Metomic For Slack Up-Levels Data Security and Compliance 

Posted in Commentary with tags on March 6, 2024 by itnerd

 Metomic, a next generation data security solution for protecting sensitive data in the new era of collaborative SaaS, GenAI and cloud applications, today announced Metomic for Slack Enterprise. By partnering with Slack, Metomic gives security teams full visibility and control of sensitive data sent across an organization’s entire Slack workspace. Metomic for Slack enables heightened levels of security within public, private and Slack Connect channels by identifying vulnerable information that has been shared on the app and pinpointing critical security and compliance risks, such as PCI DSS, HIPAA, GDPR, and more.

As a verified Slack DLP Partner, Metomic for Slack Enterprise enables compliance and security teams to automate data security tasks on Slack, such as data redaction, data retention, data quarantining, and employee notifications. Metomic’s workflow-based setup makes it easy to begin monitoring Slack conversations in real-time, significantly minimizing the risk of data leaks and compliance breaches on the platform. Using pre-built classifiers and policies, companies can implement Metomic for Slack to identify common data security risks.

Slack is one of the world’s most popular collaborative work apps, with industry reports claiming the platform has as many as 35 million daily active users. According to Slack’s own data, more than 80% of Fortune 100 companies rely on the app to drive productivity across their organizations. Its ease of use and wide adoption rates—along with its distinct ability to integrate with thousands of other work apps—make Slack everyone’s favorite collaborative app, but its lack of end-to-end encryption opens the platform up to serious data security risks. 

Metomic for Slack gives companies of all sizes using Slack Enterprise the full benefits of Slack without the data security risks that come with it—it’s the essential data security tool for organizations that rely on Slack to drive productivity across the organization. To learn more or request a personalized demo, visit the Metomic for Slack integration page. 

Leave a comment »

SAP Unveils Data Innovations for AI-Driven Business Transformation

Posted in Commentary with tags on March 6, 2024 by itnerd

SAP today announced transformative data innovations that will help customers harness the full power of their data to drive deeper insights, faster growth and more efficiency in the era of AI. New capabilities in the SAP Datasphere solution, including new generative-AI features, transform enterprise planning through simplified data landscapes and more-intuitive data interaction.

At the heart of these announcements is the business data fabric, an architecture that helps ensure data is not just an asset but also the core underpinning of strategic initiatives. The innovations and partnership announced today equip organizations to deliver meaningful data to data consumers – with business context and logic intact.

Today’s SAP Datasphere innovations help customers achieve a unified data view that simplifies their data landscapes while retaining context and logic – enabling them to adapt faster to market changes and make more-efficient decisions. From new copilot and vector database capabilities that help ensure business context remains constant in generative AI outputs to a new knowledge graph that helps uncover insights and patterns in complex data, SAP’s data innovations help ensure customers have the full power of their data at their fingertips.

Today’s key innovations include:

Generative-AI Copilot and AI Governance

SAP’s generative-AI assistant, the Joule copilot, is now coming to the SAP Analytics Cloud solution to automate the creation and development of reports, dashboards, plans and more. This automation is enabled by the SAP HANA Cloud vector engine capabilities, which combine the power of large language models with the relevant data of your organization – helping ensure business context is a constant for generative-AI outputs. 

Incorporating generative AI across the business isn’t possible without trusted and governed data. To provide organizations with a solution to govern the policies, processes and practices of AI, SAP is announcing an expansion of our partnership with Collibra to integrate Collibra’s AI Governance with SAP data assets. This can help provide transparency and accountability for organizations and help ensure regulatory, compliance and privacy policies are met.

Discover Hidden Insights and Patterns with Knowledge Graph

With the new SAP Datasphere knowledge graph, organizations can discover hidden insights and patterns across their applications and systems. This enables both technical and business users to deeply understand the relationships between data, metadata and business processes, as well as boost the effectiveness of machine learning and large language models.

Unified and Advanced Planning and Analytics

The new SAP Datasphere integration with SAP Analytics Cloud offers a single data management system and advanced analytics to power cross-organizational planning. Planners can leverage a single flexible model to break down silos between planning using one tool for data preparation, modeling and planning.

Additionally, business users can use the new compass capability in SAP Analytics Cloud to realize better outcomes in planning and analytics through data-driven simulation. It enables organizations to run complex simulations using a chat interface to evaluate predictive outcomes and continually adjust controllable variables to find the optimal plan.

This supports customers to transform their planning by unifying financial, operational, supply chain and workforce planning with native connection to SAP applications and third-party data.

To learn more, please read: Unleashing the Latest SAP Data and Analytics Innovations.

Leave a comment »

The Uber driver app is now available on the big screen with Android Auto

Posted in Commentary with tags on March 6, 2024 by itnerd

Uber is announcing that drivers on Uber in Canada with an Android device will now have the ability to use the Uber app directly from their dashboard while using Android Auto. It’s currently being rolled out across the country and all Android drivers will have access by the end of April. 

This means drivers will be able to see demand heatmaps, accept trips, and view navigation right from the dashboard screen in their car.

Uber’s goal is to be the best platform for flexible work in the world, and they’re excited to add support for Android Auto to make using the Uber app on Android even more comfortable, convenient for drivers, and a hassle-free experience. 

This follows the successful rollout of CarPlay integration for the Uber driver app on iPhone last summer. 

Leave a comment »

Salesforce Launches Einstein 1 Studio

Posted in Commentary with tags on March 6, 2024 by itnerd

Today at TrailblazerDX, Salesforce’s developer conference, Salesforce (NYSE: CRM) announced the availability of Einstein 1 Studio, a set of low-code tools that enables Salesforce admins and developers to customize Einstein Copilot — the conversational AI assistant for CRM — and seamlessly embed AI across any app for every customer and employee experience.   

Einstein 1 Studio includes Copilot Builder for creating custom AI actions to accomplish specific business tasks, Prompt Builder for building and activating custom prompts in the flow of work, and Model Builder, where users can build or import a variety of AI models. This enables businesses to deliver trusted AI experiences across Salesforce’s Einstein 1 Platform that are tailored to their customers’ needs.

Why it matters: Enterprises face critical challenges in unlocking the power of AI across their business, with 9 in 10 IT professionals saying generative AI has forced them to change the way new technology is implemented and used. They need intuitive user interfaces that make it easy to interact with AI in the flow of work; AI models to fit their use cases; and access to trusted customer and business data to ground the AI models and ensure accurate, relevant outputs.

Salesforce’s Einstein 1 Platform integrates the user interface, a variety of AI models, and data in a single metadata-driven platform. This is what powers Einstein 1 Studio’s tools, facilitating low-code and no-code customization of Einstein Copilot, as well as building and modifying embedded prompts and actions that seamlessly connect to AI models in the flow of work across every Salesforce app. Einstein 1 Studio is deeply integrated with Data Cloud, which safely unlocks and unifies trapped data and grounds AI models with a comprehensive understanding of customers’ data and metadata. 

every Salesforce app and workflow. This will help companies boost productivity, improve customer experiences, and increase margins. The tools include:

  • Copilot Builder: Create AI actions to accomplish business tasks (beta) — Copilot Builder helps every company configure and customize Einstein Copilot for their business. Salesforce admins and developers can use tools they already have, like Apex, Flow, and MuleSoft APIs, and new generative AI components like prompts, to enable Einstein Copilot to complete tasks in the flow of work. Einstein Copilot can leverage these custom actions to complete tasks across any Salesforce application or external system.
  • Prompt Builder: Craft custom and trusted AI prompts with ease (GA) — ‌Prompt Builder empowers admins and developers to create custom, reusable AI prompts without coding, simplifying complex processes and driving business innovation. This not only broadens the use of generative AI beyond conversational interfaces, but also allows customers to design and repurpose prompts for use across other experiences. For example, a custom prompt can be seamlessly embedded in a contact record as a button, enabling an agent in the contact center to get a snapshot of all escalated cases for a customer in one click.
  • Model Builder: Choose an LLM or build an AI model based on the job to be done (GA) Unlike other solutions that limit businesses to a single Large Language Model (LLM), Einstein 1 Studio provides the flexibility to connect to a variety of AI models. Additionally, Model Builder is a no-code, low-code, and pro-code way for companies to build their own predictive AI models, trained on their Data Cloud data. For generative AI, Model Builder allows customers to select from LLMs managed by Salesforce, or bring their own models. Businesses can use predictive and generative AI models and services from Salesforce partners, including Amazon Web Services (AWS) via Amazon Bedrock and Amazon SageMaker, Anthropic, Azure OpenAI, Cohere, Databricks, Google Cloud’s Vertex AI, and OpenAI, and train or fine-tune select models on Data Cloud data without moving or copying data.

Einstein Trust Layer: Deploy AI you can trust, on your terms: Designed for enterprise AI, the Einstein Trust Layer is a collection of features that help companies benefit from generative AI without compromising security or safety standards. New to the Einstein Trust Layer is customer-configured data masking, enabling admins to select the fields they want to mask, providing greater control. Additionally, the audit trail and feedback data collected from AI prompts and responses is now stored in Data Cloud, where it can be easily reported on or used for automated alerts through Flow and other Einstein 1 Platform tools.

Pricing:

  • Customers can access Einstein 1 Studio by purchasing Einstein 1 Editions or by adding it on to Enterprise or Unlimited Editions. Detailed pricing information is available here.

Global availability:

  • Prompt Builder and Model Builder are now generally available globally. Copilot Builder is available in beta globally. 
  • Einstein 1 Studio currently supports data residency in the United States and the English language.
  • Model Builder support for fine-tuning LLMs on Data Cloud data will be available later this year, starting with Amazon Bedrock, Google Vertex AI, and OpenAI LLMs.

Leave a comment »

The Change Healthcare Hack Has Taken A Weird Turn

Posted in Commentary with tags on March 6, 2024 by itnerd

I’ve been covering the Change Healthcare hack, and you could read my coverage here, here, and here. Brian Krebs has surfaced some information that shows that this story has taken a weird turn. Let’s start with the fact that the ransom has been paid:

There are indications that U.S. healthcare giant Change Healthcare has made a $22 million extortion payment to the infamous BlackCat ransomware group (a.k.a. “ALPHV“) as the company struggles to bring services back online amid a cyberattack that has disrupted prescription drug services nationwide for weeks.

Now I am not going to go down the rabbit hole of whether they should have paid the ransom or not. At least not today. But the rabbit hole that I will go down is what happened next:

The affiliate claimed BlackCat/ALPHV took the $22 million payment but never paid him his percentage of the ransom. BlackCat is known as a “ransomware-as-service” collective, meaning they rely on freelancers or affiliates to infect new networks with their ransomware. And those affiliates in turn earn commissions ranging from 60 to 90 percent of any ransom amount paid.

“But after receiving the payment ALPHV team decide to suspend our account and keep lying and delaying when we contacted ALPHV admin,” the affiliate “Notchy” wrote. “Sadly for Change Healthcare, their data [is] still with us.”

So the affiliate got stiffed for their share of the cash. I believe there is an idiom that goes something like this: No honour among thieves. In any case this has caused BlackCat to shut down:

However, instead of responding that they would compensate and placate Notchy, a representative for BlackCat said today the group was shutting down and that it had already found a buyer for its ransomware source code.

That means that BlackCat will morph and reform into some other entity and keep attacking organizations. Lovely. And there’s still a question as to if the data that was stolen is still out there. The affiliate says that it is, which means that Change Healthcare still has a serious problem. Mark my words, this story is far from over. And it will likely get even more “weird.”

Leave a comment »

New Linux Malware Campaign Targets Docker, Apache Hadoop, Redis, & Confluence 

Posted in Commentary with tags on March 6, 2024 by itnerd

Cado Security has revealed a newly encountered emerging malware campaign targeting misconfigured servers running the following web-facing services: Apache Hadoop YARN, Docker, Confluence, and Redis.

Notably, the new research depicts the exploitation of not just one but multiple services typically deployed in the cloud, deployment of Confluence, demonstrating a willingness to weaponize security research for nefarious purposes, and use of the Platypus reverse shell to maintain access to the host.

You can read the research here.

Leave a comment »

New Research Links Threat Groups to Phishing Campaigns Targeting US Public School Districts

Posted in Commentary with tags on March 6, 2024 by itnerd

PIXM, pioneers of the first real-time AI computer vision solution, has published its latest blog focusing on ongoing phishing activity beginning in November 2023 that is linked to two prominent threat groups: Tycoon and Storm-1575. 

These MFA spear phishing attacks used common attack Phishing-as-a-Service (PhaaS) platforms and stealthy attack patterns – including Adversary-in-the-Middle (AiTM), social engineering, customized logins and robust and large-scale infrastructure – to target officials at large US school districts with the purpose of compromising key administrator email accounts and ultimately delivering ransomware.

In this attack, the school’s Chief of Human Capital and multiple finance and payroll administrators received targeted phishing emails providing them with a link to update their passwords to secure their account. Ultimately, victims were directed to pages requesting two-factor authentication codes, thus completely bypassing MFA protections. 

You can read this blog here: https://pixmsecurity.com/blog/uncategorized/us-public-school-districts-targeted-mfa-spear-phishing-campaigns-on-the-rise

Leave a comment »

US Airman Pleads Guilty To Leaking Classified Documents As History Repeats Itself

Posted in Commentary with tags on March 5, 2024 by itnerd

There has been a guilty plea by Airman Jack Teixeira, a 22-year-old Massachusetts Air National Guardsman, for leaking intelligence information on Discord:

Teixeira has agreed to sit for a debrief with members of the intelligence community and the Department of Defense, court documents say, as well as turn over all relevant documents he has or knows the location of.

In exchange, prosecutors have said that they will ask a judge to impose a sentence of 200 months in prison, or over 16 years. The hefty sentence recommendation is far less time than the potential decades-long prison sentence he could have faced had he not struck a deal. Prosecutors have also promised not to charge Teixeira with additional counts under the Espionage Act, according to court documents.

“Jack Teixeira will never get a sniff of a classified piece of information for the rest of his life,” the US Attorney for the District of Massachusetts Josh Levy said at a news conference following Teixeira’s guilty plea.

“This guilty plea brings accountability, and it brings a measure of closure to a chapter that created profound harms for our nation’s security,” said Matt Olsen, the assistant attorney general for national security at the Department of Justice.

Troy Batterberry, CEO, EchoMark

    “Airman Teixeira sadly destroyed his life through his dishonorable acts that directly harmed our national security. The 102nd Intelligence Wing had their mission paused as a result of Teixeira’s actions… further spreading the pain by those who serve.

    “The situation highlights that airman Teixeira had access to far too much diverse confidential information. Airman Teixeira was only caught because he was sloppy. With just a bit more care, he would never have been caught. Other leakers, who simply exercised a bit more caution, such as the person who leaked the Dobbs Supreme Court ruling to Politico, have never been caught. It highlights a BIG gap in how information is currently protected, and every major organization should be asking what harms an insider could potentially do, and how to prevent insider leaks.. The use of stenography is an exciting new way to prevent leaks from ever happening, and if they still do happen, quickly find the source.

    “Every company and BoD should be asking: Do we have a Jack Teixeira in the organization? What is going to stop that person from leaking or stealing our intellectual property? Stenography can help prevent these highly damaging and sad situations from happening.”

Sadly, just as this was happening, another US airman was indicted for leaking classified docs to a woman he met on a dating app. Clearly the threat of an insider is a real problem.

Leave a comment »

The Various Outages Reported Today Appear To Be In The Process Of Being Resolved

Posted in Commentary on March 5, 2024 by itnerd

Today has been busy. I’ve reported on this outage and this outage, this outage, and this outage today. The good news is that all the services that I have reported on today seem to be coming back online or are already online based on Down Detector:

That will calm the nerves of many who were likely stressed that common social media sites and commutation apps were down in whole or in part today. Feel free to go about your day as normal.

Leave a comment »

BREAKING: The Outages Get Worse As Kijiji, TikTok, And Discord Are Apparently Down

Posted in Commentary with tags , , on March 5, 2024 by itnerd

Boy this is a bad day for online services.  On top of this outage and this outage, and this outage, Down Detector is now reporting that Kijiji, TikTok and Discord are now down:

I have to wonder is some of this is due to “Login With Facebook” being down? Regardless, this is not a good day for many.

2 Comments »

« Older Entries
Newer Entries »