EnterpriseSecurity https://www.webpronews.com/technology/enterprisesecurity/ Breaking News in Tech, Search, Social, & Business Mon, 01 Apr 2024 20:32:08 +0000 en-US hourly 1 https://wordpress.org/?v=6.5.3 https://i0.wp.com/www.webpronews.com/wp-content/uploads/2020/03/cropped-wpn_siteidentity-7.png?fit=32%2C32&ssl=1 EnterpriseSecurity https://www.webpronews.com/technology/enterprisesecurity/ 32 32 138578674 Rubrik’s Potential IPO: A Look at the Moves and Market Expectations https://www.webpronews.com/rubriks-potential-ipo-a-look-at-the-moves-and-market-expectations/ Mon, 01 Apr 2024 19:18:36 +0000 https://www.webpronews.com/?p=602549 As the landscape of initial public offerings (IPOs) continues to evolve amidst shifting market conditions, all eyes are on Rubrik, a cloud data security company, as it gears up for a potential listing. With speculation swirling and anticipation building, analysts and investors alike are eager to glean insights into the company’s trajectory and the broader implications for the IPO market.

According to Bloomberg, recent discussions surrounding Rubrik’s IPO have sparked considerable interest, with analysts dissecting the company’s moves and market expectations. In a recent conversation, industry experts delved into the nuances of Rubrik’s impending debut and the factors shaping investor sentiment.

Amidst fluctuating market dynamics, Rubrik’s IPO plans have been subject to speculation and scrutiny. “We reported last September that the company was planning to raise around $700 million,” noted one industry insider. However, the evolving market landscape has prompted a reevaluation of these projections, with recent developments such as Estara and Reddit’s IPOs serving as litmus tests for investor appetite.

Notably, Rubrik’s unique profile sets it apart from recent IPO darlings. It offers a glimpse into the intersection of cloud data security and market demand. Backed by industry giants like Microsoft, Rubrik occupies a pivotal position within the burgeoning cybersecurity sector, poised to capitalize on growing demand for cloud-based solutions.

Yet, amidst mounting anticipation, questions about Rubrik’s valuation and investor sentiment linger. “Valuation is a little bit up in the air right now,” remarked an industry expert. While past investments provide insight into Rubrik’s potential worth, market conditions and investor appetite remain fluid, shaping the company’s trajectory leading up to its IPO.

Moreover, Rubrik’s listing represents a pivotal moment for employees and investors, offering a long-awaited liquidity event for those involved in the company’s journey. With prominent backers like Bain Capital Ventures and Coastal Ventures, Rubrik’s IPO has far-reaching implications for the venture capital community and signals a potential windfall for early investors.

As the countdown to Rubrik’s IPO continues, industry observers remain vigilant, parsing through market trends and company disclosures for clues about the company’s future trajectory. Against recent IPO successes, Rubrik’s debut promises to be a bellwether for the broader IPO market, offering insights into investor sentiment and appetite for high-growth tech companies.

In the weeks ahead, all eyes will be on Rubrik as it navigates the IPO process, offering a glimpse into the intersection of technology, finance, and market dynamics. As the company prepares to enter the spotlight, the stakes are high, with implications extending far beyond its corporate borders.

]]>
602549
Securing Unmanaged Devices: The Next Frontier in Cybersecurity https://www.webpronews.com/securing-unmanaged-devices-the-next-frontier-in-cybersecurity/ Sat, 16 Mar 2024 16:51:12 +0000 https://www.webpronews.com/?p=601654 In an exclusive interview from CXOTalk, Michael Krigsman spoke with Anand Oswal, the visionary leader of Palo Alto Networks’ network security business,  who delved into the critical importance of securing unmanaged devices in today’s digital landscape.

“Palo Alto Networks is dedicated to making every day more secure than the last,” Oswal emphasized. “My role is to ensure that users, applications, and data remain consistently protected across all control points.”

Oswal highlighted the pressing need to address the security risks posed by personal laptops and phones accessing corporate applications and data. “Over 50% of devices accessing corporate resources are unmanaged,” Oswal revealed. “And the consequences are dire, with about 90% of successful malware originating from such devices.”

Oswal recalled a chilling incident: “Attackers infiltrated a company’s network through a site reliability engineer’s personal laptop, leading to a data breach facilitated by unmanaged device access.”

“To address this growing problem,” Oswal introduced the concept of enterprise browsers, a revolutionary solution identified by Gartner as a crucial emerging category. “By 2030, enterprise browsers will become the primary platform for secure access from unmanaged devices,” he stated.

“The adoption of enterprise browsers is driven by the need to balance security with productivity,” Oswal explained. “Enterprise browsers offer a seamless and cost-effective solution, providing robust security without compromising user experience.”

The acquisition of Talon, a leading enterprise browser company, further strengthens Palo Alto Networks’ position in the cybersecurity landscape. “Talon’s technology brings additional layers of security to browser workspaces, protecting against advanced threats like phishing and keylogging,” Oswal emphasized.

“Educating organizations about the risks associated with unmanaged devices is paramount,” Oswal emphasized. “Awareness and proactive measures are essential to mitigate the majority of data breaches occurring through applications and email accessed via browsers.”

“In conclusion,” Oswal stressed, “Holistic security across all devices, managed and unmanaged alike, is crucial. By adopting enterprise browsers and leveraging cutting-edge technologies, organizations can fortify their defenses and stay ahead of evolving cyber threats.”

As cybersecurity threats continue to evolve, the conversation with Anand Oswal serves as a timely reminder of the urgent need to secure unmanaged devices and safeguard critical assets in an increasingly digital world.

]]>
601654
Cisco Simplifies Legacy System Connectivity with New Docker-Based Solutions https://www.webpronews.com/cisco-simplifies-legacy-system-connectivity-with-new-docker-based-solutions/ Sun, 10 Mar 2024 12:05:30 +0000 https://www.webpronews.com/?p=601189 In a bid to streamline connectivity for legacy systems, Cisco has unveiled innovative solutions aimed at easing the installation process of secure device connectors (SDCs) and secure events connectors (SECs) on Ubuntu systems. Aaron Hackney, Product Owner for Cisco Defense Orchestrator, demonstrated the simplicity of the process in a recent video.

Legacy systems like the ASA and iOS devices often struggle with cloud connectivity or integration with Cisco Defense Orchestrator (CDO). Traditionally, users would download a VMware image to install SDCs and SECs. However, recognizing the need for flexibility, Cisco has introduced Docker-based solutions that can be deployed on Ubuntu systems, whether bare-metal or virtual.

Hackney emphasized that the SDC and SEC are essentially Docker containers, making the VMware image merely a vehicle to bring Docker to the table. The provided scripts simplify the deployment process, particularly for Ubuntu 20.04 and 22.04 distributions, catering to both virtual and physical systems.

The installation process involves cloning the CDO deploy SDC repository from GitHub and executing the provided scripts. The “install Docker” script ensures the installation of the recommended Docker Community Edition, seamlessly handling the necessary dependencies and user permissions.

Once Docker is installed, deploying an SDC is a matter of executing the “deploy SDC” script with the bootstrap data provided during SDC creation in CDO. The script automates the retrieval and setup of Docker images tailored to the user’s CDO tenant, ensuring a smooth onboarding process.

Similarly, deploying an SEC is a breeze with the provided Docker container. Users can simply copy the SEC bootstrap data from CDO, execute the “SEC Dosh” script, and follow the prompts to initiate the onboarding process. The SEC container is up and running within minutes, ready to handle syslog and NetFlow data from ASA devices.

Hackney concluded the demonstration by highlighting the process’s simplicity and efficiency, empowering users to connect legacy systems easily. By leveraging Docker containers and streamlined deployment scripts, Cisco is ushering in a new era of connectivity for Ubuntu users, virtual or physical.

With these user-friendly solutions, Cisco is poised to enhance the accessibility and effectiveness of its defense orchestrator platform, paving the way for seamless integration and management of diverse network environments.

]]>
601189
Google Cloud Fixes Kubernetes Security Flaw https://www.webpronews.com/google-cloud-fixes-kubernetes-security-flaw/ Tue, 05 Mar 2024 00:46:16 +0000 https://www.webpronews.com/?p=600276 Google Cloud has fixed a flaw impacting Kubernetes that could allow an attacker to escalate their privileges.

According to TheHackerNews, Palo Alto Networks Unit 42 discovered the flaw and reported it via Google’s Vulnerability Reward Program. Google detailed the issue in a security bulletin:

An attacker who has compromised the Fluent Bit logging container could combine that access with high privileges required by Anthos Service Mesh (on clusters that have enabled it) to escalate privileges in the cluster. The issues with Fluent Bit and Anthos Service Mesh have been mitigated and fixes are now available. These vulnerabilities are not exploitable on their own in GKE and require an initial compromise. We are not aware of any instances of exploitation of these vulnerabilities.

Google recommends manually upgrading GKE to ensure customers are running the patched version:

The following versions of GKE have been updated with code to fix these vulnerabilities in Fluent Bit and for users of managed Anthos Service Mesh. For security purposes, even if you have node auto-upgrade enabled, we recommend that you manually upgrade your cluster and node pools to one of the following GKE versions or later:

  • 1.25.16-gke.1020000
  • 1.26.10-gke.1235000
  • 1.27.7-gke.1293000
  • 1.28.4-gke.1083000
]]>
600276
The Growing Importance of Supply Chain Visibility (SCV) in Ecommerce https://www.webpronews.com/supply-chain-visibility-2/ Mon, 04 Mar 2024 13:49:45 +0000 https://www.webpronews.com/?p=521176 Supply chain visibility (SCV) is the ability to track and monitor a product or shipment from its origin to its destination. This allows businesses to stay informed on their shipments’ progress, anticipate delays, and make adjustments if needed.

With eCommerce growth continuing at an exponential rate, supply chain visibility has become increasingly important for companies looking to remain competitive in today’s digital marketplace. Not only do businesses need to meet customer demands for fast delivery times, but they also need to manage costs, minimize losses, and ensure security. 

Be that as it may, only 65% of companies are able to report full visibility across their supply chains, and 43% of small businesses are not tracking inventory levels at all. With economic uncertainty on the horizon and customer expectations at an all-time high, now is the time to invest in supply chain visibility so you don’t find yourself falling behind while your competition sails away with their loyal customers.

Benefits of Supply Chain Visibility for Ecommerce Businesses

There are a multitude of benefits to be realized through the implementation of supply chain visibility in eCommerce. These include:

Improved customer satisfaction and loyalty

The more visibility you have into your own supply chain, the better equipped you are to anticipate customer needs and deliver products in a timely manner. With improved visibility, eCommerce businesses can increase customer satisfaction by reducing their response times, improving delivery accuracy, and providing customers with real-time updates about the status of their orders. This helps foster greater loyalty from customers, which in turn increases the likelihood of repeat business.

Reduced costs associated with inventory management

“Knowing inventory costs is extremely important because they affect the majority of decisions one makes as a retailer,” explains Abir Syed, co-founder of UpCounting, an eCommerce accounting firm.

Unsurprisingly, inventory management is the single largest expense for eCommerce businesses. For every dollar a US retailer generates through revenue, they have $1.35 tied up in inventory. As such, being able to accurately track and monitor inventory levels is essential for minimizing losses and maximizing efficiency.

By leveraging supply chain visibility technology, businesses can reduce the amount of inventory they need to keep in stock and their associated costs. This can be achieved through better forecasting and planning, more precise order fulfillment processes, and improved inventory accuracy.

Increased efficiency and speed of delivery

Knowing where products are throughout their journey allows businesses to better plan and adjust for delays, ensuring customers get their items as quickly as possible. Supply chain visibility also facilitates increased collaboration between all parties involved in the delivery process, allowing for a transparent and overall more efficient supply chain.

Enhanced flexibility and scalability in supply chains

As the demands of customers and markets shift, businesses need to be able to quickly adjust their supply chains accordingly. With supply chain visibility, businesses can quickly adapt to changing conditions, such as unexpected spikes in demand or supply disruptions. This increased flexibility and scalability of the supply chain is essential for businesses to remain competitive and responsive. This scalability also benefits businesses as they grow and expand into new markets. 

Increased control over returns management 

Returns are an unavoidable part of eCommerce and managing them can be difficult. Supply chain visibility gives businesses the ability to track a returned item as it moves through the supply chain and make adjustments to minimize losses. This includes tracking returned items on their journey back to the supplier, identifying potential issues and quickly resolving any discrepancies.

Challenges of Implementing Supply Chain Visibility

While the benefits of supply chain visibility are clear, there are still some challenges associated with its implementation. These include:

Establishing and maintaining relationships with suppliers

Before any supply chain visibility technology can be deployed, businesses need to build relationships with their suppliers. This requires open communication and collaboration between all parties involved, as well as a certain level of trust.

“When it comes to choosing partners, it’s wise to do some research to ensure the best deal possible while emphasizing transparency and flexibility. This is invaluable during times of frequent supply chain disruption,” explains Roei Yellin, Co-Founder & Chief Revenue Officer of 8fig, a planning and funding platform for eCommerce companies. 

“Sellers shouldn’t be afraid to negotiate for a better deal and they should make sure that communication is open and honest. This is true of suppliers, 3PLs (third-party logistics providers) and any other partners brought in to help manage the supply chain,” concludes Yellin.

Complexity of the supply chain and data formats

Securing buy-in from all parties and managing the data exchange between different organizations is challenging. Not only do various supply chain participants have differing needs and processes, they also use different systems. Unifying these systems and ensuring harmonious data exchange can be difficult.

To overcome this, businesses need to create a single source of truth that all supply chain participants can work from. This means creating common protocols and standards that all parties are comfortable with and can adhere to, and potentially leveraging a third-party solution to manage the data exchange.

Costs associated with technology and infrastructure

The technology and infrastructure required for supply chain visibility can be costly. Businesses need to invest in the right hardware, software, and people to ensure that the system is secure and effective.

Fortunately, there are solutions to this issue. RFID and code-based tracking solutions, in particular, are relatively inexpensive and easy to implement. Companies such as Scurri allow you to easily create a single bar code for all carriers, as well as a reporting dashboard that gives you full control over your operations with actionable insights. 

Cybersecurity concerns

Data is the lifeblood of supply chain visibility and ensuring its security is paramount. However, supply chains are coming under increasing attack from hackers and malicious actors, making them vulnerable to data theft and manipulation.

In fact, 97% of organizations say they have experienced the negative consequences of a supply chain cyber breach within their operations, demonstrating just how prevalent these attacks have become.

As such, businesses need to ensure that they have the appropriate protocols in place to protect their data from cyber-attacks. This includes using secure networks and encryption, as well as regularly auditing system access and usage. Multichannel cyber security solutions, such as VMware, can also be of great help in mitigating cyber risks.

Conclusion

Supply chain visibility is becoming increasingly important in today’s volatile and highly competitive marketplace. However, if businesses are to reap the full benefits of a visible supply chain, they must first overcome the various challenges associated with implementation.

Ultimately, with careful planning, a comprehensive approach to risk management, and the right technology in place, businesses can ensure that their supply chain visibility efforts are successful and that they remain agile and competitive in the long run. 

]]>
588692
7 Key Software Trends Shaping the Future of Technology https://www.webpronews.com/software-trends-future-of-technolog/ Mon, 19 Feb 2024 16:41:23 +0000 https://www.webpronews.com/?p=600197 Capitalizing on new technologies is crucial to remaining competitive as a business. In today’s digital world, that means staying current on the latest software trends, as these shape much of the most impactful modern tech.

Software development, like most tech sectors, is rapidly evolving. To help keep up with the growing pace of innovation, here are seven key trends business owners and tech leaders must know.

1. AI-Assisted Programming

Generative AI — made famous by tools like ChatGPT — was undoubtedly the defining technology of the past year. It’ll also be one of the most significant in the years to come.

While generative AI’s natural language and image-producing capabilities often take the spotlight, its coding ability is more practical in software development. As these tools improve, more devs will likely use them to automate repetitive programming tasks like writing basic scripts or checking code.

AI-assisted programming can free hours in devs’ schedules and reduce errors for more polished final products. As tech talent gaps grow more severe, businesses can’t afford to overlook that potential. Tech teams should consider how they can integrate generative AI into their workflows — and, more importantly, learn to check its results to use it effectively and ethically.

2. Growing Cybersecurity Concerns

The growing need for better cybersecurity is an older but still relevant software trend. While businesses have become more aware of cybersecurity concerns, cybercrime hasn’t gone away, so improved protections are imperative.

Dev teams must embrace security early in the design phase instead of applying it as an afterthought. Cybercriminals are also starting to leverage AI, so businesses must respond with AI-guided protections and testing against these more sophisticated attacks.

Security throughout the software supply chain is also coming into focus. With third-party breaches rising and merger activity tripling in some industries, addressing partner vulnerabilities is more important than ever. Businesses must perform thorough due diligence and limit other parties’ access privileges across the software supply chain.

3. Low-Code and No-Code Development

Today, virtually every company is a tech business to some extent. This shift has created skyrocketing demand for tech talent across all sectors, leaving many organizations with IT worker shortages. In response, the industry is leaning toward low-code and no-code development processes.

Plug-and-play development interfaces — especially for websites and mobile apps — have become increasingly common. Capitalizing on these tools is essential in remaining productive despite a competitive programming labor landscape.

Businesses with plenty of coding talent have a unique opportunity amid this trend. If these teams can develop low-code and no-code technologies for other organizations, they could profit heavily from this growing market.

4. DevSecOps

Another key software trend is a shift toward DevSecOps development cycles. This practice builds on the rapid, highly collaborative DevOps philosophy by adding security teams into the mix from the first stages.

DevSecOps addresses two significant concerns in modern software. First, it enables continuous improvement and higher functionality by emphasizing teamwork and ongoing reviews to create the best product possible quickly. Secondly, it ensures security by design by involving cybersecurity experts throughout the entire dev process.

Because DevSecOps is so rapid and intensive, learning to use it will require adjustment. Teams must experiment with it now to become confident in the practice for future projects. Failing to implement DevSecOps in the coming years will give more agile competitors an advantage.

5. Microservices Architecture

In the pursuit of more functional apps, software development is also trending toward microservices architecture. Conventional, monolithic architecture groups all features in a single service, but microservices break them into smaller, independently running modules.

The primary advantage of this new method is that you can change one feature without affecting the entire program. That segmentation leads to fewer errors and faster update timelines. It also improves scalability and flexibility, which is increasingly crucial as software trends shift more frequently.

Like with DevSecOps, switching to microservices architecture will entail initial disruption. This method may increase organizational complexity, so dev teams must learn to distribute specialized duties while communicating closely. Off-the-shelf containerization tools can also help.

6. Emphasis on UX

As the public uses more digital apps and websites, their expectations about these services are rising. Consequently, user experience (UX) is an increasingly central pursuit for software development teams.

A dedicated app or website is no longer enough to stand out as a business. These services must be highly functional and convenient, or they risk turning users away. Increasing loading times from just one to five seconds increases bounce rates by 90%, so everything must be as responsive as possible.

Good UX starts with optimizing apps and websites to run quickly, even on minimal hardware — and especially on mobile. Apart from these technical considerations, devs must pay close attention to user trends to see what kinds of formats and features they prefer. Ongoing feedback and adjustments are necessary to keep UX optimal amid changing demands.

7. Sustainable Software

Sustainability is a growing trend in many industries, and software is no exception. As the world relies more heavily on software, data centers’ energy consumption has come into the spotlight. Power-hungry innovations like AI and blockchain will make balancing performance and sustainability more challenging yet important.

If dev teams can create more sustainable digital solutions, they’ll stand out from the energy-intensive crowd. As that trend grows, those who don’t adapt may stand apart for the wrong reasons.

Sustainable software relies heavily on designing resource-efficient architectures. The less power an app needs to deliver the same performance, the better. Using renewable-powered data centers to support these services is also important.

Today’s software trends will define the technology of tomorrow. Businesses must stay on top of these developments to adapt to shifting markets. That adaptation will mean some disruption in the near term, but if organizations can tackle it sooner rather than later, they can get ahead of the curve and ensure long-term success.

]]>
600197
Exploring the Latest Trends in Custom Software Development https://www.webpronews.com/trends-in-custom-software-development/ Thu, 15 Feb 2024 14:00:59 +0000 https://www.webpronews.com/?p=600109 The landscape of software technology in 2023 is a vibrant and evolving space, marked by several key trends that are shaping the industry. 

While the United States remains the chief world leader in this field, there are signs that both China and India may soon overtake Uncle Sam in this strategic area. Both countries are sending thousands of students abroad to learn the latest developments in software. And then having them return home to bolster national research and development.

Custom software development, which ranges from advancements in artificial intelligence and machine learning to the growing importance of cybersecurity, are not just influencing how software is developed and deployed, but also how it’s integrating into every aspect of our lives.

The overview

1. Artificial Intelligence and Machine Learning: AI and ML continue to be at the forefront of software technology trends. In 2023, we are seeing these technologies becoming more sophisticated, with increased capabilities in natural language processing, predictive analytics, and automated decision-making. AI is being integrated into a variety of applications, from customer service chatbots to advanced data analytics tools, making processes more efficient and offering new insights.

2. Increased Focus on Cybersecurity: As the digital landscape expands, so does the need for robust cybersecurity measures. In 2023, there’s a heightened emphasis on developing software that’s secure by design. This includes the integration of advanced encryption techniques, regular security updates, and the use of AI for threat detection. Companies are also focusing on educating their employees about cybersecurity to mitigate risks.

3. Cloud Computing and Edge Computing: Cloud computing continues to dominate, but there’s a growing trend towards edge computing. Edge computing involves processing data closer to where it’s generated rather than in a centralized data-processing warehouse, which reduces latency and improves speed. This is particularly important for IoT devices and applications that require real-time processing.

4. The Rise of Quantum Computing: Quantum computing, although still in its nascent stages, is starting to make more substantial strides in 2023. With its potential to process vast amounts of data at unprecedented speeds, it promises to revolutionize areas such as cryptography, materials science, and complex system modeling.

5. Sustainable and Green Software Development: With increasing awareness of environmental issues, there’s a growing trend in developing sustainable and green software. This involves optimizing software for energy efficiency, reducing resource consumption, and considering the environmental impact of development and deployment processes.

6. The Expansion of Blockchain Technology: Beyond cryptocurrencies, blockchain technology is finding applications in various sectors including finance, supply chain management, and healthcare. Its ability to offer secure, transparent, and tamper-proof record-keeping is being leveraged to improve processes and create new business models.

The results 

7. Remote Work and Collaboration Tools: The shift to remote work, accelerated by the COVID-19 pandemic, continues to influence software development in 2023. There’s an increasing demand for collaboration tools that facilitate efficient remote work, including project management software, real-time communication platforms, and virtual workspace solutions.

8. Increased Use of Low-Code and No-Code Platforms: Low-code and no-code platforms are democratizing software development, allowing individuals without extensive programming knowledge to create applications. This trend is empowering more people to develop software, leading to innovation and rapid prototyping.

9. Advancements in Virtual Reality (VR) and Augmented Reality (AR): VR and AR technologies are becoming more sophisticated and accessible, finding applications in training, education, entertainment, and retail. These technologies are not only enhancing user experiences but also creating new avenues for interaction and engagement.

10. Focus on User Experience (UX) Design: There’s a continued emphasis on UX design in software development, with a focus on creating intuitive, user-friendly interfaces. Good UX design is increasingly seen as a critical factor in the success of a software product.

11. Growth of Internet of Things (IoT): IoT technology is expanding rapidly, with more devices being connected to the internet. This trend is leading to the generation of large amounts of data and the need for sophisticated software to analyze and utilize this data effectively.

12. Software for Social Good: There’s a growing trend of developing software aimed at addressing social and global challenges, such as healthcare accessibility, education, and environmental sustainability. This reflects a broader shift towards socially responsible technology development.

Conclusion 

In conclusion, the software technology trends of 2023 reflect a dynamic and rapidly evolving industry. From the integration of AI and ML in various applications to the focus on cybersecurity and sustainable development, these trends are not only shaping the way software is developed but also how it’s transforming businesses and impacting society at large. As we move forward, these trends will likely continue to evolve, offering new challenges and opportunities in the world of software technology.

]]>
600109
Microsoft: ‘Financially Motivated Threat Actors’ Distributing Malware via App Installer https://www.webpronews.com/microsoft-financially-motivated-threat-actors-distributing-malware-via-app-installer/ Fri, 09 Feb 2024 20:39:51 +0000 https://www.webpronews.com/?p=600274 Microsoft is warning that bad actors, including those financially motivated, are using App Installer to distribute malware.

Microsoft Threat Intelligence says bad actors have been using the ms-appinstaller URI scheme (App Installer) to distribute malware since at least mid-November 2023. Microsoft has disabled the protocol handler in an effort to combat its abuse.

The observed threat actor activity abuses the current implementation of the ms-appinstaller protocol handler as an access vector for malware that may lead to ransomware distribution. Multiple cybercriminals are also selling a malware kit as a service that abuses the MSIX file format and ms-appinstaller protocol handler. These threat actors distribute signed malicious MSIX application packages using websites accessed through malicious advertisements for legitimate popular software. A second vector of phishing through Microsoft Teams is also in use by Storm-1674.

Threat actors have likely chosen the ms-appinstaller protocol handler vector because it can bypass mechanisms designed to help keep users safe from malware, such as Microsoft Defender SmartScreen and built-in browser warnings for downloads of executable file formats.

The attacks are especially dangerous for Teams users, since the bad actors are spoofing legitimate Microsoft pages.

Since the beginning of December 2023, Microsoft identified instances where Storm-1674 delivered fake landing pages through messages delivered using Teams. The landing pages spoof Microsoft services like OneDrive and SharePoint, as well as other companies. Tenants created by the threat actor are used to create meetings and send chat messages to potential victims using the meeting’s chat functionality.

More information can be found here, including detailed analysis of the attack. In the meantime, Microsoft says organizations should educate Teams users to be able to identify and protect themselves from this exploit.

Educate Microsoft Teams users to verify ‘External’ tagging on communication attempts from external entities, be cautious about what they share, and never share their account information or authorize sign-in requests over chat.

]]>
600274
How To Overcome Data Compliance Issues in Enterprise Environments https://www.webpronews.com/data-compliance-issues/ https://www.webpronews.com/data-compliance-issues/#comments Fri, 09 Feb 2024 19:05:52 +0000 https://www.webpronews.com/?p=599575 All enterprises now know the power that lies in data-driven decision-making. The ability to accurately predict future trends, understand historical data, and act based on pure statistics rather than a hunch has empowered businesses to act smarter, faster, and with more precision. It’s no wonder that, with all these benefits, data has become a resource that all businesses work to capture, process, and extrapolate for their own benefits.

The global big data and analytics market is expanding every year, currently sitting just below $300 billion USD. Yet, just having access to the data architecture that enables you to collect and process data doesn’t mean that a business does so in an efficient or compliant way. Data compliance is one of the leading issues in modern business, with the fast scaling required by some businesses leading them to bad data management habits.

In order to store and utilize huge quantities of data, businesses need to take an active and proactive approach to data compliance. In this article, we’ll dive into the core issues that businesses encounter with compliance and point toward leading strategies to fix them. 

Let’s dive right in.

What Is Data Compliance?

Data compliance is an intersectional field that balances between operational data use and legal requirements. When using data, especially for analytics or business operations, it’s important to establish clear guidelines about how you are using that data and how you protect it. Data privacy, availability, and integrity are all considerations in data compliance.

Another pillar of compliance that is important to recognize is that, depending on the region that your business operates from, you may also have regulatory compliance issues to overcome. For example, Europe has strict privacy laws when it comes to handling customer data, which you must comply with or face fines.

Data compliance protects both your company and your customers, keeping all of your data, your customer data, and your private records safe. As the rising cyber threat continues to focus on the enterprise sector, expert control of data compliance and privacy is more needed than ever before.

How To Streamline Data Compliance

Data compliance may seem staggeringly complex at first glance, but is really only a representation of the very best laws, ideas, and data protection strategies to keep your business safe. As a deeply methodical process, it’s a good idea to get started with data compliance from day one.

There are a number of ways you can streamline data compliance in your organization.

Establish a Workflow

The single biggest factor that will lead to breaches in data compliance is your own employees. If they don’t know how to stay on the side of compliance, you’ve probably not made your processes obvious enough for them.

Be sure to establish a comprehensive workflow of how you should handle data when it enters your business. Create detailed guides about the use and distribution of data that you then teach to all new employees during their onboarding.

Every staff member should understand the importance of data compliance, what it means, and how to use data in a compliant manner.

Audit, Audit, Audit

Even for businesses that already have comprehensive data compliance workflows and frameworks set out, it’s a good idea to audit your business frequently. Not only does a regular audit ensure that all of your processes are being upheld and followed to the correct standard, but it also helps to create a permanent record of your work.

Audit Trails are required by many regulatory bodies, with proof of your regular system audits and the systems logged in the process acting as evidence in this regard. Depending on your geographical location, the specific audit laws you have to work to may vary. Some states in the USA are much more strict than others.

To air on the side of caution, we recommend that you audit your internal processes at least once a year. However, if you’ve experienced a data breach or are incorporating new data technologies, then you should conduct an audit much more frequently. 

Automate Where Possible

Once you have a data governance scheme in place, you’re now in a position to automate much of the initial contact points with data. There are numerous data compliance automation tools and strategies that you can put to use. Not only do these save tremendous amounts of time, especially those that focus on granular data monitoring, but they will also save your business capital in the long run.

There are several areas where you can use automation to streamline the data compliance process:

  • Incident Management – Around 40% of all businesses will experience a data disaster event at least once a year. This staggeringly high figure reminds us that creating an incident management system will allow you to respond to any events much more rapidly.
  • Recovery and Backup – One core area that you can optimize with automation is any recovery and backup processes. When creating a catalog of historical data, it’s always a good idea to create failsafe backup systems. If needed, you can use these backups to resort to an earlier version of your data systems before a compliance breach occured.
  • Schema and Management – Once you have a specific schema of data that you want to collect, you can then create safeguards that flag any data that does not strictly follow this format. Any breaches or inconsistencies will alert a developer, allowing them to take a look at any strange data instead of monitoring every single dataset that you ingest.

The ability to successfully automate aspects of data compliance will only grow in the coming years. With advancements in AI, ML, and other emerging technologies, we’ll be able to spend more time focusing on the mission-critical aspects of compliance and less on the day-to-day monotonous tasks.

Final Thoughts

The importance of the use of data cannot be overstated. As a leading tool that guides us toward better strategies, more effective use of resources, and more precise future planning, data is essential in modern business. Yet, without a comprehensive understanding of data compliance, businesses are unable to make the most of the data they have at their disposal.

By investigating your current data practices, including how you store and interact with data in your cloud data warehouse, businesses will be ready to take a more effective position on data compliance. By utilizing the strategies, examples, and systems we’ve suggested in this article, you’ll be able to construct a rigorous compliance program that secures your data while passing regulations.

]]>
https://www.webpronews.com/data-compliance-issues/feed/ 2 599575
Pioneering Secure Access Service Edge (SASE): A Transformative Frontier in Network Security https://www.webpronews.com/sase-network-security/ https://www.webpronews.com/sase-network-security/#comments Wed, 07 Feb 2024 13:54:28 +0000 https://www.webpronews.com/?p=599375 The ever-evolving digital landscape demands novel and effective solutions to safeguard networks and data. One of the most revolutionary concepts to emerge in recent years is Secure Access Service Edge (SASE). SASE marks a paradigm shift in network security, offering a holistic and adaptable approach to secure remote access, edge computing and data fortification. This article will take an in-depth look at SASE, touching on its fundamental components, its many advantages and its great potential to reshape the future of cybersecurity.

The Essence of SASE

Secure Access Service Edge, affectionately dubbed “SASE,” was introduced by Gartner in 2019 as a forward-thinking concept. This visionary approach heralds a new era in cybersecurity by elegantly harmonizing network security and Wide-Area Networking (WAN) capabilities within a unified cloud-based service. 

The fundamental idea underpinning SASE is the seamless and fortified accessibility of applications and data, transcending device and geographical constraints, all while empowering organizations to navigate the ever-expanding digital frontier with unparalleled confidence.

Key Components of SASE

  1. Cloud-Native Elegance: SASE is ingeniously constructed on a cloud-native architecture, which leverages cloud-based services and infrastructure, thereby facilitating scalability and flexibility. This fluidity empowers organizations to swiftly adapt to changing operational demands.
  2. Software-Defined Wide Area Networking (SD-WAN): SD-WAN is the backbone of SASE, orchestrating network performance optimization by intelligently routing traffic and prioritizing mission-critical applications. This ensures an uninterrupted user experience.
  3. The Zero Trust Citadel: SASE is an ardent adherent of the Zero Trust security model, a radical departure from traditional perimeter security. It mandates continuous user and device identity verification, meticulously assessing their trustworthiness prior to granting access. This model is nothing short of a fortress against unauthorized access.
  4. Holistic Security Synergy: SASE integrates an assortment of security services, including firewalls, secure web gateways, data loss prevention and threat detection into a unified platform. This amalgamation simplifies management and does away with security silos, resulting in a more robust defense posture.

SASE’s Assured Advantages

  • Fortified Security Bastion: SASE heralds a new era of security by ingraining the Zero Trust model, assuring that network access is consistently scrutinized and regulated. As the landscape tilts towards remote work, this approach becomes exceedingly pertinent.
  • Supernal Performance Elevation: The SD-WAN technology within SASE elevates network performance, eradicating latency and ensuring the unhindered operation of critical applications. This is of paramount importance to businesses reliant on real-time data and seamless communication.
  • Infinite Scalability and Unrivaled Flexibility: The cloud-native architecture empowers organizations, irrespective of their size, to dynamically scale network and security resources. SASE is inherently designed to be an adaptable security vanguard.
  • Austerity and Operational Efficacy: SASE shatters the shackles of on-premises hardware costs, streamlining the convoluted task of managing multiple security solutions. The frugality that SASE brings is a great benefit.
  • Streamlined Management: SASE’s integrated security services and cloud-based orientation simplify the complex chore of network and security management. This liberation grants IT teams the freedom to allocate their energies toward strategic, forward-thinking objectives.
  • Anticipatory Security Fortifications: The adaptability of SASE to response appropriately to evolving threats is of profound significance. The incorporation of new security services and updates is nimbly executed, thereby assuring an enduring shield against emerging threats.

The Path Forward for Cybersecurity

SASE is destined to fundamentally reshape the cyber defense landscape in many ways:

  1. The Ebbing of Perimeter Security: With SASE the traditional security perimeter has become antiquated in a world marked by remote work and the proliferation of cloud services. It underscores identity-based security, a paradigm where users and devices are meticulously authenticated and authorized, regardless of their physical location.
  2. Resilience Beyond Measure: The cloud-native architecture within SASE provides a safety net through built-in redundancy. High availability and resilience are assured even in the face of network disruptions or malicious attacks.
  3. Emphasizing Data Custodianship: Integrated security services within SASE, including data loss prevention, encrypting sensitive data and ensuring organizations are poised to meet regulatory compliance standards and shield their invaluable data assets.
  4. Compliance without Complexity: SASE’s unified platform streamlines the arduous task of adhering to regulatory compliance standards. This is a boon for organizations grappling with an intricate web of regulations.
  5. Global Network Reach: With the ability to tap into SASE services from any corner of the world, organizations can expand their operational boundaries without trading security or performance for global reach.

Conclusion

Secure Access Service Edge is a monumental leap forward in network security. Fusing cloud-native elegance, SD-WAN, the Zero Trust model and integrated security services into one unified platform, SASE doesn’t just bolster security, but also revamps performance, scalability and cost-effectiveness. In an era where remote work and cloud adoption are the norm, SASE is primed to play a pivotal role in the future of cybersecurity, arming organizations with the tools to secure their data and networks in a dynamic and evolving digital landscape. 

Embracing SASE is not merely a technological choice, but a strategic leap toward safeguarding an organization’s digital operations in an uncertain future.

]]>
https://www.webpronews.com/sase-network-security/feed/ 16 599375
IBM and Meta Launch Alliance to Level AI Playing Field https://www.webpronews.com/ibm-and-meta-launch-alliance-to-level-ai-playing-field/ Thu, 01 Feb 2024 16:52:59 +0000 https://www.webpronews.com/?p=600046 IBM and Meta have launched an alliance to level the AI playing field and sponsor “open, safe, responsible AI.”

Microsoft, OpenAI, and Google have jumped to an early lead in the AI wars, sparking fears that other organizations will be left behind. IBM and Meta have launched the AI Alliance with more than 50 founding members. The alliance outlined its goals in its inaugural announcement:

The AI Alliance is focused on fostering an open community and enabling developers and researchers to accelerate responsible innovation in AI while ensuring scientific rigor, trust, safety, security, diversity and economic competitiveness. By bringing together leading developers, scientists, academic institutions, companies, and other innovators, we will pool resources and knowledge to address safety concerns while providing a platform for sharing and developing solutions that fit the needs of researchers, developers, and adopters around the world. 

“The progress we continue to witness in AI is a testament to open innovation and collaboration across communities of creators, scientists, academics and business leaders,” said Arvind Krishna, IBM Chairman and CEO. “This is a pivotal moment in defining the future of AI. IBM is proud to partner with like-minded organizations through the AI Alliance to ensure this open ecosystem drives an innovative AI agenda underpinned by safety, accountability and scientific rigor.”

“We believe it’s better when AI is developed openly – more people can access the benefits, build innovative products and work on safety,” Nick Clegg, President, Global Affairs of Meta. “The AI Alliance brings together researchers, developers and companies to share tools and knowledge that can help us all make progress whether models are shared openly or not. We’re looking forward to working with partners to advance the state-of-the-art in AI and help everyone build responsibly.”

The alliance includes the following founding members:

  • Agency for Science, Technology and Research (A*STAR)
  • Aitomatic
  • AMD
  • Anyscale
  • Cerebras
  • CERN
  • Cleveland Clinic
  • Cornell University
  • Dartmouth
  • Dell Technologies
  • Ecole Polytechnique Federale de Lausanne
  • ETH Zurich
  • Fast.ai
  • Fenrir, Inc.
  • FPT Software
  • Hebrew University of Jerusalem
  • Hugging Face
  • IBM
  • Abdus Salam International Centre for Theoretical Physics (ICTP)
  • Imperial College London
  • Indian Institute of Technology Bombay
  • Institute for Computer Science, Artificial Intelligence
  • Intel
  • Keio University
  • LangChain
  • LlamaIndex
  • Linux Foundation
  • Mass Open Cloud Alliance, operated by Boston University and Harvard
  • Meta
  • Mohamed bin Zayed University of Artificial Intelligence
  • MLCommons
  • National Aeronautics and Space Administration
  • National Science Foundation
  • New York University
  • NumFOCUS
  • OpenTeams
  • Oracle
  • Partnership on AI
  • Quansight
  • Red Hat
  • Rensselaer Polytechnic Institute
  • Roadzen
  • Sakana AI
  • SB Intuitions
  • ServiceNow
  • Silo AI
  • Simons Foundation
  • Sony Group
  • Stability AI
  • Together AI
  • TU Munich
  • UC Berkeley College of Computing, Data Science, and Society
  • University of Illinois Urbana-Champaign
  • The University of Notre Dame
  • The University of Texas at Austin
  • The University of Tokyo
  • Yale University

]]>
600046
Linux Distro Reviews: openSUSE Tumbleweed — Part 2 https://www.webpronews.com/linux-distro-reviews-opensuse-tumbleweed-part-2/ Sun, 14 Jan 2024 13:00:00 +0000 https://www.webpronews.com/?p=522431 openSUSE Tumbleweed is a rolling release Linux distro, one that is something of a two-edged sword in terms of its features and usability.

In Part 1 of this review, we looked at openSUSE’s background, its openQA-provided stability, outstanding installer, choice of desktop environments, and its security. All of these are significant advantages of the distro. Unfortunately, security is also where openSUSE’s disadvantages begin to shine through.

Disclaimer: Some will say the following points are too critical of openSUSE since it’s a more technical distro and not necessarily aimed at desktop users. Nonetheless, openSUSE’s own website says it is: “The makers’ choice for sysadmins, developers and desktop users.” Therefore, my final rating will reflect the distro’s ability to meet the needs of all three of those categories.

Too Much Security?

Security is only a good thing if it’s not so restrictive that people begin disabling features for the sake of convenience, and this is where openSUSE’s disadvantages begin to shine through.

Of all the distros that I have tried to date (Fedora, Manjaro, openSUSE, KDE Neon, Pop!_OS, Kubuntu, and Zorin OS), openSUSE’s security policies are by far the most restrictive. Want to adjust your network settings? You’ll need to enter your password. Want to install a Flatpak app? You’ll need to enter your password. Change your timezone? Enter your password.

What’s more, the default firewall settings are so strict that printer discovery doesn’t work out of the box. To be clear, every single other distro I’ve tried automatically discovers my HP printer on my network and lets me print without installing any additional drivers.

In contrast, openSUSE cannot even discover the printer without changing the firewall profile from the default ‘Public’ to ‘Home,’ or adding the mDNS service to the ‘Public’ profile. Even when making sure mDNS is enabled, openSUSE still requires “hplip” software/driver package installed.

Is it possible to overcome these issues? Yes. But many people, especially less technical users, give up before figuring out how to jump through all these hoops. In fact, a quick look at openSUSE’s Reddit will reveal that two common solutions to printing on openSUSE are a) disable the firewall altogether or b) “don’t print on openSUSE.” Seriously…I have seen that advice multiple times…”don’t print on openSUSE.”

The issues with printing on openSUSE are irritating enough that Linux creator Linus Torvalds famously dumped openSUSE and switched to Fedora because printing was just too hard to bother with. Fans of the distro will point out that it has gotten better since that day…but it’s still not good enough for the average desktop user.

Yast

Yast stands for Yet Another Setup Tool and is one of the defining characteristics of openSUSE. The tool is a throwback to the earlier days of Linux when such setup and configuration tools were more common.

There’s no denying that Yast is a powerful tool, one that is available as both a graphical and command-line package. For system admins, Yast provides a powerful way to administer openSUSE instances. There is almost nothing you can configure via the terminal that can’t be configured via Yast’s GUI, and it’s a tool I miss on other distros.

At the same time, however, like openSUSE’s other hallmark features, Yast is something of a two-edged sword. While it’s undeniably useful — and this is purely subjective — I’m not a fan of how it takes over functions normally handled by a distro’s built-in tools. For example, I run the KDE Plasma desktop, which has excellent built-in tools for printing and firewall management. Yast takes these tasks over, however. Gnome has similarly useful tools as part of the system settings.

As I said, I realize this is very subjective. Some users prefer to have one tool to manage such tasks, regardless of the desktop environment they use. Many users prefer to have one desktop-agnostic tool that never changes. I am not one of those users. I would prefer to use Plasma’s tools when they’re available and fall back to Yast when they’re not.

Btrfs and Snapper

One of openSUSE’s greatest features is its use of the btrfs filesystem and built-in Snapper support. Btrfs is a relatively new filesystem that provides automated system snapshots. This gives users the option to rollback to a previous snapshot from the boot menu in the event something goes wrong.

Tinkering with your system and mess something up? Not a problem, just rollback and it never happened. The same goes for an update that borks something. Just rollback and wait for the issue to be addressed. This is truly a must-have setup for a rolling release distro.

There are two downsides to keep in mind with btrfs (there’s that two-edged sword again):

Btrfs is one of the slower filesystems in use by Linux distros. The excellent DJ Ware, on YouTube, has done extensive benchmarks showing how much slower the filesystem is. While I’ve not done such extensive benchmarks myself, I do have an everyday data point.

When setting up the digiKam photo organizing software for the first time, the app scans your Pictures folder. On any distro using the older ext4 filesystem, it takes digikam anywhere from 4:57 to 5:17 to scan my 49GB of photos. In contrast, digiKam on openSUSE takes more than 7:50 to complete. This result, which I have been able to consistently reproduce, jives with DJ Ware’s benchmarks.

The other potential downside is in regard to data integrity. Given that it’s still a young filesystem, there are still an uncomfortable number of reports about btrfs filesystems becoming hopelessly corrupted. Without a doubt, openSUSE has the most mature implementation of btrfs, but your mileage may vary.

Patterns and Recommendations

One of the things that makes openSUSE so successful at providing stability with a rolling release is its use of Patterns and recommendations.

Patterns are collections of software that are related and share dependencies. For example, there’s a KDE Plasma Pattern, KDE Apps Pattern, Office Suite Pattern, Mobile Pattern, and more.

The power of patterns is that it allows openSUSE developers to update an entire collection of software rather than try to determine what is or is not installed on a machine. Similarly, openSUSE defaults to installing any and all recommended dependencies when installing an application, unlike almost every other distro, in the interest of making sure no app is installed with any missing features.

On paper, both of these seem like good ideas, and, to be clear, they are…to a point. Both of these features contribute greatly to openSUSE Tumbleweed being one of the most stable rolling-release distros.

Unfortunately, Patterns and recommendations also result in some unfortunate side effects. For example, if you delete an application that is included in one of the default Patterns, it will be reinstalled on the next update. You will need to manually block the package, or the entire Pattern, in order to prevent its reinstallation.

Random Papercuts

Slack Issues

In addition to the major things highlighted above, openSUSE running KDE has a bug that makes it almost impossible to add the workspaces I’m subscribed to. I can easily add three of them with no problem, but the fourth one always fails.

The only way I can get it added to the Slack client is to try importing that workspace along with three or four defunct workspaces. After trying this one or three dozen times, the troublesome workspace will finally get imported. From what I’ve been able to tell via research, the workspace string that gets passed from browser to Slack clients gets mangled.

At one point, I thought this was a KDE Plasma bug since it doesn’t happen on Gnome or Xfce. However, this only happens on openSUSE. It doesn’t happen on Manjaro KDE, Kubuntu, or KDE Neon. I have no idea what the problem is but, at least in my experience, it is a uniquely openSUSE issue.

Network Login

On multiple installs of openSUSE, I’ve had issues where I was constantly prompted to enter my root password and network password in order to stay connected. Wake the computer from sleep…enter my passwords. Needless to say, this got old quick.

Conclusion

openSUSE Tumbleweed is one of the most well-engineered distros on the market and offers a tremendous amount of features and abilities. Unfortunately, some of those features are a two-edged sword that cause as many problems as they solve.

openSUSE Tumbleweed is a distro I love to play with and would love to use as my daily driver. Unfortunately, the inconveniences quickly wears on my nerves in daily use, and I end up moving on.

That being said, for the right person, openSUSE is hands-down the best distro available.

Rating

For System Admins: 5 out of 5 stars

The combination of Yast and its enterprise connections makes openSUSE quite possibly the best distro for system admins.

For Developers: 4 out of 5 stars

On the one hand, having the latest and greatest packages can be a big help to developers. On the other hand, the papercuts and irritations may take unnecessary time away from development.

For Desktop Users: 3 out of 5 stars

Before writing about tech, I was a software developer for over a decade. I’ve created software for major universities, companies, and the commercial market. In spite of that high-tech background, openSUSE was just too irritating and difficult for me to use on a daily basis, and I would never recommend it to most everyday users. It would have to be a special breed of desktop user, one that wants to spend as much time managing their computer as using it before I could recommend it to them.

]]>
522431
Google’s Chrome Settlement Is A Warning To Chrome Users https://www.webpronews.com/googles-chrome-settlement-is-a-warning-to-chrome-users/ Fri, 29 Dec 2023 17:27:02 +0000 https://www.webpronews.com/?p=600264 Shortly after signaling that it wanted to settle a lawsuit over Chrome’s Incognito mode, the company has reached a deal with the plaintiffs.

Plaintiffs brought a class-action lawsuit against Google for continuing to track Chrome users even when they had Incognito mode enabled, as well as when similar modes were enabled in other browsers. The company allegedly used a combination of methods, including cookies, apps, and Google Analytics.

According to Reuters, the parties have agreed to a settlement, although the terms of the deal were not disclosed. The outlet reports that attorneys “have agreed to a binding term sheet through mediation,” with the formal offer expected to be presented to the court by February 24, 2024. 

While this particular case may be on the verge of settling, it should serve as a stark warning to Chrome users that it is time to use a different web browser. Chrome may be the most popular web browser in the world, but it is also made by the biggest advertising company in the world. As a result, Chrome will never be as privacy-respecting as many other alternatives. Google’s entire business model depends on knowing what people are doing, looking at, shopping for, and more.

An added concern is that Google’s dominance of web search, web advertising, and the web browser market give it the ability to push technologies and features that benefit its core business at the expense of user privacy. The Electronic Frontier Foundation has repeatedly called the company out for such tactics.

Instead, WPN recommends Firefox or Brave. Firefox has a long history of protecting user privacy and security, and is just as feature-rich as Chrome. Similarly, Brave has strong privacy controls and security built in, but has the added benefit of being built on the same open source browsing engine as Chrome. This gives it near-perfect compatibility with sites that require Chrome.

Relying on Google Chrome and expecting privacy is akin to relying on an alarm system distributed by home burglars and expecting your home and belongings to remain safe. It’s high time for users to move to truly private and secure options.

]]>
600264
Mint Mobile Suffered a Data Breach, Customer Data Exposed https://www.webpronews.com/mint-mobile-suffered-a-data-breach-customer-data-exposed/ Tue, 26 Dec 2023 18:11:03 +0000 https://www.webpronews.com/?p=600216 Mint Mobile says it has suffered a data breach, one that exposed personal data of an undisclosed number of its customers.

According to BleepingComputer, Mint began sending out emails to impacted customers on December 22.

“We are writing to inform you about a security incident we recently identified in which an unauthorized actor obtained some limited types of customer information,” reads the email.

“Our investigation indicates that certain information associated with your account was impacted.”

The outlet reports the exposed data includes Name, Telephone Number, Email, SIM serial number, IMEI number, and the service plan the customer is currently on.

Fortunately, no payment information was compromised since Mint does not save credit card numbers. The company also says customer passwords are protected by “strong cryptographic technology,” meaning they were not compromised.

As BleepingComputer points out, T-Mobile previously announced plans to purchase Mint Mobile. It’s unclear if/how the data breach will impact the deal.

]]>
600216
Tech Winners and Losers of 2023 https://www.webpronews.com/tech-winners-and-losers-of-2023/ Tue, 26 Dec 2023 17:55:58 +0000 https://www.webpronews.com/?p=600214 The tech industry saw some major changes and developments throughout 2023, developments that left some companies and individuals far better off than others. Let’s look at the tech industry’s winners and losers from the past year.

Winner: Microsoft

It’s hard to argue that Microsoft pulled off the coup of the decade by beating Google to the punch in AI. By partnering with and investing in OpenAI, Microsoft was able to take Google by surprise and gain a tremendous advantage in mindshare, as well as put a dent in Google’s search.

The company has continued to build on that advantage, incorporating AI across its various platforms. The company has also served as a stabilizing influence on OpenAI, providing some much-needed guidance in the midst of its recent crisis (see below).

Loser: OpenAI Board of Directors

OpenAI launched a public battle to oust co-founder and CEO Sam Altman, sending shockwaves throughout the tech industry. As details emerged, there were reports of growing concern over Altman’s prioritizing the monetization of OpenAI’s work, with some scientists believing a more cautious approach was in order. There were even some reports that OpenAI had made an AI breakthrough that led to the growing concern.

Unfortunately for the board, the way they went about addressing their concerns—including launching a boardroom coup—did little to win supporters to their cause and only served to rally support for Altman. Microsoft offered him a job and extended the same offer to any and all disgruntled OpenAI employees. Salesforce and Nvidia made similar offers to OpenAI staff.

After significant drama, the situation was finally resolved with Altman returning and most of the board departing.

Winner: Nvidia

Few could argue that Nvidia has become the face of the AI revolution—at least when it comes to the hardware powering it. The company’s hardware has been at the heart of AI development, powering some of the most innovative developments in the industry.

It’s no surprise that Nvidia’s value has skyrocketed as a result of the position it enjoys, although the company does face some difficulties ahead. Most notably, ongoing tension between the US and China continues to create challenges for the company, with the US striving to keep advanced semiconductor and AI technology out of China’s hands. Nvidia has worked around these restrictions by making chips that slip below the export thresholds the US sets, but Commerce Secretary Gina Raimondo recently warned Nvidia about continuing to do so.

Loser: Intel

Once the king of the semiconductor market, Intel has long since been eclipsed, both in value and technology. The company has also missed out on being the driving force behind major segments in the industry, with TSMC the preferred semiconductor manufacture for mobile device makers and the aforementioned Nvidia the preferred provider of AI hardware.

Intel has been working hard to reclaim its crown and has certainly made headway under CEO Pat Gelsinger. Nonetheless, those efforts have been blunted by massive losses, including the single worst quarterly loss in company history in 2023. Gelsinger and team clearly have much more to do if Intel has any hopes of recapturing its former glory.

Winner: Linux

“The year of the Linux desktop” has become something of a meme, but there’s no denying that Linux on the desktop made serious headway in 2023. While the open source operating system has yet to truly rival macOS and Windows, Linux crossed the 3% mark in 2023—its highest recorded share of the desktop market.

As we previously wrote, there are a number of major developments in the Linux desktop space poised to make 2024 an even better year. KDE Plasma 6, the release of System 76’s Rust-based Cosmic desktop, and the Linux Mint team working on Wayland adoption are just a few of the projects that could spur further adoption. The single biggest factor, however, could be Microsoft Windows.

Loser: Microsoft Windows

Once the undisputed king of the desktop, with more than 95% of the market in January 2009, Windows is down to a 72% share at the end of 2023. Unfortunately for Microsoft, the problem is likely to get worse.

Microsoft has slated Windows 10 for EOL in October 2025, meaning it will no longer receive updates or security fixes. An estimated 240 million PCs will be rendered obsolete, unable to run Windows 11.

Fortunately for many users and companies, however, Linux runs perfectly on computers that Windows no longer supports, and distributions such as Linux Mint can often serve as near-drop-in replacements for Windows. This alone could help drive a significant number of users to Linux, further lowering Windows’ overall market share.

Winner: Privacy

2023 saw a number of threats to user privacy, although the biggest of those were defeated. The UK was working to pass legislation that would have weakened encryption and forced companies to provide a way to monitor messages. The EU was poised to pass similar legislation.

In both cases, however, changes were made that preserved user privacy. In the case of the UK, the bill was watered down enough to count as a win for privacy advocates, although there is still enough left in the bill to concern many.

In the case of the EU, the bloc completely dropped the provision that would require messaging encryption to be weakened.

Nonetheless, many remain concerned that governments and regulators continue to look for new, less obvious ways to circumvent the very encryption and security the internet relies on.

Loser: Google

It’s hard to argue that 2023 was a bad year for the search giant. As consumer privacy awareness grows, Google increasingly finds itself in the crosshair of privacy-minded users, as well as lawmakers.

The company is also fighting a landmark antitrust case, one that has been damaging to the company’s reputation. The company is also facing antitrust investigations in other counties as well.

Winner: Tim Cook

In a year when CEOs committed faux pas, were fired, caught in scandals, and betrayed employee trust with mass layoffs, Apple CEO Tim Cook remained a steady hand at the helm of the world’s most valuable company.

In addition to his stewardship over the company’s operations, Cook’s tenure has seen Apple develop its Vision Pro, a “revolutionary spatial computer” that may finally take virtual and augmented reality mainstream.

Loser: Elon Musk

There are few high-profile executives who have lost more respect, caused more chaos, or courted more controversy than Elon Musk. In the wake of his purchase of Twitter, Musk presided over a disastrous rebranding to “X,” laid off roughly half of the staff, slashed the moderation teams, and has seen the company’s advertisers flee the platform in droves.

What’s more, Musk’s handling of Twitter has tarnished his reputation as the tech exec who could do no wrong. Tesla, SpaceX, and Starlink have been incredible successes, but Twitter has hung over Musk and his obsession with it has taken a toll on his leadership over those other companies. Tesla investors have slammed the executive’s behavior. To make matters worse, Tesla has faced troubles of its own, including a DOJ investigation into the company’s practices.

Conclusion

Without a doubt, 2023 was an eventful year for the tech industry, with many developments setting the stage setting the stage for an exciting 2024.

]]>
600214
Pro Tip: Don’t Use ‘1111’ As Your Password https://www.webpronews.com/pro-tip-dont-use-1111-as-your-password/ Mon, 25 Dec 2023 16:00:00 +0000 https://www.webpronews.com/?p=600212 Companies and individuals should take a lesson from US water utilities and choose something other than “1111” as their password for internet-accessible devices.

According to Fast Company, the National Security Council said a recent attack on US water utilities by Iran-backed hackers targeted extremely novice security mistakes. While the attack did not compromise critical systems, the outlet reports that the devices that were compromised were using the default “1111” password.

“We’re seeing companies and critical services facing increased cyber threats from malicious criminals and countries,” Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technologies, told Fast Company

Unfortunately, US water utilities are hardly unique in their use of weak passwords. In fact, according to NordPass, the vast majority of the top 200 passwords take less than one second to crack. Below is the top 10, all of which can be cracked in under a second:

  • 123456
  • admin
  • 12345678
  • 123456789
  • 1234
  • 12345
  • password
  • 123
  • Aa123456
  • 1234567890

Weak passwords clearly are still a widespread issue, but it is somewhat concerning that critical infrastructure is plagued by the problem as well. As Neuberger told Fast Company, there’s still much to do to improve the situation.

“Clearly, by the most recent success of the criminal cyberattacks, more work needs to be done,” she said.

]]>
600212
Linux Distro Reviews: Tuxedo OS https://www.webpronews.com/linux-distro-reviews-tuxedo-os/ Sun, 24 Dec 2023 14:00:00 +0000 https://www.webpronews.com/?p=600202 Tuxedo OS is a Linux distro created by Tuxedo Computers, the makers of laptops and PCs designed specifically to run Linux. While similar to other projects, Tuxedo OS has several unique features.

What Is Tuxedo OS?

Tuxedo OS is based on Ubuntu LTS, the long-term support version of the world’s most popular Linux distro. This gives Tuxedo the benefit of one of the widest software repositories and the deepest hardware support of virtually any distro.

One common complaint with Ubuntu LTS is that the Linux kernel and software can become somewhat stale throughout the release’s two-year life cycle. This can be especially problematic for the newest hardware that older versions of the Linux kernel may not yet support. Tuxedo solves this by updating the kernel, the graphics stack, and some popular applications throughout the life of a release.

Tuxedo uses KDE Plasma for its desktop environment (DE), pulling the KDE stack directly from the KDE Neon repos. KDE Neon is the distro maintained by the KDE developers and receives updates to Plasma and KDE apps as soon as they are available. Tuxedo does a bit of additional testing but still updates the KDE stack within a couple of weeks of Neon. This extra QA helps smooth out Plasma’s rough edges.

Other than a custom color theme, which can be easily changed, Tuxedo OS makes no major changes to KDE Plasma. The distro also includes relatively few pre-installed applications beyond the basic suite of apps, leading to a relatively lean install.

Tuxedo hosts its own repos, mirroring the Ubuntu ones. As a general rule, system updates are pushed out every Monday, while security updates are pushed out as soon as they become available.

Like other popular distros based off of Ubuntu—such as Linux Mint—Tuxedo includes Flatpak and does not include Ubuntu’s snaps.

Installation

Tuxedo OS has an unusual two-step installation process. When booting off of a USB drive containing the installation ISO, users are first presented with a setup process for the installer. After going through several steps, the actual installer runs.

When the installer first runs it will ask if you want to proceed with full-disk encryption enabled. If you select Yes, the installer will proceed with a streamlined install process. If you choose No, you will still be given the option to select full-disk encryption later. Since Tuxedo is using the popular Calamares install application, the prompts will be familiar.

There is one oddity users should be aware of, however. If you select full-disk encryption at the first prompt, the installer will automatically partition your disk with a 2GB swap partition. If, however, you decline the first prompt and proceed with the installation, the installer will create an 8GB swap partition unless you opt to manually partition the disk.

As a result, if you want to minimize the size of your swap partition without manually partitioning, you should select Yes when the install initially asks if you want to install with full-disk encryption.

Tuxedo Control Center, Tomte and Performance

Tuxedo OS comes with the Tuxedo Control Center (TCC), giving users the ability to change profiles, control CPU performance, fan speeds, set up charging profiles, and more.

TCC’s full functionality is only compatible with Tuxedo’s own computers, but that doesn’t mean the utility doesn’t work on other devices. For example, non-Tuxedo hardware doesn’t benefit from the hardware sensors that reveal CPU frequency and fan speed. Nor does generic hardware benefit from the battery charging profiles—the ability to lower the charging speed and threshold to preserve the battery’s lifespan.

Tuxedo hardware also benefits from Tomte, Tuxedo’s utility to help install and configure drivers. This utility is a one-stop-shop for any and all drivers a Tuxedo computer needs to reach its full performance potential. Non-Tuxedo hardware will likely not benefit from Tomte.

Despite these limitations, all hardware should still benefit from the performance profiles. YouTuber Mumbling Hugo tested the profiles on non-Tuxedo hardware and found a major performance boost when choosing the correct profile. In fact, Tuxedo beat his previous best-performing distro when the correct profile was selected.

Privacy

Another major benefit of Tuxedo OS is its focus on privacy. Germany has established itself as one of the most privacy-conscious jurisdictions, benefiting from the EU’s focus on consumer privacy. As a German company, Tuxedo takes privacy seriously, collecting no telemetry from its users.

Tuxedo also improves privacy over the default Ubuntu. Ubuntu-based distros include a NetworkManager connectivity check to Canonical’s server, which Tuxedo reroutes:

In the same breath we have turned the NetworkManager connectivity check from a Ubuntu URL to a TUXEDO URL. “Connectivity Checking” is a function of the NetworkManager package, which checks at intervals whether there is a connection to the Internet. At Ubuntu and therefore TUXEDO OS, the URL http://connectivity-check.ubuntu.com was used for this purpose, which checks the connection every 300 seconds. Since we already mirror the Mirror servers of Ubuntu and therefore no IP addresses of customers go to Canonical, we have decided to place the URL for the connection test on their own URL for TUXEDO OS. This means that the URL http://connectivity-check.tuxedocomputers.com is used for the automatic queries in NetworkManager. We hereby guarantee that we do not record this access on the server side.

Tuxedo OS Is a Unique Offering In the Linux World

As a result of the above factors, Tuxedo OS is more akin to a semi-rolling release than either a full-rolling or static release distro. The underlying base is the solid and stable Ubuntu LTS, while the kernel, graphics drivers, Plasma DE, KDE apps, and some popular apps are updated on a continuous basis. This makes Tuxedo somewhat unique in the Linux world, putting it in the company of Pop_OS!, another distro made by a hardware manufacturer.

On the whole, Tuxedo OS is an outstanding distro and easily one of the best KDE Plasma-based options around. In my testing of the distro—on a Tuxedo Pulse Gen 1 laptop and an older HP Pavilion—Tuxedo OS is easily the most stable and reliable KDE Plasma distro I have ever run. On many distros—openSUSE Tumbleweed, Fedora, Kubuntu, Neon, Manjaro, etc—I have always found Plasma to be relatively buggy, although the degree has varied from one distro to another. Much of this stems from Plasma’s extensive feature set and the pace of its development.

Tuxedo OS, on the other hand, significantly smooths out Plasma’s rough edges, leading to THE best experience I have ever had using Plasma, and one of the best choices overall.

Rating

4.5 out of 5 stars

]]>
600202
Cisco Is Buying Isovalent To Bolster Multicloud Security https://www.webpronews.com/cisco-is-buying-isovalent-to-bolster-multicloud-security/ Fri, 22 Dec 2023 15:00:00 +0000 https://www.webpronews.com/?p=600194 Cisco announced it is purchasing Isovalent, a company specializing in “open source cloud native networking and security.”

Cisco says Isovalent’s acquisition will help improve its Cisco Security Cloud and provide customers better protection across their workloads.

“Together with Isovalent, Cisco will build on the open source power of Cilium to create a truly unique multicloud security and networking capability to help customers simplify and accelerate their digital transformation journeys,” said Jeetu Patel, executive vice president and general manager of Security and Collaboration at Cisco. “Imagine in today’s distributed environment – of applications, virtual machines, containers and cloud assets – having security controls with total visibility, without hindering networking and application performance. The combination of Cisco and Isovalent will make this a reality.”

“Cisco is committed to nurturing, investing in, and contributing to the eBPF and Cilium open source communities,” said Stephen Augustus, Head of Open Source at Cisco. “Isovalent’s team will join Cisco’s deep bench of open source governance and technical leadership to solve complex cloud native, security, and networking challenges. Their knowledge will accelerate innovation across the business and help further strengthen the Cisco Security Cloud platform to meet the growing demands of our customers.”

Terms of the deal were no disclosed, but it is expected to close in the third quarter of fiscal 2024.

]]>
600194
FTC Bans Rite Aid From Using Facial Recognition https://www.webpronews.com/ftc-bans-rite-aid-from-using-facial-recognition/ Thu, 21 Dec 2023 13:00:00 +0000 https://www.webpronews.com/?p=600175 The Federal Trade Commission has banned Rite Aid from using facial recognition for five years after the company harmed customers with it.

According to the FTC, Rite Aid did not have reasonable safeguards in place to protect customers when it deployed facial recognition in its stores. As a result, the agency says the pharmacy potentially harmed and humiliated its customers.

“Rite Aid’s reckless use of facial surveillance systems left its customers facing humiliation and other harms, and its order violations put consumers’ sensitive information at risk,” said Samuel Levine, Director of the FTC’s Bureau of Consumer Protection. “Today’s groundbreaking order makes clear that the Commission will be vigilant in protecting the public from unfair biometric surveillance and unfair data security practices.” 

As part of the FTC’s action, Rite Aid will be banned from using facial recognition for five years and must implement the necessary safeguards when it does eventually re-dploy the tech.

The proposed order will require Rite Aid to implement comprehensive safeguards to prevent these types of harm to consumers when deploying automated systems that use biometric information to track them or flag them as security risks. It also will require Rite Aid to discontinue using any such technology if it cannot control potential risks to consumers. To settle charges it violated a 2010 Commission data security order by failing to adequately oversee its service providers, Rite Aid will also be required to implement a robust information security program, which must be overseen by the company’s top executives.

The ban will go into effect once it is approved by the court overseeing Rite Aid’s bankruptcy.

]]>
600175
Emerging Remote Work Trends https://www.webpronews.com/remote-work-trends/ Tue, 19 Dec 2023 12:40:07 +0000 https://www.webpronews.com/?p=600163 In 2024, the American workplace continues to navigate the aftereffects of the pandemic, with remote work playing a pivotal role. The transition to remote work, once a necessity, has now become a preferred mode for many. The latest statistics on remote work trends across the United States offer a detailed perspective on this evolving phenomenon.

Remote Work Emerged During the Pandemic

Millions of Americans experienced remote work during the pandemic, sparking a major shift in the work culture. As of 2023, around 40% of U.S. employees worked remotely at least once a week. This trend is more pronounced in certain industries. Information technology leads with 67%, followed by professional and business services at 49%, educational services at 46%, and wholesale trade at 39%. These numbers, however, have seen a gradual decline since 2020. The proportion of people primarily working from home decreased significantly from 35% in 2020 to 12.7% in 2023.

Interestingly, 72.5% of businesses reported having no remote workers in 2023, up from 60.1% in 2021. This increase suggests a partial return to traditional office settings or perhaps a blend of remote and in-office work models.

Diving into a state-by-state analysis, the statistics reveal a varied landscape. Michigan leads with 27% of its workforce operating remotely. Indiana, Virginia, South Carolina, and Wisconsin closely follow, each with 26%. On the other end, states like Wyoming (3%), Alaska (4%), South Dakota (4%), and Vermont (4%) have the lowest percentages of remote workers. These numbers not only reflect the regional differences in the adoption of remote work but also underscore the diverse infrastructural and economic factors influencing this trend.

Globally, the workforce is predominantly on-site (66.5%), with hybrid models (25.6%) and fully remote arrangements (7.9%) making up the rest. Despite the stabilization of remote work post-pandemic, its advantages for both employees and employers are substantial and hard to ignore.

Employees and Remote Work

Employees benefit significantly from remote work. The elimination of commute time is the most appreciated aspect (60%), followed by savings on gas and lunch expenses (44%), enhanced flexibility (42%), reduced time spent getting ready (38%), more quiet time for focused work (35%), and the opportunity to spend more time with family and friends (29%). These benefits contribute to a better work-life balance and overall job satisfaction.

From an employer’s perspective, the advantages are equally compelling. Remote work leads to a 56% reduction in employee absences and a 50% decrease in sick days. About 68% of businesses observe an increase in productivity with remote work arrangements. Perhaps most notably, remote work significantly lowers employee turnover by 50% and reduces annual costs per employee by $20,000 to $37,000.

In 2023, an overwhelming 98% of people expressed the desire to work remotely, either full-time or part-time. To make this a sustainable reality, businesses need to invest in robust connectivity platforms, advanced cybersecurity, and IT tools, along with AI-driven scheduling software. These technologies are essential for maintaining effective, productive, and connected remote teams.

Conclusion


As the 2024 data suggests, remote work is not just a temporary shift but a fundamental change in the work paradigm. While the extent of remote work adoption varies across industries and regions, the benefits are clear and significant for both employees and employers. Companies that adapt to this new norm by investing in appropriate technologies and flexible work policies are likely to thrive in this changing landscape. The future, as indicated by these remote work trends, will continue to evolve, with remote work being a key component of this evolution.

Return To Office or Work From Home? ]]>
600163