Horizon3.ai Releases A Deep Dive On An Ivanti Vulnerability

Posted in Commentary with tags on September 14, 2024 by itnerd

Horizon3.ai Exploit Developer James Horseman has just published “CVE-2024-29847 Deep Dive: Ivanti Endpoint Manager AgentPortal Deserialization of Untrusted Data Remote Code Execution Vulnerability” and posted a proof of concept exploit.

“Ivanti Endpoint Manager (EPM) is an enterprise endpoint management solution that allows for centralized management of devices within an organization. On September 12th, 2024, ZDI and Ivanti released an advisory describing a deserialization vulnerability resulting in remote code execution with a CVSS score of 9.8. In this post we detail the internal workings of this vulnerability. Our POC can be found here. We would like to credit @SinSinology with the discovery of this vulnerability.”

In addition to his detailed examination of the vulnerability and the vulnerability proof of concept, James also looks at the two main fixes he found in the patched version of EPM, and offers some caveats.

CVE-2024-29847 Deep Dive: Ivanti Endpoint Manager AgentPortal Deserialization of Untrusted Data Remote Code Execution Vulnerability: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29847-deep-dive-ivanti-endpoint-manager-agentportal-deserialization-of-untrusted-data-remote-code-execution-vulnerability/

Leave a comment »

Trump Says He Won’t Sell Truth Social Stake… Stock Soars

Posted in Commentary with tags on September 14, 2024 by itnerd

We’ve been speculating what Donald Trump will do with his stake in Trump Media. Will he hold onto the stock or sell it to pay for his various “problems”.

Here’s the answer:

Trump Media & Technology Group, the social media business owned by former president Donald Trump, surged on Friday after Trump said he has “absolutely no intention of selling” his stake in the Truth Social owner.

And:

“A lot of people think the reason it’s down is a lot of people think I’m going to sell, and if I sell, it’s not going to be the same,” Trump said. “But I have absolutely no intention of selling.”

That caused the stock to do this:

That’s still over 70% below what it started trading at. But it’s the first positive news that the stock has had in a while. But it wasn’t all good news for Trump. He had a bit of a meltdown in the style of a two year old because of this:

Trump’s declaration prompted the stock to go parabolic. Not surprisingly, NASDAQ stopped trading on the security, which is standard practice when a stock’s price experiences huge swings in one direction or another. Trading was halted twice, each for five minutes. The security was one of dozens of listings on the exchange to be halted on Friday.

In response, the ex-president went on Truth Social to express his bewilderment and to threaten the operators of the exchange:

Seriously, this guy has lost the plot, lost his mind, is a couple fries short of a Happy Meal. Pick the metaphor that works for you or leave one in the comments. The point is that for a guy who claims he understands business, this is a massive over reaction to a pair of very brief trading halts that happen all the time. And he did this on a good news day for his stock. Though as I mentioned he’s still underwater from where the stock started trading at.

Mark my words, this will be short lived. Something will happen either with the election, or with his numerous criminal proceedings or civil proceedings that will trigger him to sell this stock to get money in a hurry. And this will cause the stock to crash. I’m calling now, this is not over.

1 Comment »

Zoho Launches AI-Rich, Highly Extendable Version of Zoho Analytics, Democratizing Self-Service BI to Any Persona or Business

Posted in Commentary with tags on September 13, 2024 by itnerd

Zoho Corporation, a leading global technology company, today launched a new version of Zoho Analytics-Zoho’s self-service BI and analytics platform. Among more than 100 other enhancements, Zoho Analytics has developed powerful new AI and ML capabilities, enabling diagnostic insights, predictive analysis, and automated report and dashboard generation.

Additional advancements to Zoho Analytics include a custom ML model-building studio, seamless integration with Open AI, 25+ new data connectors, and third-party BI platform extensions. The new version of Zoho Analytics has added power, intelligence, and flexibility to serve a broader range of businesses and users than competitors in the market.

The latest version of Zoho Analytics has advanced across four key areas: Data Management, AI, Data Science & Machine Learning, and Extensibility. Below are notable highlights of the platform across these four categories. 

Data Management Hub 

Zoho Analytics has expanded its data management capabilities, adding Stream Analytics, ETL data pipelines, and metrics-layer enhancements to ensure broader access to more accurate data for businesses. Key data management additions to Zoho Analytics are as follows: 

  • Zoho Analytics has expanded its 500+ data connector portfolio by adding Stream Analytics, along with 25 other new data connectors.
  • Business users can now create and manage complex ETL data pipelines within the platform, specifically through the following actions:
    • Create end-to-end data pipelines using Zoho Analytics’ visual builder
    • Build Custom Transforms and ML models using the platform’s Python Code Studio
    • Transform data using natural language with Zoho’s AI assistant, Ask Zia
    • Access robust data management with an automatic versioning system and a new Sandbox environment
    • Orchestrate data pipelines using Zoho Flow
  • New Unified Metrics Layer enables users to define, standardize, monitor, access control, and catalog all business metrics in a single pane. The platform also extends to serve in a Headless BI mode, allowing data apps to consume the same metrics in real time for consistent and dependable insights.

BI Infused with Generative AI

Zoho Analytics has introduced Generative AI capabilities across the BI platform to accelerate the adoption of insights for a broad spectrum of user personas. The following AI-powered enhancements deliver more efficient, contextual, accessible, and intelligent insights and actions to the platform:

  • Diagnostic Analysis: Zoho’s AI-powered, automated insights engine, Zia Insights, now provides diagnostic analytics contextually, bringing decision intelligence into the platform.
  • Ask Zia, Zoho’s multi-lingual Natural Language Querying AI copilot, has been enhanced, allowing users to trigger actions and build custom data models. Users can now converse with Ask Zia within IM channels, including Microsoft Teams, to generate deeper, faster, and more contextual insights and actions.
  • Zoho Analytics has added Auto Analysis, enabling AI-powered automated metrics, report, and dashboard generation.
  • Zoho Analytics’ seamless Open AI integration-enabled by Retrieval-Augmented Generation (RAG)-drives more relevant and accurate query responses. Using Open AI APIs with BYOK, users can more easily find public datasets and create formula & SQL queries. 

Data Science and Machine Learning Studio

Zoho Analytics now features the Data Science and Machine Learning (DSML) Studio, supporting users to build custom machine learning models for specific business requirements. DSML Studio offers the following capabilities: 

  • DSML Studio offers AutoML, a no-code assistant, to build custom ML models easily. With feature engineering, hyperparameter tuning, and comprehensive model analysis, it enables users to train, test, compare, deploy, and manage models. 
  • Zoho Analytics also features Code Studio, the platform’s new integrated Python code environment where users can create custom ML models, as well as import Python models or externally built libraries, which can be executed within the platform. 

Platform Extensibility 

Zoho Analytics is more deeply extendable, adding new capabilities such as its no-code

builder for data connectors, actions framework, BI fabric, and client SDKs. Zoho Analytics is a composable platform on which any analytical solution can be built. The following are additional key extendability developments: 

  • Zoho Analytics’ new BI fabric enables businesses to consolidate insights from multiple BI platforms, such as Power BI and Tableau, onto one, easily accessible and searchable analytics portal. Access to the portal can be controlled with fine- grained access permissions.
  • Within Zoho Analytics, users can trigger actionable workflows, including URL and Webhook actions. The platform integrates seamlessly with Zoho Flow, enabling 500+ app triggers.
  • Zoho Analytics features a no-code data connector builder, allowing users to create custom connectors, to bring data from any custom application. sPartners can also build data connectors that can be published and sold on Zoho Marketplace. 

The new Zoho Analytics release features over 100+ updates, including new visualizations, enhanced dashboard building, audit and admin controls, revamped mobile apps, Right-to-Left (RTL) support, and more.

Pricing and Availability 

The New Version of Zoho Analytics is available immediately. For information on pricing, please visit: http://www.zoho.com/analytics/pricing.html

Leave a comment »

Salesforce unveils groundbreaking Agentforce platform

Posted in Commentary with tags on September 13, 2024 by itnerd

Recently, Salesforce found an estimated 41% of employee time being spent on repetitive, low-impact work. 

To answer this, Salesforce has launched its new autonomous agent platform, Agentforce, providing relief to overstretched teams. 

In contrast to now-outdated copilots and chatbots that rely on human inputs and struggle with complex tasks, Agentforce offers a new level of sophistication by operating autonomously, retrieving the right data on demand, building action plans for any task, and executing these plans without requiring human intervention. Like a self-driving car, Agentforce uses real-time data to adapt to changing conditions and operates independently within an organizations’ customized guardrails. 

Why Agentforce is a Game-Changer:

  • Autonomous Operation: Unlike traditional tools, Agentforce’s AI agents work 24/7 with full autonomy, delivering precise and immediate responses without needing human input.
  • User-Friendly Deployment: Deploy advanced AI agents swiftly with low-code functionality, using pre-built templates and natural language commands—no technical expertise required.
  • Seamless Data Integration: Agentforce integrates smoothly with existing company and customer data, including systems like Workday, ensuring agents have the relevant information to drive success.
  • Operational Scale: By blending AI, data, and action, Agentforce brings massive operational scale and transforms workflows across every industry, role, and department.

Agentforce for Service will be generally available on October 25, 2024. Some components of the Atlas Reasoning Engine launch in February 2025. Agentforce pricing starts at $2 per conversation; standard volume discounts apply.

Explore Agentforce.com here.

Leave a comment »

Rogers to Offer All-New iPhones, Apple Watches, And AirPods

Posted in Commentary with tags on September 13, 2024 by itnerd

Rogers will offer iPhone 16 and iPhone 16 Plus, which are built for Apple Intelligence with the all-new A18 chip, Camera Control, powerful upgrades to the advanced camera system, the Action button to quickly access useful features, and a big boost in battery life; iPhone 16 Pro and iPhone 16 Pro Max are powered by the A18 Pro chip and built for Apple Intelligence, featuring larger display sizes, Camera Control, innovative pro camera features, and a huge leap in battery life; Apple Watch Series 10, the thinnest Apple Watch yet, featuring the biggest, most advanced display of any Apple Watch, faster charging, water depth and temperature sensing, and the breakthrough health and fitness insights of watchOS 11; Apple Watch Ultra 2 in a stunning new black finish alongside a new Titanium Milanese Loop band; and a groundbreaking new lineup of AirPods models and features, including a brand-new design for AirPods 4.

Switch to Canada’s largest and most reliable 5G network with the iPhone 16 lineup. Rogers covers over 2,300 communities across the country and is now #1 in awards for Canada’s most reliable mobile network as awarded by umlaut and Opensignal. Enjoy great savings with Rogers when you trade-in an eligible iPhone for the new iPhone 16 lineup. And with select 5G plans, you can enjoy promo credits when you finance your iPhone 16 and iPhone 16 Pro, as well as special offers for connected devices.

iPhone 16 and iPhone 16 Pro models can be activated with an eSIM, a more secure alternative to a physical SIM card. With eSIM, users can quickly activate their cellular plan, store multiple cellular plans on the same device, and stay connected. Rogers supports eSIM Quick Transfer which allows users to transfer their existing plan to their new iPhone, and with eSIM Carrier Activation Rogers can digitally assign a user’s eSIM directly to their iPhone.

For more details on pricing and data plans, please visit rogers.com.

For more details on Apple products, please visit www.apple.com.

Leave a comment »

Ericsson unveils strategy for enterprise-driven 5G network adoption

Posted in Commentary with tags on September 12, 2024 by itnerd

Ericsson today announced its Enterprise 5G strategy that includes Private 5G and neutral host 5G solutions, designed to deliver business-critical connectivity across operational and public-facing enterprise environments. These innovative solutions enable both carpeted and industrial enterprises to advance innovation, safety, and operational efficiencies.

The Ericsson Enterprise 5G portfolio includes three solutions:

  • Ericsson Private 5G: A converged 4G/5G private cellular solution with industry and licensed spectrum support, offering flexible deployment models and best-in-class coverage, mobility, security, and latency.
  • Ericsson Private 5G Compact: A U.S. CBRS-based offering designed for enterprises that need robust connectivity in environments where Wi-Fi falls short, leveraging a simplified radio architecture (Previously branded as Cradlepoint NetCloud Private Networks).
  • Ericsson Enterprise 5G Coverage: A best-in-class neutral host solution, currently certified by all major U.S. carriers, that offers a simplified and scalable architecture compared to legacy DAS, resulting in attractive total cost of ownership for enterprises.

The Enterprise 5G portfolio leverages the broader Ericsson radio access network (RAN) portfolio, including the Radio Dot System for indoor deployments and small cell radios for outdoor. Acquisition costs are reduced through simplified subscription-based packaging with optional services and feature add-ons. Additionally, Ericsson has focused resources on pre- and post-sales support, including vertical expertise and training for channel partners which allows enterprise customers to focus on their business outcomes and innovation.

Customers can look forward to deploying and managing any solution in Ericsson’s Enterprise Wireless portfolio (Enterprise 5G, Wireless WAN, and SASE) under NetCloud Manager, a comprehensive cloud management and orchestration platform. Ericsson’s innovations remove the complexity that enterprise customers are challenged with when wanting to leverage the power of 5G:

  • Simplified deployments with seamless provisioning and configuration capabilities, unified policy management, and single-pane-of-glass visibility across the network.
  • Effortless enterprise 5G network operations, leveraging AIOps to turn visibility into actionable insights for enhancing performance. 
  • Streamlined lifecycle management making it easy to update, upgrade, and expand.
  • Innovative features driving business outcomes such as indoor 5G positioning to locate assets with high accuracy.

In a separate announcement, Ericsson also announced the new networked devices that complement private LTE, 5G, and coverage extension solutions for reliable connectivity where wired networking is unavailable or ineffective.

Leave a comment »

Quorum Cyber Announces Strategic Acquisition of Difenda

Posted in Commentary with tags , on September 12, 2024 by itnerd

Quorum Cyber – with offices in Edinburgh, UK, and Tampa, Florida – today announced the acquisition of Difenda, a Canadian-based, full-stack Microsoft Security Managed Services company. The announcement underscores Quorum Cyber’s global momentum and strengthens its position as a leader of Microsoft Security services. 

Since 2008, Difenda has grown to over 80 employees and serves a diverse range of customers across the manufacturing, financial services, energy, retail, technology, and healthcare industries. A Microsoft Solutions Partner for Security, the company has a growing customer base in the United States and Canada, with offices in Oakville, Ontario, and Goodyear, Arizona. 

With Difenda’s strong foothold in the North American market, today’s acquisition aligns with Quorum Cyber’s strategic objective to accelerate its global expansion and scale meaningfully into new regions. Simultaneously, joining Quorum Cyber will enable Difenda to deliver more value, new and enhanced services, and more Microsoft innovations for customers.

Today’s news follows Quorum Cyber’s significant investment from Boston-based private equity firm Charlesbank Capital Partners earlier this year. Charlesbank’s investment, support from existing investment partner Livingbridge, and the addition of Difenda arm Quorum Cyber with the firepower to take the business to new heights. 

About Quorum Cyber

Founded in Edinburgh in 2016, Quorum Cyber is one of the fastest-growing cyber security companies in the UK and North America with over 150 customers on four continents. Its mission is to help good people win and it does this by defending teams and organisations across the world and all industry sectors against the rising threat of cyber-attacks, enabling them to thrive in an increasingly hostile, unpredictable, and fast-changing digital landscape. Quorum Cyber is a Microsoft Solutions Partner for Security, a member of the Microsoft Intelligent Security Association (MISA), and a 2024 Microsoft Security Partner of the Year finalist. For more information, please visit www.quorumcyber.com or contact info@quorumcyber.com.

About Difenda

Difenda, headquartered in Oakville, Ontario, Canada, is a privately held Sec-Ops-As-A-Service company founded in 2008 that takes a “Cybersecurity-First, Microsoft-Always” approach to solve today’s toughest cybersecurity challenges. Focused on customer driven outcomes, Difenda delivers 24/7/365 security operations backed by modernized PCI, SOC 2 Type II, and ISO 27001 certified Cyber Command Centers (C3). As the winner of the 2023 Microsoft Security Impact Award and 2024 Microsoft Security Partner of the Year finalist, Difenda stands as a trusted provider of Microsoft Security services. The company has a tenured history as one of the first MSSPs to join the Microsoft Intelligent Security Association (MISA). Difenda belongs to an elite list of Microsoft Security Solutions Partners who hold Advanced Specializations in Cloud Security and Threat Protection, and having also achieved Microsoft Verified Managed XDR Solution status. For more information, visit www.difenda.com or contact www.difenda.com/get-started/.  

Leave a comment »

New Research Reveals Threats Disrupting The Transportation Industry

Posted in Commentary with tags on September 12, 2024 by itnerd

The transportation industry is the lifeblood of the global economy, however, as the world becomes increasingly interconnected, so too does the vulnerability of this critical sector. Between July 2023 and July 2024, phishing attacks on transportation organizations increased by an alarming 175%.

Today, Abnormal Security published their latest blog highlighting how ransomware, phishing, BEC and VEC attacks emerged as major threats in the transportation industry. 

In the blog, researchers note a ransomware attack on a freight shipping provider, Estes Express Lines, which disrupted systems for more than two and a half weeks and compromised personal data of 21,000 individuals including names, and Social Security numbers.

You can read more about the research here: https://abnormalsecurity.com/blog/transportation-industry-email-attack-trends

Leave a comment »

OWC Launches Envoy Ultra Thunderbolt 5 SSD

Posted in Commentary with tags on September 12, 2024 by itnerd

 Other World Computing today announced the launch of the Envoy Ultra Thunderbolt 5 SSD – ready for pre-order today (shipping in October). Designed to maximize the performance of  Mac and PC devices with Thunderbolt 5, Thunderbolt 4 Thunderbolt 3, and USB4, this groundbreaking SSD sets a new benchmark with revolutionary speeds exceeding 6000MB/s – making it up to twice as fast as Thunderbolt 4 and USB4.

Providing unparalleled speed and versatility for professionals and enthusiasts alike, the Envoy Ultra Thunderbolt 5 SSD is:

  • Faster than Fast – Revolutionary speed over 6000MB/s…up to 2x faster than Thunderbolt 4 and USB4.
  • Machine Maximizing – Gets the most speed possible from Thunderbolt 5, Thunderbolt 4, Thunderbolt 3, and USB4 machines.
  • Ready for Anything – Easily handle daily data needs to pro-level creative projects while matching internal storage performance.
  • Versatile – Works with Macs, PCs, iPad Pros, Chromebooks, and Surface devices.
  • Rugged – Water-resistant, dust-resistant, and crushproof.
  • Convenient – Bus-powered with built-in Thunderbolt cable.
  • Silent – Fanless, heat-dissipating aluminum design.

Envoy Ultra Thunderbolt 5 SSD – Availability and Pricing

The new Envoy Ultra Thunderbolt 5 SSD will be available in 2.0TB and 4.0TB capacities for $399.99 and $599.99 respectively.  It is available now for pre-order and will start shipping in late October. 

OWC Thunderbolt 5 (USB-C) Cable

In related news, OWC also announced today the general availability (GA) release of the OWC Thunderbolt 5 (USB-C) Cable. This high-performance cable is designed to deliver the full potential of Thunderbolt 5, offering up to 80Gb/s of bi-directional data speed and up to 120Gb/s for higher display bandwidth needs. Compatible with Thunderbolt 3, Thunderbolt 4, USB4, and USB-C devices, the OWC Thunderbolt 5 Cable ensures seamless connectivity and unparalleled performance for all your data, video, and power needs.

OWC Thunderbolt 5 (USB-C) Cable – Availability and Pricing

The OWC Thunderbolt 5 (USB-C) cables are available now in lengths of .3M, .8M, and 1.0M for $22.99, $27.99, and $39.99, respectively.

IBC2024

The new Envoy Ultra Thunderbolt 5 SSD and the OWC Thunderbolt 5 (USB-C) Cable will be on display at IBC2024, taking place September 13-16 at the Auditorium Complex at the RAI in Amsterdam (Hall 7, Stand 7A.60).

Leave a comment »

Canada Is A Global Leader In Ethical AI Adoption According To Research From Sage And Forrestor

Posted in Commentary with tags on September 12, 2024 by itnerd

Sage, the leader in accounting, financial, HR, and payroll technology for small and mid-sized businesses (SMBs), and global analyst firm, Forrestor have released a global survey, as well as trend predictions, which provide a compelling vision of the future of AI in accounting in Canada and around the world.  

The research found that Canadian firms were leaders in adopting ethical AI training and policies. In particular, the research found that Canadian firms demonstrate a strong commitment to ethical governance by taking a proactive approach to addressing the operational and ethical implications of AI, ensuring that AI technologies are deployed responsibly and transparently.   

Overarching theme: A Leader in Ethical AI and Strategic Innovation:

  • Canada is positioning itself as a leader in ethical AI adoption, with 76% of firms engaged in regular ethics training and 69% having established formal AI ethics policies. This strong commitment to ethical governance reflects Canada’s proactive approach to addressing the operational and ethical implications of AI, ensuring that AI technologies are deployed responsibly and transparently.
  • Canada is also at the forefront of AI-driven forecasting and planning, with 31% of businesses reporting significant improvements in accuracy due to AI integration. This advanced use of AI highlights Canada’s strategic focus on leveraging technology for enhanced decision-making and financial performance. However, Canada shows potential vulnerabilities in data security, with 21% of firms reporting no specific measures in place to manage AI-related security and privacy risks.
  • Addressing these gaps will be essential as Canada continues to scale its AI initiatives. Despite this, Canada’s strong emphasis on ethical AI practices and strategic innovation positions it as a global leader in the responsible and effective use of AI in accounting

Other notable stats:

  • How AI will impact financial data access: 40% of respondents in Canada predict that real-time data will become the primary basis for major financial decisions, indicating a strong move towards more immediate and AI-driven decision processes. (compared to 38% globally)
  • AI’s efficiency on accounting processes: Canadian firms exhibit strong optimism about AI’s potential to enhance efficiency, particularly in anomaly detection and monthly close tasks, with significant proportions expecting improvements beyond 40%. This reflects a confidence in AI to streamline complex and time-sensitive accounting processes.
  • AI’s impact on hiring: Canada has the most pronounced increase in hiring with 24% reporting a significant increase, possibly indicative of a proactive approach in integrating AI into more strategic roles. (compared to 18% globally)
  • Challenges in adopting AI: In Canada, data quality issues stand out, with 65% of respondents highlighting them as a concern, signalling a strong focus on ensuring the integrity and reliability of the data used in AI systems.
  • Data security and privacy: Canada shows a varied approach with notably lower engagement in employee training (41%) compared to the global average. However, a significant 21% report no specific measures in place, the highest among all countries, suggesting a potential area for improvement.
  • Employee concerns around AI: Today, Canada places a strong emphasis on training (51%) and is relatively conservative with implementing incentives (31%). It exhibits lower engagement in transparent communication (38%) compared to other regions, suggesting a more structured approach to AI integration.
  • Benefits of AI in accounting: Canada showcases strong satisfaction in AI’s role in enhancing processing times (88% satisfied or very satisfied) and accuracy in financial data (83%). However, it reflects room for improvement in better cost savings where only 82% feel positive, indicating potential gaps in achieving financial efficiencies through AI.
  • AI and the strategic role of accounting: Canada demonstrates a solid belief in AI’s capacity to enhance accounting practices, with 53% agreeing or strongly agreeing that AI will allow for the complete elimination of monthly closes. Canadians also hold optimistic views on AI improving workplace productivity, with 63% affirming that AI will streamline operations significantly by 2030.

You can read more details here.

Leave a comment »

« Older Entries
Newer Entries »