WebProNews

Category: CybersecurityUpdate

CybersecurityUpdate

  • Hackers Targeting COVID-19 Vaccine Companies

    Hackers Targeting COVID-19 Vaccine Companies

    Microsoft has revealed that “nation-state” actors have been targeting the companies and researchers working on COVID-19 vaccines.

    According to Microsoft, one of the groups, Strontium, originates in Russia. Two others hail from North Korea. The three groups have targeted companies and researchers in Canada, France, India, South Korea and the US.

    “Among the targets, the majority are vaccine makers that have Covid-19 vaccines in various stages of clinical trials,” writes Tom Burt – Corporate Vice President, Customer Security & Trust. “One is a clinical research organization involved in trials, and one has developed a Covid-19 test. Multiple organizations targeted have contracts with or investments from government agencies from various democratic countries for Covid-19 related work.”

    To help protect companies and researchers, Microsoft has made its AccountGuard available at no cost to COVID-19 healthcare providers.

    “Organizations are also taking steps to protect themselves. In April, we announced that we were making AccountGuard, our threat notification service, available to health care and human rights organizations working on Covid-19,” continues Burt. “Since then 195 of these organizations have enrolled in the service and we now protect 1.7 million email accounts for health care-related groups. Any health care-related organizations that wish to enroll can do so here.”

    It’s a sad state of affairs that hackers would continue to take advantage of the COVID-19 pandemic. Microsoft is to be commended for its efforts to help protect researchers.

  • Google Play Store the Primary Source of Android Malware

    Google Play Store the Primary Source of Android Malware

    A new study has determined the Google Play Store is the prime way Android malware is distributed.

    Google’s mobile operating system has struggled to match the security of its main rival, iOS. While Apple receives its fair share of criticism for its walled garden approach and App Store review process, it is much harder to slip malware into Apple’s ecosystem.

    In contrast, Google has laxer requirements for apps to be listed. The trade-off has been ongoing security issues that lead to periodic malware purges.

    According to a study (PDF) by researchers from NortonLifeLock and the IMDEA Software Institute in Madrid, Spain, the Google Play Store is “by far the largest unwanted app distribution vector.”

    In fact, 67% of all unwanted app installs come from the Play Store. Alternative markets come in a distant second place at a mere 10%. While the number of unwanted apps is lower on the alternative markets, however, unwanted apps make up a higher percentage of apps on the alternative markets. Those markets only account for 5.7% of all Android app installs, while the Play Store accounts for 87% of all installs.

    “We reveal that the Play market is indeed the main app distribution vector of both benign and unwanted apps, while, it has the best defenses against unwanted apps,” the researchers conclude. “Alternative markets distribute fewer apps but have higher probability to be unwanted. Bloatware is another surprisingly high distribution vector. Web downloads are rare and much more risky even compared to alternative markets. Surprisingly, unwanted apps may survive users’ phone replacement due to the usage of automated backup tools.”

    This study is just the latest evidence that Google must do more to protect its users from malware and other unwanted apps.

  • 350,000 Ring Units Recalled Due to Fire Risk

    350,000 Ring Units Recalled Due to Fire Risk

    Ring has issued a recalled for some 350,000 2nd generation devices due to fire hazard.

    According to the Consumer Product Safety Commission, Ring doorbells have ignited 23 times, with eight reports of minor burns. The issue appears to be the result of the incorrect screws being used when installing the devices.

    All told, there have been a total of 85 total complaints about the improper screws being sued.

    “The video doorbell’s battery can overheat when the incorrect screws are used for installation, posing fire and burn hazards.”

    Ring emphasized that properly installed devices pose no threat.

    “The safety of our customers is our top priority,” a Ring spokesperson told CNET. “We have and continue to work cooperatively with the CPSC on this issue and have contacted customers who purchased a Ring Video Doorbell (2nd Gen) to ensure they received the updated user manual and follow the device installation instructions.

  • FTC Holds Zoom Accountable For Misleading Security Claims

    FTC Holds Zoom Accountable For Misleading Security Claims

    Zoom has agreed to a settlement with the Federal Trade Commission (FTC) over misleading security claims.

    Zoom quickly established itself at the outset of the pandemic as one of the main methods of communication and remote work. Unfortunately for the company, it also faced a number of missteps in regard to security.

    In particular, the FTC took Zoom to task for claiming it offered end-to-end encryption from at least 2016, when it offered a much weaker type of security. End-to-end encryption ensures that only the sender and recipient can access the encrypted content. While Zoom claimed to offer this level of encryption, in reality, it held the keys that could allow it to decrypt meetings at will.

    In addition, customers who opted to save recordings of their meetings using Zoom’s cloud storage were misled about the level of encryption Zoom provided. The company claimed the recordings were encrypted immediately. Instead, the FTC found that some recordings were left as long as 60 days without being encrypted.

    “During the pandemic, practically everyone—families, schools, social groups, businesses—is using videoconferencing to communicate, making the security of these platforms more critical than ever,” said Andrew Smith, Director of the FTC’s Bureau of Consumer Protection. “Zoom’s security practices didn’t line up with its promises, and this action will help to make sure that Zoom meetings and data about Zoom users are protected.”

    As part of the settlement, Zoom is prohibited from making false and misleading statements, must submit to third-party assessments, make sure updates do not interfere with third-party security security features and implement additional safeguards.

  • FBI: Hackers Exploited SonarQube to Steal Government and Commercial Source Code

    FBI: Hackers Exploited SonarQube to Steal Government and Commercial Source Code

    The FBI has warned that hackers have been accessing proprietary source code from government agencies and businesses by exploiting SonarQube.

    SonarQube is a code inspection platform that currently supports 27 programming languages and helps developers write cleaner, more secure, bug-free code. SonarQube integrates with a number of third-party services and platforms, including GitHub, GitLab, LDAP, Active Directory, BitBucket, Azure DevOps and more.

    Unfortunately, according to the FBI (PDF), it appears a number of organizations using SonarQube left the default parameters in place, opening themselves up to security issues and code theft.

    In August 2020, unknownthreat actors leaked internal data from two organizations through a public lifecycle repositorytool. The stolen data was sourced from SonarQube instances that used default port settings and admin credentials running on the affected organizations’ networks. This activity is similar toa previous data leak in July 2020, in which an identified cyber actor exfiltrated proprietary source code from enterprises throughpoorly secured SonarQube instances and published the exfiltrated source codeon a self-hosted public repository.

    During the initial attack phase, cyber actorsscan theinternetfor SonarQube instances exposed to the open Internet using the default port (9000) and a publicly accessible IP address. Cyber actors then use default administrator credentials (username: admin, password: admin) to attempt to access SonarQube instances.

    The FBI recommends following basic security protocols that, quite frankly, organizations should have implemented from the beginning. This includes, changing the default admin username and password, the default port through which SonarQube is accessed, putting SonarQube behind a login screen, checking for unauthorized users and keeping the platform behind the company firewall.

  • Brazilian Carriers Not Keen On Excluding Huawei

    Brazilian Carriers Not Keen On Excluding Huawei

    Brazilian carriers are rejecting an invitation to meet with a US official who has been pushing for Brazil to exclude Huawei.

    The US has been working to alienate Huawei and blunt its worldwide business over security and privacy concerns. In particular, the company has been accused of being an extension of Beijing’s spying apparatus. While all Chinese companies are required to work with the ruling Communist party, Huawei is seen as having closer ties than the average company, both with the government and intelligence community.

    As a result, the US has banned Huawei and pressured allies to do the same. Many, including the UK, Australia and New Zealand have followed suit. It appears Brazil, however, has not been swayed by US arguments and will not exclude Huawei.

    An invitation went out to the four major Brazilian telecom companies to meet with Keith Krach, U.S. under secretary of state for economic growth, energy and the environment, according to CNBC.

    “This invitation is not compatible with free-market choices that we are used to. We should be able to freely make our best financial decisions,” CNBC’s source said.

  • Apple to Start Requiring Privacy Labels on App December 8

    Apple to Start Requiring Privacy Labels on App December 8

    Apple is moving forward with its requirement that app developers include a privacy label with new app submissions, beginning December 8.

    Apple has established itself as the smartphone platform of choice for privacy conscious consumers. Many of its recent moves have angered Facebook and the advertising industry, specifically because they focus on protecting user privacy instead of making it easy for advertisers to track users.

    The latest move is to require developers to include a privacy label, much like packaged food’s nutrition label, clearly outlining what impact the app will have on a user’s privacy.

    On each app’s product page, users can learn about some of the data types the app may collect, and whether that data is linked to them or used to track them. You’ll need to provide information about your app’s privacy practices, including the practices of third-party partners whose code you integrate into your app, in App Store Connect. This information will be required to submit new apps and app updates to the App Store starting December 8, 2020.

    This is good news for privacy conscious users and will help them make informed decisions about what apps they choose to install.

  • Brave Web Browser Passes 20 Million Monthly Users, 7 Million Daily

    Brave Web Browser Passes 20 Million Monthly Users, 7 Million Daily

    Brave web browser is making inroads in the market, announcing it now has 20 million monthly active users and 7 million daily active users.

    Brave is distinguishing itself as a browser that focuses on privacy and security. By default, the browser is considered to be more secure than Firefox. At the same time, thanks to its Chromium engine—the same engine that powers Google Chrome and Microsoft Edge— Brave generally offers top-tier performance, often beating rivals.

    When it comes to monetization, Brave uses a somewhat unique method. The browser aggressively blocks ads, but gives users the option of seeing ads from Brave’s own network that, again, emphasizes privacy. This model seems to be a hit for all parties, as Brave boasts a click-through rate of 9%, well above the industry average of 2%.

    In addition, Brave allows individuals to become verified content creators. Other users can then use Brave’s own cryptocurrency, Basic Attention Tokens, to tip their favorite content creators.

    Brave’s features and performance seem to be gaining traction. The browser’s current 20 million monthly active users is up from 8.7 million a year ago. Similarly, the 7 million daily active users is up from 3 million a year ago. Since Apple began allowing users to set their default iOS browser in iOS 14, Brave’s daily active iOS users has grown 34%.

    At a time when Mozilla is still struggling to break free from its dependance on Google subsidies, and other major browsers are bundled with operating systems, it’s good to see an independent browser succeeding with an innovative approach to monetization and sustainability.

  • California Voters Pass Version 2.0 of the CCPA Privacy Legislation

    California Voters Pass Version 2.0 of the CCPA Privacy Legislation

    California voters passed Proposition 24, widely considered to be version 2.0 of the California Consumer Privacy Act (CCPA).

    The CCPA was a ground-breaking piece of legislation for the US, the first of its kind to so vigorously protect the privacy of consumers. In many ways, the CCPA was the American equivalent of the EU’s GDPR. Although the law was unique to California, some industry leaders vowed to apply its protections to all customers, even those outside of California.

    Proposition 24, officially known as the California Privacy Rights Act (CPRA), picks up where the CCPA left off, expanding the CCPA, closing loopholes and increasing protections even more.

    One of the biggest changes is the creation of a new agency that will oversee the enforcement of the regulation. Another change is that the CPRA makes companies collecting data responsible for what any companies they share that data with do with it.

    In addition, the CRPA differentiates between personally identifiable information and sensitive personally identifiable information, such as Social Security number, logins, precise location data and biometrics. This gives companies more options to fine-tune their marketing to use non-personal information, rather than lose access all-together.

    The legislation includes many other improvements, including more opt-in requirements, limits on how long companies may retain personal information, limits to how sensitive personal information may be used, reasonable expectations data will be kept secure, legal options if companies fail to do so and more.

    It’s a safe bet these increased measures and a dedicated enforcement agency will likely increase the CRPA’s reach even more than the CCPA’s. Since companies will be responsible for how third-party partners—including non-California partners—use data, many more companies will likely opt to apply CRPA protections to all of their customers in the interest of simplicity.

  • IRS Warns of New Stimulus Scam

    IRS Warns of New Stimulus Scam

    The Internal Revenue Service is warning taxpayers of a new scam that uses promise of a stimulus payment to get bank information.

    According to the IRS, scammers are texting individuals asking for their bank account information. The scammers claim they need the back account info to set up a direct deposit. The text message the scammers send includes a URL that takes the victim to a phishing site that collects their information.

    “Criminals are relentlessly using COVID-19 and Economic Impact Payments as cover to try to trick taxpayers out of their money or identities,” said IRS Commissioner Chuck Rettig. “This scam is a new twist on those we’ve been seeing much of this year. We urge people to remain alert to these types of scams.”

    The IRS also reminds individuals that it never sends unsolicited texts or emails. In addition, anyone receiving one of these text messages should take a screenshot of it and email it to [email protected]. The email should include the date, time and timezone when the message was received, as well as the number that sent the text and the recipient’s number.

  • Google Goes Public With Vulnerability After GitHub Drug Its Feet

    Google Goes Public With Vulnerability After GitHub Drug Its Feet

    Google Project Zero (GPZ) has disclosed a serious vulnerability in GitHub’s Actions feature, after the version control platform drug its feet fixing it.

    GPZ discovered an issue making GitHub Actions vulnerable to injection attacks. The vulnerability has been labeled ‘high-severity’ by GPZ. According to GPZ’s Felix Wilhelm, any project that relies heavily on Actions could be vulnerable.

    The big problem with this feature is that it is highly vulnerable to injection attacks. As the runner process parses every line printed to STDOUT looking for workflow commands, every Github action that prints untrusted content as part of its execution is vulnerable. In most cases, the ability to set arbitrary environment variables results in remote code execution as soon as another workflow is executed.

    I’ve spent some time looking at popular Github repositories and almost any project with somewhat complex Github actions is vulnerable to this bug class.

    To make matters worse, GitHub wasted the normal 90-day period GPZ normally gives organizations before disclosing a vulnerability. GitHub was initially notified of the vulnerability on July 21, with a disclosure date of October 18 set.

    With no announced resolution, GPZ reached out to GitHub on October 12 and offered a 14-day grace period, which was accepted on October 16. A new disclosure date of November 2 was set. GPZ tried contacting GitHub on October 28, but received no response. On October 30, GPZ reached out to informal contacts, which indicated GitHub considered the issue fixed.

    On November 1, GitHub officially reached out to request an additional 48 hours, not to fix the issue, but to notify users of a future date when the issue would be fixed. GPZ informed GitHub there was no further provision to extend the grace period and proceeded with the disclosure on November 2.

    GitHub has provided an example of how not to handle a vulnerability. GPZ went above-and-beyond to communicate and work with GitHub, but it appears that GitHub squandered its opportunities to definitively address the issue.

  • Sweden’s Largest Insurer Leaked Private Data to Tech Firms

    Sweden’s Largest Insurer Leaked Private Data to Tech Firms

    Sweden’s largest insurer, Folksam, has admitted to accidentally leaking the private data of one million of its customers to tech firms.

    According to U.S. News & World Report, Folksam insures every second home in Sweden, giving the company access to vast troves of personal and private data on its customers. Unfortunately, the company accidentally shared that data with Facebook, Google, LinkedIn and Microsoft.

    Unlike the US, the EU has strict data privacy laws in the form of the GDPR. As a result, data breaches such as this one can result in hefty fines and penalties if not handled correctly. Folksam has assured customers that it does not appear any of the data was used improperly by third-parties, and vowed to do better.

    “We take what has happened seriously. We have immediately stopped sharing this personal information and requested that it be deleted,” said Jens Wikstrom, Folksam’s head of marketing.

    This data breach is just the latest example demonstrating the risks that come with the current state of the tech industry, and specifically cross-industry interdependencies that have become commonplace.

  • Windows 10 Upgrade May Cause Lost Certificates

    Windows 10 Upgrade May Cause Lost Certificates

    Microsoft has acknowledged that a Windows 10 upgrade is losing security certificates under certain circumstances.

    The issue was first reported by Borncity, when users started noticing problems after updating to the latest Windows 10 upgrade. According to the blog, “after installing cumulative October 2020 updates, various Windows 10 versions forget their certificates when upgrading to a higher Build.”

    Microsoft has now acknowledged the issue exists when upgrading from Windows 10 version 1809 to a newer version.

    System and user certificates might be lost when updating a device from Windows 10, version 1809 or later to a later version of Windows 10. Devices will only be impacted if they have already installed any Latest cumulative update (LCU) released September 16, 2020 or later and then proceed to update to a later version of Windows 10 from media or an installation source which does not have an LCU released October 13, 2020 or later integrated. This primarily happens when managed devices are updated using outdated bundles or media through an update management tool such as Windows Server Update Services (WSUS) or Microsoft Endpoint Configuration Manager. This might also happen when using outdated physical media or ISO images that do not have the latest updates integrated.

    For impacted systems, Microsoft recommends using the uninstall window to roll back to a previous version of Windows using these instructions. Impacted users will then need to wait until a fix is released before upgrading again.

  • New Windows 10 Update Preemptively Kills Adobe Flash Player

    New Windows 10 Update Preemptively Kills Adobe Flash Player

    The latest Windows 10 update puts the nail in Adobe Flash Player’s coffin, permanently removing the software.

    Adobe Flash was one of the internet’s early means of creating and viewing multimedia. While innovative at the time, the software had a long history of being plagued with security issues—many of which were severe vulnerabilities that compromised computer systems.

    As the issues continued, the tide began to turn against Flash, with Apple deciding in 2010 to stop including the software on all new Macs. Eventually Adobe decided to end-of-life the software, making the announcement in 2017, throwing its weight behind standards such as HTML5.

    Although the software is not officially dead until December 21, 2020, Microsoft is preemptively killing it on Windows 10, according to a new support note.

    This update removes Adobe Flash Player that is installed on any of the Windows operating systems that are listed in the “Applies to” section. After you apply this update, it cannot be uninstalled.

    If a users need Adobe Flash Player, they will need to restore to an earlier system restore point and explicitly enable the feature, or completely reinstall Windows and forgo this latest patch.

  • Trade War Escalates As China Sanctions Multiple US Companies

    Trade War Escalates As China Sanctions Multiple US Companies

    The US-China trade war has escalated as China sanctions multiple companies in retaliation for weapons sales to Taiwan.

    The US and China have been locked in a trade war, with each side taking shots at the other. The US has banned ZTE and Huawei, and urged its allies to do the same. The administration altered the Entity List and Foreign Direct Product Rule to cut Huawei from any chip suppliers that use US technology, including TSCM, one of its prime suppliers. The Trump administration is also pushing for a ban of WeChat and TikTok.

    In response, China passed new regulations limiting the technologies that could be exported. In particular, the new regulations target the algorithm TikTok uses, thereby putting in jeopardy any deal that might avert a US ban by selling TikTok’s US operations to another company.

    Now China has gone even further, sanctioning Lockheed Martin, Boeing Defense, Space & Security (BDS) and Raytheon over weapons sales to Taiwan.

    “As China pointed out on multiple occasions, the U.S. arms sales to Taiwan severely violate the one-China principle and the three China-U.S. joint communiqués, and seriously undermine China’s sovereignty and security interests,” said Foreign Ministry Spokesperson Zhao Lijian in a press conference. “China firmly opposes and strongly condemns it.

    “To uphold national interests, China decides to take necessary measures to sanction U.S. companies involved in the arms sales to Taiwan including Lockheed Martin, Boeing Defense, Space & Security (BDS) and Raytheon, as well as the U.S. individuals and entities who played an egregious role in the process.”

    It’s unclear what long-term impact the sanction’s will have on the US companies. In the short term, the news caused a sharp sell-off of those specific stocks, dragging down industrial stocks in general Monday.

  • Sweden Latest Country to Ban Huawei and ZTE

    Sweden Latest Country to Ban Huawei and ZTE

    Sweden has joined the list of countries that are banning Chinese firms Huawei and ZTE from participating in the country’s networks.

    Huawei was one of the world’s largest provider of telecommunications equipment, with carriers all over the globe relying on its technology. In recent years, however, there have been growing concerns that Huawei and ZTE represent a significant risk to other countries’ national security. Huawei has often been accused of being an extension of Beijing’s intelligence apparatus, a claim it has vehemently denied.

    The US, in particular, has waged a successful campaign to isolate Huawei, pressuring its allies to ban the firm from their networks. The UK, Australia and New Zealand have all implemented bans.

    Sweden is now the latest country to ban the two firms, citing the threat China poses. According to reports, wireless carriers bidding on 5G spectrum are prohibited from using the two companies. Even existing infrastructure must have any Huawei or ZTE gear removed if the infrastructure will be used for 5G.

    “China is one of the biggest threats to Sweden,” said Klas Friberg, the head of SAPO, Sweden’s domestic security service. “The Chinese state is conducting cyber espionage to promote its own economic development and develop its military capabilities. This is done through extensive intelligence gathering and theft of technology, research and development. This is what we must consider when building the 5G network of the future.”

    The move is another blow to Huawei, already reeling from existing bans and sanction, but will be a big win for Nokia and Ericsson.

  • Accenture: Cybercriminals Becoming More Brazen

    Accenture: Cybercriminals Becoming More Brazen

    “The biggest takeaway from our research is that organizations should expect cybercriminals to become more brazen as the potential opportunities and pay-outs from these campaigns climb to the stratosphere,” says Josh Ray, who leads Accenture Security’s cyber defense practice globally.

    “Since COVID-19 radically shifted the way we work and live, we’ve seen a wide range of cyber adversaries changing their tactics to take advantage of new vulnerabilities,” said Accenture’s Josh Ray. “In such a climate, organizations need to double down on putting the right controls in place and by leveraging reliable cyber threat intelligence to understand and expel the most complex threats.”

    Sophisticated adversaries mask identities with off-the-shelf tools

    Throughout 2020, Accenture CTI analysts have observed suspected state-sponsored and organized criminal groups using a combination of off-the-shelf tooling — including “living off the land” tools, shared hosting infrastructure and publicly developed exploit code — and open source penetration testing tools at unprecedented scale to carry out cyberattacks and hide their tracks.
     
    For example, Accenture tracks the patterns and activities of an Iran-based hacker group referred to as SOURFACE (also known as Chafer or Remix Kitten). Active since at least 2014, the group is known for its cyberattacks on the oil and gas, communications, transportation and other industries in the U.S., Israel, Europe, Saudi Arabia, Australia and other regions. Accenture CTI analysts have observed SOURFACE using legitimate Windows functions and freely available tools such as Mimikatz for credential dumping. This technique is used to steal user authentication credentials like usernames and passwords to allow attackers to escalate privileges or move across the network to compromise other systems and accounts while disguised as a valid user.
     
    According to the report, it is highly likely that sophisticated actors, including state-sponsored and organized criminal groups, will continue to use off-the-shelf and penetration testing tools for the foreseeable future as they are easy to use, effective and cost-efficient.

    Ransomware feeds new profitable, scalable business model

    Ransomware has quickly become a more lucrative business model in the past year, with cybercriminals taking online extortion to a new level by threatening to publicly release stolen data or sell it and name and shame victims on dedicated websites. The criminals behind the Maze, Sodinokibi (also known as REvil) and DoppelPaymer ransomware strains are the pioneers of this growing tactic, which is delivering bigger profits and resulting in a wave of copycat actors and new ransomware peddlers.
     
    Additionally, the infamous LockBit ransomware emerged earlier this year, which — in addition to copying the extortion tactic — has gained attention due to its self-spreading feature that quickly infects other computers on a corporate network. The motivations behind LockBit appear to be financial, too. Accenture CTI analysts have tracked cybercriminals behind it on Dark Web forums, where they are found to advertise regular updates and improvements to the ransomware, and actively recruit new members promising a portion of the ransom money.
     
    The success of these hack-and-leak extortion methods, especially against larger organizations, means they will likely proliferate for the remainder of 2020 and could foreshadow future hacking trends in 2021. In fact, Accenture CTI analysts have observed recruitment campaigns on a popular Dark Web forum from the threat actors behind Sodinokibi.

    Accenture-2020-Cyber-Threatscape-Full-ReportDownload
  • Dell: 80% of Companies Fast-Tracked Digital Transformation

    Dell: 80% of Companies Fast-Tracked Digital Transformation

    A Dell Technologies commissioned an independent survey of 4,300 worldwide business leaders indicates a massive shift toward digital transformation in 2020 accelerated by the pandemic. The survey indicates that 80% of organizations globally have fast-tracked some digital transformation programs this year. But just 41% accelerated all or most of their programs. Dell says that this is the third installment of their Digital Transformation Index (DT Index), designed to show how businesses are adapting to unprecedented uncertainty during a global pandemic.

    Incredibly, 79% are reinventing their business model as a result of the disruption caused by the pandemic and 50% of international business leaders worry they didn’t transition fast enough. The study notes that digital transformation is not easy, 94% of businesses surveyed say they are facing entrenched barriers spanning across technology, people, and policy.

    According to the 2020 DT Index, the following are the top-3 barriers to digital transformation success:

    1. Data privacy and cybersecurity concerns (up from 5th place in 2016)
    2. Lack of budget and resources (#1 in 2016, #2 in 2018)
    3. Unable to extract insights from data and/or information overload (a jump of eight places since 2016)

    “We’ve been given a glimpse of the future, and the organizations that are accelerating their digital transformation now will be poised for success in the Data Era that is unfolding before our eyes”, says Michael Dell, Chairman, and CEO, Dell Technologies.

    Additionally, the survey reveals a huge shift toward remote work. About 25% of employees worked remotely before the pandemic and today it is more than 50% of all employees are remote. According to the survey, remote work has become the new normal.

    Top IT Investments Are For Emerging Technologies

    Prior to the pandemic, business investments were strongly focused on foundational technologies, rather than emerging technologies. The vast majority, 89 percent recognizethat as a result of disruption this year, they need a more agile/scalable IT infrastructure to allow of contingencies. The DT Index shows the top technology investments for the next one to three years:

    1. Cybersecurity
    2. Data management tools
    3. 5G infrastructure
    4. Privacy software
    5. Multi-Cloud environment

    And recognizing the importance of emerging technologies, 82 percent of respondents envision increased usage of Augmented Reality to learn how to do or fix things in an instant; 85 percent foresee organizations using Artificial Intelligence and data models to predict potential disruptions, and 78 percent predict distributed ledgers – such as Blockchain – will make the gig economy fairer (by cutting out the intermediary).

    Despite these findings, only 16 percent are planning to invest in Virtual/Augmented Reality, just 32 percent intend to invest in Artificial Intelligence, and a mere 15 percent plan to invest in distributed ledgers in the next one to three years.

    https://www.dellemc.com/en-us/collaterals/unauth/briefs-handouts/solutions/dt-index-2020-executive-summary.pdf
  • IBM, ServiceNow In New AI Partnership

    IBM, ServiceNow In New AI Partnership

    IBM and ServiceNow are partnering to provide enterprise solutions that utilize AI to automate IT operations. The new joint solution combines IBM’s AI‑powered hybrid cloud software and professional services to ServiceNow’s intelligent workflow capabilities and IT service and operations management products. The solution raises up deep AI‑driven insights from their data and then recommends actions for IT organizations to take that help them prevent and fix IT issues at scale.

    “AI is one of the biggest forces driving change in the IT industry to the extent that every company is swiftly becoming an AI company,” said Arvind Krishna, Chief Executive Officer, IBM. “By partnering with ServiceNow and their market-leading Now Platform, clients will be able to use AI to quickly mitigate unforeseen IT incident costs. Watson AIOps with ServiceNow’s Now Platform is a powerful new way for clients to use automation to transform their IT operations.”

    “For every CEO, digital transformation has gone from opportunity to necessity,” said ServiceNow CEO Bill McDermott. “As ServiceNow leads the workflow revolution, our partnership with IBM combines the intelligent automation capabilities of the Now Platform with the power of Watson AIOps. We are focused on driving a generational step improvement in productivity, innovation, and growth. ServiceNow and IBM are helping customers meet the digital demands of 21st-century business.”

    ServiceNow says that in today’s technology‑driven organization, even the smallest outages can cause massive economic impact for both lost revenue and reputation. They note that this partnership will help customers address these challenges and help avoid unnecessary loss of revenue and reputation by automating old, manual IT processes and increasing IT productivity.

    Here is what IBM and ServiceNow are planning:

    • Joint Solution: IBM and ServiceNow will deliver a first of its kind joint IT solution that marries IBM Watson AIOps with ServiceNow’s intelligent workflow capabilities and market‑leading ITSM and ITOM Visibility products to help customers prevent and fix IT issues at scale. Now, businesses that use ServiceNow ITSM can push historical incident data into the deep machine learning algorithms of Watson AIOps to create a baseline of their normal IT environment, while simultaneously having the ability to help them identify anomalies outside of that normal, which could take a human up to 60% longer to manually identify, according to initial results from specific Watson AIOps early adopter clients. The joint solution will position customers to enhance employee productivity, obtain greater visibility into their operational footprint and respond to incidents and issues faster.

    Specific product capabilities will include:

    • ServiceNow ITSM allows IT to deliver scalable services on a single cloud platform estimated to increase productivity by 20%.
    • ServiceNow ITOM Visibility automatically delivers near real‑time visibility from a native Configuration Management Database, into all resources and the true operational state of all business services.
    • IBM Watson AIOps uses AI to automate how enterprises detect, diagnose, and respond to, and remediate IT anomalies in real time. The solution is designed to help CIOs make more informed decisions when predicting and shaping future outcomes, focus resources on higher‑value work and build more responsive and intelligent applications that can stay up and running longer. Using Watson AIOps, the average time to resolve incidents was reduced by 65 percent, according to one recent initial proof of concept project with a client.
    • Services: IBM is expanding its global ServiceNow business to include additional capabilities that provide advisory, implementation, and managed services on the Now Platform. Highly‑skilled IBM practitioners will apply their expertise to facilitate rapid delivery of valuable insights and innovation to clients. IBM Services professionals also will introduce clients to intelligent workflows to help improve resiliency and reduce IT risk. ServiceNow is co‑investing in training and certification of IBM employees and dedicated staff for customer success.

    “Businesses are facing increased pressures to match the digital pace of a cloud‑first market in order to meet the demands of their customers,” said Stephen Elliot, program vice president, DevOps, and Management Software, IDC. “The C‑ suite is transforming workflows to deliver insights and automation for more efficient customer engagement models and cost containment strategies for the business while simplifying IT operations and increasing collaboration between IT and business stakeholders.”

  • Robinhood In Hot Water Again Over Hacked Accounts

    Robinhood In Hot Water Again Over Hacked Accounts

    Robinhood has been in the news again, and not the way it wants, as some 2,000 accounts have been hacked.

    News broke that some Robinhood users’ accounts had been hacked and their funds drained. Initially, the company tried to downplay the issue, saying it was only “a limited number” of users who were impacted.

    According to Bloomberg, a person with knowledge of the company’s internal investigation said there were some 2,000 accounts that were hacked. Robinhood has recommended users take security measures, including enabling two-factor authentication. According to some individuals, however, that has not protected their accounts from being accessed.

    Customers have had mixed results in trying to get their money back, with Robinhood refunding some users while others are still waiting. Either way, many customers plan to leave the firm as a result of the hacks, the latest in a string of issues the company has experienced. In March the company suffered several outages during some of the busiest trading days, resulting in significant losses for customers.

    Needless to say, Robinhood has some major ground to make up if it wants to keep its existing customers.

  • China Passes Export Control Laws for Sensitive Export

    China Passes Export Control Laws for Sensitive Export

    China has fired the latest shot in the ongoing trade war with the US, passing legislation to restrict exports of sensitive technology.

    The US has been working to isolate Chinese firms it deems as a threat to privacy and security. Huawei and ZTE have both been banned, with US officials pressuring allies to do the same. The US has also used export controls to cut Huawei off from its chipmaking suppliers, such as TSMC. The Trump administration also threatened to ban TikTok, unless the social media app was sold to a non-Chinese company.

    In retaliation, China threatened to block the sale of specific technologies, including the algorithm that is at the heart of how TikTok functions. Now, according to Bloomberg, the National People’s Congress Standing Committee has passed a law prohibiting the export of sensitive technology, including by companies that have foreign investors. The law goes into effect on December 1.

    It remains to be seen how widespread the impact will be, as there is very little information available about the law’s reach. We will continue to monitor and update as the story develops.