Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319

Blog

29 Apr 2022

Better broadband: CableLabs showcases 10G, the cable connection of the future

There’s something in the air in Louisville, Colorado -- or more specifically, in the wires. Humming along miles of networking cabling, zipping through signal repeaters: It’s the future of the Internet.

On Thursday morning at the home of CableLabs -- which bills itself as “the leading innovation and R&D lab for the cable industry” -- network engineers and representatives from some of the country’s top internet providers came together to showcase some of the fastest speeds they’ve ever transmitted: 8Gbps downloads and 5Gpbs uploads, using the world’s only DOCSIS 4.0 modem and a series of networking technologies that CableLabs calls 10G.

“Besides the people in the labs, nobody has seen this,” said Curtis Knittle, CableLabs vice president of wired technology.

In a closed showroom before a handful of people, engineers and tech experts showed off a demo seemingly worthy of a high-school AV club: gobs of networking cable linking a unique, handmade modem via a series of amplifiers and repeaters. It was a showcase for 10G, the next great leap for broadband internet access, and the blazing, 10-fold increase in speeds promised to homes across America.

Crucially, 10G promises dramatically faster speeds across existing hardware. While you probably subscribe to a 300Mbps or 600Mbps service through your cable provider, your modem can do better - but only so far. Existing connections max out at a theoretical 1.5Gbps. 10G tech will amp it up, and engineers won’t need to dig up the street near you to boost your broadband. In theory, anyway, although the cable companies themselves will need to install an updated amplifier or two along the way to your house and you may need a new modem.

"We’re super excited about what’s coming,” said Stephanie Michko-Beale, EVP and Chief Technology Officer for Charter Communications. “This suite of technologies is transformational.”

Besides the people in the labs, nobody has seen this.

Curtis Knittle, CableLabs

“We’re certainly very enthusiastic about what we’ve seen,” said Len Barlik, EVP and Chief Technology Officer for Cox Communications. “From a customer experience perspective, we know there’s a lot of demand for this moving forward.”

In a press release announcing the tests, Elad Nafshi, EVP & Chief Network Officer at Comcast Cable, echoed their comments and touted the advancements. “These 10G technologies represent the fastest, most efficient path to deliver multigigabit symmetrical speeds at scale everywhere, not just in select neighborhoods or towns.”

“The pace of 10G innovation is only accelerating, and Internet users around the world will reap the benefits.”

When asked, none of the company representatives were willing to state a timeline for release of new DOCSIS 4.0 modems or the 10G service, but that’s to be expected: The tech was being shown off for the first time. It's likely years down the road. So what is it exactly?

Knittle from CableLabs called 10G a “holistic umbrella” -- more than just a new modem or better coax cable. There’s DOCSIS 4.0, a new standard for the cable modem. DOCSIS 3 and its 3.1 evolution have been growing and changing for over a decade; TechRadar wrote about its promise back in 2010. DOCSIS 4.0 or full-duplex DOCSIS was officially released in 2017, but good luck finding a modem or a carrier to support it yet.

The 4.0 spec brings those blazing speeds, most notably the upload. You’ve probably noticed that your upload speeds are dramatically slower than your download speeds, and it’s not just your computer. 4.0 doesn’t quite bring parity, but it will significantly increase the theoretical maximums to 6Gbps, by sending uploads and downloads along the same spectrum within the fiber optic cables.

10G technology also brings new technologies to boost reliability and security, CableLabs says, and decreases the latency in connections, which should facilitate gaming, interactive AR (that metaverse thing everyone’s talking about), and other internet activities that rely on precision.

Read more...
28 Apr 2022

The metaverse could be the next frontier of ecommerce

There’s much to be excited about when it comes to the metaverse and Web3, particularly for retailers. This is especially true for brands who have struggled to keep pace with digital experiences using today’s technologies. With emerging tools, businesses could finally unlock the true potential for ecommerce, and create new, unique experiences at the same time.

By now, most people will have seen videos of the metaverse and what it can potentially achieve in the future. For some, it’s a thrilling prospect. For others, there’s a degree of hesitancy. But what this early phase does is enable companies to prepare for the future. In retail, it could provide a much needed shot in the arm at a time when consumers are increasingly calling for better ways to merge the physical and virtual worlds.

We’re reminded of the fact that younger shoppers hold a growing amount of influence on where the industry will go. And at the moment, they’re expecting more. According to research from WP Engine, 57% of Gen Z and 68% of millennials expected to maintain their digital habits after the pandemic. However, brands have seen mixed results on delivering seamless experiences that will keep shoppers incorporating digital into their everyday lives. A new interactive Metaverse could completely transform ecommerce, delivering on the promise of blending the best parts of an in-store and online shopping experience.

Meanwhile, Web3, the framework on which the metaverse is built, can help build trust by supporting brands to get closer to consumers. It could help impact and capitalise on how Gen Z's judge products and services. For example, we could see consumers getting direct access to creators without a middleman, as well as having control of how and to whom they share their personal information. This means strengthening the trust between buyer and brand.

This is a win from two perspectives. For the brands, they can own the relationships with consumers and sell directly to them. For the consumers, they have the inherent trust that Web3 is built on, to give them peace of mind as they explore new shopping experiences. They decide who they share their data with.

Humanizing the experience

A study by Forrester found that 13% of Brits and 19% of Americans think brands should build more branded experiences in the metaverse. Yet a larger proportion (33% and 29% respectively) still don’t understand what the metaverse is, even after being given a description of it. Meanwhile, 36% of Brits and 27% of Americans say they have no need for the metaverse at all. This tells us the metaverse shouldn’t be a solution looking for a problem. It should have a purpose that gives consumers what they need at a time when commerce is quickly changing.

We’ve seen digital experiences increasing, particularly during the pandemic when everyone was forced to shop online. But digital experience should be much more fluid than living on a web browser or mobile app. It should work hand in hand with, and enhance, physical shopping.

There’s a lot at stake here for brands that sell products where the look, sizing, or experience are crucial to making a purchasing decision – such as home furniture, clothes, eyewear, and makeup. How do you know if that coffee table you saw online will suit the décor of your living room? How can you tell if that outfit will look as good on you as it does on the gorgeous model on the website?

Offering a virtual try-before-you-buy, for example, can help buyers feel more confident in their purchasing decisions and reduce the number of items returned.

Turning vision to reality

Virtual worlds sound great – so how do we get there? A technical marvel like the metaverse demands a hyper-flexible software platform to power virtual ecommerce environments. For the metaverse to become an extension of their existing retail offering, brands will need to prepare their digital stores for different kinds of media, devices, and virtual formats. The technology exists today with headless architectures helping to pave the way.

Headless is a type of web architecture that decouples the front end of a website (the graphical user interface or GUI) from the back end (where the code and data live). In this architecture, the front end and back-end work independently. And with this independence comes the freedom to use different mechanisms to develop and display content. You’re no longer tied to one technology that requires you to keep the front and back end wedded to each other. This means developers can create a user interface at the front end that can be tailored to each user, application, or screen – all while keeping the back end secure and robust elsewhere.

Businesses are already using headless for various use cases. According to 2021 research from WP Engine, 64% of enterprise organizations are using a headless approach, which is an almost 25% increase from 2019. Others are planning to roll out this approach soon. Many are using it to develop content that can live across many different channels including mobile apps, smartwatches, voice assistants and digital kiosks. But headless also helps businesses prepare for the future by setting in place the infrastructure now that will enable them to implement new experiences tomorrow. So even if a retail business decides it doesn’t want to venture into the Metaverse immediately, it can still use headless to create content now that can live in the Metaverse whenever the company is ready.

Headless software architectures address the increasingly fragmented world of omnichannel experiences. Some companies choose to build on WordPress and, in doing so, they are backed by one of the world’s largest developer communities. The best part is that by going open source, brands can integrate a whole host of services and tools, helping build a virtuous circle of better experiences, more users, and greater business impact.

The metaverse may seem like a far-flung extravagance for many businesses, but there are many elements that are being implemented today. In any case, this isn’t just about whether the tech is ready. In many cases, it is – depending on what exactly a business wants to create. Right now, the biggest question is whether brands are willing to evolve along with their customers and create new ways to build relationships. This is about consumers getting closer to the brand and being loyal advocates for the brand, rather than simply buying from it. That’s the shift we’re looking to make. The metaverse will be a key way to make that happen. 

  • Looking to create a website for your business? You’ll need the best web hosting service provider on the market. 

Read more...
28 Apr 2022

New Wix partnership gives small businesses plenty to celebrate

Website builder vendor Wix is partnering with SaaS platform LegalZoom to help small business owners create, manage and grow their online presence.

Courtesy of the partnership, SMBs will have the tools to both create a website and legally form their business in the US, all in one place.

Once the collaboration takes effect in the second half of the year, business owners will be able to gain access to LegalZoom's legal, tax and compliance solutions and services and immediate access to a website built specifically for their business type. 

No website barriers for SMBs 

The Wix and LegalZoom platforms will be available for SMBs to utilize customized recommendations and solutions tailored to their needs at different stages of their business development.

"Our goal at LegalZoom is to support existing business owners as well as the next generation of entrepreneurs," said Kathy Tsitovich, Chief Partnerships Officer, LegalZoom. 

"Having a simple way to build a beautiful website is almost universal for small business owners, and our integration with Wix in the US provides a seamless way for our users to form their business and build their online presence. As a champion for small businesses, we are thrilled to see how our integration with Wix empowers entrepreneurs and supports their ongoing growth."

Businesses coming to LegalZoom in their formative stage will be able to start their business and create an online presence using Wix’s website builder service. 

The process begins with a business categorization mechanism within the platform that identifies the customer’s needs, which allows them to have a ready-made website created by Wix.

Once available, entrepreneurs will have access to Wix's full infrastructure and product offering, including customization capabilities and SEO tools, as well as ecommerce and marketing tools

In turn, Wix users will be offered LegalZoom services, including new business formation, registered agent services, and trademark registration services.

"Wix shares LegalZoom's goal of supporting SMBs and bringing entrepreneurs' visions to life," said Yaniv Vakrat, Chief Business Officer at Wix. 

"We are excited that LegalZoom, the leader of online small business formation, chose us to help equip business owners in the U.S. with everything they need for their business, from inception to managing it on a day-to-day basis. We are excited to continue to enter strategic partnerships, such as this one, to help SMBs grow through every touchpoint of their business."

  • Looking to create a website for your business? You’ll need the best web hosting service provider on the market. 

Read more...
27 Apr 2022

Parrot TDS poses immediate risk to web developers worldwide

Staying up to date with the ever-evolving security landscape is central to maintaining the security of webservers and keeping potential threats at bay. 

There are several key threats to webservers that are important to be aware of, to prevent and mitigate those risks. DoS and DDoS attacks, SQL injections, unpatched software and cross-site scripting, to name a few. 

Now, a recent discovery from threat researchers at Avast has shone a light on an immediate and significant risk to web developers worldwide, named Parrot TDS.

What is a TDS?

Traffic Direction Systems (TDS) are not new. They have been an enemy of web-developers for several years. Used as landing pages that direct unsuspecting users to malicious content, TDS serve as a gateway for delivering various malicious campaigns via infected sites.

Many TDS’ have reached a high level of sophistication and often allow attackers to set parameters which look at users’ geolocation, browser type, cookies, and which website they came from. 

This is used to target victims who meet certain conditions and then only display phishing pages to them. These parameters are usually set so that each user is only shown a phishing page once to prevent servers from overloading.

Parrot TDS

In February, Avast’s threat researchers discovered a swarm of attacks using a new Traffic Direction System (TDS) to take control of the victim’s devices. The new TDS, named Parrot TDS, emerged in recent months and has already reached hundreds of thousands of users worldwide, infecting various webservers hosting over 16,500 websites.

One of the main factors distinguishing Parrot TDS from other TDS is how widespread it is and how many potential victims it has. From March 1, 2022, to March 29, 2022, Avast protected more than 600,000 unique users from around the globe visiting sites infected with Parrot TDS, including over 11,000 users in the U.K. In this timeframe, Avast protected the most users in Brazil (73,000) and India (55,000); and more than 31,000 unique users from the US.

In this particular case, the infected sites’ appearances are altered by a campaign called FakeUpdate, which uses JavaScript to display fake notices for users to update their browsers, offering an update file for download. The file we have observed being delivered to victims is a remote access tool called NetSupport Manager which is misused by attackers to give them full access to victims’ computers.

Parrot TDS also creates a backdoor on the infected webservers in the form of a PHP script to act as a backup option for the attacker.

FakeUpdate

Like Parrot TDS, FakeUpdate also performs a preliminary scan to collect information about the site visitor before displaying the phishing message. The scan checks which antivirus product is on the device to determine whether or not to display the phishing message. 

The distributed tool is configured in such a way that the user has very little chance of noticing it and if the file displayed by FakeUpdate is run by the victim, the attackers gain full access to their computer. 

The researchers observed other phishing sites being hosted on the Parrot TDS infected sites, but cannot conclusively tie them to Parrot TDS. 

CMS sites

We believe attackers are exploiting webservers of poorly secured content management systems, like WordPress and Joomla sites, by logging into accounts with weak credentials to gain admin access to the servers.  

WordPress has a long history of being a very rich and desirable target for exploits. This is because the software is based on running a series of PHP scripts, which is a popular venue for hackers. The sheer number of components, including plug-ins, themes, and other scripts, makes it hard to prevent potential infections or compromises.

On top of this, many WordPress websites are running older versions that could be behind several major releases, which leads to security vulnerabilities being left unpatched. In addition, some administrators are inexperienced in IT operational security or simply overburdened with other responsibilities and can’t dedicate enough time to implementing the necessary security measures to ensure the safety of a WordPress site.

How developers can protect their servers

Nevertheless, there are steps web developers can take to protect their servers against these attacks, starting with simply scanning all files on the webserver with an antivirus program. Further steps developers can take are:

- Replace all JavaScript and PHP files on the webserver with original files
- Use the latest CMS version
- Use the latest versions of installed plugins
- Check for automatically running tasks on the webserver (for example, cron jobs)
- Check and set up secure credentials, and use unique credentials for every service
- Check administrator accounts on the server, making sure each of them belongs to developers and have strong passwords
- When applicable, set up 2FA for all the webserver admin accounts
- Use available security plugins (WordPress, Joomla)

How site visitors can avoid falling victim to phishing

For site visitors, it’s as crucial as ever to be vigilant online. If a site being visited appears different than expected, visitors should leave the site and not download any files or enter any information. 

Similarly, visitors should only download updates directly from browser settings and never via other channels.

Read more...
26 Apr 2022

Catching phish with web scraping

Phishing is, unfortunately, profitable, hard to detect, and relatively easy to engage in. With digital transformations expedited across the globe, phishing is bound to experience continued explosive growth.

According to Phishlabs, the number of phishing attempts over Q1 2021 increased by nearly 50%. There’s no reason to believe it will stop climbing either.

That means increased levels of digital harm and risk. To counteract such an uptick, new approaches to phishing detection should be tested or current ones improved. One way to improve existing approaches is to make use of web scraping.

Poking phish

Phishers would be hard-pressed to completely replicate the original website. Placing all URLs identically, replicating images, cooking the domain age, etc. would take more effort than most people would be willing to dedicate. 

Additionally, a perfect spoof would likely have a lower success rate due to the ability for the target to get lost (by clicking on an unrelated URL). Finally, just like with any other scam, duping everyone is not necessary, therefore the perfect replica would be a wasted effort in most cases.

However, those who do phishing aren’t dumb. Or at least those who are successful at it aren’t. They still do their best to make a believable replica with the least effort required. It may not be effective against those who are tech-savvy, but even a perfect replica might not be effective against the wary. In short, phishing relies on being “just good enough”.

Therefore, due to the nature of the activity, there’s always a glaring hole or two that can be discovered. Two good ways to get a head start is to either look for similarities between frequently-phished-websites (e.g. fintech, SaaS, etc.) and suspected phishing websites or to collect patterns of known attacks and work your way up from there.

Unfortunately, with the volume of phishing websites appearing daily and the intent to target less tech-savvy people, solving the issue may not be as simple as it seems at first glance. Of course, as is often the case, the answer is automation. 

Looking for phish

There have been more methods developed over the years. An overview article written in 2018 by ScienceDirect lists out URL-based detection, layout recognition, content-based detection. The former often lags behind phishers as databases are updated slower than new websites appear. Layout recognition is based on human heuristic and is thus more prone to failure. Content-based detection is computational heavy.

We will be paying slightly more attention to layout recognition and content-based detection as these are complicated processes that benefit greatly from web scraping. Back in the day, a group of researchers had created a framework for detecting phishing websites called CANTINA. It was a content-based approach which would check for data such as TF-IDF ratios, domain age, suspicious URLs, improper usage of punctuation marks, etc. However, the study had been released in 2007 when automation opportunities were limited.

Web scraping can improve the framework immensely. Instead of manually attempting to find the outliers, automated applications can breeze through websites and download the relevant content within. Important details such as the ones outlined above can be extracted from the content, parsed, and evaluated.

Building a net

CANTINA, developed by the researchers, had a drawback - it was only used to prove a hypothesis. For these purposes, a database of phishing and legitimate websites had been compiled. The status of both was known a priori.

Such methods are suitable for proving a hypothesis. They are not as good in practice where we don’t know the status of the websites ahead of time. Practical applications of projects similar to CANTINA would require a significant amount of manual effort. At some point, these applications would no longer stand as “practical”.

Theoretically, though, content-based recognition seems like a strong contender. Phishing websites have to reproduce content in a nearly identical manner to the original. Any incongruences such as misplaced images, spelling mistakes, missing pieces of texts can trigger suspicion. They can never stray too far from the original, which means metrics such as TF-IDF would have to be similar by necessity.

Content-based recognition’s drawback has been the slow and costly side of manual labor. Web scraping, however, moves most of the manual effort into complete automation. In other words, it enables us to use existing detection methods on a significantly larger scale.

First, instead of manually collecting URLs or taking them from an already existing database, scraping can create its own quickly. They can be collected through any content that has hyperlinks or links to these supposed phishing websites in any shape or form.

Second, a scraper can traverse a collection of URLs faster than any human ever could. There are benefits to manual overview such as the ability to see the structure and content of a website as it is instead of retrieving raw HTML.

Visual representations, however, have little utility if we use mathematical detection methods such as link depth and TF-IDF. They may even serve as a distraction, pulling us away from the important details due to heuristics.

Parsing also becomes an avenue for detection. Parsers frequently fall apart if any layout or design changes happen within the website. If there are some unusual parsing errors when compared to the same process performed on parent websites, these may serve as an indication of a phishing attempt.

In the end, web scraping doesn’t produce any completely new methods, at least as far as I can see, but it enables older ones. It provides an avenue for scaling methods that might otherwise be too costly to implement.

Casting a net

With the proper web scraping infrastructure, millions of websites can be checked daily. As a scraper collects the source HTML, we have all the text content stored wherever we’d like. Some parsing later, the plain text content can be used to calculate TF-IDF. A project would likely start out by collecting all the important metrics from popular phishing targets and move on to detection.

Additionally, there’s a lot of interesting information we can extract from the source. Any internal links can be visited and stored in an index to create a representation of the overall link depth.

It’s possible to detect phishing attempts by creating a website tree through indexing with a web crawler. Most phishing websites will be shallow due to the reasons outlined previously. On the other hand, phishing attempts copy websites of highly established businesses. These will have great link depths. Shallowness by itself could be an indicator for a phishing attempt.

Nevertheless, the collected data can then be used to compare the TF-IDF, keywords, link depth, domain age, etc., against the metrics of legitimate websites. A mismatch would be cause for suspicion. 

There is one caveat that has to be decided “on the go” - what margin of difference is a cause to investigate? A line in the sand has to be drawn somewhere and, at least at first, it will have to be fairly arbitrary.

Additionally, there’s an important consideration for IP addresses and locations. Some content on a phishing website might only be visible to IP addresses from a specific geographical location (or not from a specific geographical location). Getting around such issues, in regular circumstances, is challenging, but proxies provide an easy solution.

Since a proxy always has an associated location and IP address, a sufficiently large pool will provide global coverage. Whenever a geographically-based block is encountered, a simple proxy switch is all it takes to hop over the hurdle.

Finally, web scraping, by its nature, uncovers a lot of data on a specific topic. Most of it is unstructured, something usually fixed by parsing, and unlabeled, something usually fixed by humans. Structured, labeled data may serve as a great ground for machine learning models.

Terminating phish

Building an automated phish detector through web scraping produces a lot of data for evaluation. Once evaluated, the data would usually lose its value. However, like with recycling, that information may be reused with some tinkering.

Machine learning models have the drawback of requiring enormous amounts of data in order to begin making predictions of acceptable quality. Yet, if phishing detection algorithms start making use of web scraping, that amount of data would be produced naturally. Of course, labeling might be required which would take a considerable amount of manual effort.

Regardless of this, the information would already be structured in a manner that would produce acceptable results. While all machine learning models are black boxes, they’re not entirely opaque. We can predict that data structured and labeled in a certain manner will produce certain results.

For clarity, machine learning models might be thought of as the application of mathematics to physics. Certain mathematical modeling seems to fit exceptionally well with natural phenomena such as gravity. Gravitational pull can be calculated by multiplying the gravitational constant by the mass of two objects and dividing the result by the distance between them squared. However, if we knew only the data required, that would give us no understanding about gravity itself.

Machine learning models are much the same. A certain structure of data produces expected results. However, how these models arrive at their predictions will be unclear. At the same time, at all stages the rest is as predicted. Therefore, outside of fringe cases, the “black box” nature doesn’t harm the results too much.

Additionally, machine learning models seem to be among the most effective methods for phishing detection. Some automated crawlers with ML implementations could reach 99% accuracy, according to research by Springer Link.

The future of web scraping

Web scraping seems like the perfect addition to any current phishing solutions. After all, most of cybersecurity is going through vast arrays of data to make the correct protective decisions. Phishing is no different. At least through the cybersecurity lens.

There seems to be a holy trinity in cybersecurity waiting to be harnessed to its full potential - analytics, web scraping, and machine learning. There have been some attempts to combine two of three together. However, I’ve yet to see all three harnessed to their full potential. 

Read more...
26 Apr 2022

Don't fall for this devious phishing scam, Facebook users warned

A new phishing campaign is targeting the administrators of company pages on Facebook, security researchers have warned.

As reported by ZDNet, Abnormal Security has identified emails delivered to Facebook users claiming that their account will be permanently closed if an issue is not rectified urgently.

The objective of the scam is to trick people into handing over their passwords and personal information, potentially with a view to hijacking the company pages they administrate.

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.

False sense of urgency

First, the victim receives an email addressed from “The Facebook Team”, which warns that they have repeatedly posted content that infringes on someone else’s copyright. Unless they appeal the claim immediately, their account will be closed, the victim is told.

The email carries two links: one that leads to a genuine Facebook post (probably to help bypass email protection services) and another that directs the victim to a website where they can “plead their case”. 

This malicious page isn't host to any malware, but rather asks the victim to provide personal information, including their name, email address and Facebook password. 

Commenting on the findings, Rachelle Chouinard, Threat Intelligence Analyst at Abnormal Security, explained that it’s the false sense of urgency that catches people out.

"This is often enough to convince recipients to provide their personal information, particularly if they are using their Facebook account for business purposes,” said Chouinard.

Even though the attackers did their best to hide the fact that the emails weren’t coming from Facebook, there are a few red flags for those with an eye for detail. For example, the sender's address is not related to the Facebook domain in any way, and pressing “reply” brings up an unrelated Gmail address. 

The researchers also said that legitimate companies will never use language designed to spark fear in the recipient. 

Those who still aren’t sure if something’s wrong with their account, should rather log in by typing the address directly into the browser, rather than clicking on a link. If anything indeed is wrong with the account, there will be a notification waiting on the profile page.

Via ZDNet

Read more...
25 Apr 2022

This 1,000-core RISC-V processor is generating buzz in the AI space

A new 1,000-core RISC-V processor from Esperanto Technologies is currently being evaluated by Samsung SDS and other ‘lead customers”.

According to a press release from the computer software company, its new ET-SoC-1 AI Inference Accelerator is undergoing initial evaluations by a number of firms ahead of its release.

Esperanto Technologies itself was founded back in 2014 by semiconductor industry veteran Dave Ditzel who has previously worked at both Sun Microsystems and Intel. The company is now led by President and CEO Art Swift who in addition to being the former CEO of Wave Computing also spent some time working at the RISC-V Foundation.

As part of its evaluation program, Samsung SDS and other potential customers will get a chance to obtain performance data after running a variety of off-the-shelf AI models using the ET-SoC-1 AI Inference Accelerator and so far the results have been quite impressive.

ET-SoC-1 AI Inference Accelerator

Esperanto’s ET-SoC-1 features 1,088 energy-efficient, 64-bit bit processor cores that utilize the RISC-V instruction set architecture which is quickly becoming a viable alternative to those of both x86 and ARM. The company’s new chip also includes four high-performance RISC-V cores along with 160m bytes of on-chip SRAM as well as interfaces for flash memory and external DRAM.

What sets the ET-SoC-1 apart from similar chips is its speed together with its low-power requirements. While the chip can run any type of machine learning workload, Esperanto says that it excels at machine learning recommendation which is used by Meta, Amazon and other hyperscalers.

VP of AI at Samsung SDS, Dr. Patrick Bangert provided further insight on the experience the company’s data science team had when evaluating the ET-SoC-1, saying:

“Our data science team was very impressed with the initial evaluation of Esperanto’s AI acceleration solution. It was fast, performant and overall easy to use. In addition, the SoC demonstrated near-linear performance scaling across different configurations of AI compute clusters. This is a capability that is quite unique, and one we have yet to see consistently delivered by established companies offering alternative solutions to Esperanto.”

While Esperanto has given Samsung SDS and other potential customers a chance to test out its new AI chip, we’ll have to wait and see if the evaluation was impressive enough for orders to start coming in.

Via The Register

Read more...
25 Apr 2022

iMac Pro with M3 chip could bring the 27-inch desktop back from the dead

If you believe recent reports, the Apple iMac Pro is a thing of the past, but a new report indicates the iMac Pro is not dead yet.

According to Mark Gurman's latest newsletter for Bloomberg, there’s allegedly an M3 version of the iMac Pro in development right now, which is slated for release “at the end of next year at the earliest.” Of course, Gurman doesn’t believe that Apple will skip an M2 iMac, and he stated back in March that he’s expecting its release soon.

Gurman isn’t the only one who believes in an upcoming iMac Pro, either. Ming-Chi Kuo, another reputable Apple analyst, asserted last month that both a Mac Pro and iMac Pro would be coming out in 2023.

Apple’s upcoming WWDC event on June 6 could reveal more information about the iMac Pro. But until the tech giant officially reveals the desktop, take these rumors with a large pinch of salt.

Analysis: Mac Studio is the better option

The Apple March Event came and went, announcing plenty of cool new tech from the company. However, Apple never revealed an iMac 27-inch (2022) and even quietly discontinued the model.

Though the new reports point to an iMac Pro for sometime next year, with the Mac Studio, an iMac Pro becomes somewhat redundant. 

The Studio Display itself features 5K resolution, P3 color gamut coverage with 10-bit color depth, 600-nit brightness, a built-in three-mic array, a six-speaker sound system with spatial audio support, and an A13 Bionic chip.

You can connect the Studio Display to the Mac Studio , which offers a compact alternative as well as an easy way for users to replace said PC once it becomes obsolete. Also by losing the all-in-one aspect, Apple can focus on more power and better cooling.

That doesn’t totally remove the market for the iMac Pro, but it does make it a lot smaller. So, it will be interesting to see what changes, if any, Apple makes to its All-in-One pro desktop as a result.

Read more...
25 Apr 2022

Microsoft partners with Mastercard to stop you getting defrauded online

Mastercard has announced that it has partnered with Microsoft to launch an enhanced identity solution aimed at tackling digital fraud.

Although online shopping is quite convenient for consumers, it can be very expensive for businesses especially when they have to deal with fraudsters. Of the many types of online fraud, first-party fraud in which a legitimate purchase is made online and later is disputed is rapidly growing and is now estimated to be a $50bn global issue.

To address the needs of its customers, Mastercard has bolstered its Digital Transaction Insights solution with next-generation authentication and real-time decision intelligence capabilities with help from Microsoft. This isn't the first time the two companies have collaborated though as back in 2018, the worked together on making it easier verify customer's digital identities.

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.

President of cyber and intelligence at Mastercard, Ajay Bhalla explained in a press release how the company’s enhanced Digital Transaction Insights solution will help both businesses and financial institutions better deal with online fraud, saying:

“Shopping online should be simple, quick and secure. But that isn’t always the case. We’re committed to developing advanced identity and fraud technology to help enhance the real-time intelligence we provide to financial institutions around the globe. This builds on our longstanding commitment of working across the industry to provide advanced technologies that enable trust, and help build a safe and thriving digital ecosystem for all.”

Digital Transaction Insights

Mastercard’s Digital Transaction Insights pairs the company’s network insights with data from business owners to confirm that a consumer is who they claim to be. At the same time, financial institutions are provided with additional intelligence to optimize their authorization decisions.

From click-to-pay functionality and wearables to digital wallets and in-app purchases, Mastercard’s Digital Transaction Insights is used across a wide range of online checkout instances.

Microsoft will be the first partner to share its insights and integrate with the company’s new Digital Transaction Insights solution across several lines of business. The company’s Dynamics 365 Fraud Protection’s proprietary risk assessment, which leverages adaptive AI to assist in real-time fraud detection to identify risky behaviors, has been integrated with Digital Transaction Insights to better enable real-time intelligence sharing.

Digital Transaction Insights is enabled by EMV 3-D Secure and Mastercard’s global authentication solution Mastercard Identity Check. In 2021 alone, Mastercard Identity Check was able to deliver a 14 percent uplift in transaction approval rates across billions of transactions.

We’ll likely hear more on the credit card company’s new trust tool and how its being used to tackle digital fraud once more companies begin using it to improve their checkout instances.

Read more...
25 Apr 2022

The unsurprising lesson Microsoft learned after upgrading its own PCs to Windows 11

After upgrading its own business PCs to its latest operating system, Microsoft has reached a rather unsurprising conclusion: Windows 11 is good.

In a new blog post, Microsoft explained it has now upgraded almost the entirety of its circa 182,000-strong workforce to Windows 11, claiming it had no increase in support tickets in the process.

Microsoft attributed the successful rollout to having far fewer app compatibility challenges than in the past, not needing to build out a plethora of disk images, and delivery processes and tools that were greatly improved during the rollout of Windows 10. The update utilized a gradual ‘ring-based’ approach.

Windows 11 rollout

Microsoft said it identified which of its devices were upgradable first, using its Update Compliance tool and Microsoft Endpoint Manager's Endpoint analytics, allowing the firm to create a clear timeline for the rollout.

Windows 11 has specific hardware requirements, and a percentage of Microsoft’s devices were not upgraded. The employees with these incompatible devices will continue to run Windows 10 in parallel, before getting a Windows 11 device at their next device refresh.

Microsoft said that, in total, 190,00 devices qualified for the upgrade and that its upgrade process was 99% successful.

The company also explained the importance of preparing readiness content for its employees during the internal rollout process.

The software giant said that Yammer, FAQs, Microsoft SharePoint, email, Microsoft Teams, its internal homepage, and digital signage were some of the tools used to bring the message to its employees.

Microsoft said its communications team focused on promoting the new look and features of Windows 11, including the speed of the update and its flexible scheduling.

The news comes as adoption of Windows 11 by the wider market seems to be moving relatively slowly.

In March 2022, Windows 11 took just 0.1% market share from other editions of Microsoft's software, accounting for 19.4% of the overall usage, with a further 0.6% using a Windows 11 Insider build.

It seems consumers also need to be wary of installing and managing their own Windows 11 updates, as some cybercriminals seem to be snapping up the opportunity to attack devices.

Security researchers found a fake Windows 11 upgrade website that promises to offer a free Windows 11 install for PCs that don’t meet the minimum specifications, but instead installs data-stealing malware.

Read more...
25 Apr 2022

Elon Musk buys Twitter

You don't even need 280 characters to deliver this momentous news: Elon Musk just bought Twitter.

The Tesla CEO and SpaceX founder has been circling the popular social media platform for weeks, using Twitter itself as a medium to announce both his intentions and ongoing frustrations with the platform in its current form.

Now, after lining up the funds (his own and hefty support from Morgan Stanley) Musk will pay $43.4 billion -- roughly $54.20 per share -- in a tender offer that gives him control of the company. The deal now faces regulatory approval.

With Twitter's earnings report just days away, it's likely the new owner will show up during the company's Q1 earnings call - at least just to say "hi," and demurely refuses to answer most analysts' questions directly.

In a release on the acquisition, Musk said, "Free speech is the bedrock of a functioning democracy, and Twitter is the digital town square where matters vital to the future of humanity are debated.

"I also want to make Twitter better than ever by enhancing the product with new features, making the algorithms open source to increase trust, defeating the spam bots, and authenticating all humans. Twitter has tremendous potential – I look forward to working with the company and the community of users to unlock it."

See more

Bret Taylor, Twitter's Independent Board Chair noted in the release that "The proposed transaction will deliver a substantial cash premium, and we believe it is the best path forward for Twitter's stockholders."

Parag Agrawal, Twitter's CEO and the person who may end up working most closely with Musk said in the release, "Twitter has a purpose and relevance that impacts the entire world. Deeply proud of our teams and inspired by the work that has never been more important." He notably did not reference Musk directly.

Musk's triumph comes after a circuitous path to ownership: First he bought almost 10% of Twitter shares, giving him a seat at the table and inviting him to the board. Musk accepted and then just as quickly backed out. But he wasn't finished. Soon, he was offering $43 billion for the company, which prompted Twitter's board to adopt a poison-pill plan that would have sold cheaper shares to shareholders had Musk sought to purchase more than 15% of the company's shares.

Soon after, Musk, who has been on the platform since 2009, returned to a tender offer, which meant he'd need to pull together all the money to buy the company. As of last week, Musk secured the funds, and over the weekend, Musk and Twitter's executive team met in person to hammer out the details.

A bumpy road

Not everyone is thrilled at the prospect of a Musk-owned Twitter. In the run-up to the announcement, #RIPTwitter was trending on the platform.

As for what comes next, Musk has made clear his intentions to ensure that Twitter supports free speech from all sides (the implication being that it currently does not, though there is no empirical evidence to support this).

He may revisit some user bans, including that of former President Trump.

He'll likely open-source Twitter's code.

A fan of blockchain and NFTs, Musk might push the platform more aggressively into the crypto space.

But investors and backers will be most interested in Musk's growth plan. Twitter has done a decent job of generating more revenue from existing users, but its growth has in recent years been relatively slow and flat. It's not clear that Twitter could ever have the broad-based, global appeal of, say Facebook (which has its own growth struggles) or TikTok.

It's unclear what Musk can do to reenergize some of Twitter's biggest celebrity accounts.

Musk will probably fast-track the already-under-development Tweet Edits feature, since he made it clear during the acquisition effort that he's a fan.

What will Elon do?

What happens next depends on Elon Musk, or rather the Elon Musk who shows up to run Twitter. Will it be the brilliant, sure hand that, through SpaceX, regularly ferries astronauts and supplies to the International Space Station? The man who basically created the EV market with Tesla? 

Maybe.

It might also be the man who impulsively tweets his inner ID and EGO. Who jokes that "The next Twitter board meet's gonna be lit," with a picture of him smoking a joint on Joe Rogan's podcast.

There sometimes seems to be little middle ground for Musk, who is both extremely successful and rich and extremely impulsive and emotional.

The fear that Musk will let the worst element back on Twitter -- Nazis, trolls, anti-vaxxers, Donald Trump, and so on -- is real. A free-speech absolutist might demand ALL voices be heard, even the dangerous ones.

Still, Musk doesn't truly know the inner workings of Twitter's extensive (and still flawed) content moderation system. He soon will. That may inspire some different and more rational thinking about how to excite and energize Twitter for the future while protecting the most vulnerable who still use it every day.

Read more...
25 Apr 2022

AMD's next-gen processors might have a major disadvantage against rival Intel

AMD's next-gen Zen 4 processors are expected later this year along with whole new motherboards, but the possible loss of DDR4 support might make the new upgrade a very expensive proposition for a lot of users hoping to upgrade to the platform.

With AMD's new Zen 4-based "Raphael" 7000-series processors expected to be released later this year, the company is looking to move on from its aging AM4 socket, which it has used for the past few Ryzen series releases, and it looks like DDR4 support will be dropped along with the older socket.

The news comes from our friends over at Tom's Hardware, who spoke to several sources in the supply chain who say that DDR5 will be the only memory supported on X670 and B650 AM5 motherboards expected to launch alongside the Raphael processors later this year.

Nothing has been officially announced yet, and it's always possible that AMD will find a way to keep DDR4 support on another motherboard series besides X670 and B650, but that isn't clear at this point. We've reached out to AMD for comment and will update this story if and when we hear back from the company.


Analysis: will AM5 be a more expansive upgrade than Intel Alder Lake?

The major concern here is that DDR5 RAM modules are very expensive at the moment, and this isn't likely to change any time soon. While the memory modules will inevitably come down in price, they are only just now starting to roll out, and for now only to Intel's 12th-gen Alder Lake processors.

While the Intel Core i9-12900K and Core i5-12600K are two of the biggest selling processors out there right now, they aren't moving in nearly enough numbers to drive down the price of DDR5 on their own, so prices will still likely be very high when Zen 4 processors drop from AMD toward the end of the year. 

If so, then anyone wanting to upgrade to the new Ryzen 7000-series processors would need a new motherboard and more expensive RAM, not to mention a possibly upgraded cooling solution as well. At least with some Intel Alder Lake motherboards, you can still use DDR4 RAM, taking some of the sting off the cost of the upgrade. 

Whether AMD finds a way to keep DDR4 support could be a major factor in how many people opt to upgrade to the new AMD platform, or whether – for once – they find Intel a more affordable upgrade option.

Read more...
25 Apr 2022

Move over Canva, there's a new free design tool in town

Custom graphic design platform Sticker Mule has unveiled Studio, a free design tool that aims to take on the mighty Canva

The company will be hoping the tool, specifically built for organizations with limited design resources, can become one of the best photo editors for creating professional-style graphics without the skill barrier or the associated costs. 

Studio is the latest in Sticker Mule’s small suite of free online design tools for SMEs and startups, which also includes a background remover and image upscaler.

“Our goal is to give everyone the opportunity to design great print and digital products quickly and easily…Studio helps anyone craft beautiful designs in minutes,” said Anthony Constantino, Sticker Mule CEO.

 Canva killer?  

In recent years, use of simple design tools has soared, as businesses look to visually engage customers and clients, and enhance their branding without the need for professional-level software like Adobe Photoshop

Currently leading the pack is Canva, whose growing popularity recently led to the launch of the company’s first global ad campaign after nearly ten years in the business.

Employing a library of pre-built elements and templates, and a basic drag-and-drop system, the tool has proved popular with businesses, entrepreneurs, and SMEs.

Studio by Sticker Mule works on a similar basis. Developed over two years, the browser-based platform is packed with over 1000 customizable templates, letting users design their own logos, business cards, stickers, T-shirts, packaging, event invitations, and social media assets. Everything on the page - from images to elements, colors to text - can be switched out in a few clicks.

For those more comfortable with freestyling, there’s also the ability to create designs from scratch. Finished designs can then be exported as a PNG, JPG, PDF, or SVG and used across all content marketing channels.

As a free service, users won’t have to order their designs through Sticker Mule, although that remains an option for anyone looking for physical assets. 

Constantino, who co-founded the company in 2010, assured users that more upgrades are on the way.

“We are currently developing additional features to make Studio the Internet’s favorite design tool. Next up is the ability to share designs,” he said.

Read more...
25 Apr 2022

Amazon has a cunning plan to snatch up even more of the ecommerce market

Amazon has announced it will invest $1 billion in companies across the fulfilment, logistics and supply chain sectors in an effort to capitalize on emerging technologies.

"We see an opportunity to look beyond our own experience and empower companies that are developing emerging technologies in customer fulfilment operations, logistics, and the supply chain,” said the ecommerce giant. 

“We know there are companies out there that share our curiosity and excitement to invent. Whether our investment helps them grow or leads them to work with Amazon, or both, we’re excited to help advance these technologies as online shopping becomes even more important to people who are looking for more convenience and time savings.”

The first batch of companies that Amazon will fund includes Agility Robotics, which makes bipedal robots for warehouses. The company will receive $150 million from Amazon and others.

Other startups set to benefit from the scheme include Modjoul, which makes wearable safety tech; Vimaan, which uses computer vision to manage inventory; BionicHIVE, an automated shelf-stacking robotics startup; and Mantis Robotics, which is developing a tactile robot arm.

Ecommerce is expensive 

The news of the $1 billion fund comes after Amazon CEO Andy Jassy emphasised a commitment to improving the safety of workers at the company, in response to a recent study that showed its workers are twice as likely to be injured than at its competitors.

“These industries are inherently complex,” said Amazon's Alex Ceballos. “With our scale, Amazon is committed to investing in companies that will ignite innovation in emerging technologies that can help improve employee experiences and safety while seamlessly coexisting with workforces across the supply chain, logistics, and other industries.”

Spending $1 billion is a drop in the ocean for Amazon, which generated almost $470 billion in revenue during 2021. 

But the competitive edge provided by being early to fund startups that help create efficiencies in its vast warehouses could prove priceless.

Read more...
25 Apr 2022

Microsoft really wants you to download the Teams desktop client

Microsoft is bringing its popular online collaboration tool to its own store with the hope that even more users will download Microsoft Teams for desktop.

While you can use Teams on the web or on mobile through its iOS and Android apps, you’ll need to download the desktop version if you want to get the most out of the software. For instance, the ability to blur backgrounds during video calls as well as conduct one-on-one call recordings are only available on Teams for desktop.

According to a new post in the Microsoft 365 Roadmap, the Microsoft Teams app for work, school and life will soon be available to download from the Microsoft Store on both Windows 10 and Windows 11 beginning next month.

Although you can currently download the Teams desktop app from the software giant’s own site, bringing it to the Microsoft Store may make it easier for those just getting started with Windows, perhaps on a new business laptop or student laptop, to find and install the app.

Keeping track of Teams app usage

With more businesses switching to a hybrid work model, IT teams are interested to know how employees use apps when they’re working from home or at the office.

In a separate post on the Microsoft 365 Roadmap, Microsoft has revealed that an updated version of the Teams app usage report with Line of Business apps will also be available next month.

For those unfamiliar, the Teams app usage report provides admins with information on which apps employees are using in Teams. From project management software to time management apps, there are a number of first and third party apps available for Teams that allow users to do even more with Microsoft’s online collaboration software.

Once this update becomes generally available, admins will gain greater insights into which apps their organization’s workers are using in Teams. This could help them when putting together their IT budgets and deciding what kinds of software are worth investing in to help improve productivity.

Read more...
25 Apr 2022

What is live chat support and why do you need it for your website?

Live chat software services first emerged in the early 2000s, but struggled to gain traction at first, as customers were more comfortable speaking to a representative directly.

However, the technology has developed rapidly since then and many businesses have adopted this form of communication in an effort to achieve 24/7 customer support with faster response times.

The years of waiting on hold for hours to be connected to a customer service team should now be firmly behind us. 

What is live chat?

Live chat gives customers a way to reach you at the exact moment that they have questions or problems they can't solve. This SMS-like service is generally preferred over sending emails to a specific support team, as there’s no telling when you will get a response to your query.

Live chat support is a way for customers to have real-time, back-and-forth conversations with support agents that are equipped with the information you need to solve issues you have with a service. 

According to Techjury, 75% of people prefer live chat over any other channel and 63% of millennials prefer to have their basic customer support queries answered by live chat.

For web hosting and website builder services, as an example, we use live chat support regularly to find out if the hosting service offers features not mentioned on their website. And we usually get a reply within minutes.

Why you need live chat support for your website

If you have a website that offers any type of service and you have already tried a help desk software solution, embedding live chat software will help get your customers the answers they need, quickly.

Live chat does not replace human customer service support teams, but rather helps assist them as your business begins to grow and the demand for your services increases.

Some of the best live chat support services take down the customers name and email address, should there be a disconnect in the chat. As a result, your customer support team is able to send follow ups via email, which could lead to a sale if needs are met.

Live chat support also increases your website conversion rates. According to Econsultancy, 73% of customers were satisfied with their live chat experience, surpassing all other channels, including email and phone. In short, using a live chat support software helps you quickly answer your potential customers' questions and convert them into paying customers.

Setting up a live chat function may sound like a time-consuming process, but with the software currently on the market, it’s a lot quicker than you think.

How to set up a live chat feature on your website 

Each live chat software comes with its own set of instructions for you to follow. Some only require you to copy and paste one line of code into your website backend.

Others take the form of WordPress plugins that let you manage your chats right inside your WordPress website admin dashboard, which eradicates the need to log into another software tool. 

A screenshot of LiveAgent signup page

LiveAgent only needs your full name, email address and company name to set up live chat on your website (Image credit: LiveAgent)

Live chat software solution LiveAgent, for example, simply asks you for your full name, email address and company name to generate a live chat solution for you. Once you are in, you are presented with options to add users, connect to an email account, upload your company logo, add a chat button, and more.

Artificial intelligence lets your live chat support team work with chatbot services that can help guide your customers to the most appropriate solution to their queries. These chatbots collect information from customers or ask customers questions to help see the bigger picture and provide appropriate answers.

Using a chatbot can be useful when there’s nobody available on the customer support team to help with a customers’ question.

Most live chat software solutions have five simple steps for you to follow to set up live chat on your website, which includes creating an account, configuring your live support chat, customizing it to make sure it is unique to your business, adding the HTML to your website, and finally, logging and handling incoming chats.

Boost your business with live chat

If you have danced around the idea of getting live chat support embedded into your website, the aforementioned benefits should help you come to a conclusion much faster.

Some of the best live chat support software solutions even offer free plans or 30-day free trials for you to test it out on your website and see whether it’s something you truly need.

In order to not get snowed under with customer queries that can’t be answers by a simple FAQ page on your website, live chat support is there for you to show your customers that you are willing to go the extra mile to make sure they are getting the help they need, which helps with customer satisfaction overall.

If your business has a smaller team, live chat support could also help you deliver great quality customer service without causing too much strain on your business, which will, in turn, improve business productivity and boost sales.

Some live chat solutions even offer video functions that enable your support team to offer a face to face service online, for higher satisfaction rates across your business channel.

Read more...
25 Apr 2022

macOS Server has been killed off at last

After 23 long years, Apple has finally ended support for its macOS Server operating system.

The Unix-like server operating system was built to manage fleets of Mac computers running in businesses, schools, and other types of organizations.

Apple had been slowly cutting off support for macOS Server for years, particularly since 2018 when the company announced macOS Services would be losing features such as its Wiki, DHCP, and DNS, as well as its calendar and contact support. 

What does this mean for macOS Server users?

Some features from macOS Server will live on, and features such as Caching Server, File Sharing Server, and Time Machine Server are now bundled with every installation of macOS High Sierra and later.

One of the most popular features of macOS Server was Profile Manager, Apple's mobile device management (MDM) service. To help customers migrate away, Apple has posted a guide to finding alternative MDM solutions available from a variety of third party suppliers, including Microsoft Active Directory and LDAP directory services.

macOS Server was officially discontinued on April 21, and the last version of the operating system will be macOS Server 5.12.2.

The update comes after Apple introduced its Universal Control feature to Mac and iPad, allowing different Apple devices to integrate better together.

Available on the beta versions of iPadOS 15.4 and macOS 12.3, the feature allows users to control a mouse on both a Mac and iPad at the same time, without having to send files or use a cloud service to do this.

Read more...
25 Apr 2022

APIs are becoming a cybersecurity disaster zone

Web application program interfaces (APIs) are growing increasingly popular, causing all manner of cybersecurity problems in the process.

This is according to a new report from Noname Security, which surveyed 3,000 employees across 350 businesses about challenges associated with APIs.

The company found that APIs are extremely popular these days, with an average organization leveraging 15,564 APIs in total, up 201% year-on-year.

Security incidents

However, many companies are facing problems. More than two in five (41%) have had an API-related cybersecurity incident in the last twelve months, with almost two-thirds (63%) of those involving a data breach, or data loss.

For example, one of the biggest marketing automation platforms and email marketing services, MailChimp, was breached by attackers who also also accessed API keys (now defunct) from an unknown number of customers. 

With the keys, the attackers could create custom email campaigns and send them to mailing lists without accessing the MailChimp customer portal.

Almost all (90%) companies have API authentication policies set up, but a third (31%) said they weren’t exactly confident these policies provided an adequate level of protection.

What’s more, a third (35%) have had projects delayed due to API security concerns, with 87% of those believing that integrating API security testing into developer pipelines could have prevented the delays. 

Roughly half (51%) are fully confident in their API inventories, with a quarter (26%) adding that their inventory update processes are manual.

“With API usage continuing to grow, this extreme level of use and dependency has enabled many vulnerabilities to rise to the surface, making securing these APIs across sectors more paramount than ever,” said Daniel Kennedy, Principal Research Analyst at 451 Research. 

“This report should help enterprises of all sizes across various sectors make the informed decisions they need when developing their API security strategy.”

Read more...
25 Apr 2022

Uncharted: Legacy of Thieves Collection could arrive on PC sooner than we hoped

Uncharted: Legacy of Thieves Collection will arrive on the PC in June, if a hastily retracted leak turns out to be on the money.

As PC Gamer reports, the release date of the collection was spotted in a blog post about the biggest upcoming titles on the Epic Games Store, and it’s apparently due on June 20, 2022 – unless that’s a mistake.

The date has since been removed from that post, mind you, so that could indicate it was an error of some kind – perhaps a placeholder date – or equally it might be bang-on and accidentally aired, with Epic removing it as damage control.

Previously, the actual product listing for Uncharted: Legacy of Thieves Collection on the store said that it was “coming soon”, and didn’t have that June date added, but now the blog post also simply states that it’s due “soon”.

If June 20 turns out to be correct, it means we have less than two months to wait for the collection to debut on PC.


Analysis: Uncharted territory for the PC this summer, surely?

Of course, we must bear all the caveats mentioned above firmly in mind, but this is potentially good news, seeing as a previously rumored release date was mid-July (as spotted in the Steam API). June 20 would be the best part of a month earlier, but whatever the case, it looks like we’ll most probably see Uncharted: Legacy of Thieves Collection on PC at some point this summer.

This is far from the only big-hitting PlayStation franchise to debut on PC in recent history, of course, and we’ve seen the likes of Days Gone, Horizon Zero Dawn, and of course God of War being ported across most recently. The latter in particular is an excellent effort on PC, and brings forth all manner of goodies, including some fundamental improvements to the nuts-and-bolts of the game.

Read more...
25 Apr 2022

FBI sounds the alarm over virulent new ransomware strain

A virulent new ransomware strain has infected at least 60 different organizations in the last two months, the FBI has warned.

In a Flash report, published late last week, the intelligence agency said that BlackCat, a known ransomware-as-a-service actor, compromised these organizations using a strain written in RUST.

This is somewhat unusual given that most ransomware is written in C or C++. However, the FBI believes these particular threat actors opted for RUST as it’s considered to be a “more secure programming language that offers improved performance and reliable concurrent processing.”

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.

Mitigations and defenses

BlackCat, also known as ALHPV, usually demands payment in Bitcoin and Monero in exchange for the decryption key, and although the demands are usually “in the millions”, has often accepted payments below the initial demand, the FBI says.

BlackCat also has strong ties to Darkside (aka Blackmatter), the FBI further explains, suggesting that the group has “extensive networks and experience” in operating malware and ransomware attacks. 

The attack usually starts with an already compromised account, which gives the attackers initial access to the target endpoint. The group then compromises Active Directory user and administrator accounts, and uses Windows Task Scheduler to configure malicious Group Policy Objects (GPOs), to deploy the ransomware.

Initial deployment uses PowerShell scripts, in conjunction with Cobalt Strike, and disables security features within the victim’s network.

The attackers are then said to download as much data as possible, before locking up the systems. And they even look to pull data from any cloud hosting providers they could find. 

Finally, with the help of Windows scripting, the group seeks to deploy ransomware onto additional hosts.

The FBI has also created a comprehensive list of recommended mitigations, which include reviewing domain controllers, servers, workstations, and active directories for new or unrecognized user accounts; regularly backing up data, reviewing Task Scheduler for unrecognized scheduled tasks, and requiring admin credentials for any software installation processes.

Read more...

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us