Showing posts with label vishing. Show all posts
Showing posts with label vishing. Show all posts

Daily Tech Digest - October 11, 2020

Could Microsoft be en route to dumping Windows in favor of Linux?

Microsoft has been doing everything in its power to migrate users from the standard client-based software to cloud and other hosted solutions, and its software cash cow has become web-centric and subscription-based. All of those Linux users could still work with Microsoft 365 and any other Software as a Service (SaaS) solution it has to offer--all from the comfort and security of the Linux operating system. That's a win-win for Microsoft and consumers because Windows isn't as much of a headache to deal with (by way of bug hunting and security patching its proprietary solutions), and consumers get a more reliable solution without missing out on anything. If Microsoft plays its cards right, the company could re-theme KDE or just about any Linux desktop in such a way that it's not all that different from the Windows 10 interface. Lay this out right, and consumers might not even know the difference--a "Windows 11" would simply be the next evolution of the Microsoft desktop operating system. Speaking of winning, IT pros would spend less time dealing with viruses, malware, and operating system issues and more time on keeping the network running and secure.


Open sourcer Camunda buffs up RPA platform in an overcrowded market

Speaking to The Register, Camunda CEO and co-founder Jakob Freund said: “We have seen from Camunda customers such as Deutsche Telekom and National Westminster Bank that RPA is a great short-term solution, however it's a highly maintenance-intensive technology. RPA is essentially reading and automating the same user interface that a user would use.” A front-end UI might be in a spreadsheet, a scanned document or even a CRM or ERP system and any changes to it could break bots. “This makes RPA labour intensive,” he said. While Camunda solution may be a step in the right direction, the journey to bot nirvana is a long one. Craig Le Clair, Forrester Research veep, said: “There are many BPM vendors like Camunda that are acquiring or positioning in some way for the RPA or for what we call now Intelligent Automation market." He said Camunda approach was to see RPA thus far as a simple task automation without stronger rules management. It also usually failed to take account of a broader API and UI integration approach.


Google Search As a Vishing Tool: Big Cyber Security Challenge For Bank Customers

The article is based on the analysis of Google search and various cyber crimes cases registered in the cyber crime cells across Indian Territory and cases reported in various banks across India. Google search is the key focus area in this article. Cyber criminals update the name and mobile number in Google search by logging their Gmail account. When bank customer searches contact number of the concerned bank branches/merchants/payment intermediaries for enquiring or resolving the problem, he calls on the mentioned fake mobile number which has been updated by the fraudsters. Consequently, Cyber criminal gets the sensitive financial and secret information from the bank customers in fraudulent manner over phone line for resolving their problem and dupe the bank customers by debiting their bank account. Banks/merchants/payment intermediaries always provide genuine contact numbers at their respective website so that customers can easily access that numbers for establishing communication with banks /merchants/payment intermediaries in case of any related issue. But due to unawareness of phishing and vishing like scam, bank customers are easily duped by the cyber criminals.


How visualizing my Agile backlog improved productivity

One of the key lessons that I’ve had to learn as a UX Designer is how to work with the Agile backlog. Part of that is to understand how User Research and Business requirements can fit together. What I mean by that is that during the discovery phases of projects, you’re likely to also do User Interviews or other research while the Business is forming their backlog. You may have a lot of insights that help inform different backlog items, but these may be things that you find out on your research that no one else on the product team may have encountered. For example, there may be user workarounds to the official process that people don’t necessarily want to advertise, but it’s still useful user insight. So how do you combine these two groups? I initially tried to argue from the backlog standpoint, creating specific backlog items, but it was hard for members of the team to get on board with these things. Because even if they trust you that you did good research, it’s something that they’re not familiar with. And that’s exactly what was happening. People would view an isolated business requirement and change the wording or not realize what we were trying to say, without realizing how it might impact other items or the big picture.


Curiosity Artificial Intelligence: A Know-All Guide

If we take humans as an example, curiosity is what makes us learn things. Starting from a stage when humans get maturity, he/she becomes curious about the movements around them and learns from it. Then think about AI getting curious. AI is already known for its features that have reached the cliff by its technological improvements. AI has surpassed human abilities by making predictions and decisions in a split second by going through all the data. When we compare human curiosity with AI curiosity, AI emulates the behaviour in an algorithm that could enhance the potential for self-directed machine learning so that AI system would be driven to seek out or develop solutions to unfamiliar problems. In artificial intelligence, reinforcement learning (RL) is the process of motivating AI to perform desired behaviour and punishing it for undesired ones. RL seeks a feedback signal that assures that AI is making a step closer towards its goal. It learns observation and experience through the process. Training the AI in positive or negative feedback is up to the person who approaches.


TypeScript creator: How the programming language beat Microsoft's open-source fears

But as TypeScript matured and open source gained acceptance at Microsoft in its pivot from Windows to the cloud, the company would in 2014 shift TypeScript to a model of "open development" via a public repository on GitHub. Using GitHub allowed the community of TypeScript and JavaScript developers to influence its future. Because of that different approach, his team now has "zero distance" to its customers – the developers who use either JavaScript or TypeScript. "There's open source in the technical sense in that you give people your source code and give away your intellectual property rights, and technically that's open source," explains Hejlsberg. "But then there's open development, where you actually do your entire development process in the open, which we've been doing now since TypeScript moved to GitHub in 2014."  Today, GitHub, which Microsoft acquired in 2018 for $7.5bn, is where the TypeScript team of about 20 Microsoft engineers do all its daily work, allowing for a "closeness to our customers like nothing I've seen before".


The Disruption Era: The Future Of Coworking

Indeed, technology is unquestionably going to be a crucial point. A short report from CBInsights shows the “office of the future” will probably have voice tech systems to avoid touching, as well as autonomous cleaning solutions; air-improving systems to make us more productive; sensors to count people in rooms, along with a wellness check at the entry. One other important point is sustainability. Since workers spend most of their time indoors, it’s crucial to make that environment livable and sustainable. According to Accenture, just 11% of the employees are completely satisfied with their workspace. Also, many governmental initiatives plan to cut carbon footprints down by developing nearly zero-energy consumption buildings. Some companies also have come up with different solutions to reduce energy usage, such as solar panels, systems that use rain or water energy as well as some innovative solutions like converting workers’ footsteps into data and energy. According to the global coworking community GCUC, while the U.S. and Europe are expected to grow slowly, China is catching up fast and is expected to step over within the next few years, as the global number of coworking spaces increases by over one-third by 2022.


Visa Alert: POS Malware Attacks Persist

The three POS malware variants that targeted one hospitality company in June were identified as RtPOS, MMon and PwnPOS, according to the Visa report. "There is evidence to suggest that the actors employed various remote access tools and credential dumpers to gain initial access, move laterally and deploy the malware in the POS environment," according to the report. The malware variants are designed to scrape payment card data from Windows-based POS devices, but each performs its functions differently, according to the report. The RtPOS malware uses a specialized algorithm to check for payment card data before bundling the information into a file that the fraudsters later exfiltrates through a command-and-control server, the report notes. The MMon malware, on the other hand, deploys a command-line memory scraping technique that collected payment card data from a POS device's memory. The Visa report notes this malicious code, in use since 2010, frequently is customized. The PwnPOS malware creates persistence within POS devices and attempts to scrape payment card data from memory.


Quantum is years away, but business case can be made today

Working with D-Wave, Accenture ran a test using quantum annealing to demonstrate that there are benefits to using quantum techniques over traditional methods when hundreds of assets and/or factors are involved in the calculation. According to BBVA, the promising results have convinced the team to continue its investigation of this case with other technologies. Discussing the potential impact of quantum computing on financial services, Carlos Kuchkovky, global head of research and patents at BBVA, said:“Although this technology is still in an early stage of development, its potential to impact the sector is already a reality. Our research is helping us identify the areas where quantum computing could represent a greater competitive advantage, once the tools have matured sufficiently. We believe this will be, for certain concrete tasks, in the next two to five years.”  Alan Baratz, CEO of D-Wave, said: “Quantum computing is poised to fundamentally transform the way businesses – especially large-scale enterprises – solve critical problems. As enterprise leaders and decision-makers rethink business processes to become more agile and innovative, they need the tools and support to turn their ideas into quantum applications that have a real impact on their business.


Dr Lal Pathlabs data leak: Legal opinions on liabilities, punishments ...

The company now claims that the loophole has been patched but there is no explanation about the magnitude of information leaked online. With sensitive personal data leak happening every now and then, The420 team spoke to legal and cyber experts to find out legal liabilities and punishment in such cases. All the cyber experts unanimously said it is the companies’ responsibility to ensure the safety of their customers’ data. Patching the loophole is the bare minimum expected from them. Experts highlighted that private companies are not serious about data protection which can also be gauged by the amount they spend on its security. Explaining the legal action in such cases, Delhi based senior lawyer Karnika Seth said, “Section 43 A of the IT Act, 2000 requires companies to safeguard personal data and personally sensitive data. Health records are sensitive data. ISO 27001 certification is one of the standards required to comply with extant data protection measures.” Explaining other legal provisions in such cases, Mumbai based Dr Prashant Mali, Cyber & Privacy Expert Lawyer said, “Section 85 of the IT Act, 2000 deals with the offence by companies and Section 72A deals with a contractual data breach. The law is stringent implementation after 19 years of law in force is pathetic and no awareness.”


Quote for the day:

"Make sure you have finished speaking before your audience has finished listening." -- Dorothy Sarnoff
Posted by at No comments:
Labels: , , , , , , , , , ,

Daily Tech Digest - August 22, 2020

There is a crisis of face recognition and policing in the US

When Jennifer Strong and I started reporting on the use of face recognition technology by police for our new podcast, “In Machines We Trust,” we knew these AI-powered systems were being adopted by cops all over the US and in other countries. But we had no idea how much was going on out of the public eye.  For starters, we don’t know how often police departments in the US use facial recognition for the simple reason that in most jurisdictions, they don’t have to report when they use it to identify a suspect in a crime. The most recent numbers are speculative and from 2016, but they suggest that at the time, at least half of Americans had photos in a face recognition system. One county in Florida ran 8,000 searches each month. We also don’t know which police departments have facial recognition technology, because it’s common for police to obscure their procurement process. There is evidence, for example, that many departments buy their technology using federal grants or nonprofit gifts, which are exempt from certain disclosure laws. In other cases, companies offer police trial periods for their software that allow officers to use systems without any official approval or oversight.


Outlook “mail issues” phishing – don’t fall for this scam!

Only if you were to dig into the email headers would it be obvious that this message actually arrived from outside and was not generated automatically by your own email system at all. The clickable link is perfectly believable, because the part we’ve redacted above (between the text https://portal and the trailing /owa, short for Outlook Web App) will be your company’s own domain name. But even though the blue text of the link itself looks like a URL, it isn’t actually the URL that you will visit if you click it. Remember that a link in a web page consists of two parts: first, the text that is highlighted, usually in blue, which is clickable; second, the destination, or HREF (short for hypertext reference), where you actually go if you click the blue text. ... One tricky problem for phishing crooks is what to do at the end, so you don't belatedly realise it's a scam and rush off to change your password (or cancel your credit card, or whatever it might be). In theory, they could try using the credentials you just typed in to login for you and then dump you into your real account, but there's a lot that could go wrong. The crooks almost certainly will test out your newly-phished password pretty soon, but probably not right away while you are paying attention and might spot any anomalies that their attempted login might cause.


Taking on the perfect storm in cybersecurity

The future of cybersecurity depends on a platform approach. This will allow your cybersecurity teams to focus on security rather than continue to integrate solutions from many different vendors. It allows you to keep up with digital transformation and, along the way, battle the perfect storm. Our network perimeters are typically well-protected, and organizations have the tools and technologies in place to identify threats and react to them in real-time within their network environments. The cloud, however, is a completely different story. There is no established model for cloud security. The good news is that there is no big deployment of legacy security solutions in the cloud. This means organizations have a chance to get it right this time. We can also fix how to access the cloud and manage security operations centers (SOCs) to maximize ML and AI for prevention, detection, response and recovery. Cloud security, cloud access and next-generation SOCs are interrelated. Individually and together, they present an opportunity to modernize cybersecurity. If we build the right foundation today, we can break the pattern of too many disparate tools and create a path to consuming cybersecurity innovations and solutions more easily in the future.


FBI and CISA warn of major wave of vishing attacks targeting teleworkers

Collected information included: name, home address, personal cell/phone number, the position at the company, and duration at the company, according to the two agencies. The attackers than called employees using random Voice-over-IP (VoIP) phone numbers or by spoofing the phone numbers of other company employees. "The actors used social engineering techniques and, in some cases, posed as members of the victim company's IT help desk, using their knowledge of the employee's personally identifiable information—including name, position, duration at company, and home address—to gain the trust of the targeted employee," the joint alert reads. "The actors then convinced the targeted employee that a new VPN link would be sent and required their login, including any 2FA or OTP." When the victim accessed the link, for the phishing site hackers had created, the cybercriminals logged the credentials, and used it in real-time to gain access to the corporate account, even bypassing 2FA/OTP limits with the help of the employee. "The actors then used the employee access to conduct further research on victims, and/or to fraudulently obtain funds using varying methods dependent on the platform being accessed," the FBI and CISA said.


Why you need to revisit your IT policies

Part of that proactive planning should be adjustments to your IT policies. These documents are often forgotten until they're most needed, and the recent rushed transition from office work to remote work likely highlighted this condition. In the rushed transition, imagine how helpful it would have been to have some basic policy guidance on what equipment is supported for remote work, what items are reimbursable and where they can be sourced, and which software was recommended. If nothing else, some simple policies and guidance around these topics probably would have saved your already-stretched support staff dozens of phone calls and emails. ... At their best, policies provide guidance based on organizational priorities and experience, and at their worst, they are an extensive list of "Thou Shalt Nots" that assume your colleagues are nefarious scallywags one step away from destroying the organization should you not be there to preempt each of their misguided notions. Many employees dislike policy documents since they bias toward the latter, and unsurprisingly when you treat your colleagues like children and scoundrels, they'll rise to the occasion.


Styles, protocols and methods of microservices communication

For those who choose to stick with asynchronous protocols, consider exploring the advanced message queuing protocol (AMQP). This widely available and mature protocol provides a standard method for microservices communication and should be a priority for those developing truly composite microservices apps. Asynchronous protocols like AMQP use a lightweight service bus similar to a service-oriented architecture (SOA) bus, though much less complex. Unlike HTTP, this bus provides a message broker that acts as an intermediary between the individual microservices, thus avoiding the problems associated with a brokerless approach. Keep in mind, however, that a message broker will introduce extra steps that can add latency. The individual services still contain their functional and operational logic, and will need time to process that logic. The bus simply helps standardize and throttle those communications. Major cloud platforms, such as Azure, provide their own proprietary service bus for message brokering. However, there are also third-party options such as RabbitMQ, an open source message broker based in the Erlang programming language.


Edge computing: 4 problems it helps solve for enterprises

Enterprises in the construction, manufacturing, mining, and oil and gas industries, for example, are embracing the edge, which enables them to run the core elements of any solution locally by empowering local devices to save their state, interact with each other, and send important alerts and notifications. “This means that even if the internet goes down the factory, warehouse, construction site, mine, or field, edge processing continues to work full steam ahead,” Allsbrook says. ... Edge computing can minimize the network and bandwidth issues associated with moving large amounts of data to or from IoT devices and reduce reliance on the network. Companies look to edge solutions that can process data at the source and provide summary information on what’s going on. This eliminates the need for expensive SIM cards, data plans, and other network costs if the data were to have to be transported from the device to a network. “Edges can use simple ‘if-then’ logic or advanced AI algorithms to understand and build those summary reports,” explains Allsbrook of ClearBlade.


The Great Reset requires FinTechs – and FinTechs require a common approach to cybersecurity

Established financial services providers have a number of frameworks, standards and industry-driven initiatives available to test the security of FinTechs and other third parties. However, the volume of industry initiatives – driven by the pace of technological change and the multiplication of regulations – is now creating “noise”. This makes it difficult for FinTechs to direct their resources in a way that allows for security while also facilitating commercial partnerships. Requirements placed on FinTechs sow confusion, increase costs and may incentivise “security through obscurity”, in which less well-resourced firms play a game of chance, betting that they’re too small to be targeted by attackers and setting themselves up for problems in the future. ... The sector needs a mutually understood and widely accepted base level of cybersecurity controls. Clarity at the base level of security will support effective protection of business and client assets across the wider supply chain. This can accelerate the speed at which FinTechs can come to market and create commercial partnerships – and, in turn, incentivise good cyber hygiene


IBM Finds Flaw in Millions of Thales Wireless IoT Modules

The modules, which IBM describes as mini circuit boards, enable 3G or 4G connectivity, but also store secrets such as passwords, credentials and code, according to Adam Laurie, X-Force Red's lead hardware hacker, and Grzegorz Wypych, senior security consultant, who wrote a blog post. "This vulnerability could enable attackers to compromise millions of devices and access the networks or VPNs supporting those devices by pivoting onto the provider's backend network," Laurie and Wypych write. "In turn, intellectual property, credentials, passwords and encryption keys could all be readily available to an attacker." In a statement, Thales says "it takes the security of its products very seriously and therefore has, after communicating and discussing this issue with affected customers, delivered software fixes in Q1/2020." The modules run microprocessors with an embedded Java ME interpreter and use flash storage. Also, there are Java "midlets" that allow for customization. One of those midlets copies custom Java code added by an OEM to a secure part of the flash memory, which should only be in write mode so that code can be written there but not read back.


How to manage unstructured data using an ECM system

Structured data is information governed by a database structure, organized into defined fields, usually within the context of a relational database. The database structure requires that data in the fields follow a prescribed format. For example, a date must have the format of a date and a name must be limited in length. The most common place that people encounter structured data is in the cells of a spreadsheet. Structured data has many applications within businesses and is easy to search. It is found in finance, customer relationship management, supply chain and other applications where compliance to structures is keyed to business tasks. Unstructured data, on the other hand, is data without rules and is not as searchable. Users who create unstructured data are writing free-form, rather than complying with structured data fields. There is minimal enforcement of any rules on the length of content, the format of the content or what content goes where. Despite the lack of formal structure, unstructured information -- which users create in word processing programs, spreadsheets, presentation files, PDFs, social media feeds, and audio and video files -- forms the bulk of the data created in an organization.


Quote for the day:

"When you expect the best from people, you will often see more in them than they see in themselves." -- Mark Miller
Posted by at No comments:
Labels: , , , , , , , , , ,

Daily Tech Digest - August 24, 2019

Smishing and vishing: How these cyber attacks work and how to prevent them

Smishing, an SMS phishing attack / Vishing, a voice phishing attack by phone
We’re on our guard a bit more with email nowadays because we’re used to receiving spam and scams are common, but text messages and calls can still feel more legitimate to many people. As we do more of our shopping, banking, and other activities online through our phones, the opportunities for scammers proliferate. To avoid becoming a victim you have to stop and think. “Common sense is a general best practice and should be an individual’s first line of defense against online or phone fraud,” says Sjouwerman. Although the advice on how to avoid getting hooked by phishing scamswas written with email scams in mind, it applies to these new forms of phishing just as well. At root, trusting no one is a good place to start. Never tap or click links in messages, look up numbers and website addresses and input them yourself. Don’t give any information to a caller unless you’re certain they are legitimate – you can always call them back. It’s better to be safe than sorry, so always err on the side of caution. No organization is going to rebuke you for hanging up and then calling them directly (having looked up the number yourself) to ensure they really are who they say they are.



Serverless architect emerges as in-demand job role

Along with the traits of serverless systems, there are specific skills that budding serverless architects should have. Justin Pirtle, specialist solutions architect at Amazon Web Services, recently described the skills it takes to master serverless architecture.(In his post, he also points to relevant AWS resources:)  "With the move to microservices-based architectures, decomposing monolithlic applications and decoupling dependencies is more important than ever," Pirtle says. "When building event-driven architectures, whether you're looking for simple queuing and message buffering or a more intricate event-based choreography pattern, it's valuable to learn about the mechanisms to enable asynchronous messaging and integration," Pirtle points out. "In distributed microservices architectures, you must design coordinated transactions in different ways than traditional database-based ACID transactions, which are typically implemented using a monolithic relational database," he explains. "Instead, you must implement coordinated sequenced invocations across services along with rollback and retry mechanisms."


Stop Focusing On Big Data And Start Focusing On Smart Data

uncaptioned
“Big data” isn’t as important as “smart data” or the “right data.” Companies are getting excited over the notion of big data, but it’s ultimately only as good as the insights you get out of it. And in order to get actionable insights out of it, you have to combine big data with small data. The small data provides the context and calibration that big data can’t do on its own. When you combine the two, you get smart data. Through big data, they’ve been able to create specific audience segments and to tailor products and services precisely to meet those needs. They are getting as close to personalization as we can today and it’s working. Another industry that is doing this well is digital advertising. Programmatic ad buying has allowed personalization of digital ads, delivering much more relevant content for each individual consumer. Remember the days of “banner blindness” when ads were either intrusive or were just glossed over on websites. Now it’s almost as if have been seamlessly integrated into the content. Companies today are more often than not starting with the data and seeing what they find. It’s equivalent to finding a needle in a haystack. Start with the business drivers, the fundamentals and the strategy, and work backwards to figure out the best data sets that uncover the insights you need to help steer your direction.


What you need to know before implementing edge computing


Gartner's Gill highlights the problems with many edge devices running insecure software platforms that are unpatched against known exploits, citing the ease with which CCTV cameras were hijacked by Mirai malware as just one example. "There are a lot of devices out there that have pretty marginal security, and if what we're talking about is building a critical application that relies on thousands or even millions of devices, we've got to ensure some kind of end-to-end security all the way back into the core," he says. "This brings up fascinating questions when dealing with edge device manufacturers about 'How do we gauge the extent to which their security meets our enterprise security? How do we gauge how it fits in with our overall identity and access management scheme?'," Gill adds. Eric van Hensbergen, who leads the software and large-scale systems research at chip designer Arm, says: "Historically at the extreme edge there's tonnes of gadgets that you buy that are a couple of bucks and the companies that are making these don't put an investment into security."


Bill Gates Says This Type of AI Will Be Worth “10 Microsofts”

Image Source: Getty Images.
"Machine learning drives our algorithms for demand forecasting, product search ranking, product and deals recommendations, merchandising placements, fraud detection, translations, and much more. Though less visible, much of the impact of machine learning will be of this type - quietly but meaningfully improving core operations." With Amazon's success, other retailers have been forced to up their games as well. Walmart Chief Data Officer Bill Groves mentioned at a tech conference last month how his company uses NVIDIA hardware and machine learning for product forecasting, supply chain management, and understanding consumer behavior, "So when the customer comes in the product they want is sitting on the shelf." A great non-retail example of the power of machine learning is Facebook, which uses it to determine what goes in your news feed and what advertisements you might respond to. Facebook benefits tremendously from the network effect, which makes a service more valuable as the number of users grows. And this company has one of the largest caches of consumer data in the world.


How to Prepare for Data Breach Notifications under GDPR

The GDPR rulebook notably does not list technological requirements for entities covered by the law, nor does it make recommendations in this respect. However, it does imply that some technical measures must be adopted to comply with some of its requirements. Chief among those is the requirement to record relevant information for post-breach analysis: “In order to comply with their obligations under the Article 5(2) principle of accountability as well as the requirement to record relevant information under Article 33(5), controllers should be able to demonstrate to the DPC when and how they became aware of a personal data breach. The DPC recommends that controllers, as part of their internal breach procedures, have a system in place for recording how and when they become aware of personal data breaches and how they assessed the potential risk posed by the breach,” the guide clarifies. One way entities covered by the GDPR can fill this gap is to invest in solutions based on Network Traffic Analytics (NTA).


Security tokens aren’t yet worth the hype


One of the major undercurrents propelling interest in STOs and ICOs has been poor returns in traditional asset classes, like equities and bonds, since the global financial recession of 2008. The cost of issuance has also increased, particularly in the U.S. with post-financial-crisis regulations. Throw in capital flight from countries such as China and Venezuela, and you have many investors hungry for alternative avenues where they can earn better returns. Proponents suggest that security tokens are cheaper than traditional financing models because they can raise funds directly from investors, cutting out expensive middlemen. Since the tokens are automated through coded programs, there is no need for middle-office staff to manage contracts. Security tokens also have a liquidity advantage, as the barriers for buyers to participate in the market are lower. With more buyers, assets are more likely to sell at a fair price. Comparatively, many financial instruments today suffer from low liquidity because they are limited by geography or siloed markets.


'Silence' Gang Ramps Up Bank Assaults

The criminal group has now become "one of the most sophisticated threat actors targeting the financial sector not only in Russia, but also in Latin America, Europe, Africa and especially Asia," Mirkasymov adds. Silence has launched at least 16 new campaigns against banks over the last 12 months, according to Group-IB's threat intelligence team. Those have included campaigns in India, Russia, Kyrgysztan, Costa Rica, Bulgaria, Chile and Ghana. It also was behind a $3 million attack on Dutch-Bangla Bank in May, allegedly using so-called "money mules" to withdraw money from ATM's infected with Silence's malware. Group-IB researchers have seen Silence's communication and control servers communicating with unidentified IPs in the United States and Canada, he notes. But they haven't yet detected a successful Silence attack in either country. "It does not mean, however, that Silence will never try their hand attacking organizations in North America at some point," he says. "They are growing rapidly, and in just one year have significantly increased the geographical scope of their attacks."


Huawei unleashes AI chip, touting more compute power than competitors


The launch comes almost a year after Huawei first announced last October plans to release a full suite of AI products including chips, development toolkit, and cloud services. It added that this portfolio would be further expanded later to encompass an AI acceleration card, AI appliance, and AI server. Speaking at the official launch Friday, Huawei's rotating chairman Eric Xu said: "Everything is moving forward according to plan, from R&D to product launch. We promised a full-stack, all-scenario AI portfolio and today we delivered, with the release of Ascend 910 and MindSpore. This also marks a new stage in Huawei's AI strategy." According to Xu, MindSpore would be released to the open source community in the first quarter of 2020 as part of efforts to drive the adoption of AI.  With the launch, Huawei appears to suggest it is business-as-usual amidst ongoing trade tensions between its Chinese government and the US.  Xu said its business had been less impacted by the trade restrictions than originally thought and it was "fully prepared" to work with US sanctions.


UK cybersecurity agency warns devs to drop Python 2 due to looming EOL & security risks

pythonThe UK National Cyber Security Centre (NCSC) cited security risks and possible code breakage in existing apps as the primary reasons. "If you're still using 2.x, it's time to port your code to Python 3," the NCSC said. "If you continue to use unsupported modules, you are risking the security of your organisation and data, as vulnerabilities will sooner or later appear which nobody is fixing." "If you maintain a library that other developers depend on, you may be preventing them from updating to 3," the agency added. "By holding other developers back, you are indirectly and likely unintentionally increasing the security risks of others." The agency is urging companies and developers alike to migrate their code to the newer Python version. The NCSC's blog post includes a summary of Python 3's most attractive features, but also a list of tools that can help developers with the migration, such as Can I Use Python 3, 2to3, Six, and others. "If migrating your code base to Python 3 is not possible, another option is to pay a commercial company to support Python 2 for you," the NCSC said.


Quote for the day:


"If you don't demonstrate leadership character, your skills and your results will be discounted, if not dismissed." -- Mark Miller

Posted by at No comments:
Labels: , , , , , , , , , , , ,
Subscribe to: Posts (Atom)