Archive for May 23, 2024

OVHcloud Adds Qiskit To Market Leading Quantum Notebooks Portfolio

Posted in Commentary with tags on May 23, 2024 by itnerd

OVHcloud today announces at France Quantum 2024 updates to its Quantum Notebooks portfolio. 

To further support the rapid growth and development of quantum computing, OVHcloud adds a new Quantum Notebook supporting the IBM-developed open-source QiskitTM SDK. This new addition completes OVHcloud already impressive set of Quantum Notebooks available in the Cloud, including Alice & Bob, C12, Eviden, Pasqal and Quandela. OVHcloud is one of IBM’s recommended notebook environment solution for users of the IBM Quantum Lab, which was sunset on 15 May, 2024.

Leveraging state of the art technologies, OVHcloud offers developers and students alike the opportunity to develop today, the algorithms of tomorrow. With the notebooks designed to program a wide variety of Quantum computer architectures, OVHcloud continues to support the development of a truly vibrant Quantum ecosystem. The addition of Qiskit, the most-used Quantum development framework in the world, allows for programmers to create software using the Python development language to program Quantum computers, including algorithms, circuits and pulses.

The Quantum Notebook with Qiskit is available now from the OVHcloud Public Cloud universe. Registered startups within the OVHcloud Startup Program can access the Qiskit SDK, through the Quantum Notebook now. Eligible students can get free access to the whole range of OVHcloud Quantum Notebooks, including Qiskit.

Resources

Leave a comment »

Elon Musk Has Decided To Make “Likes” Private On Twitter And Remove Likes Tab From Profiles

Posted in Commentary with tags on May 23, 2024 by itnerd

From the “this is a very cynical move” department comes this move to make “likes” private on Twitter and outright remove likes tab from profiles. This was confirmed in this Tweet:

Haofei Wang is director of engineering over at Twitter. At least until Elon decides to fire him on a whim. In any case, since he is in a position to know, this move can be taken as fact. The question is why is this happening. From where I sit, this means that Twitter which under Elon has become a cesspool of hate and other evil things has less accountability than it did before this move. Now with this move, the hate mongers, racists, and conspiracy theorists among others can fly under the radar without fear of being called out for liking a Tweet that is vile and unacceptable in a civil society. Which is likely what Elon wants seeing as he’s all for those sorts of people. The other side effect is that it will make it harder for brands to avoid having their ads next to content that they don’t like. I’m sure that that part will be marketed by Elon as “See there’s no issues here. Come back and advertise.” Which to be clear, no brand should be advertising on Twitter. And this move underscores why that’s the case.

Leave a comment »

Palo Alto Networks Unit 42 Research: Chinese APT Campaign Targeting Global Political Entities

Posted in Commentary with tags on May 23, 2024 by itnerd

Today, Palo Alto Networks Unit 42 released research about a Chinese APT group that has been conducting an ongoing campaign, Operation Diplomatic Specter, targeting political entities in the Middle East, Africa, and Asia since at least late 2022. 

Highlights in Unit 42’s analysis of the active campaign include:

  • The threat actor’s long-term espionage operations against at least 7 government entities, leveraging rare email exfiltration techniques against compromised servers. 
  • Operation Diplomatic Specter closely monitors contemporary geopolitical developments, attempting to acquire sensitive and classified military, political, and diplomatic data, which can potentially jeopardize national security and economic stability. 
  • The threat actor uses rare and unique techniques, tools and procedures, to exploit internet-facing server vulnerabilities, adapting their tactics to infiltrate mail servers for daily exfiltration.
  • As part of its espionage activities, the group makes use of a previously undocumented family of backdoors, including those that we have named TunnelSpecter and SweetSpecter.

Given the Government of Canada’s recent announcement of its first Enterprise Cyber Security Strategy, with a focus on ensuring that the Government can quickly and effectively combat cyber threats and address vulnerabilities across the government’s digital estate, this new report from Palo Alto Networks information ties in well with the cybersecurity landscape and the looming electoral landscape.
 
To explore the full analysis, please click here

Leave a comment »

Adyen Enables Tap to Pay on iPhone for Merchants to Accept Contactless Payments in Canada

Posted in Commentary with tags on May 23, 2024 by itnerd

Adyen has announced that it now enables its Canadian businesses to seamlessly and securely accept in-person contactless payments with Tap to Pay on iPhone. Tap to Pay on iPhone accepts all forms of contactless payments, including contactless credit and debit cards, Apple Pay, and other digital wallets, using only an iPhone and a supported iOS app – no additional hardware or payment terminal is needed.

In tandem with the new feature, Adyen has welcomed prominent retailers including Mackage, by partnering with NewStore, to its merchant base. Mackage can now accept contactless payments from customers using only an iPhone, providing an added level of convenience for customers. Mackage customers can experience Tap to Pay on iPhone at all stores across Canada, where they can “check out” without having to wait in line at the cashier. Canadian shoppers now have access to a fast, efficient, and easy shopping experience at their fingertips.

Using Tap to Pay on iPhone is easy, secure, and private. With Tap to Pay on iPhone, merchants will simply prompt the customer to hold their contactless payment method near the merchant’s iPhone, and the payment will be securely completed using NFC technology.

Apple’s Tap to Pay on iPhone technology uses the built-in features of iPhone to keep the merchants’ and customers’ data private and secure. When a payment is processed, Apple doesn’t store cards or transaction information on the device or on Apple servers. Tap to Pay on iPhone will enable Adyen’s customers to stay at the forefront of innovation by:

  • Simplifying in-person payments by removing the dependence on payment hardware to accept transactions, providing a complementary way to accept payments for line-busting.
  • Getting up and running quickly with installation and onboarding, allowing businesses to scale up their payment operation.
  • Providing secure and fast checkout experiences that increases mobility on location.
  • Allowing for a convenient and private way to pay for customers since transactions are encrypted and payment data is protected by the same technology that makes Apple Pay private and secure.

Adyen customers can contact their Account Manager to learn more about enabling Tap to Pay on iPhonefor their business. To learn more, visit https://www.adyen.com/devices/tap-to-pay-on-iphone.

Leave a comment »

ARPA-H Offers $50M Challenge To “UPGRADE” Hospital Cyber Defences 

Posted in Commentary with tags on May 23, 2024 by itnerd

The US government’s Advanced Research Projects Agency for Health (ARPA-H) has committed over $50 million to developing technology aimed at automating the security of hospital IT environments.

The initiative, named Universal PatchinG and Remediation for Autonomous DEfence, or UPGRADE, will bring together equipment manufacturers, cybersecurity experts, and hospital IT staff to create a customized and scalable software suite for enhancing hospital cyber-resilience. 

The program’s goal is to secure entire systems and networks of medical equipment, ensuring mitigation measures can be deployed on a large scale.

UPGRADE will concentrate on four key technical areas:

  1. Creating a platform for vulnerability mitigation
  2. Developing high-fidelity digital twins of hospital equipment
  3. Establishing methods to swiftly and automatically detect software vulnerabilities
  4. Creating defences for identified vulnerabilities

This week, the agency invited teams to apply for funding, totalling tens of millions of dollars, to develop and implement UPGRADE.

Stephen Gates, Principal Security SME, Horizon3.ai had this comment:

   “In the context of rapidly and automatically detecting software vulnerabilities, the UPGRADE program tends to miss the point of exploitable vulnerabilities – and other weaknesses. Addressing exploitability appears to be the missing link here.

   “Software vulnerabilities are nothing new and vulnerable software discoveries will never cease to challenge organizations’ rapid patching efforts. Simply put, all software has hidden vulnerabilities but not all vulnerabilities are exploitable.

   “What medical organizations (and any other organization) need today is a proven methodology of uncovering blind spots in their security postures that go beyond known and patchable vulnerabilities, such as easily compromised credentials, exposed data, misconfigurations, poor security controls, and weak policies. These issues are the catalysts that most often enable successful cyber-attacks.

   “Today, autonomous cyber risk assessment technologies are readily available to continuously test any organizations’ infrastructure to safely expose where they are at risk of exploitation by threat actors. Without this visibility, organizations will continue to remain at least one step behind attackers with no end in sight.

   “The challenge is that the majority of organizations have zero visibility into what is exploitable in their environments and what is not. They continue to be reactive to every vulnerability announcement, instead of being proactive by finding what threat actors can actually exploit. Throwing every defensive measure at the problem will not solve a condition of exploitability either, as it often just hides it. Once exploitability is proactively addressed, measurable security improvement will be the result.”

I’ve been saying for a long time that the health care sector is low hanging fruit for threat actors. Hopefully initiatives like this one will tip the scales in favour of the good guys as the status quo of health care organizations getting pwned is not sustainable.

Leave a comment »