Search This Blog

Tuesday, October 31, 2017

Antimalware Day: Genesis of viruses… and computer defense techniques

On November 3, 1983, Frederick Cohen, a student at the engineering school of the University of Southern California (USC), was sure that a malicious program could be used to exploit any connected system, but he wondered how long it would take for the code to do so.
He prepared a prototype that – after eight hours of hard work on a VAX 11/750 system running Unix – was ready to be shown at the weekly security seminar he attended. It was his lecturer, Leonard Adleman, who baptized that program as a computer virus.

https://www.welivesecurity.com/2017/10/31/antimalware-day-genesis-viruses/

Mellanox Technologies, Ltd. to Present at Upcoming Investor Conferences


http://ir.mellanox.com/releasedetail.cfm?ReleaseID=1046166

The ZTE Axon M Gives Small Business Owners a Mobile Option — with Dual Screens

For small businesses looking to get more done outside of the office, the new ZTE Axon M could be a critical innovation. It comes with two 5.2 inch displays. When fully open, the device actually turns into a small tablet. This phone can remove the strain of working on a small screen by taking advantage of both displays.
When it is folded, the Axon M looks like a standard smartphone and it pretty much has the same features. The transformation takes place when you unfold the back and it lights up to reveal a second screen of the same size.

https://smallbiztrends.com/2017/10/zte-axon-m-dual-screen-smartphone.html

Small Business Security Experts Discuss Importance of Identifying Needs First

Good security is just as important to a small business as solid marketing and a great product. The Electronic Security Association (ESA) recently hosted a roundtable of four American small business security experts. They discussed how small businesses’ should identify their security needs. Following are a few highlights that can help you get started.

https://smallbiztrends.com/2017/10/small-business-security-tips.html

Business Users, Twitter May be Miscalculating Your Reach

Twitter released its third quarter results report Thursday and revealed that it miscalculated the amount of users it had by millions.

https://smallbiztrends.com/2017/10/twitter-miscalculated-users.html

Russian trolls can go viral in 3 easy steps (The 3:59, Ep. 307)

Facebook increasing ad transparency, iPhone X repairs look pricey (Tech ...

Monday, October 30, 2017

Guardium Tech Talk - Advanced reporting (2 of 3)

Threat Hunting, the Investigation of Fileless Malware Attacks

Fileless Monero WannaMine, a new attack discovered by PandaLabs

https://www.pandasecurity.com/mediacenter/pandalabs/threat-hunting-fileless-attacks/

Halloween cyber security tricks to avoid being hacked

When it comes to cybersecurity, there are very few treats to be enjoyed.


https://www.pandasecurity.com/mediacenter/tips/halloween-cyber-security-tricks/

How Federal Agencies Can Use FortiMail to Comply with BOD-18-01

On October 16th, the U.S. Department of Homeland Security (DHS) announced its intention to have all federal agencies revamp their email security protocol. The Binding Operational Directive (BOD-18-01) will require all federal agencies to deploy STARTTLS, Secure Policy Framework (SPF), Domain Keys Identified Mail (DKIM), and Domain-based Message Authentication Reporting and Conformance (DMARC) within three months of the directive’s announcement. While having these email security features enabled is generally considered to be a cybersecurity best practice, many federal organizations do not currently have them in place. In fact, data shows that 82 percent of federal organizations do not use the DMARC protocol.

https://blog.fortinet.com/2017/10/30/how-federal-agencies-can-use-fortimail-to-comply-with-bod-18-01

Best Practices to Help Safeguard Your Organization for the Internet of Things

The Internet of Things is riddled with security challenges. Cybercriminals know this too, and have often been quicker to take advantage of vulnerabilities than we have been to fix them. For instance, according to Fortinet's Threat Landscape Report for the second quarter of 2017, 90% of organizations recorded attacks that targeted system and device vulnerabilities that were at least three years old, even though updates and patches had long been available. It's even more alarming that 60% of organizations reported attacks aimed at vulnerabilities that were 10 or more years old.

https://blog.fortinet.com/2017/10/30/get-serious-about-iot-security

Heathrow security plans ‘found on USB stick left in the street’

This weekend British tabloid newspaper The Sunday Mirror warned of a potential “risk to national security” after a memory stick containing sensitive information about Heathrow airport was reportedly “found in the street.”
If the report is to be believed, an unnamed unemployed man found a USB stick lying amid the leaves on Ilbert Street, in Queen’s Park, West London – miles away from Britain’s busiest airport.

https://www.welivesecurity.com/2017/10/30/heathrow-security-plans-found-on-usb-stick-left-in-the-street/

Fortinet A Premier Sponsor of AT&T’s Inaugural ‘The Summit’ Event

Fortinet is a Premier Sponsor of The Summit, the inaugural AT&T Business event that is bringing together 2500 thought leaders, influencers, and customers for three days to be inspired and informed about the future of technology and how it impacts the world. This premiere event is being held from October 30-November 2, 2017 at the Gaylord Texan Resort in Dallas, Texas.

https://blog.fortinet.com/2017/10/30/fortinet-a-premier-sponsor-of-at-t-s-inaugural-the-summit-event

5 Ways to Prepare Your Online Business for Increased Sales

U.S. ecommerce sales are expected to grow by about 3 percent this holiday season compared to last year, according to research from eMarketer. That’s pretty moderate growth. But small ecommerce businesses still need to be prepared for an influx of orders over the next few months if they want to reap the benefits of the busy holiday shopping season.

https://smallbiztrends.com/2017/10/getting-an-ecommerce-business-ready-for-the-holidays.html

ESET research team assists FBI in Windigo case – Russian citizen sentenced to 46 months


https://www.welivesecurity.com/2017/10/30/esets-research-fbi-windigo-maxim-senakh/

Windigo Still not Windigone: An Ebury Update

Back in February 2014, ESET researchers wrote a blog post about an OpenSSH backdoor and credential stealer called Linux/Ebury. Further research showed that this component was the core of an operation involving multiple malware families we called “Operation Windigo”. This led to the publication of a whitepaper covering the full operation.
In February 2017, we found a new Ebury sample, that introduces a significant number of new features. The version number was bumped to 1.6.2a. At the time of that discovery, the latest versions we had seen were 1.5.x, months before. After further investigation, we realized that its infrastructure for exfiltrating credentials was still operational and that Ebury was still being actively used by the Windigo gang.

https://www.welivesecurity.com/2017/10/30/windigo-ebury-update-2/

HP's Omen 17 gives great graphical grunt for under $2,000

Evasive Sage 2.2 Ransomware Variant Targets More Countries

The Sage ransomware variant appears to have been out of circulation for a while in the malware scene. Since we published our article on Sage 2.0 last February, and the discovery of version 2.2 in March, the FortiGuard Labs team hasn’t seen significant activity with this malware for over six months.

https://blog.fortinet.com/2017/10/29/evasive-sage-2-2-ransomware-variant-targets-more-countries

25 Android and iPhone Apps to Add a Second Phone Number for Business Only Calls

A smartphone is just as much a business communication device as it is a personal one. But using a single number for both on your phone is unprofessional and unnecessarily problematic. But smartphone technology and the many apps available in the marketplace allow you to easily get a second phone number avoiding these problems entirely.
If your phone can accept a second SIM card, you can get another number from your service provider. However, if you don’t want to use this option or can’t because you don’t have a secondary SIM slot, you can use an app to get a second number on your phone.

https://smallbiztrends.com/2017/10/second-phone-number-apps.html

Sunday, October 29, 2017

The DUHK Vulnerability

There have been some news items floating around the Internet discussing a weakness in the ANSI X9.31 random number generator (RNG) known as DUHK (for Don't Use Hard-coded Keys) that had affected older FortiGate devices.

https://blog.fortinet.com/2017/10/27/the-duhk-vulnerability

The Analysis of Apache Struts 1 Form Field Input Validation Bypass (CVE-2015-0899)

Apache Struts 1 is a popularly used JAVA EE web application framework. It offers many kinds of validators to filter user input by using the Apache Common Validator library, which is both convenient and fast. However, a bug in Apache Struts can be used to easily bypass the input validation process, allowing an attacker to submit arbitrary dirty data to the database, possibly resulting in a cross-site scripting attack when the user views the JSP file that refers directly to the corrupted data.

https://blog.fortinet.com/2017/10/25/the-analysis-of-apache-struts-1-form-field-input-validation-bypass-cve-2015-0899

The Analysis of Apache Struts 1 ActionServlet Validator Bypass (CVE-2016-1182)

Apache Struts 1 ValidatorForm is a commonly used component in the JAVA EE Web Application that requires validated form fields input by a user, such as a login form, registration form, or other information form. By configuring the validation rules, Apache Struts can validate many different kinds of fields - username, email, credit card number, etc. However, a bug in Apache Struts 1 can be used to manipulate the property of ValidatorForm so as to modify the validation rules, or even worse, cause a denial of service or execute arbitrary code in the context of the Web Application.

https://blog.fortinet.com/2017/10/25/the-analysis-of-apache-struts-1-actionservlet-validator-bypass-cve-2016-1182

Saturday, October 28, 2017

IBM Transforms FlashSystem to Help Drive Down the Cost of Data

IBM Transforms FlashSystem to Help Drive Down the Cost of Data

Data Center Modernization Solutions Deliver Support for Public Cloud, Containers and Machine Learning
ARMONK, N.Y. - 26 Oct 2017: IBM (NYSE: IBM) today announced sweeping advances in its all-flash storage solutions and software to significantly drive down the costs of data and extend its solutions for hybrid and private cloud environments.
  • New ultra-dense FlashSystem array capable of storing more data in the same footprint, contributes to lower data capacity costs by nearly 60 percent. [1]
  • New Spectrum Virtualize software allows simplified migration and disaster recovery of data to and from the IBM Public Cloud;
  • New software enables IBM and non-IBM storage to be used with popular Docker and Kubernetes containers environments;
  • Cloud-based software beta program integrates storage with artificial intelligence and machine learning through new software to collect inventory and diagnostic information in order to help optimize the performance, capacity and health of clients’ storage infrastructure.
“Companies are seeking guidance in modernizing their data from being a passive cost center to being the central hub for their business. IBM understands that only those that extensively analyze and exploit their data will benefit from it,” said Ed Walsh, GM, IBM Storage and SDI. “To help clients make this transformation, we are introducing new all-flash solutions that will dramatically lower the cost of storage systems while making data availability – whether on-site or in the cloud - a central part of their business strategy.”
In addition to the aforementioned features, updates to IBM Storage systems and software include:
  • New Platform Speeds Private Cloud Deployments – IBM Spectrum Access solutions offer what storage admins users need to deploy a private cloud quickly and efficiently, delivering the economics and simplicity of the cloud with accessibility, virtualization and performance of an on-premises implementation;
  • Consumption-Based Pricing – new utility offering enables a consumption-based buying model for hybrid cloud environments leveraging most of the IBM storage and VersaStack portfolios for users preferring to buy storage as an operating expense;
  • Consolidated User Interface – new interface for FlashSystem 900 consolidates activity and performance information in a single dashboard. Consistent with user interfaces used in other IBM storage systems and IBM Spectrum Storage software, the UI simplifies operations and helps improve productivity;
  • VersaStack with FlashSystem – incorporating the newest FlashSystem being announced today an extensive refresh to the IBM/Cisco VersaStack converged infrastructure offerings;
  • Investment Protection – several of the new all-flash storage and VersaStack solutions announced today are NVMe ready, enabling them to take advantage of the NVMe offerings coming in 2018.
“IT modernization has become a business necessity for us and IBM's newly announced provisioning of 3x more usable capacity in the same physical space presents an exciting opportunity,” said Nader El-Ramly,” Chief Product Officer at ZE PowerGroup. “We believe that maintaining the same characteristic low latency of previous FlashSystem generations without necessitating costly upgrades to rack space, cooling, and power or requiring a sacrifice of quality features like data reduction exemplifies IBM's deep understanding of modern client needs.”
“With this announcement, IBM is demonstrating, among other things, how highly leveraged their FlashCore strategy is,” said Eric Burgener, Research Director for Storage at IDC.  “Next generation FlashCore enhancements, including higher density 3D TLC NAND-based media and hardware-assisted in-line compression and encryption, immediately improve the capabilities of multiple IBM All Flash Arrays by providing features that drive higher infrastructure density and improved security more cost-effectively.”
IBM leadership in storage systems and software is based upon more than 380 system patents, including IBM FlashCore technology and more than 700 patents for IBM Spectrum Storage software. As a result IBM’s flash arrays have been ranked as Leader in Gartner Magic Quadrant for Solid State Arrays for four years in a row and for the 3rd year in a row has been named the#1 Software-Defined Storage vendor by IDC.
Availability
The new features to IBM’s all-flash systems and IBM Spectrum Storage software will be available in Q4. Clients interested in participating in the IBM beta program for cognitive support can inquire by visiting ibm.biz/FoundationPilot.
For more information about IBM Flash Storage please visit: https://www.ibm.com/storage/flash.   For more about IBM Spectrum Storage please visit: https://www.ibm.com/storage/spectrum.
 
[1] Applies to IBM FlashSystem 900, which is used in the IBM FlashSystem V9000 and IBM FlashSystem A9000

Protecting Higher Education Networks with Secure Access Architecture

Colleges and universities have unique wireless network and security needs. They are typically densely-populated and highly-collaborative environments. Students and faculty alike rely on a consistent wireless connection that allows them fast and constant communication with each other across campuses and buildings.

https://blog.fortinet.com/2017/10/27/protecting-higher-education-networks-with-secure-access-architecture

Why ICSA Advanced Threat Defense for Email is So Important

Verizon’s 2017 Data Breach Investigations Report found that two-thirds (66%) of all installed malware that successfully made its way past established defenses were delivered by email.  This is particularly concerning as our weekly FortiGuard Labs Threat Intelligence Brief lists ransomware downloaders –typically delivered via email – as consistently among the top 5 pieces of malware in most weeks.

https://blog.fortinet.com/2017/10/27/why-icsa-advanced-threat-defense-for-email-is-so-important

The Cybersecurity Skills Gap: Educating the next generation

Technological advancements are increasing rapidly, but the general population’s ability to utilize these new capabilities continues to lag behind. The growing number of recent cybersecurity attacks highlights a second gap; a shortage of skilled workforce in the cybersecurity industry, predicted to reach around 1.8 million workers by 2022.
There are numerous suggestions and ideas about how to close the gap, such as upskilling existing employees skill sets or utilizing automation. But a long-term strategy focused on training and educating the next generation will help to ensure enough people have the right skills for the future.

https://www.welivesecurity.com/2017/10/27/cybersecurity-skills-gap-educating-next-generation/

The Analysis of Apache Struts 1 Form Field Input Validation Bypass (CVE-2015-0899)

Apache Struts 1 is a popularly used JAVA EE web application framework. It offers many kinds of validators to filter user input by using the Apache Common Validator library, which is both convenient and fast. However, a bug in Apache Struts can be used to easily bypass the input validation process, allowing an attacker to submit arbitrary dirty data to the database, possibly resulting in a cross-site scripting attack when the user views the JSP file that refers directly to the corrupted data.

https://blog.fortinet.com/2017/10/26/the-analysis-of-apache-struts-1-form-field-input-validation-bypass-cve-2015-0899

The Analysis of Apache Struts 1 ActionServlet Validator Bypass (CVE-2016-1182)

Apache Struts 1 ValidatorForm is a commonly used component in the JAVA EE Web Application that requires validated form fields input by a user, such as a login form, registration form, or other information form. By configuring the validation rules, Apache Struts can validate many different kinds of fields - username, email, credit card number, etc. However, a bug in Apache Struts 1 can be used to manipulate the property of ValidatorForm so as to modify the validation rules, or even worse, cause a denial of service or execute arbitrary code in the context of the Web Application.   

https://blog.fortinet.com/2017/10/26/the-analysis-of-apache-struts-1-actionservlet-validator-bypass-cve-2016-1182

To what extent are smartphone shaping our lives?


https://www.pandasecurity.com/mediacenter/mobile-security/how-dependant-on-your-cellphone-are-you/

CHIME 17 Event Preview: Understanding Your Patients’ Cybersecurity Concerns

Healthcare and IT are becoming increasingly intertwined as technology enables patient-centric care, more efficient hospital workflows, and greater visibility into effective treatment plans through data analytics. Moreover, as digital transformation initiatives take effect across industries, increased technical capabilities will be necessary to remain competitive.

https://blog.fortinet.com/2017/10/26/chime-17-event-preview-understanding-your-patients-cybersecurity-concerns

Tracking the Bad Rabbit

A new ransomware campaign dubbed “Bad Rabbit” has hit a number of high profile targets in Russia and Eastern Europe. First detected on October 24th, 2017, Bad Rabbit was originally detected in Russia and Ukraine, along with a small number of infections reported in parts of eastern Europe, Turkey, and Germany. However, the attack now appears to be spreading to other regions, including reports from South Korea and the US.

https://blog.fortinet.com/2017/10/25/tracking-the-bad-rabbit

Threat Information Sharing Can Change the Security Landscape

One of the biggest security challenges IT teams face is simply staying a step ahead of the cybercriminal community. Of course, digital transition continues to compound this problem by continually expanding the potential attack surface. And at the same time, the cybercriminal community continues to up their game with increasingly sophisticated exploits designed to circumvent security solutions and evade detection.

https://blog.fortinet.com/2017/10/25/threat-information-sharing-can-change-the-security-landscape

Cloud Migration a Challenge to Many

In May, the President signed an Executive Order aimed at enhancing cybersecurity at Federal government agencies.  Of its handful of mandates, migration of computing resources to the cloud is likely to have the most sweeping Federal impact. While Federal agencies are feeling the pressure to accelerate their plans to shift to the cloud, they understand that they need to do so with minimal disruption. In a recent survey conducted by MeriTalk and Fortinet, 70 percent of Federal IT decision makers believe that the majority of Federal agencies will rely on hybrid cloud environments to power core applications over the next decade.

https://blog.fortinet.com/2017/10/24/migrating-to-the-cloud-without-an-all-at-once-or-all-or-nothing-approach

Friday, October 27, 2017

Food Services Giant Moves Securely to the Cloud Over a Single Weekend

When one of the world’s largest food services companies needed a better way to connect its vast distributed network of operations, it turned to Microsoft Azure and Fortinet to "move the entire organization to Azure on a single weekend morning: no issues, no downtime, no fuss!” 

https://blog.fortinet.com/2017/10/26/food-services-giant-moves-securely-to-the-cloud-over-a-single-weekend

How to secure your router to prevent IoT threats?

Earlier this year I was forced to buy a new router for my home. As it is, with so many devices to connect, the old TP Link no longer provided me with what I needed. Two computers, three cell phones, video game console, TV, Chromecast, stereo, smart lights, thermostat, smartwatch… There are 13 computers permanently connected in 50 square meters, regardless of when guests come and the first thing they ask for is the key to Wi-Fi.
After several sittings to analyze the characteristics of many devices, I decided on the OnHub router from Google, since it is a computer built for the Internet of Things and besides supporting more than 30 connected devices simultaneous , is considered one of the safer products on the market.

https://www.welivesecurity.com/2017/10/26/secure-your-router-prevent-iot-threats/

National Cybersecurity Awareness Month Twitter Chats part 4

Welcome to the fourth part in our series containing short blogs from Twitter chats we took part in to mark the 14th National Cybersecurity Awareness Month (NCSAM). The National Cyber Security Alliance (@NatlCyberSecAlliance) is once again hosting a series of Twitter chats every Thursday in October using the hashtag #ChatSTC (moderated by @STOPTHNKCONNECT), in which ESET researchers are once again participating.

https://www.welivesecurity.com/2017/10/26/ncsam-twitter-chats-part4/

The Scariest Cyber Nightmares in Recent Years



https://www.pandasecurity.com/mediacenter/adaptive-defense/cyber-nightmares-halloween/

Google Pixelbook review

Thursday, October 26, 2017

YouTube Virus: Can I Get One?


https://www.pandasecurity.com/mediacenter/mobile-news/youtube-virus-tips/

Canadian SMBs: How technology can help you stay energized

Getting any business up and running is a major challenge, but keeping it going from strength to strength is just as difficult, and requires owners to remain energized as they strive to improve all aspects of the company.
This is a crucial mindset to have as a company looks to establish itself within an ever-evolving market. Canadian small and medium businesses (SMBs) use a multitude of skills and resources to continuously improve all aspects of their companies’ performance. One of the most critical areas for these owners to focus on is implementing the latest technology — as this will help them improve their product or service, and improve customer retention with help from their customers.

https://www.welivesecurity.com/2017/10/25/how-technology-can-help-you-stay-energized/

Bad Rabbit: Not-Petya is back with improved ransomware

A new ransomware outbreak today and has hit some major infrastructure in Ukraine including Kiev metro. Here are some of the details about this new variant.

https://www.welivesecurity.com/2017/10/24/bad-rabbit-not-petya-back/

The Google Pixel 2 has a display problem (The 3:59, Ep. 306)

Pressure builds on iPhone X after weak iPhone 8 sales



#apple #smartphone #iphone

Katie Linendoll is excited about "Data Science for All" on November 1st

Introducing the "Face" of Big SQL - Data Server Manager

Solve your productivity challenges with AI

Hackers hit plastic surgery, threaten to release patient list and photographs

London Bridge Plastic Surgery & Aesthetic Centre (LBPS) in Wimpole Street, London, is a favourite haunt of surgery-addicted celebrities seeking facelifts and breast augmentations.
Famous clients include publicity-shy glamour model/author/reality TV star Katie Price, who just a few months ago made a video endorsing the surgery for her “silhouette face lift”.

https://www.welivesecurity.com/2017/10/24/plastic-surgery-hacking-dark-overlord/

Preordering the iPhone X? Good Luck! You'll need it (Apple Byte)



#apple #smartphone #iPhone #iPhoneX


Apple Co-Founder Steve Wozniak Says He Won't Be Upgrading To The iPhone ...



#Apple #smartphone #iPhone #iPhoneX


Toni Sacconaghi: IPhone X Price Could Be Dissuading Upgraders | CNBC



#Apple  #iPhone #iPhoneX


Wednesday, October 25, 2017

Bendigo and Adelaide Bank find rapid innovation at the IBM Garage

Securing the IoT | Internet of Things | CyberSecurity

Apple relaxes Face ID requirements, says report

Adding Firewall Policies to FortiManager Policy Package



#Cybersecurity

Optimize Your Future by Making Better Decisions Now with IBM SPSS

Bring apps to market faster with Inversoft Passport on IBM Cloud

Apple says "arrive early" for iPhone X, new Uber driver charges



#news #business #technology

IBM Security helps Wimbledon focus on the court, not the cloud.



#cybersecurity


USA Cycling medals at the Olympics with IBM Cloud's help

Introducing IBM Cloud App ID

Transform your data with IBM Garage's Data Science Insights MVP

Virtual gaming on the IBM Cloud Platform

Big SQL for Experienced Data Warehouse DBAs

Model Management in IBM DSX Local

The Pixel 2 XL has screen burn-in, and it's a big problem (Googlicious)



#Google


Kiev metro hit with a new variant of the infamous Diskcoder ransomware

Several transportation organizations in Ukraine and as well as some governmental organizations have suffered a cyberattack, resulting in some computers becoming encrypted, according to media reports.
Public sources have confirmed that computer systems in the Kiev Metro, Odessa airport and also a number of organizations in Russia are affected.

https://www.welivesecurity.com/2017/10/24/kiev-metro-hit-new-variant-infamous-diskcoder-ransomware/

Android Parental Controls and Virus Protection


https://www.pandasecurity.com/mediacenter/mobile-news/android-parental-control/

National Cybersecurity Awareness Month Twitter Chats part 3

The third part in our series of short blogs from Twitter chats we have had to mark the 14th National Cybersecurity Awareness Month (NCSAM). The National Cyber Security Alliance (@NatlCyberSecAlliance) is once again hosting a series of Twitter chats every Thursday in October using the hashtag #ChatSTC (moderated by @STOPTHNKCONNECT), in which ESET researchers are once again participating.
In the first two parts of our series we have looked at the role an everyday internet user has in making the internet a safer place, and ID theft. This time around we focus on the role everyone has when it comes to cybersecurity best practices in the workplace.

https://www.welivesecurity.com/2017/10/24/ncsam-twitter-chats-part3/

Tuesday, October 24, 2017

IBM Watson Conversation: Working with intents

IBM Cloud Private with Mark Lucente of Zilker Technologies

Digital prints and why online privacy is non-existent


https://www.pandasecurity.com/mediacenter/mobile-news/online-privacy-non-existent/

#IBMCDO IBM Chief Data Officer Strategy Fall 2017 Strategy Summit

Presentation begins at about 9:50. - JBK



#IBMCDO #fblive #keynote #bigdata #analytics

Data Science for All: It's a Whole New Game

Big SQL V5 Install on HDP, Part 3 (Big SQL + DSM)

Big SQL V5 Install on HDP, Part 2 (HDP 2.6.1 Install)

How to shoot with Portrait Lighting on iPhone 8 Plus — Apple

BMC Hosts Private Briefing for Eligible Investors



http://newsroom.bmc.com/phoenix.zhtml?c=253321&p=RssLanding&cat=news&id=2310043

Executive Insights: Managing Risk Demands a Security Fabric Approach

In today’s rapidly evolving IT environment, CIOs and CISOs face an increasing level of complexity, both in the IT systems we manage and the cyberthreats we face. 
On top of managing and configuring the growing number of tools, devices, and applications within the enterprise network and distributed across multicloud hybrid environments, our teams also need to wrestle with growing organizational complexity of detecting and mitigating cyberthreats. For example, the security team that detects a threat may not be the same group responsible for mitigation and incident response.  As a result, a lag between threat detection and mitigation may occur and can last for hours, days, months, and in some cases, even years.  This is particularly significant given the increasing frequency of attacks using advanced malware that can cause irreparable damage in a matter of minutes. 

https://blog.fortinet.com/2017/10/23/executive-insights-managing-risks-demands-with-a-security-fabric-approach

Off to the Academy – The Fortinet NSE Xperts Academy

Fortinet has long championed the cause to increase awareness, understanding, and knowledge within the global cybersecurity landscape. We encourage this learning and expertise with our partner community as well. It goes without saying that the more expertise a partner can bring in customer engagements, the more value they can deliver for our mutual customers. This is critical in the dynamic and fast-paced industry of cybersecurity today. Staying current with the latest developments---and also becoming an expert consultant on vendor solutions---is not easy with the pace of technology innovation and today’s shifting cyber landscape.

https://blog.fortinet.com/2017/10/23/off-to-the-academy-the-fortinet-nse-xperts-academy

Fake cryptocurrency trading apps on Google Play

Users of the popular cryptocurrency exchange Poloniex have been the target of two credential stealing apps, discovered on Google Play disguised as legitimate Poloniex mobile apps. Apart from harvesting Poloniex login credentials, the fake apps also try to trick victims into making their Gmail accounts accessible to the attackers.
Poloniex is one of the world’s leading cryptocurrency exchanges with more than 100 cryptocurrencies in which to buy and trade. That alone makes it an attractive target for fraudsters of all kinds, but in this case, it was its lack of an official mobile app that the criminals used to their advantage.

https://www.welivesecurity.com/2017/10/23/fake-cryptocurrency-apps-google-harvesting-credentials/

US warns of ongoing attacks on energy firms and critical infrastructure

The United States Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have issued a warning that malicious hackers are actively targeting government departments, and firms working in the energy, nuclear, water, aviation, and critical manufacturing sectors.
The warning, sent via email to energy and industrial firms late on Friday, reveals that hacking groups have been targeting critical infrastructure since at least May 2017, and “in some cases”, have successfully compromised victims’ networks.

https://www.welivesecurity.com/2017/10/22/us-warns-ongoing-attacks-energy-firms-critical-infrastructure/

Sunday, October 22, 2017

Apple's working on an iPhone with a Stylus. Yes, a stylus (Apple Byte)

BigSQL V5 Install on HDP, Part1 (Setup Nodes)

Cisco Unveils Industry’s First Predictive Services Powered by AI

New offerings designed to manage growing technical skills gap through unique expertise, intelligence and automation



SAN JOSE, Calif.—October 17, 2017– Cisco today announced a new portfolio of services designed to put IT departments back in the driver’s seat. Powered by AI, Cisco’s suite of predictive services anticipates IT failures, mitigates risk, reduces maintenance costs, and assists organizations in attaining the necessary skills to transform their businesses. Delivering both advanced predictive and preemptive capabilities, Cisco’s new Business Critical Services and High-value Services offerings will enable organizations to invest more of their IT budgets on technology innovation amid a growing technical skills gap that poses an imminent threat to business continuity and growth.
“Today’s world is moving faster than ever, and to be successful, businesses must have the right blend of IT talent and services,” said Chuck Robbins, chief executive officer, Cisco.“By leveraging AI and machine learning to address critical IT issues, Cisco’s new services offerings will truly help our customers free up time to focus on the growing IT talent gap, and remain competitive into the future.”
More than ever, organizations look to heads of IT to create new revenue streams for their businesses. Yet the shortage of digital skills and the technical skills gap are putting organizations at peril of losing their competitiveness. Cisco’s new suite of predictive services are differentiated by the unique expertise, intelligence and automation that help minimize the impact of the skills gap and free technical staff to focus on accelerating innovation.
Today Cisco is launching two new additions to the services portfolio: Business Critical Services and High-value Services. These two new services offer the power and intelligence of AI and machine learning to optimize IT talent, knowledge and skills and allow organizations to solve their problems first and ultimately get closer to their end user/customer.  
Cisco Business Critical Services:
Technology environments are increasingly more complex and dynamic and organizations seek to aggressively address these challenges. Cisco is introducing a new portfolio of subscription services, Business Critical Services that goes beyond basic optimization to deliver more capabilities including analytics, automation, compliance and security by Cisco Advanced Services’ technology experts to enable a more secure, efficient, and agile technology environment. Business Critical Services will help minimize human error and help extract the most value from products and solutions while creating a highly secure IT environment. These next-generation optimization services enable organizations to:
  • Reduce complexity and cost through automation, orchestration, and technical expertise.
  • Accelerate business agility and transformation through advanced analytics and machine learning capabilities to deliver critical insights that prioritize infrastructure and application recommendations.
  • Reduce risk with automated compliance and remediation services, coupled with a robust security portfolio including incident response for threat protection.
These new Business Critical Services seek to help reduce downtime by up to 74 percent, resolve issues up to 41 percent faster and reduce operational costs by up to 21 percent according to the Cisco Optimization Services Executive Summary
Cisco High-value Services:
To help organizations better utilize advanced software, solutions, and the network, Cisco is delivering next-generation Technical Services, called high-value services. This portfolio builds on our industry leading product support services with offerings that use analytics, onboarding, expertise, and scale to deliver more proactive and prescriptive services, enabling our customers to realize higher value, faster, from their IT investments.
  • Software Support: provides support for Cisco software. New high-value services features includes: Multi-level service options enhanced and premium, in addition to basic level (reactive) support.
  • Solution Support: provides centralized support for Cisco hardware, software and third-party partner solutions from first call to resolution. Solution Support is the default service offering for Cat 9K/DNA.
  • Network Support: Technical Services (TS) Advantage provides network-level support.
According to IDC's 2017 Global Digital Transformational (DX) Leader Survey, a lack of digital skills in the organization was cited as the single largest challenge to successfully implement digital transformation. Correspondingly, companies seeking to implement digital transformation are creatively looking to other sources of talent to enable their digital strategies.  IDC forecasts $6.3T in direct digital transformation investments over the period 2017-2020. $2.6T of this investment is being budgeted and spent exclusively on third party services firms with expertise in digital transformation.
Chris Barnard of IDC says: “The landscape is evolving too fast for some businesses to keep up with digital transformation, as a result they rely on their larger vendor partners with the skills, expertise and capabilities to help address these talent gaps. By leveraging IT vendors with strong knowledge and a breadth and depth in IT skill sets, organizations are able to get up to speed, adjust to changing market conditions and ultimately focus on innovation.”
According to Cisco’s recent Services landscape report, the top benefits enterprise organizations are looking to achieve from IT services include filling key talent or skills gaps, gaining access to unique expertise or capabilities and refocus internal staff on other priorities. Additionally, the strategic challenges where IT services are most important in helping to address include allowing IT to focus on strategic priorities rather than keeping systems running and increasing the speed at which they implement new technology to support business priorities.
As the company’s second largest business, Cisco Services delivers the experience, talent and skills where the customer needs it. Cisco Services augments a team and provides the innovation, expertise, flexibility, learnings and dedication to service quality to help customers accelerate business growth while minimizing risk. The offerings span every stage of IT lifecycle – from advisory to optimization to training and technical services and across every major IT architecture.
Channel partners: Partners are vital to the Cisco Services business. Whether a Cisco partner has an existing Services practice or looking to build one, Cisco is enhancing its services portfolio to support its partners to deliver end-to-end customer solutions. With Business Critical and High-Value Services, partners can unlock services opportunities that will deepen their relationships and attract new customers.
Supporting Quotes
Alatau Services Technologies
“We have been working with Cisco Services for over nine years combining Cisco technical support with our own services and delivering the comprehensive services to our key customers. Through this partnership, we have built a strong collaborative relationship with Cisco experts. Combining Cisco Technical Services Advantage incident management deliverables along with our expertise and 24x7 local language support, we reduced the number of incidents on our customer’s network by 30 percent over the last three years. We look forward to a continued partnership with Cisco Services." 
Vitaly Sychev, Director, Alatau Service Technologies
Bell
“Having the right services engagement with Cisco enables us to sustain our customer experience levels and capture new customers. Cisco Business Critical Services provides the guidance and intelligence to configure new technology properly and reconfigure it safely during scheduled network changes, resulting in fewer issues and less downtime.”
Craig Hudgins, Senior Manager, Technology Architecture, Bell
Oncor
“Cisco Business Critical Services has been essential in our transformation to the Cisco Next-generation Agile Data Center. We were looking for more speed and agility to serve our 10 million customers. Cisco experts advised us through this transition, and with their new analytics and automation we’re better positioned to quickly adopt new technologies, and improve our customers’ experience.”
Tom Kelly, Director of Networks, Oncor
Additional Resources
Executive Blog: Cisco’s New Predictive Services (Joe Cozzolino)
Learn more: Cisco’s Services Landscape Report 
The Power of Services: Customer Success Stories
Cisco Innovators: James Leach and Ulf Vinneras
Read about: Cisco Services
Follow: Cisco Services on Twitter
About Cisco
Cisco (NASDAQ: CSCO) is the worldwide technology leader that has been making the Internet work since 1984. Our people, products, and partners help society securely connect and seize tomorrow’s digital opportunity today. Discover more at newsroom.cisco.com and follow us on Twitter at @Cisco.
###