AMD's Zen architecture: The fundamentals of these Zen 4 CPUs
While the computing industry, CPU enthusiasts, and even AMD itself expected the
road to performance leadership to be long, it was actually quite short. Zen 2,
the successor to Zen, launched in 2019 and shocked pretty much everyone by
blowing Intel out of the water. AMD racked up a massive lead in multi-threaded
performance in pretty much every segment, had significantly better power
efficiency in virtually every workload, and even surpassed Intel in
single-threaded performance, which AMD hadn't been able to do for over a decade.
From here, the road just got easier for AMD. The server market was (and still
is) the most important area for AMD to make progress in, and by the time Zen 3
came out in 2020, AMD controlled 7% of the market, up from nearly 0% before Zen
came out. This was made all the easier thanks to how Intel absolutely screwed up
its plans to launch powerful 10nm CPUs, leaving AMD to face off against outdated
and practically obsolete 14nm chips, which are some of the worst Intel has ever
made.
Embracing the ‘Pedagogy of Error’ in Cybersecurity Education
The lesson I am always reminded of is that “we must abandon certainties in
order to build from the challenge of uncertainty.” The deeper we delve into
global instabilities and their challenges, the better perspectives and
questions we can ask ourselves. It would be very sad to know that everything
has been solved. Therefore, when we challenge current knowledge and explore
different alternatives, we are opening up the possibility of seeing beyond
what is known and, therefore, introducing something different. ... The academy
must maintain and motivate curiosity, expectations, challenges and adventures
that arise when uncertainty manifests itself from the inevitability of
failure. In this sense, motivate the pedagogy of “error.” That is,
understanding the “error” as part of the process and not as a result is what
makes it possible to create cybersecurity and IT professionals open to
constantly learn, to let themselves be questioned in their previous knowledge
and to maintain a proactive stance in the face of adversaries’ challenges.
The dark side of the cloud: How cloud is becoming prey to sophisticated forms of cyber attack
As businesses increasingly adopt cloud-based solutions, cyber criminals—who
are constantly looking for new vulnerabilities to exploit—are finding it
easier to engineer data breaches, explains Rajesh Garg, EVP, Chief Digital
Officer & Head of Applications & Cybersecurity at data centre
service provider Yotta Data Services. Around 98 per cent of organisations
globally now utilise some form of cloud-based tech, while many have adopted
multi-cloud deployments from multiple cloud service providers. The massive
adoption of the cloud environment has also given rise to Shadow IT, where
employees or departments use hardware or software from external sources
without the knowledge of the IT or security group of the organisation. This
creates a vacuum, where the responsibility of managing security within
organisations is not clearly defined. “Cloud infrastructure is inherently
complex; that increases manifold with the addition of hybrid and
multiple-cloud models,” says Atul Gupta
Google Cloud launches Chronicle CyberShield to help government agencies tackle threats
A primary component of Chronicle CyberShield is establishing a modern
government security operations center (SOC), comprising a network of
interconnected SOCs to scale and aggregate security threats, Google Cloud said
in a press release. Chronicle CyberShield enables governments to leverage
cyber threat intelligence from Google and Mandiant, now part of Google Cloud,
to build a scalable and centralized threat intelligence and analysis
capability, according to the firm. This is integrated operationally into the
government SOC to identify suspicious indicators and enrich the context for
known vulnerabilities. The solution also allows governments to build a
coordinated monitoring capability with Chronicle SIEM to simplify threat
detection, investigation, and hunting with the intelligence, speed, and scale
of Google. By implementing Chronicle across a network of SOCs, attack patterns
and correlated threat activity across multiple entities are available for
investigation and analysis.
International implications of hack-for-hire services
A lack of consequences for hackers that contract themselves out to foreign
clients has only encouraged the hack-for-hire industry in India. US
prosecutors indicted Sumit Gupta, the Director of Indian hacking firm BellTroX
in 2015 for hacking on behalf of two American lawyers, yet the Indian
government never took action against him. After he failed to be convicted in
2015, BellTroX went on to commit the Dark Basin hacks in 2020. BellTroX also
surfaced as part of a criminal case against an Israeli private detective who
hired Indian hacking firms on behalf of unnamed clients in Israel, Europe, and
the US. The private detective pleaded guilty in 2022, but the hackers in India
have yet to face any legal consequences. BellTroX also surfaced as part of a
criminal case against an Israeli private detective who hired Indian hacking
firms on behalf of unnamed clients in Israel, Europe, and the US. This lack of
enforcement is not because India does not have the legal infrastructure to
prosecute cybercrimes; the Information Technology Act of 2000, and its
subsequent amendments in 2008
Windows Defender-Pretender Attack Dismantles Flagship Microsoft EDR
In studying the Windows Defender update process, Bar and Attias discovered
that signature updates are typically contained in a single executable file
called the Microsoft Protection Antimalware Front End (MPAM-FE[.]exe). The
MPAM file in turn contained two executables and four additional Virtual Device
Metadata (VDM) files with malware signatures in compressed — but not encrypted
— form. The VDM files worked in tandem to push signature updates to Defender.
The researchers discovered that two of the VDM files were large sized "Base"
files that contained some 2.5 million malware signatures, while the other two
were smaller-sized, but more complex, "Delta" files. They determined the Base
file was the main file that Defender checked for malware signatures during the
update process, while the smaller Delta file defined the changes that needed
to be made to the Base file. Initially, Bar and Attias attempted to see if
they could hijack the Defender update process by replacing one of the
executables in the MPAM file with a file of their own.
Securing The Future: Embracing Cloud-Centric Cybersecurity Strategies
Upskilling an entire cybersecurity organization is a significant undertaking
that requires planning, time, funding and—most importantly—leadership buy-in.
CISOs won't be able to snap their fingers and transform their teams into the
cloud-literate leaders of tomorrow. After all, it could take up to six months
of training just to have an intelligent-sounding conversation about the
cloud—least of all, be productive. Fortunately, much of the educational
infrastructure necessary for upskilling workforces is available. Cloud service
providers AWS, Microsoft Azure and Google Cloud each have a portfolio of cloud
computing certifications. Platforms such as A Cloud Guru and Cloud Academy
offer multi-cloud training. Security-focused cloud training and certifications
are available from organizations such as the SANS Institute, (ISC)2 and the
Cloud Security Alliance. ... These senior leaders are generally no longer
"hands on keyboard" professionals. They lead programs, set priorities and
assign goals. Of course, they need to be conversant with the technology their
organization uses.
Northern Ireland Police at Risk After Serious Data Breach
"This is the most serious breach I have ever seen, due to the potential it
could lead to the death or injury of those whose data has been disclosed,"
said Brian Honan, who heads Dublin-based cybersecurity firm BH Consulting.
Exposed information could be abused not only by criminals, including for
revenge, but also by republican paramilitaries who continue to target police
officers and employees. The most recent attack occurred in February, when
off-duty senior detective John Caldwell was shot in a sports complex in
Omagh. He survived with "life-changing" injuries, said the chairman of
Northern Ireland's Police Federation. Authorities arrested 11 people and
charged three with being members of a proscribed terrorist group - in this
case, the New IRA, a splinter of the Provisional Irish Republican Army that
rejects a final 1997 terrorism cease-fire that helped lead to the 1998 Good
Friday Agreement. The PSNI says it is working to "to identify any security
issues" posed by the breach as quickly as possible, and it has notified the
Information Commissioner's Office.
Ethics as a process of reflection and deliberation
You can integrate ethics into your projects by organising a process of
ethical reflection and deliberation. You can organise a three-step process
for that:Put the issues or risks on the table – things that you are
concerned about, things that might go wrong. Organise conversations to look
at those issues or risks from different angles – you can do this in your
project team, but also with people from outside your organisation. Make
decisions, preferably in an iterative manner – you take measures, try them
out, evaluate outcomes, and adjust accordingly. A key benefit of such a
process is that you can be accountable; you have looked at issues, discussed
them with various people, and have taken measures. Practically, you can
organise such a process in a relatively lightweight manner, e.g., a two-hour
workshop with your project team. Or you can integrate ethical reflection and
deliberation in your project, e.g., as a recurring agenda item in your
monthly project meetings, and involve various outside experts on a regular
basis.
6 legal ‘gotchas’ that could sink your CIO career
You might be thinking that your company will defend you for liability, and
you might be right if your company has liability coverage for its officers,
and you are an officer. But does your company have liability insurance for
its executives? It’s standard for most Fortune 500 companies to have
liability insurance for their executives, but a substantial number of
private and not-for-profit companies are facing challenges in rising
premiums and may not have liability protection. If you’re interviewing for a
CIO job, it’s prudent to find out whether the company you’re interviewing
with offers liability protection and indemnification insurance for its
executives. ... When CIOs are sued or fired, it’s often because of a
significant cybersecurity breach. The reason for this is because CIOs are
ultimately responsible for safeguarding corporate information. When a breach
occurs, it is always perceived as being on the CIO’s watch, and the
repercussions can be severe.
Quote for the day:
"We learn by example and by direct
experience because there are real limits to the adequacy of verbal
instruction." -- Malcolm Gladwell
