IoT devices will be the catalyst for the 4th industrial revolution
The impact of IoT on product quality is not just reactive but also proactive.
IoT-enabled traceability systems ensure that every component of a product can be
tracked from its origin to the final assembly, ensuring full compliance with
industry standards and regulations. Plus, automated systems can monitor and
adjust energy usage in real-time, leading to more efficient operations that
lower the overall carbon footprint of a facility. By minimizing energy waste,
companies will contribute to a more sustainable environment while also realizing
substantial cost savings. These savings can be reinvested into research and
development, driving innovation and enhancing product quality. In return,
compliance eliminates unnecessary product waste and energy consumption, which
then lowers the final cost for consumers while heightening brand reputation. ...
By combining the real-time data collection capabilities of IoT devices with
AI-driven analytics, IoT technologies can be leveraged to enable the seamless
integration of clean energy sources into industrial operations. Solar, wind, and
other renewable energy sources can be efficiently managed through smart grids
and automated systems that balance the energy load, ensuring that clean energy
is utilized to its fullest potential.
Hackers Weaponizing PDF Files To Deliver New SnipBot Malware
They exploit the all-presence and trustworthiness of PDFs to trick victims into
opening malicious files that can contain malicious links, embedded code, or
vulnerabilities that allow remote code execution. Security experts at Palo Alto
Networks identified recently that hackers have been actively weaponizing PDF
files to deliver new SnipBot malware. ... While the SnipBot employs a
multi-stage infection process that begins with a signed executable which is
disguised as a “PDF.” This uses the anti-sandbox techniques like “checking
process names” and “registry entries.” To evade the detection the malware makes
use of “Window message-based control-flow obfuscation” and “encrypted strings.”
Besides this, it downloads additional payloads like a DLL that injects code into
Explorer.exe through “COM hijacking.” The core functionality of SnipBot includes
‘a backdoor (single.dll)’ that creates a “SnipMutex” and enables threat actors
to ‘execute commands,’ ‘upload/download files,’ and ‘deploy extra modules.’ ...
As the SnipBot, various evasion techniques, payload delivery methods, and
post-infection capabilities compromise systems and exfiltrate sensitive data.
Novel Exploit Chain Enables Windows UAC Bypass
Despite the potential for privilege escalation, Microsoft refused to accept the
issue as a vulnerability. After Fortra reported it, the company responded by
pointing to the "non-boundaries" section of the Microsoft Security Servicing
Criteria for Windows, which outlines how "some Windows components and
configurations are explicitly not intended to provide a robust security
boundary." ... Reguly and Fortra disagree with Microsoft's perspective. "When
UAC was introduced, I think we were all sold on the idea that UAC was this great
new security feature, and Microsoft has a history of fixing bypasses for
security features," he says. "So if they're saying that this is a trust boundary
that is acceptable to traverse, really what they're saying to me is that UAC is
not a security feature. It's some sort of helpful mechanism, but it's not
actually security related. I think it's a really strong philosophical
difference." ... Philosophical differences aside, Reguly stresses that
businesses need to be aware of the risk in allowing lower-integrity admins to
escalate their privileges to attain full system controls.
How factories are transforming their operations with AI
One of the key end goals for the integration of AI in manufacturing is the
establishment of 'lights-out factories' which means fully automating everything
within the factory environment so that there is minimal to zero need for human
input. Such is the lack of a need for human intervention that you can
effectively manage the production process with the lights turned off. FANUC is
one example of a company that operates a lights-out factory in Japan to build
its robots, having done so since 2001. The company makes 50 robots for every
24-hour shift, according to the Association for Manufacturing Technology, with
the factory running unsupervised for up to 30 days without human input.
Automotive manufacturing is another sector in which AI has been a major positive
influence. BMW's AIQX automates certain quality control processes by using
sensor technology and AI. Algorithms analyze the data they record in real time
and they send employees feedback immediately. It can quickly detect anomalies on
the assembly line. Similarly, Rolls Royce has melded data analytics with AI,
pulling in masses of data from in-service engines in real time and feeding this
into digital twins.
Beyond encryption: Hidden dangers in the wake of ransomware incidents
One of the most insidious threats in the post-ransomware landscape is the
potential presence of multiple threat actors within a compromised environment.
This scenario, while relatively rare, can have devastating consequences for
victim organizations. The root of this problem often lies in the cyber incident
ecosystem itself, particularly in the use of initial access brokers (IABs) by
ransomware groups. These IABs, motivated by profit, may sell access to the same
compromised network to multiple malicious actors. The result can be a perfect
storm of cyber activity, with different groups vying for control of the same
systems. ... Another vector for multiple-actor intrusions comes from an
unexpected source: the tools used by information security professionals
themselves. Malvertising campaigns have become increasingly sophisticated,
targeting legitimate software distribution channels to spread compromised
versions of popular security tools. Ironically, the very applications designed
to protect systems can become Trojan horses for malicious actors. ... The
complexity of modern cyber threats underscores the necessity of comprehensive
forensic analysis following any security incident.
Prioritize Robust Engineering Over Overblown GenAI Promises
Beyond tackling data quality and scalability concerns, this necessary shift
towards engineering innovation will lead to developing tools and frameworks
that better support AI workflows, including handling large volumes of
unstructured data (including images and videos). That, in turn, will foster a
more collaborative and integrated approach between AI and data management
practices. As the AI and data stacks complement each other, we can expect more
cohesive and innovative solutions that address AI implementation’s technical
and operational challenges. ... This maturation process promises
substantial benefits beyond the realm of developers and engineers. Just as the
dot-com bubble burst led to the refinement and widespread adoption of internet
technologies, the current focus on data curation and engineering in AI will
pave the way for transformative applications across various industries.
Imagine AI-powered healthcare diagnostics that rely on meticulously curated
data sets or financial systems that leverage AI for predictive analytics to
manage risks more effectively. These advancements aren’t just about enhancing
technical capabilities; they’re about improving outcomes for society as a
whole.
IT leaders weigh up AI’s role to improve data management
“The important thing in data management is having a solid disaster recovery
plan,” says Macario. “In fact, security for an NGO like ours is both a cyber
and physical problem because not only are we the target of attacks, but we
operate in war zones, where the services provided aren’t always reliable and,
in the event of failures, hardware replacement parts are difficult to find.”
Innovative encryption and geographic data backup technologies are applied, in
particular immutable cloud technology that protects against ransomware. These
are supported by AI for endpoint protection. User identities are also managed
on the Azure Entra ID platform, which has integrated AI and warns of
suspicious activity in real time. ... “We turned to the big technology players
to solve the problem and the LLM algorithms led to a turning point, because
they allowed us to carry out the analyses,” says Macario. “These are used by
our Medical Division departments to analyze access to care and improve
quality, obtain statistics, create an archive, and understand what
instruments, drugs, and doctors we need in a war context. The data form a
scientific basis on which to base our intervention and our ability to report
the effects of war on civilian populations.”
Is it possible to save money and run on a public cloud?
In the early days of cloud computing, big providers promoted the migration of
applications and data to the cloud without modification or modernization. The
advice was to fix it when it got there, not before. Guess what? Workloads were
never fixed or modernized. These lift-and-shift applications and data consumed
about three times the resources enterprises thought they would. This led to a
disenchantment with public cloud providers, even though enterprises also bore
some responsibility. ... High cloud costs usually stem from the wrong cloud
services or tools, flawed application load estimates, and developers who
designed applications without understanding where the cloud saves money. You
can see this in the purposeful use of microservices as a base architecture.
... The key to winning this war is planning. You’ll need good architecture and
engineering talent to find the right path. This is probably the biggest reason
we haven’t gone down this road as often as we should. Enterprises can’t find
the people needed to make these calls; it’s hard to find that level of skill.
Cloud providers can also be a source of help. Many have begun to use the “O
word” (optimization) and understand that to keep their customers happy, they
need to provide some optimization guidance.
Beyond Compliance: Leveraging Security Audits for Enhanced Risk Management
One of the most effective ways to approach risk management in an organization
is through a comprehensive security audit. Security audits objectively assess
layers of an organization’s security controls, established system and
operational policies, and various document procedures. Rather than simply
passing or failing a defined list of compliance protocols, a security audit
examines all elements of an organization’s security posture. This includes
looking for potential weak points in connected networks and systems and
finding areas which may be useful but could be improved. ... Security auditing
processes can also be built into the organization’s disaster recovery
initiatives. As the business tests its incident response protocols throughout
the year, pairing this process with a formal audit helps the organization to
be better prepared to respond more effectively to operational disruptions.
However, the benefits of a security audit aren’t just associated with
minimizing operational risks. This proactive security approach can also play
an impactful role when demonstrating the organization’s commitment to their
customer’s data privacy.
Security, AIOps top mainframe customer challenges
“The increased prioritization of AIOps reflects surging interest in the
implementation of emerging technologies on the mainframe. Those reporting the
adoption of AIOps on the mainframe increased [9%] from the 2023 BMC Mainframe
Survey, while 76% of respondents reported the use of generative AI [genAI] in
their organizations,” McKenney wrote. “The power of AI/ML and genAI open a new
world of possibility in IT management. Organizations are leveraging these
technologies throughout their IT ecosystems to gain real-time insight into
security postures, automate issue resolution, gain critical business insight,
and onboard and train new personnel,” McKenney wrote. ... Its BMC AMI Platform
will feature the BMC AMI Assistant, a chat-based, AI-powered assistant
available for developers, operators, system programmers, and IT managers to
use for real-time explanations, support, and automation, the company stated.
“Whether help is needed to debug code, understand system processes, or make
informed decisions and take actions, the BMC AMI Assistant will provide expert
guidance instantly, enhancing productivity and reducing downtime. Users will
leverage BMC AMI Assistant Tools to capture their local knowledge and
integrate it seamlessly into the BMC AMI Assistant,” McKenny wrote in a BMC
blog.
Quote for the day:
"The only way to achieve the
impossible is to believe it is possible." -- Charles Kingsleigh
/dq/media/media_files/OMpaIOerPybvfHFpLHM2.jpg)
/dq/media/media_files/OexavGA5G5w0jZEnOBT3.jpg)
