If you actually read our TOS it warns against sharing your account with peop... | Read the rest of https://ift.tt/2TrfBuf
from Web Hosting Talk - VPS Hosting https://ift.tt/2TrfBuf
via https://ifttt.com/ IFTTT
Digital attackers are sending around love-themed malicious emails in an attempt to infect recipients with the Nemty ransomware. If you’ve been kicking around in the world of IT security for more years than you’d like to admit, then you’ll surely remember the ILOVEYOU virus (also known as the “Love Bug” or “Loveletter”). When the Love […]… Read More
The post Beware secret lovers spreading Nemty ransomware appeared first on The State of Security.
An Israeli marketing company exposed more than 140GB of data by mishandling the credentials for an Elasticsearch database. A San Diego-based DevOps engineer who uses the Twitter handle 0m3n detected the disclosure after they grew tired of receiving text messages from “random phone numbers with similar messages containing links to gibberish domains.” The engineer took […]… Read More
The post More Than 140GB of Data Exposed by Israeli Marketing Company appeared first on The State of Security.
This is a guest blog post by Daniel Cheng, CMO, Process Fusion.
We all know staff collaboration and workflows are a crucial to any healthcare organization’s success. But despite all the advances in digitization technology, hospital staff and admins …
Tripwire’s February 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft and Adobe. Up first on the patch priority list this month are patches for Microsoft Edge and Scripting Engine. These patches resolve information disclosure, elevation of privilege, and memory corruption vulnerabilities. Next on the list are patches for Adobe Flash player (APSB20-06), […]… Read More
The post Tripwire Patch Priority Index for February 2020 appeared first on The State of Security.
What is red teaming? How is it different from conventional penetration testing? Why do we need blue, red, and white teams? How are cyber-drills carried out, and what results should be expected? In this article, we will answer these and other questions related to red teaming. What is Red Teaming? The red team attacks, the […]… Read More
The post Red Teaming: How to Run Effective Cyber-Drills? appeared first on The State of Security.
This is a guest post by Joseph Anderson, Content Creator and Digital Marketing Manager, Stratodesk.
HIMSS 2020 is right around the corner. Stratodesk will again be sponsoring a booth and sharing our decade of experience delivering the most powerful …
Scammers disguised two domains as a content delivery network (CDN) in an attempt to quietly target visitors with a credit card skimmer. Malwarebytes noticed something suspicious within the website code of a Parisian boutique store. At first, the script looked like a JQuery library loaded from a third-party CDN. But the actual content of the […]… Read More
The post Scammers Disguise Two Domains as CDN to Cloak Credit Card Skimmer appeared first on The State of Security.
The San Diego Union Tribune's Would you live in a van? Two San Diego women launch startup for boho traveler movement covers a new app - conveniently called The VanLife App - targeted at VanLife nomads.
The article provides a good description of VanLife:
"For those who haven’t heard of it, “vanlife” refers to a recent bohemian trend of people buying cargo vans, old ambulances, school buses and other boxy vehicles, and converting them into livable apartments on wheels (think of it as a do-it-yourself RV). Many vanlifers are also “digital nomads” who work remotely online, such as freelance writers, software developers, or content creators. With no strings tying them to specific cities or towns, they wander from destination to destination for months on end."
Regular readers know we love new buzzwords here at Small Business Labs and we hadn't heard of the "boho traveler movement".
But some quick research showed it's a contraction of the term "bohemian homeless", which dates back to the bohemian movement of the 1800s.
But the recent use has been mostly fashioned related. Boho-chic refers to a mix of bohemian and hippy styles.
And boho traveler has similar connotations. We think the term is a bit limiting because many #Vanlifers wouldn't describe themselves this way. But it's still a fun new buzzword.
The app providers traveling VanLifers with lists of campsites and other places to park overnight. More importantly, it provides a series of community features that allow VanLifers to find and connect with other travelers.
This helps to connect people, reduce loneliness and add a sense of community, all of which improve the Vanlife experience. The picture below is from the app's website.
About 7.3 million Americans consider themselves digital nomads and many are VanLifers. The VanLife App is an example of the growing support system of tools and services targeted at this growing group of travelers.
The United States’ National Security Agency (NSA) has put together a short guidance document on mitigating vulnerabilities for cloud computing. At only eight pages, it is an accessible primer for cloud security and a great place to start before taking on something like the comprehensive NIST 800-53 security controls. As a guidance document, it doesn’t […]… Read More
The post NSA Releases Cloud Vulnerability Guidance appeared first on The State of Security.
Twilio is best known for its communications API, which allows developers to add messaging, voice or video to their apps with just a small slice of code. The company’s tools are used by customers like Lyft, Airbnb, Salesforce, Box and Duke University.
The former startup went public in 2016 at $15 a share. Yesterday Twilio’s stock closed at $113.90, giving the company a market cap of about $15.6 billion (after a horrendous week on Wall Street). It’s easy to look at its value (among other measures) and declare Twilio a successful public company. But just like every former startup out there, its ascent wasn’t always so certain.
Founded in 2008, Twilio was once a tentative early-stage company feeling its way forward in the market with an unproven product and more future potential than actual results. Recently, the company’s CEO Jeff Lawson shared a Twilio board deck from March 2010.
Naturally, we read through it — how could we not? — but we also decided to analyze it for you, pulling out what we learned and using the snapshot of Twilio’s history to illustrate how far the company has come in the last decade.
The presentation’s original time stamp lands after Twilio’s Series A and just before its Series B, allowing us to see a company molting from a hatchling to something more sturdy that could stand on its own two feet. The company raised $12 million six months after the deck was presented.
To get everyone on the same page, we’ll start with a little history, and then get into the deck itself. Let’s go!
You might already know that the latest version of Chrome (version 80 released on February 4) is projected to change the default cross-domain behavior of cookies. By default, starting with Chrome 80, any cookie with an unmarked SameSite attribute will …
This is a guest blog post by Andrew Parlette, CTO, Tricerat.
A Citrix Ready partner for several years, Tricerat offers the highest level of service and functionality for print management in healthcare environments. Our pioneering print technology delivers …
Security researchers discovered an attack campaign that abused fears surrounding the global coronavirus outbreak to deliver the Remcos RAT. Yoroi Security detected the attack campaign when its threat intelligence activities uncovered a suspicious artifact named “CoronaVirusSafetyMeasures_pdf.” In their analysis, Yoroi’s researchers determined that the file established a TLS connection with file sharing platform “share.]dmca.]gripe” potentially […]… Read More
The post Attack Campaign Leveraged Coronavirus Theme to Deliver Remcos RAT appeared first on The State of Security.
Stonly is building a service for customer support teams so that they can share step-by-step guides to solve the most common issues. The startup just raised a $3.5 million funding round led by Accel with business angels also participating, such as Eventbrite CTO Renaud Visage and PeopleDoc founders Jonathan Benhamou and Clément Buyse.
The startup isn’t building a chatbot for customer support — chatbots usually don’t understand what you mean and you end up contacting customer support anyway. Stonly believes that scripted guides with multiple questions work much better than both chatbots and intimidating knowledge bases.
But the company is well aware that it isn’t going to replace Zendesk or Intercom overnight. That’s why a Stonly guide is a module that you can embed in your existing tools. The startup currently supports Intercom, Zendesk, Freshdesk and Front.
This way, if somebody contacts you on Front or Intercom, you can reply with a Stonly guide to help your users solve their own issues (at least if it’s a common issue). Stonly is also launching its own more traditional knowledge base powered by Stonly guides so that your client can access common questions through a chat widget.
Putting together a Stonly guide doesn’t require any technical skills. After defining the steps, you can write text, add images, videos and buttons in a web interface. Stonly also supports translations.
And it’s been working well for the startup’s first clients. For instance, Dashlane noticed a 25% decrease in opened tickets for their most frequent issues after using Stonly. Other clients include Devialet, Happn and Calendly.
With today’s funding round, the startup is expanding to the U.S. with a new office in New York and David Rostan joining as head of revenue — he was previously VP of Sales and Marketing at Calendly.
During the past year, we have witnessed significant data breaches that have impacted industries ranging from hospitality to legal to social media. We have seen a continuation of financially motivated threats, such as business email compromise (BEC), which continue to plague corporate bank accounts. Ransomware has brought multiple cities, schools and universities to their knees, […]… Read More
The post SANS 2019 Incident Response Survey: Successful IR Relies on Visibility appeared first on The State of Security.
It’s been a big news day for Salesforce. It announced that Co-CEO Keith Block would be stepping down, and that it had acquired Vlocity for $1.33 billion in an all-cash deal.
It’s no coincidence that Salesforce targeted this startup. It’s a firm that builds six industry-specific CRMs on top of Salesforce — communications, media and entertainment, insurance and financial services, health, energy and utilities and government and nonprofits — and Salesforce Ventures was also an investor. This would appear to have been a deal waiting to happen.
Brent Leary, founder and principal analyst at CRM Essentials says Salesforce saw this as an important target to keep building the business. “Salesforce has been beefing up their abilities to provide industry specific solutions by cultivating strategic ISV partnerships with companies like Vlocity and Veeva (which is focused on life sciences). But this move signals the importance of making these industry capabilities even more a part of the platform offerings,” Leary told TechCrunch.
Ray Wang, founder and principal analyst at Constellation Research also liked the deal for Salesforce. “It’s a great deal. Vlocity gives them the industries platform they need. More importantly, it keeps Google from buying them and [could generate] $10 billion in additional industries revenue growth over next 4 years,” he said.
Vlocity had raised about $163 million on a valuation of around a $1 billion as of its most recent round, a $60 million Series C last March. If $1.33 billion seems a little light, given what Vlocity is providing the company, Wang says it’s because Vlocity needed Salesforce more than the other way around.
“Vlocity on its own doesn’t have as big a future without Salesforce. They have to be together. So Salesforce doesn’t need to buy them. They could keep building out, but it’s better for them to buy them now,” Wang said.
In a blog post on the Vlocity website, founder and CEO David Schmaier put a positive spin on the deal, as you would expect. “Upon the close of the transaction, Vlocity — this wonderful company that we, as a team, have created, built, and grown into a transformational solution for six of the most important industries in the enterprise — will become part of Salesforce,” he wrote.
Per usual, the deal would be predicated on regulatory approval and close some time during Salesforce’s second quarter in fiscal 2021.
Citrix ADC delivers operational consistency with a single code base across its various form factors: heavy appliances (MPX), virtualized (VPX), baremetal (BLX), and containerized (CPX). This means that all Citrix ADC appliances can provide the same feature set.
In the …
This is a guest blog post by Sharon Besser, VP of Business Development, Guardicore.
The growth of virtual desktop infrastructure (VDI), whether deployed on prem or in the cloud, continues across verticals from finance and healthcare to education …
The operators of DoppelPaymer ransomware launched a site for publishing the data of their victims who don’t pay the ransom. On February 25, DoppelPaymer’s handlers published a site called “Dopple leaks.” A message on the site at the time of launch revealed the attackers’ intention for doing so: leak the names and data of victims […]… Read More
The post DoppelPaymer Ransomware Launches Site for Publishing Victims’ Data appeared first on The State of Security.
Pew Research's As Economic Concerns Recede, Environmental Protection Rises on the Public’s Policy Agenda covers a recent survey asking Americans about their policy priorities.
As their chart below (click to enlarge) shows, there is a wide partisan divide on the issues people think are most important.
The top 3 policy priorities for Democrats are the environment, healthcare costs, and education.
The top 3 for Republicans are terrorism, immigration, and the economy.
The biggest policy priority differences are around the environment and climate change. Key quote from Pew on climate change:
Dealing with global climate change ranks at the bottom of the list of 18 policy priorities for Republicans and Republican-leaning independents (just 21% call it a top priority). By contrast, climate change is near the top of the list of issues among Democrats and Democratic leaners (78% call it a top priority).
One of the topics that interesting is global trade. Neither Republicans nor Democrats rate it as very important.
Because of this, it came in last out of 18 policy options with just 42% of the respondents rating it a priority.
The growing political polarization of America is a powerful social trend. It's a major reason behind the growing urban/rural divide.
It's also a key reason our politics are so heated and our federal government is grid-locked. If you can't even agree on what's important, there's little chance you will agree on legislation.
The climb is getting steeper, but thanks to hard work, vision and insight are much keener. At ML:4, all assets are scanned by a combination of agent and remote scans on a normal cadence. This will generate a lot of data dictated by threat and patch priority. Thousands of new vulnerabilities are released each year, […]… Read More
The post Climbing the Vulnerability Management Mountain: Reaching Maturity Level 4 appeared first on The State of Security.
Not all attackers are trying to exfiltrate data. In security, we’re all familiar with CIA triad—confidentiality, availability, and integrity. While Exfiltration describes adversarial behavior with the goal of violating confidentiality, attackers may look to manipulate, interrupt, or destroy your systems and data. The Impact tactic describes techniques that adversaries use to compromise the availability or […]… Read More
The post The MITRE ATT&CK Framework: Impact appeared first on The State of Security.
Citrix Education is pleased to announce the availability of the next generation Citrix Certified Professional – Networking (CCP – N) certification based on Citrix ADC 13! Don’t delay and be among the first to take and pass the new 1Y0-341 …
Databricks today announced that launch of its new Data Ingestion Network of partners and the launch of its Databricks Ingest service. The idea here is to make it easier for businesses to combine the best of data warehouses and data lakes into a single platform — a concept Databricks likes to call ‘lakehouse.’
At the core of the company’s lakehouse is Delta Lake, Databricks’ Linux Foundation-managed open-source project that brings a new storage layer to data lakes that helps users manage the lifecycle of their data and ensures data quality through schema enforcement, log records and more. Databricks users can now work with the first five partners in the Ingestion Network — Fivetran, Qlik, Infoworks, StreamSets, Syncsort — to automatically load their data into Delta Lake. To ingest data from these partners, Databricks customers don’t have to set up any triggers or schedules — instead, data automatically flows into Delta Lake.
“Until now, companies have been forced to split up their data into traditional structured data and big data, and use them separately for BI and ML use cases. This results in siloed data in data lakes and data warehouses, slow processing and partial results that are too delayed or too incomplete to be effectively utilized,” says Ali Ghodsi, co-founder and CEO of Databricks. “This is one of the many drivers behind the shift to a Lakehouse paradigm, which aspires to combine the reliability of data warehouses with the scale of data lakes to support every kind of use case. In order for this architecture to work well, it needs to be easy for every type of data to be pulled in. Databricks Ingest is an important step in making that possible.”
Databricks VP or Product Marketing Bharath Gowda also tells me that this will make it easier for businesses to perform analytics on their most recent data and hence be more responsive when new information comes in. He also noted that users will be able to better leverage their structured and unstructured data for building better machine learning models, as well as to perform more traditional analytics on all of their data instead of just a small slice that’s available in their data warehouse.
Adoption of cloud services is becoming the norm. According to Information Week, “Cloud-native computing has become the beating heart of enterprise IT.”
Although cloud is here to stay, most IT organizations need training to successfully transition from on-prem environments …
Security researchers detected several phishing campaigns that leveraged a Google Docs Form to target users’ Microsoft credentials. Cofense observed that the phishing emails originated from a compromised email account with privileged access to financial services provider CIM Finance. By using CIM Finance’s website to host their phishing emails, the malicious actors ensured that their messages […]… Read More
The post Google Docs Forms Abused by Phishers to Harvest Microsoft Credentials appeared first on The State of Security.
One thing I have noticed is that each industry comes up with their own terms and acronyms. Unfortunately, these inventions often vary depending on the person you speak to due to a lack of a governing body that decides on an exact definition. At times, acronyms can even overlap, causing further confusion. Therefore, when it […]… Read More
The post NetOps vs DevOps vs DevSecOps – What’s the Difference? appeared first on The State of Security.
If you want to become a digital forensic expert, be aware that when entering the field, you will be presented with an abundance of information that you will not know. It is a wonderfully challenging career path. Some believe that having the title of a cybersecurity professional (e.g. digital forensics expert, cybersecurity analyst, incident response […]… Read More
The post How to Get Started in Digital Forensics appeared first on The State of Security.
Laiye, a Chinese startup that offers robotic process automation services to several major tech firms in the nation and government agencies, has raised $42 million in a new funding round as it looks to scale its business.
The new financing round, Series C, was co-led by Lightspeed Venture Partners and Lightspeed China Partners. Cathay Innovation, which led the startup’s Series B+ round and Wu Capital, which led the Series B round, also participated in the new round.
China has been the hub for some of the cheapest labor in the world. But in recent years, a number of companies and government agencies have started to improve their efficiency with the help of technology.
That’s where Laiye comes into play. Robotic process automation (RPA) allows software to mimic several human behaviors such as keyboard strokes and mouse clicks.
“For instance, a number of banks did not previously offer APIs, so humans had to sign in and fetch the data and then feed it into some other software. Processes like these could be automated by our platform,” said Arvid Wang, co-founder and co-chief executive of Laiye, in an interview with TechCrunch.
The four-and-a-half-year-old startup, which has raised more than $100 million to date, will use the fresh capital to hire talent from across the globe and expand its services. “We believe robotic process automation will achieve its full potential when it combines AI and the best human talent,” he said.
Laiye’s announcement today comes as the market for robotic automation process is still in nascent stage in China. There are a handful of startups looking into this space, but Laiye, which counts Microsoft as an investor, and Sequoia-backed UiPath are the two clear leaders in the market currently.
As my colleague Rita Liao wrote last year, it was only recently that some entrepreneurs and investors in China started to shift their attention from consumer-facing products to business applications.
Globally, RPA has emerged as the fastest growing market in enterprise space. A Gartner report found last year that RPA market grew over 63% in 2018. Recent surveys have shown that most enterprises in China today are also showing interest in enhancing their RPA projects and AI capabilities.
Laiye today has more than 200 partners and more than 200,000 developers have registered to use its multilingual UiBot RPA platform. UiBot enables integration with Laiye’s native and third-party AI capabilities such as natural language processing, optical character recognition, computer vision, chatbot and machine learning.
“We are very bullish on China, and the opportunities there are massive,” said Lightspeed partner Amy Wu in an interview. “Laiye is doing phenomenally there, and with this new fundraise, they can look to expand globally,” she said.