Sage launches two new integrated suites in Canada and the UK  

Posted in Commentary with tags on May 8, 2024 by itnerd

Sage, the leader in accounting, financial, HR, and payroll technology for small and mid-sized businesses (SMBs), has launched two new suites in Canada and the UK, to transform how SMBs and accounting practices operate and grow their business.  

Bringing together Sage’s award-winning accounting, HR, and business management tools into two scalable solutions, Sage for Accountants and Sage for Small Business, marks a significant step forward in Sage’s commitment to championing SMBs, accountants and bookkeepers. 

The new suites are purpose-built to meet the changing needs of accountants, bookkeepers and SMBs, helping them to get more done by freeing up time, whilst boosting efficiency and productivity. With Sage for Accountants and Sage for Small Business, users can focus on what matters most, from growing their business and providing great service to pursuing their passions outside of work. 

Three customizable membership plans — Essentials, Standard, and Premium — will scale to match the unique needs of businesses and accounting practices. Small businesses, accountants and bookkeepers are now able to self-manage users and subscriptions, all in one integrated solution that is paid for on a single monthly invoice. 

Introducing Sage for Accountants  

Designed to enhance the functionality and productivity of accounting practices, Sage for Accountants streamlines client management, simplifies operations, boosts efficiency and enhances client collaboration. Even for those not using Sage ledger tools, it enables continuous accounting with seamless integration between tools, so they can harness the value of every tool across all their clients, freeing up more time for client relations.  

With evolving market demands, Sage for Accountants is an integrated experience that will help practices to:  

  • Win and onboard more profitable clients: Attract high-value clients efficiently by leveraging access to one of the largest accountants’ communities worldwide and a comprehensive accounting directory. 
  • Boost productivity with efficient compliance services: Ensure regulatory compliance with ease and confidence using Sage for Accountants, saving valuable time and resources. 
  • Deliver a trusted advisory service: Provide clients with expert insights and guidance for business growth, enhancing their trust and fostering long-term relationships. 

Empowering SMBs with Sage for Small Business 

Making it even easier for entrepreneurs and small businesses to run and grow their business, Sage for Small Business simplifies the long list of jobs to be done from managing cashflow to engaging and managing a team of people. By bringing together critical business tools and expert advice designed for small businesses into a single suite, business owners can free up their time to focus on growing their business and what truly matters to them.  


The suite enables small businesses to start with what they need and will grow with them, helping them to: 

  • Streamline repetitive tasks: Enabling real-time data flow across accounting, payroll and HR from a single user interface, simplifying operations and saving small business owners’ valuable time.  
  • Gain enhanced business insights: With instant access to critical business and financial information, business owners can make smarter decisions, and collaborate closer with accountants on the same digital data. 
  • Remain confident with compliance: With over 40 years of experience building small business technology, offering a wealth of advice and award-winning support and services, Sage helps ensure small business owners have access to simplified tax, VAT and payroll compliance through the latest technology. 


Sage Copilot to be integrated into suites 

As part of the launch of the new suites, UK customers will be the first to get access Sage Copilot, a new generative AI powered productivity assistant.  

Integrated within Sage for Accountants and Sage for Small Business, Sage Copilot is designed to transform operations by automating routine administrative tasks and offering real-time business insights. This allows small businesses to operate more efficiently, and accountants and bookkeepers to make smarter, faster decisions, and focus more on strategic client management rather than administrative tasks.  

Sage Copilot will initially be launched in the UK in 2024. Canada is the next region Sage Copilot will be rolled out to and will be available at a later date. 

For more information, please visit Sage for Accountants and Sage for Small Business
 

Leave a comment »

Netcraft Announces New AI-Powered Innovations to Disrupt and Expose Criminal Financial Infrastructure

Posted in Commentary with tags on May 8, 2024 by itnerd

Netcraft announced its new Conversational Scam Intelligence platform at RSAC in San Francisco, which builds on Netcraft’s intentional approach to using AI to stay ahead of criminals and protect client brands and customers.

The FBI reports that US losses to investment and “pig-butchering” scams were $4.6 Billion in 2023, a 38% increase over 2022. Through carefully constructed generative AI, the Conversational Scam Intelligence platform enables Netcraft and its customers to disrupt these nefarious scam attempts at scale, uncovering the underlying financial account networks and deploying countermeasures against criminal infrastructure.

By engaging criminals identified through its proprietary threat intelligence in private message threads, Netcraft’s AI exposes the scam in its entirety, extracting critical insight that can be used to disrupt and prevent future attacks. This innovative approach helps protect against tactics like pig-butchering, where scammers leverage direct messages, a previously undetectable threat source, to lure victims into sending money to fraudulent schemes.

Early results show a significant impact, accurately identifying the hidden financial infrastructure used in pig-butchering scam attempts, including thousands of criminal-controlled bank accounts, mule accounts, crypto wallet addresses, etc. Leveraging this evidence, Netcraft’s customers can flag or block payments to and from compromised accounts before any transaction has occurred, mitigating risk exposure for banking providers around the globe.

The regulatory landscape is shifting: US senators are pushing for greater accountability for financial institutions, and the UK now requires institutions to bear a 50:50 financial risk for fraudulent push payments. In response, banking leaders must deploy new strategies to react to current threats and intercept criminal behavior. Critical interventions like the use of AI to increase visibility and deploy proactive countermeasures provide a valuable new tool for anti-fraud, payment risk, and security teams worldwide.

AI, machine learning, and 70,000+ human-written rules are at the core of Netcraft’s detection, disruption, and takedown services. Leveraging advances in generative AI to anticipate – and prevent – criminal behavior was a natural next step.

Resources

Leave a comment »

Cado Security Introduces First-Ever Support to Perform Investigations in Distroless Container Environments

Posted in Commentary with tags on May 8, 2024 by itnerd

Cado Security, provider of the first investigation and response automation platform, today announced the world’s first solution to perform forensic investigations in distroless container environments. With Cado Security’s new offering, security teams can investigate the root cause, scope, and impact of malicious activity detected within distroless container environments to gain greater visibility into cloud risk.

Distroless containers are designed for efficiency and security, stripped of standard OS components like shell utilities and package managers. While these containers offer some security benefits by minimizing the attack surface, they actually leave a huge security blindspot when something malicious does indeed occur. Until today, it was impossible to perform an investigation in these environments, resulting in a significant visibility gap.

Cado Security delivers a first-of-its-kind solution that addresses the unique challenges distroless containers introduce for security teams. Cado’s unique patent-pending approach collects data from distroless and private clusters without impacting the target container to enable immediate investigation. The collected data includes running processes, crucial log files, and forensic artifacts. Cado also uses its previously open-sourced “varc” toolset to collect memory from individual processes for forensic analysis. This evidence is then seamlessly presented in the Cado platform for unprecedented visibility into cloud risk.

Join Cado Security at RSA 2024: Visit the team at Booth #4316 or schedule an on-site meeting during the RSA Conference in San Francisco from May 6-9. For more information about Cado Security’s Distroless Container Support, please visit https://www.cadosecurity.com/blog/cado-introduces-first-ever-support-to-perform-investigations-in-distroless-containers.

Leave a comment »

UK Military Payroll Provider Pwned… Military Members Data Accessed

Posted in Commentary with tags on May 8, 2024 by itnerd

Yesterday the BBC reported that a hack targeting a third-party payroll system used by the Ministry of Defence resulted in the unauthorized access of the personal information of an unknown number of UK military personnel.

In what is being considered a “significant data breach”, compromised data described as “personal HMRC-style information” includes names, bank details, and, in a very small number of cases, the personal addresses of both current and former members of the Royal Navy, Army and Air Force from over a period of several years.

The MoD is in the process of notifying those affected, including making veterans’ organizations aware of what has happened. 

Tomorrow, Defense Secretary Grant Shapps is due to update MPs about the hack in the Commons where he is expected to set out a “multi-point plan”, including actions to protect affected service men and women.

While it has not been disclosed who is behind this hack, it comes shortly after the government publicly accused China of the 2021 hack targeting millions Electoral Commission voters and the NCSC said Russian intelligence was behind a “malicious cyber activity attempting to interfere in UK politics and democratic processes”.

Dave Ratner, CEO, HYAS had this to say:

   “Third-party breaches like this one and others will unfortunately continue and likely increase in volume; our increasing reliance on Cloud services and various third-party relationships dramatically increases the attack surface and creates a venerable panacea of entry points that can be exploited.  Only with the rapid implementation of cyber resiliency solutions, capable of seeing the telltale signs of a breach early and shutting it down before data is stolen, will we actually be able to stem the tide.”

Third party data breaches are getting just as bad as ransomware attacks. It’s time for it to stop as this is a situation that has become insanely bad. Which is not good for any of us.

Leave a comment »

Wichita Kansas Has Been Pwned In A Ransomware Attack

Posted in Commentary with tags on May 8, 2024 by itnerd

On Monday, the City of Wichita, Kansas disclosed it was forced take portions of its network offline after suffering a ransomware attack on Sunday when IT systems were encrypted with ransomware.

At this time, it is not known whether data has been stolen. Currently, the online payment systems for the City are down, such as those used for paying water bills, court citations and tickets. The City says that emergency services are still available, with the police and fire departments switching to “business continuity measures as necessary”.

   “We are completing a thorough review and assessment of this matter, including the potential impact on data. Detailed assessments of these types of incidents take time,” government officials shared on the City of Wichita’s website. 

The city is not sharing what ransomware gang is behind the attack. But we’ll likely know soon enough.

Emily Phelps, Director, Cyware had this comment:

   “This ransomware attack reinforces the critical need to protect our urban centers and infrastructure. Threat intelligence sharing organizations and the adoption of a collective defense mindset can help public entities outpace adversaries by proactively safeguarding against known threats. By actively participating in these collaborative networks, municipalities can access shared insights and strategies, enabling them to respond more effectively and proactively to cyber threats. Implementing advanced cybersecurity measures and fostering a culture of collective defense are vital steps in ensuring that our cities remain resilient against persistent cyber attacks. This proactive approach not only helps in quicker recovery post-incident but also strengthens the overall security posture to prevent future attacks.”

Another day, another ransomware attack. It’s almost become background noise because it is so common. But it shouldn’t because the second that it does, it will take a situation that is already pretty bad and make it far worse because nobody is paying attention.

1 Comment »

Fubo Canada Serves Up A Limited Time Promo Offer

Posted in Commentary with tags on May 7, 2024 by itnerd

Fubo is offering Canadians another exciting, limited time offer for subscribers on its Sports Quarterly or Annual plan, starting as low as $9.99 a month!

Until July 19, 2024, new subscribers can save 54 per cent for three months (savings of $35.00) on the Quarterly plan, or 32 per cent off for twelve months (savings of $70.00) on the Annual Sports plan, bringing Canadians more of the content they love, for less. 

Canadians can learn more and take advantage of this limited time offer at this link: Watch the Premier League all season | Fubo

Leave a comment »

ESET Opens First Local Data Center In Canada

Posted in Commentary with tags on May 7, 2024 by itnerd

ESET has announced the establishment of its first local data centre in Canada, marking a significant milestone in its commitment to delivering unparalleled service and security to its customers across the country. 

The local data centre plays a crucial role in accelerating the delivery of ESET’s innovative cybersecurity solutions to Canadian businesses and individuals. By leveraging state-of-the-art technology and robust infrastructure, ESET will be able to deploy updates and patches more efficiently, ensuring that customers are always protected against the latest threats.

The launch of the new data centre represents a strategic investment in Canada’s cybersecurity infrastructure, enabling ESET to better serve its growing customer base with faster response times, enhanced data protection and improved overall performance.

The importance of a local data centre is critical with cybersecurity threats evolving rapidly. By housing critical data and infrastructure within Canada’s borders, ESET ensures compliance with local regulations and provides customers with peace of mind knowing that their sensitive information remains secure and protected.

ESET Canada remains dedicated to empowering Canadians to enjoy the full potential of the digital world without compromise. With the establishment of its local data centre, ESET reaffirms its position as a trusted partner in cybersecurity, committed to safeguarding the digital lives of individuals and businesses across the country.

Current ESET customers can rest assured that a local representative will reach out to discuss options available for transferring data.

Leave a comment »

North Korean Actors Exploit Weak DMARC Security Policies to Mask Spearphishing Efforts

Posted in Commentary with tags on May 7, 2024 by itnerd

So let’s do a bit of quick education before we get to the story.

DMARC: Domain-based Message Authentication, Reporting and Conformance is an email authentication protocol designed to give email domain owners the ability to protect their domain from unauthorized use, commonly known as email spoofing. 

With that out of the way, this story will now make a bit more sense. The NSA has put out a statement about North Koreans who are using weak security policies related to DMARC to facilitate their efforts to spearfish targets in the US and beyond:

The DPRK leverages these spearphishing campaigns to collect intelligence on geopolitical events, adversary foreign policy strategies, and any information affecting DPRK interests by gaining illicit access to targets’ private documents, research, and communications.

“Spearphishing continues to be a mainstay of the DPRK cyber program and this CSA provides new insights and mitigations to counter their tradecraft,” said NSA Cybersecurity Director Dave Luber. 

The report contains background on the DPRK’s cyber program and past information-gathering examples, an explanation of how a strong Domain-based Message Authentication Reporting and Conformance (DMARC) policy can help block DPRK actors, red flag indicators of malicious activity, two sample emails used by DPRK cyber actors, and mitigation measures.

Al Iverson, Industry Research and Community Engagement Lead for Valimail had this comment: 

“North Korea found a way to exploit something that security and deliverability experts have been worried about over these past few months; there’s a whole bunch of domain owners out there who are not necessarily security savvy, and perhaps focused more on email marketing efforts. Those domain owners (and there are more than a million of them out there) were quick to implement a bare minimum DMARC policy to comply with new mailbox provider sender requirements. What they didn’t realize, is that this can leave the domain unprotected against phishing and spoofing. 

People must protect their domain by fully implementing DMARC properly to ensure that bad guys find no phishing or spoofing success when they work their way down the list of domains… to yours.

The NSA, the FBI and the U.S. Department of State have identified this as an issue already and Valimail is fully aligned with the advisory they issued at the end of the week.”

If I were the person in charge of email in an organization, I’d be reading this report, and then get about figuring out how to not be the North Korean’s next victim. Because clearly this is a today problem and not something that you can get to whenever.

2 Comments »

What Apple Didn’t Mention In Their Let Loose Event

Posted in Commentary with tags on May 7, 2024 by itnerd

Apple this morning had their “Let Loose” event which announced a bunch of new iPads and accessories along with the M4 processor that is being used in the new iPad Pro. But Apple didn’t mention a bunch of things during the event. And that can be more interesting in my opinion. Here’s my list of what they didn’t mention:

  • Apple mentioned Vision Pro at the top of the event. They highlighted how it is being used by doctors and even Porsche, but they didn’t mention when it would go on sale outside the US which I find curious. After all, why mention something that is unrelated to what your event is all about just to say how it’s being used. That doesn’t make sense.
  • At the end of the event, Apple mentioned that the entry level 10th generation iPad had dropped in price. But what they didn’t mention is that the 9th generation iPad has been killed off. That means that Apple no longer sells an iPad with a physical home button. RIP.
  • Apple mentioned during the introduction of the new iPad Pro an option for nano texture glass to reduce glare. What they didn’t mention is that this option is only available on the 1TB and 2TB models. Which is a typical Apple move to separate you from your money.
  • Apple didn’t mention that the base 256/512GB iPad Pro models come with a 9-core M4 chip which is made up of 3 Performance cores. If you want all 4 Performance cores, you’ll need to buy the 1TB model. In effect, if you want the best performance, you need to spend more money.
  • Apple also didn’t mention that in the new iPad Pro and iPad Air cellular models, there’s no 5G mmWave antenna. Instead it’s straight 5G. It’s an interesting omission as a few years ago, Apple made a really big deal about 5G mmWave as you could get insanely fast speeds with it. As in above gigabit speeds if you were in the right place. However, the rollout of mmWave has been rocky in the US. And mmWave really doesn’t exist outside the US. So I guess Apple decided to ditch it. While I’m at it, I should mention that these models are now eSIM only as well. So no physical SIM card for you iPad fans.
  • If you’re buying a new iPad Pro and you were hoping to use your old Apple Pencil, not so fast. Unless you have the USB-C version of the Apple Pencil, these new iPads will only work with that USB-C model and the new Apple Pencil Pro. By the way, am I the only person who finds the name “Apple Pencil Pro” to be a bit odd? What makes a pencil “Pro”? Serious question.
  • The ultra wide camera is gone from the new iPad Pro. This is an odd move as well.
  • The iPad Pro loses a microphone. The previous generation had 5 microphones. The new one has 4. What difference does that make? Who knows? But it is worth noting.

That’s everything that I noted that Apple did not mention. But it is likely that I missed something. If I did, pop a comment down below and share it with all of us.

Leave a comment »

Developers Spending More Time Firefighting Issues Than Delivering Innovation: Cisco

Posted in Commentary with tags on May 7, 2024 by itnerd

Cisco today unveiled findings from a survey that details how software developers are spending more than 57% of their time being dragged into ‘war rooms’ to solve application performance issues, rather than investing their time developing new, cutting-edge software applications as part of their organization’s innovation strategy.  

Software developers play a critical role in building, launching and maintaining the applications and digital services that are essential to the way modern organizations operate today, and the pressure on them has never been higher. Globally, 85% of those surveyed report encountering increased pressure to accelerate release velocity, while 77% point to mounting pressure to deliver seamless and secure digital experiences.  

But while developers are being expected to deliver new tools and functionality at ever faster speeds, they also find themselves on the receiving end of endless demands to help Site Reliability Engineers (SREs) and IT operations teams manage the ongoing availability and performance of applications. The result is teams of developers spending hours in war room meetings and debugging applications, instead of creating code and building new applications.  

 
Lack of Critical Insight into Application Performance 
 

Developers report that the issue is down to their organizations not having the right tools and visibility required to understand the root cause of application issues. They believe this stems from IT departments lacking a full and unified view into applications and the supporting IT stack. Developers are acutely concerned about the potential consequences this could have, with three quarters (75%) of those surveyed fearing that the lack of visibility and insight into IT performance is increasing the chances of their organization suffering downtime and disruption to business-critical applications. 

The situation is significantly affecting morale amongst developers, with 82% admitting that they feel frustrated and demotivated, and 54% increasingly inclined to leave their current job. These findings should ring alarm bells for organizations who are now dependent on developers to create the compelling, intuitive digital experiences that customers and users expect. With demand for developer skills at an all-time high and a finite pool of talent, businesses cannot afford an exodus of talent simply because their IT teams don’t have the tools they need to do their jobs.  

The Potential for Full-Stack Observability 

Encouragingly, developers are acutely aware that there are solutions available to address these concerns, and as many as 91% feel that they should be playing a bigger role in shaping and deciding on the solutions needed within their organization. Above all else, developers point to full-stack observability as being a potential game changer, providing SREs and IT operations teams with unified visibility into applications and supporting infrastructure, across both cloud-native and on premises environments. 

While developers themselves may not be the primary users of full-stack observability solutions – focusing instead on their specific areas of domain expertise – 78% believe that implementing full-stack observability within their organization would be beneficial. Developers recognize the benefits of having unified visibility across the IT estate and acknowledge that full-stack observability would make it much easier and quicker for operations teams to identify issues, understand root causes, and carry out necessary remediation. In turn, this would result in fewer technologists from multiple domain teams being required to attend war room sessions, and free up that talent – including developers – to focus on their day jobs. 

76% of developers went so far as to state that it’s becoming impossible for them to do their job because SREs and IT operations teams don’t have the insights they need to effectively manage IT performance. This explains why 94% point to full-stack observability as the single thing that would most help them to escape war rooms and focus on innovation. 

The Role of AI 

Alongside full-stack observability, many developers (39%) also feel that their organization (and they themselves) would benefit from deploying AI to automate application issue detection and resolution. Rather than relying on manual processes, AI can enable IT teams to cut through overwhelming volumes of application data to identify the most serious issues and apply fixes in real-time.  

In addition, developers are ready to embrace new ways of working within the IT department to drive greater efficiency and productivity, and a more streamlined approach to managing application performance. The majority (57%) believe that there needs to be greater ongoing collaboration between developers and IT teams. This is already being seen in shift left testing and widespread adoption of DevOps and DevSecOps methodologies, so that application availability, performance and security considerations are embedded into the development lifecycle from the outset. 

The research can be found here.

Leave a comment »

« Older Entries
Newer Entries »