lead to system fragility.” Once hailed as the future of infrastructure management and now the de-facto best practice, infrastructure as code (IaC) is a process that automates the provisioning and management of compute resources with machine-readable templates.


Fight Cloud Jacking by Slashing Complexity

SaaS applications are consumed and delivered through the cloud by the enterprise as software. The cloud providers take application and infrastructure security responsibility, yet the responsibility of access and data security resides with enterprise security teams. IaaS and PaaS are business-critical applications that are built and hosted by the enterprise, and the responsibility of the infrastructure, application logic, data and access security is managed by enterprise security teams. These environments are growing and changing quickly for enterprises. For the CISO, this means that the enterprise’s cloud environment on Tuesday might be very different than what it was on Monday. That’s problematic. Managing access credentials for these diverse and fast-changing environments is complicated, inconsistent, and hard. It’s worse for the CISO as these are the credentials that the cybercriminals want to cloud jack and use for commercial gains.


Zero-Trust Security for Developer Workstations

Despite their legacy baggage, virtual desktop infrastructure (VDI) and desktop as a service (DaaS) solutions address the above security risks. Such a migration protects against physical code exfiltration via lost or stolen laptops, since physical security of hard drives is delegated to your cloud provider’s data center. Additionally, most clouds implement encryption at rest, which secures persisted data against rare breaches. Citrix and VMWare are classic VDI/DaaS providers, while some cloud providers are introducing semi-managed first-party solutions like AWS Workspaces. Once workstations are in the cloud, it’s relatively easy to reduce digital risks via image management and network controls. Administrators can preinstall developer tools into their images, which reduces the need for developers to securely assess or install third-party applications. Meanwhile, the cloud infrastructure services that are hosting the VDI sessions will be subject to any network policy customizations, so administrators can filter out unwanted or unexpected outbound traffic.


4 ways to create a culture of collaboration

IT professionals have long been communicating and collaborating across distributed teams, driven by a need to quickly respond to production outages, urgent client requests, or to source and recruit the best talent, regardless of location. We’ve standardized a set of tools that allow us to collaborate globally. When the COVID crisis hit, we were well-positioned to rapidly extend these capabilities to all parts of the company. Recently, as the return-to-work initiatives began, we have outfitted many of our conference facilities with equipment to help overcome the hybrid workforce challenges. Throughout these workforce shifts, we have remained focused on an important strategic priority: to be the easiest company to do business with. To create that seamless experience, every member of our team needs to fully understand our customers’ businesses, the specific problems we are solving for them, and how they and our employees will engage with and experience the technology solutions we’re building.



Quote for the day:

"A lot of people have gone farther than they thought they could because someone else thought they could." -- Zig Zigle

No comments:

Post a Comment