Month: January 2021

While software devours the world, data is also stored along the way, which hinders progress and innovation in the company. Cybersecurity is far behind other industries in adopting an API-first mentality and has finally reached a breaking point.

Last year, research results were compiled in the Cloud Security Alliance Cloud based Smart ecosystems and the Ponemon Cyber ​​Resilience Study state:

• Organizations use an average of 47 different cybersecurity solutions and technologies.
• 69% say that their security team currently spends more time managing security tools than effectively preventing threats
• 53% say their security team has reached a tipping point where the excessive number of security tools in place is affecting security.

The company’s demands for digital transformation combined with “unprecedented” venture capital investments in cybersecurity in recent years have sparked the perfect tool-proliferation storm for the modern day leader in enterprise cybersecurity.

Other key departments such as financial services, sales, and marketing technologies have certainly seen similar supply and demand. Why is corporate cybersecurity still so isolated?

[Read: How this company leveraged AI to become the Netflix of Finland]

A common explanation, especially at this time of year, is the hint the skills gap in cybersecurity. Every year a barrage of statistics comes out of the usual industry rags, and we collectively lament the lack of talent in the industry and the seemingly unstoppable growth in the number of cyber security vacancies. At the end of last year, ISC (2) put the number of vacancies at over 4 million for an industry with around 2 million professionals.

We seem to have gotten into a vicious cycle of buying more tools to fill the void in people, only to find that we don’t have enough people to operate the tools. This is what Chase Cunningham and others would call a “self-licking ice cream cone of misery”.

After two decades of demo duels on the user interface on conference floors and the question of derivations: “How do I get alerted?” Is it any wonder that too many user-dependent products create too many alerts? Do we have a skills gap or is it a data integration gap?

Is it possible in other industries for cybersecurity to be this unique? In other industries there is a product class that represents the adhesive for the tools or applications. We urgently lack these in cybersecurity.

Phantom Cyber ​​and its fast followers were the first attempts at security. Like Zapier, these standalone ‘orchestration’ platforms are useful for cybersecurity, but that is exactly what Dave McCombs is aiming for The data-centric revolution: Restoring corporate sanity would be known as “IFTTs” – they can mimic human behavior by sequencing automated actions through APIs. They are API-first, but they lack a data awareness that is critical to success with integration and automation.

In other industries we have seen an increase in successful API-first companies that are also data-centric and relate to an architecture where data is the primary and enduring capital and applications (tools) can come and go. Unlike Zapier or Phantom, which use data as input and action as output, these data-centric API-first platforms essentially have data as input and data as output. By simply focusing on data transformation and normalization through a robust API, you bring integration, order, and automated results to your industry.

Takeaways – How do I know if it’s the right API first product?

• language – Is it about the data? Or is it about the tool? Is this product trying to be the “one-ring-to-rule-for-all” weaving in words like “single pane of glass”? Or is it a decoder ring that allows you to merge data across your various products that are supposed to be a “single pane of glass”?
• Inputs outputs – – Data centered Workflows where data is the input and data is the output. Works off the shelf with your core to discover and respond to tools / apps and standalone orchestration tools.
• Business model – Not rated by the user, always a different lever, data processing unit or a different number of integrations.

And if you still can’t tell, get a product demo. If all of the demo is in the UI, the product isn’t the first API, requires human cycles to manage, and while it may add new functionality, it won’t add to other investments you’ve made or increase the efficiency of your stack.

This article was originally published by Patrick Coughlin on TechTalks, a publication that examines technology trends, how they affect the way we live and do business, and what problems they solve. But we also discuss the evil side of technology, the darker effects of the new technology, and what to look out for. You can read the original article here.

Published on January 28, 2021 – 14:00 UTC

As part of its quarterly earnings call yesterday, EV maker Tesla showed renderings of an upcoming update to the Model S 2021. The piece that gets everyone talking is this Butterfly, or as others call it, the Knight riderStyle steering wheel.

But I have bad news. The steering wheel will probably not make it into the production model. We are sorry.

Image Credit: Tesla The refreshed Tesla Model S features a butterfly steering wheel, which is likely illegal.

Yes, it’s super cool – and you could ride as if you were there Knight Rider or something – but steering wheels have to be complete, round and not missing any bits.

[Read: How Netflix shapes mainstream culture, explained by data]

According to the legal source HG.org, cars “can’t have a butterfly-shaped steering wheel or a fighter jet like a joystick. Instead, a vehicle must have a circular wheel with an outside diameter of at least 13 inches. “

It is possible to get exemptions from the rule, but these are usually only granted for one-off special vehicles, not series cars.

That’s a good thing because, frankly, steering wheels like this are not useful in the real world. They prevent the driver from shuffling the wheel through their hands when it turns to full lock. A butterfly steering wheel means having to cross your arms when making big turns, which is just awkward and unsafe.

The renderings also seem to show that Tesla has ditched its gear selector lever that used to sit on the steering column. Instead, the company says it will move all of those buttons and the indicator and wiper levers to the steering wheel, bringing all of the controls to the driver’s fingertips.

Tesla is far from being the first to promise a cool-looking steering wheel. As this article from the Tuning Blog shows, auto companies love to outfit concept cars with radically designed handlebars to grab attention, and aftermarket modders love them for their unique looks.

The new Model S is unlikely to come with the butterfly steering wheel, but nothing prevents you from starting your own business.

SHIFT is brought to you by Polestar. It’s time to accelerate the transition to sustainable mobility. That’s why Polestar combines electric driving with state-of-the-art design and exciting performance. Find out how.

Published on January 28, 2021 – 08:20 UTC

Subscribe to this bi-weekly newsletter here!

Welcome to the latest edition of Pardon The Intrusion, TNW’s bi-weekly newsletter in which we explore the wild world of security.

But that escalated quickly.

After users were notified of a privacy policy change earlier this month and caused a storm, WhatsApp has withdrawn– for now.

The In-app alarm On January 6th, users were asked to agree to the new terms of use, which give the app the right to share some personal data such as phone number and location with Facebook. Users who do not agree to the revised policy by February 8th have been advised that they will lose access to the service entirely.

The announcement created so much confusion about the data sharing agreement that WhatsApp has decided to move enforcement until May 15, a three-month delay which it hopes will “clear up the misinformation”.

The Facebook-owned company has since made it clear that the update does not extend its ability to share personal user chats or other profile information with Facebook, but merely provides more transparency on how user data is collected and shared when the messaging app is available for the Interaction is used company.

Intentional or not, this “all-or-nothing” approach failed and resulted in one Increase in registrations for competing messaging apps like Signal and Telegram.

The Indian Ministry of Technology has given WhatsApp another blow and asked Facebook to do it take off The update said: “The proposed changes raise serious concerns about their implications for the election and autonomy of Indian citizens.”

India is WhatsApp’s largest market with more than 400 million active users.

If anything, the development only serves to highlight the urgent need for more countries to adopt European GDPR-like data protection regulations that explicitly state how data from users is collected, processed and shared with other parties.

What’s the trend in terms of security?

Google researchers detailed a sophisticated hacking operation A Muslim prayer app called Salaat First was found exploiting vulnerabilities in Chrome and Windows to install malware on Android and Windows devices Sell ​​location datato Predicio, and Amazon’s Ring begins testing end-to-end video encryption.

• Internet of Things or Internet of shit? A hacker locked up Internet-connected chastity cages made by Qiui and demanded ransom from its users. [Vice Motherboard]
• Google researchers have described a sophisticated hacking process that exploited vulnerabilities in Chrome and Windows to install malware on Android and Windows devices. They were all addressed from April 2020. [Google Project Zero]
• The whistleblower website DDoSecrets “provided approximately 1 terabyte of this data, including more than 750,000 emails, photos and documents from five companies.” The company information was collected from dark websites after being leaked by ransomware operators. [WIRED]
• According to researchers at Johns Hopkins University, Android and iOS do not extend encryption protection as much as possible, creating potentially unnecessary security vulnerabilities. [WIRED / Data Security on Mobile Devices]

• While Amazon’s Ring is testing end-to-end video encryption, it also fixed a vulnerability in the Neighbors app, which was showing the exact locations and home addresses of users who posted to the app. [TechCrunch]
• A popular Muslim prayer app called Salaat First was found to be selling location data to Predicio, who is affiliated with a U.S. contractor who works with the Immigration and Customs Service (ICE). The incident shows how apps not only collect location data, but also the ease with which that information is traded in the location data industry. [Vice Motherboard]
• Before Parler was banned from all platforms, it turned out that a hacker had succeeded 99% of the posts scratch from the social network “Freedom of Speech”. But how did she do it? It all came down to “deep coding and security practices”. [Ars Technica / WIRED]
• Microsoft is planning to fix a bizarre Windows 10 bug that could damage a hard drive by just showing an icon. [Bleeping Computer]

• Ryuk ransomware operators are believed to have made more than $ 150 million worth of Bitcoin from ransom payments from hacking companies around the world. The payments were made from 61 deposit addresses. [Advanced Intelligence]
• American personal information is being sold on dark web marketplaces at the cheapest prices ($ 8 per record) according to an analysis of stolen information on 40 different dark web marketplaces. Japan and the UAE have the most expensive identities, averaging $ 25. [Comparitech]
• The last 14 days of data breaches, leaks and ransomware: European Medicines Agency, Nitro PDF, Pixlr, Scottish Environmental Protection Agency, Ubiquiti, and the United Nations.

Data point

Ransomware is now responsible for 46% of health data breaches, new research suggests Durable has found. What’s more, over 35% All violations involve ransomware attacks, often with financial costs.

According to cybersecurity company Emsisoft’s’State of the ransomware‘Report, in 2020 alone, 113 Federal, state and local governments and authorities, 560 Health facilities and 1,681 Schools, colleges and universities were affected.

“While companies can never completely rule out the possibility of human error, they can design their networks in such a way that they do not collapse like houses of cards when these errors occur,” said Emsisoft researchers.