WhatsApp in a catch-22 situation over the new privacy policy
Concurring with Sinha, Kwebmaker founder, and CEO Dhananjay Arora said that
the WhatsApp privacy policy is no threat to personal chats and group chats as
WhatsApp has confirmed that these are secure and users' personal data, chats,
location, contacts, etc. are not shared. "The sharing of data comes for
WhatsApp Business accounts (which is an important monetization platform for
otherwise free to use WhatsApp). Data on business chats can be shared with
Facebook and from a marketer's perspective, this is a good thing. This will
allow brands and marketers to target users across the Facebook universe which
includes Facebook, WhatsApp, and Instagram to do even better 'targeting' of
your clients/customers." He further stated that the policy will help marketers
to do targeted advertising. He also said that India needs better privacy and
data protection laws to prevent misuse of data. "From a digital advertising
perspective, it actually narrows down the users even more precisely which
means brands get more focused advertising which leads to more tangle and
better ROI. On the flip side, this should not be used by anti-social elements
to promote hate messages and polarisation. ...."
Vulnerability Management Has a Data Problem
Security teams need data that helps them prioritize remediation based on
business risk as well as information that guides and drives process
improvement. Data should help them identify weak spots and refocus remediation
efforts for the most at-risk technology impacting the most critical business
areas. For example, if a scanner identifies a SQL injection in line 7 or
a patch needed on the Red Hat box, that information doesn't convey the
specific product impacted, the owner, or the business criticality for the
organization. Does one of those vulnerabilities pose more of a risk to keeping
the lights on than the other? Which needs immediate attention if the team
can't fix both concurrently? Another consideration is the fluctuating
criticality of impacted technology depending on the enterprise's business
cycle. For example, many retailers see increased risk during holiday shopping
seasons, while grocery chains introduce new products on a monthly basis that
can cause priorities to shift across multiple IT and business units. For these
situations, teams need better data to facilitate making decisions based on
business expectations in real time. Next, the remediation team needs an
understanding of how a particular fix could impact operations.
Minimizing cyberattacks by managing the lifecycle of non-human workers
A chatbot uses AI to simulate conversations with end-users in natural
language. This type of bot may be used on a website, messaging application, or
mobile app, and it fosters communication between machines and humans.
Cybercriminals can transform a chatbot into an “evil bot” and use it to scan
an organization’s network for other security vulnerabilities that could be
exploited at a future date. With an evil bot at their disposal, cybercriminals
can steal an organization’s data and use it for malicious purposes. An evil
bot can also disguise itself as a legitimate human user and gain access to
another user’s data. Over time, the bot can be used to accumulate data about a
targeted victim from public sources and the dark web. A transactional bot acts
on behalf of a human and lets a customer make a transaction within the context
of a conversation. The bot cannot understand information outside the
conversation – instead, the bot serves one specific purpose, and it provides a
customer the ability to quickly and conveniently complete a transaction.
Transactional bots are likewise not hacker-proof. If cybercriminals access a
transactional bot, they can use it to collect customer data. They can also use
the bot to conduct fraudulent transactions or prevent an organization from
utilizing the bot to respond to customer concerns, questions, and requests.
Learning on the job when working from home
Some companies are planning for most work to take place remotely in future,
including US-based file host service operator Dropbox, which in October
announced its intention to go ‘virtual-first’. “We had some reservations about
a hybrid model because you get two very different employee experiences that
could result in issues with inclusion or inequities with respect to
performance or career trajectory,” says its global head of channels, Simon
Aldous. With most people working remotely, new starters doing likewise will be
included in the conversation, he adds. Dropbox runs a two-day initial
induction, held virtually since the start of the pandemic, followed by
training and networking events over the first 90 days. It has also set up
virtual ways to build relationships such as CoffeeBox, designed to recreate
chats with colleagues in coffee shops. “We randomly assign a Zoom room with
four other Dropboxers to casually connect,” says Aldous. The company has also
run more open forums and ‘at home’ chats with its leaders. It also plans to
turn existing office space it rents in San Francisco, Seattle, Austin and
Dublin into Dropbox Studios, designed for collaboration such as team meetings
and group events and with no desks for individual working.
Why DevOps Will Have To Change This Year
Wee observed that network engineering and software development principles are
coming together, meaning that organizations will soon need to build teams with
skills and credentials in both areas. "We expect to see hiring managers adapt
by keeping an eye out for these credentials as they shift toward new workforce
priorities and needs," Wee said. "Employing DevOps practices with trained and
certified talent allows companies to proficiently respond to business demands,
shorten time-to-market, and accelerate digital transformation." ... One of the
biggest issues facing DevOps leaders this year will be deciding how to deploy
and manage artificial intellicene applications. "AI doesn't fit well with the
patterns and tools that we've developed," said Mike Loukides, vice president
of emerging technology content at learning services firm O'Reilly Media. "In
2021, we'll see new tools for things like model versioning and management,
data versioning and management, testing non-deterministic systems, and more,"
he predicted. AI system development promises to be challenging for DevOps
teams accustomed to tackling conventional IT projects. "Models are built,
trained, tested, and validated based on different data sources; these are the
main stages the current DevOps pipeline would need to incorporate," observed
Hasan Yasar
CISA: Hackers bypassed MFA to access cloud service accounts
CISA believes that the threat actors were able to defeat MFA authentication
protocols as part of a 'pass-the-cookie' attack in which attackers hijack an
already authenticated session using stolen session cookies to log into online
services or web apps. The agency also observed attackers using initial access
gained after phishing employee credentials to phish other user accounts within
the same organization by abusing what looked like the organization’s file
hosting service to host their malicious attachments. In other cases, the
threat actors were seen modifying or setting up email forwarding rules and
search rules to automatically collect sensitive and financial information from
compromised email accounts. "In addition to modifying existing user email
rules, the threat actors created new mailbox rules that forwarded certain
messages received by the users (specifically, messages with certain
phishing-related keywords) to the legitimate users’ Really Simple Syndication
(RSS) Feeds or RSS Subscriptions folder in an effort to prevent warnings from
being seen by the legitimate users," CISA added. The FBI also warned US
organizations about scammers abusing auto-forwarding rules on web-based email
clients in Business Email Compromise (BEC) attacks.
How to switch IT service provider with minimal disruption to your business
Many businesses prefer to employ a dedicated in-house IT manager or team, as
this often increases reliability and response times to issues. However, it is
simply unaffordable for many start-ups and SMEs. Employing an in-house team
means covering salaries, onboarding costs, benefits and more. Given the
inconsistent nature of IT demand, it is more financially viable to outsource
work to a vendor as and when needed. Managing an IT environment comes down to
defining priorities. Those who prioritise speed and access — for example,
e-commerce businesses – may look to invest heavily into an internal team,
minimising the risk of downtime which could impact customers. However, it is
not always a case of one or the other. Businesses’ needs are likely to change
over time and, for many, a mix of in-house and outsourcing provides
convenience and financial stability. An in-house IT director may be tasked
with building out the business’ IT infrastructure and managing system
performance, while unexpected issues or projects are outsourced to an IT
provider, so not to impact daily work or disrupt employees. ... Compared with
employing an in-house IT manager, businesses are able to harness the knowledge
and labour-power of a wider team of IT specialists, all while only paying a
set fee as and when needed.
World’s largest dark web market disrupted in major police operation
Netherlands-based Europol said its dedicated dark web team – which works with
law enforcement both inside and outside the European Union (EU) – was
delivering a “completed, coordinated approach” to disrupting the underground
illegal economy, including information-sharing, support and expertise, new
tools, tactics and techniques, and target and threat identification. “The team
also aims to enhance joint technical and investigative actions, and organise
training and capacity-building initiatives, together with prevention and
awareness-raising campaigns – a 360° strategy against criminality on the dark
web,” the organisation said. “A shared commitment across the law enforcement
community worldwide and a coordinated approach by law enforcement agencies
have once again proved their effectiveness. The scale of the operation at
Europol demonstrates the global commitment to tackling the use of the dark web
as a means to commit crime.” IntSights cyber threat intelligence adviser
Paul Prudhomme said the end of DarkMarket removed a key enabler for the cyber
criminal underworld. “Dark web marketplaces such as this now-defunct website
serve as key enablers for cyber criminals,” he told Computer Weekly in emailed
comments.
Mobile RAT for Android Offered on Darknet Forums
The Rogue RAT is being offered for sale or rent in darknet forums, Check Point
says in its new report. Once a hacker uses the Trojan, portrayed to victims as
a legitimate app, to infect a device, the malware can exfiltrate data, such as
photos, location information, contacts and messages. It also can download
additional malicious payloads, including mobile ransomware. "When Rogue
successfully gains all of the required permissions on the targeted device, it
hides its icon from the device's user to ensure it will not be easy to get rid
of it. If all of the required permissions are not granted, it will repeatedly
ask the user to grant them," the Check Point report notes. "If the user tries
to revoke the admin permission, an onscreen message designed to strike terror
in the heart of the user appears: 'Are you sure to wipe all the data?'" The
Rogue RAT takes advantage of a targeted device's Android Accessibility
Services, which are designed to assist users with disabilities, according to
the report. These services generally run in the background but can access apps
and other components within an Android device. By accessing these services,
hackers can gain control over a device without the victim knowing, the report
notes.
Remote Reshapes the Future of Work
Video conferencing is great, but it's not a replacement. In some cases it may be
contributing to more stress during an already stressful time. Not long after
Zoom became a verb, "Zoom fatigue" became a much discussed affliction, with
plenty of articles written about best practices to avoid it. Consider that we
may now just be in version 1.0 of work-from-home collaboration technology. Chat
software and video conferencing will become the primitive antecedents to the
technology that will enable the workplace of the future. Just what will those
technologies look like? Will you be able to project your hologram for conference
calls and messages like in Star Wars? In an interview conducted last year about
CIO priorities for 2021, Forrester VP and research director Matthew Guarini told
InformationWeek that when things settle down after the pandemic, organizations
will have 3x the number of home workers than they did pre-pandemic. In
pre-pandemic times, extraverts and those in the physical office had an advantage
over home workers. But the playing field will be more level with so many more
people working from home. It will be up to the CIOs to improve the way the
company collaborates and engages. One of those new technologies will be virtual
worlds, like Second Life.
Quote for the day:
"Open Leadership: the act of engaging others to influence and execute a coordinated and harmonious conclusion." -- Dan Pontefract
