Years-Long ‘SilentFade’ Attack Drained Facebook Victims of $4M
“Our investigation uncovered a number of interesting techniques used to
compromise people with the goal to commit ad fraud,” said Sanchit Karve and
Jennifer Urgilez with Facebook, in a Thursday analysis unveiled this week at
the Virus Bulletin 2020 conference. “The attackers primarily ran malicious ad
campaigns, often in the form of advertising pharmaceutical pills and spam with
fake celebrity endorsements.” Facebook said that SilentFade was not downloaded
or installed by using Facebook or any of its products. It was instead usually
bundled with potentially unwanted programs (PUPs). PUPs are software programs
that a user may perceive as unwanted; they may use an implementation that can
compromise privacy or weaken user security. In this case, researchers believe
the malware was spread via pirated copies of popular software (such as the
Coreldraw Graphics graphic design software for vector illustration and page
layout, as seen below). Once installed, SilentFade stole Facebook credentials
and cookies from various browser credential stores, including Internet
Explorer, Chromium and Firefox.
How to be great at people analytics
Most companies still face critical obstacles in the early stages of building
their people analytics capabilities, preventing real progress. The majority of
teams are still in the early stages of cleaning data and streamlining
reporting. Interest in better data management and HR technologies has been
intensive, but most companies would agree that they have a long way to go.
Leaders at many organizations acknowledge that what they call their
“analytics” is really basic reporting with little lasting impact. For example,
a majority of North American CEOs indicated in a poll that their organizations
lack the ability to embed data analytics in day-to-day HR processes
consistently and to use analytics’ predictive power to propel better decision
making.3 This challenge is compounded by the crowded and fragmented landscape
of HR technology, which few organizations know how to navigate. So, while the
majority of people analytics teams are still taking baby steps, what does it
mean to be great at people analytics? We spoke with 12 people analytics teams
from some of the largest global organizations in various sectors—technology,
financial services, healthcare, and consumer goods—to try to understand what
teams are doing, the impact they are having, and how they are doing it.
6 Data Management Tips for Small Business Owners
You might not have the vast resources and people-power of your larger
competitors, but even small e-commerce organizations can glean useful insights
from data if it is presented in an engaging way. Rather than relying on raw,
potentially overwhelming databases full of indecipherable figures, you should
aim to generate reports which showcase pertinent trends visually. This should
let you analyze information more precisely and without needing to spend hours
sifting through spreadsheets. In addition, data visualization has the benefit
of making it straightforward to share your findings with others, whether or
not they have a background in data science and analysis. A chart or graph can
express everything you need to get across in a presentation about sales
projections, site performance, and customer satisfaction, without needing
lengthy verbal explanations as well. While the biggest scandals involving data
loss and theft tend to hit the headlines whenever they involve major
organizations and internationally recognized brands, that does not mean that
smaller firms are immune from scrutiny in this respect.
Metasploit — A Walkthrough Of The Powerful Exploitation Framework
If you hack someone without permission, there is a high chance that you will
end up in jail. So if you are planning to learn hacking with evil intentions,
I am not responsible for any damage you cause. All my articles are purely
educational. So, if hacking is bad, why learn it in the first place? Every
device on the internet is vulnerable by default unless someone secures it.
It's the job of the penetration tester to think like a hacker and attack their
organization’s systems. The penetration tester then informs the organization
about the vulnerabilities and advises on patching them. Penetration testing is
one of the highest-paid jobs in the industry. There is always a shortage of
pen-testers since the number of devices on the internet is growing
exponentially. I recently wrote an article on the top ten tools you should
know as a cybersecurity engineer. If you are interested in learning more about
cybersecurity, check out the article here. Right. Enough pep talk. Let’s look
at one of the coolest pen-testing tools in the market — Metasploit. ...
Metasploit is an open-source framework written in Ruby. It is written to be an
extensible framework, so that if you want to build custom features using Ruby,
you can easily do that via plugins.
IoT in Manufacturing: The Success Story Nobody's Talking About
Efficient manufacturing processes rely almost entirely on predictability.
Factory operators need to know how long each step in a process takes, what
resources are needed, and how long the process can operate continuously before
needing breaks for maintenance and other periodic tasks. That overarching need
for predictability makes it difficult for operators to know how the addition
of new equipment might impact output. It also makes them hesitant to make
changes to existing equipment, even if they’re all but certain that the
changes would be an improvement. That brings us to another vital and emerging
use of IoT technology in manufacturing. Factory operators are using the myriad
data streaming from their connected devices to make precise computer models of
their industrial equipment. These digital twins, as they’re known, allow
operators to test any proposed equipment tweaks or replacements to see the
exact effect they’ll have on the output. This helps them to make seamless
upgrades and changes to their processes without fear of upsetting the delicate
balance that ensures predictability. If the question is whether IoT is living
up to its promise and proving useful in manufacturing – the answer is a
resounding yes.
Digital Transformation Can Be Risky. Here’s What You Need To Know
The business mantra “culture eats strategy for breakfast” applies differently
when you’re talking about digital transformation, said Pam Hrubey, managing
director in consulting services at Crowe. For example, an
American-headquartered durable goods company acquired businesses across the
globe. The company needed to upgrade equipment and streamline IT processes,
but it chose to begin the transformation by attempting to align cultures
between the parent company and the businesses abroad. Its initial process led
to discontent among international workers who ended up feeling like outsiders
because they were not made aware that the goal was to sync technology and
processes. “To transform a business practice or to change a business model,
you have to have a robust plan,” Hrubey said. “When you start with culture you
often confuse people if you don’t have a plan in place, if people don’t
understand what change is planned or why a change is necessary.” Companies
also need to understand that a transformation affects the entire organization
and might include stakeholders across departments. “So many different
people in the company need to come together to do it right,” said Czerwinski.
Data Protection Techniques Needed to Guarantee Privacy
Traditionally, a risk hierarchy existed between these two types of attributes.
Direct identifiers were perceived as more “sensitive” than quasi-identifiers.
In many data releases, only the former attributes were subject to some privacy
protection mechanism, while the latter were released in clear. Such releases
were often followed by prompt re-identification of the supposedly ‘protected’
subjects. It soon became apparent that quasi-identifiers could be just as
‘sensitive’ as direct identifiers. With the GDPR, this notion has finally made
it into law: both types of attributes are put on the same level, identifiers
and quasi-identifiers attributes are personal data and present an equally
important privacy breach risk. Nowadays protection laws strictly regulate
personal data processing. This makes a strong case for implementing privacy
protection techniques. Indeed, failure to comply exposes companies to severe
penalties. Besides, implementing proper privacy protections might lead to
customer trust increase. In a world plagued by data breaches and privacy
violations, people are increasingly concerned about what happens to their
data. And finally, data breaches targeting personal data are costing companies
money. Personal data remains the most expensive item to lose in a breach.
How AI Is Used in Data Center Physical Security Today
"There is a critical need to make full use of the massive amounts of data
being generated by video surveillance cameras and AI-based solutions are the
only practical answer," Memoori managing director James McHale said in a
recent report. Video surveillance cameras generate a massive amount of data,
McHale told DCK, and AI is the only practical way to process it all. AI
systems can also be used to analyze thermal images. "Thermal cameras have been
a significant growth area this year as a direct consequence of the COVID-19
pandemic," he told us. Today, many thermal cameras are just thermal
information, but customers are increasingly looking for systems with cameras
that can collect both thermal and traditional images and apply neural network
algorithms for processing them. But there's a general lack of understanding
about how to use this technology appropriately for pandemic controls, he
added. Plus, the pandemic is negatively affecting some sectors of the economy,
impacting spending and changing the way that companies buy technology.
"Customers will be demanding more value from their investments and will be
less willing to commit to upfront capital expenditure," he said.
QR Codes: A Sneaky Security Threat
Hacking an actual QR code would require some serious skills to change around
the pixelated dots in the code’s matrix. Hackers have figured out a far easier
method instead. This involves embedding malicious software in QR codes (which
can be generated by free tools widely available on the internet). To an
average user, these codes all look the same, but a malicious QR code can
direct a user to a fake website. It can also capture personal data or install
malicious software on a smartphone that initiates actions like this: Add a
contact listing: Hackers can add a new contact listing on the user’s phone and
use it to launch a spear phishing or other personalized attack; Initiate
a phone call: By triggering a call to the scammer, this type of exploit can
expose the phone number to a bad actor; Text someone: In addition to
sending a text message to a malicious recipient, a user’s contacts could also
receive a malicious text from a scammer; Write an email: Similar to a
malicious text, a hacker can draft an email and populate the recipient and
subject lines. Hackers could target the user’s work email if the device lacks
mobile threat protection ...
Exploiting enhanced data management to create value in the ‘new normal’
The pandemic has fundamentally changed the way people view, access and
retrieve data. It has also put new burdens on already stretched IT departments
and electronic delivery – now that the footprint of use has extended to
people’s homes. Data management upgrades can deliver significant benefits: An
investment in advanced data management services offers the opportunity to
automate and enhance process and workflow efficiency, eliminating errors and
freeing up staff to focus on creating value elsewhere; and Machine
Learning technologies offer new opportunities to make better use of your data
– to implement data copy management now that digital archives have become even
more important, apply proper retention strategies, as well as unearth new
revenue streams and cost saving opportunities. ... These days, virtually every
human on the planet is taking up data, and the pandemic has made consumption
grow even faster. Each meme or news story shared and every meeting recorded
all needs to be stored somewhere. And the larger the army of remote workers
conducting business from their home offices, the greater data storage capacity
will be required by every company.
Quote for the day:
"However beautiful the strategy, you should occasionally look at the results." -- Winston Churchill
