Nyriad and DigitalGlue Partner to Enable Creatives to Optimize Resources

Posted in Commentary with tags , on February 28, 2023 by itnerd

Nyriad and DigitalGlue are partnering to dramatically improve the performance, resilience, and efficiency of media production workflows while removing complex IT-centric tasks and simplifying them with a streamlined user experience. In doing so, creatives and contributors will be able to optimize resources, eliminate costly delays in post-production, and deliver great content on deadline and on budget. 

Nyriad’s UltraIO data storage system uses the processing power of GPUs and advanced algorithms to deliver exceptional performance, resilience, and efficiency. DigitalGlue’s creative.space platform is purpose-built to make enterprise storage simple to use and manage without the need for specialized knowledge or a dedicated IT department. By combining the two solutions, creatives and contributors can deploy, manage and elastically scale their production workflows quickly, easily and affordably.

The joint Nyriad UltraIO and DigitalGlue creative.space solution delivers: 

  • Performance – With high read and write bandwidth capabilities, creative.space plus the UltraIO platform removes storage as a bottleneck so that artists can invest their creative energy in the quality of their content. Editing inline without the need to copy data between file systems or create lower resolution proxies can save many hours of wasted time and reduce the number of files to manage.
  • Resilience – The UltraIO system can withstand up to 20 drives failing simultaneously with no data loss while maintaining 95% of its maximum throughput, which allows teams to work unhindered. Combining this with the proactive support from creative.space and Nyriad, the solution provides customers with peace of mind that their data and workloads are protected while not compromising the performance required.
  • Efficiency – UltraIO storage allows customers to use up to 90% of the raw capacity deployed in the environment, a level of efficiency that is largely unmatched in the storage market today. Tools available in the creative.space software suite reduce operational and management overhead. While reducing the amount of raw capacity needed to purchase, UltraIO’s efficient platform also reduces the carbon footprint of storage by up to 70% compared to competitors’ platforms of similar performance and capacity.  
  • Simplicity and Ease of Deployment – The combination of creative.space and the UltraIO storage platform is simple and easy to manage, deploying seamlessly into customers’ environments without the need to refresh or replace existing technologies. The combined solution immediately begins to enable operational simplicity and flexibility, providing opportunities to consolidate and streamline many production tasks such as rendering, streaming, non-linear editing, content ingest, and active archive, among others, into a single, easy-to-use platform.

To learn more about the joint Nyriad UltraIO and DigitalGlue creative.space solution, please visit: https://www.nyriad.io/nyriad-and-digitalglue-solution-brief/ and/or https://www.creative.space/partnerships/nyriad.

Leave a comment »

LastPass Admit That They Have Been Pwned Yet AGAIN

Posted in Commentary with tags , on February 28, 2023 by itnerd

LastPass has notified customers of a second attack which resulted in the breach of encrypted password vaults. This second incident, resulting in the threat actor making use of information exfiltrated during the first incident to exfiltrate corporate data from cloud storage resources, was caused by one of their DevOps engineers’ personal home computers being hacked. 

Sharon Nachshony, Security Researcher at Silverfort had this to say:

     “Given the number of people who rely on LastPass it’s easy to pass quick judgment on back-to-back incidents, however, what this really shows is the difficulty of detecting attacks that use seemingly legitimate, yet stolen, credentials. By obtaining these credentials, the threat actor was able to masquerade as a highly trusted user, giving them the freedom to pivot into the cloud storage environment.  

The corporate vaults holding privileged credentials often become a single point of failure. Given enough reconnaissance time a motivated attacker will try to understand how to compromise such vaults because, once they have such credentials, it’s like having a VIP pass to corporate resources. In the case of this attack, an additional layer of MFA to authenticate into the cloud storage environment may have provided additional protection.”

If you’re a LastPass user, the company strongly advises you to change all your passwords stored on the platform. The master password for the LastPass vault should also be changed. But if you’re asking me what you should do, I would suggest dumping LastPass completely on top of changing all your credentials immediately. It’s pretty clear that LastPass isn’t secure based on their recent history of being pwned, and has no path to become secure anytime soon. Thus moving your passwords off their service with urgency is your best course of action.

Leave a comment »

Appdome Announces the Industry’s First Mobile XDR for Brands Globally

Posted in Commentary with tags on February 28, 2023 by itnerd

Appdome, the mobile app economy’s one and only Cyber Defense Automation platform, today released its next generation ThreatScope product, delivering Extended Detection and Response (XDR) for consumer mobile apps and brands globally. For the first time in mobile history, mobile brands gain the power and agility of XDR to address any cyber, fraud and other attacks in the mobile app channel.

Global consumers now prefer mobile apps over other digital channels. While XDR, EDR, SIEM and other solutions serve web, cloud and enterprise environments well, these solutions do not provide attack and threat detection or response from the increasingly dominant mobile revenue stream and mobile channel used by consumers. Prior to ThreatScope Mobile XDR, cyber, fraud and dev teams at consumer brands were left in the dark, with no practical means to gather, share or use data from siloed and fragmented cyber and fraud systems. 

Appdome’s ThreatScope Mobile XDR gathers thousands of threat signals from mobile app security, hacking, fraud, malware, cheat and bot attacks from inside each of 100M deployed mobile apps and translates that data into brand relevant views that cyber, fraud and business teams can use to evaluate and respond to mobile threats and attacks in real time. There is no need for coding, SDK, MDM, EMM or UEM, or for any user to install an additional app on the user’s device. ThreatScope Mobile XDR goes beyond device-level attestation and gets its data straight from attacks and threats impacting the brand’s in-production mobile apps. ThreatScope Mobile XDR is pre-integrated with Appdome’s Cyber Defense Automation platform for Android and iOS apps for instant response to any cyber or fraud attack.

ThreatScope Mobile XDR provides mobile businesses and mobile brands:

Consolidated Attack and Threat Intelligence – Consolidated, real-time, attack and threat intelligence from across the cyber security, fraud, malware, cheat and bot attack landscape, all from in-production Android and iOS apps.

Threat-Views – Allows brands to create, save and monitor attacks and threats by mobile app, specific threat, threat type, OS platform and other business-specific perspectives. Isolates specific cyber security, fraud, malware, cheat and bot attacks, reduces noise and zeros in on the attacks with the biggest impact to each app, release, brand and users.

Track 1 to 1000s of Mobile Attacks – With configuration as code ease, monitor and respond to one, any combination or all of ThreatScope’s 1000s of unique threats, attack vectors, attack techniques and methods applicable to Android and iOS apps with ease. New detections targeting Android and iOS apps added weekly.

Automated Threat Response – Automate cyber defense and response to each cyber incident or fraud attack with updated security and anti-fraud features tailored to each specific threat or attack, build-by-build and release-by-release, adding agility and eliminating the impact on the mobile business and users.

Analytics Grade Threat Inspection – ThreatScope comes with a powerful, easy to use analytics engine that allows developers and cyber teams to gain 360-degree threat visibility to filter, set thresholds, inspect, investigate and monitor attack and threat trends on-demand or over time.

Shift-Left Cyber Defense for Mobile Apps – With 360° attacks and threat visibility and intelligence, mobile developers and cyber and fraud teams can shift left and collaborate on threat response in each release of Android and iOS apps.

High Fidelity Threat Intelligence – ThreatScope Mobile XDR does not rely on external servers, SDKs, extra apps or attestation services. So, there is no risk of in-transit exploit, signal spoofing, hijacking or other attacks that can compromise the integrity of the threat signal. Hardened binding between the ThreatScope and the mobile app eliminates the risk of an attacker disabling ThreatScope telemetry.

No Code/No SDK Implementation – The entire ThreatScope Mobile XDR capability can be added in Android and iOS apps without any burden on mobile dev teams, including no code, no SDK and no servers to deploy.

For more information about ThreatScope Mobile XDR visit: https://www.appdome.com/threat-scope-mobile-xdr/.

Leave a comment »

Radiant Logic Announces Industry-First Identity Data Intelligence Innovation to Improve Decision Making

Posted in Commentary with tags on February 28, 2023 by itnerd

Radiant Logic, the Identity Data Fabric company, today announces the launch of its radically redesigned Identity Data Platform, offering an identity-first approach to security and business decisions. To drive confident policies, enterprises need real-time access to a tremendous amount of data, synchronized across hybrid and complex environments. It must be accurate, available in real-time, and presented in a meaningful way. The next generation of Radiant solutions offer a re-imagined approach to identity data management, with advanced identity observability and visualization capabilities, all built on an extensible API-layer and available as a SaaS offering. 

These new innovations directly respond to the need for high-quality, real-time identity data to serve the enterprise. In a recent report, Gartner wrote “Increasing demands on IAM infrastructure require higher levels of automation and more sophisticated use of identity data and identity configuration data. With up to 84% of breaches being identity-related, and the average enterprise managing more than 20 identities per user, harnessing and leveraging the power of identity data has never been more critical. 

Throughout 2023, Radiant Logic will deliver unparalleled abilities for organizations to automate their identity data analysis to quickly understand the health and quality of the identity data. Offering first-to-market identity observability, Radiant will be able to discover and alert on identity anomalies caused by outliers, incorrect group entitlements, and role assignments. Through intelligence and automation processes that address identity data quality issues, organizations can flag potential issues that measurably improve their overall security posture and accelerate the move to identity-first security. 

With the new Radiant Logic capabilities, organizations will soon be able to access new insights into their data with the following: 

  • Actionable Identity Observability: Adds visibility across all identities and related objects to help organizations easily radically improve data quality to improve security posture and minimize risk. New visual templates and data science tooling makes it easy to spot anomalies and provides insights to make Zero Trust a reality.
  • Easy-to-Use Identity Manager: Enables helpdesks to quickly and accurately identify users and provide password reset and other self-service tasks to minimize the overall resource burden for these manual tasks. 
  • Enhanced User Experience: Makes identity data easily accessible with low-code/no-code data modeling and API-first extensibility, allowing non-technical users and developers to access only the identity information needed for their task, and reducing the skills required for configuration and ongoing maintenance. 
  • Seamless Cloud-Native SaaS Deployment: Provides a fully managed, single-tenant SaaS offering for organizations which minimizes resources required to deploy and manage RadiantOne for faster time-to-value, reduced ongoing maintenance, and greater ease of use. 

Upon the close of the Brainwave GRC acquisition, Radiant plans to leverage identity analytics driven by advanced AI/ML as a core capability. By combining these unique capabilities into a single solution, customers can leverage identity data science to speed time-to-value for IGA deployments and simplify user access decisions.

The Spring 2023 release, available today, debuts RadiantOne in a fully managed, single-tenant SaaS environment. 

Radiant Logic, together with Brainwave GRC, will showcase their solutions at the Gartner IAM Summit in London on March 6-7, 2023, and the Gartner IAM Summit in Grapevine, TX on March 20-22, 2023. Meet us there to ask questions or get a demo. 

Leave a comment »

State of Pentesting Report: 92% Increase In IT Security Budgets Despite Economic Headwinds

Posted in Commentary with tags on February 28, 2023 by itnerd

Pentera has released the findings of its second annual industry survey: The State of Pentesting 2023. Pentera undertook this research to understand the current state of security validation practices and investment in enterprises.

Pentera surveyed 300 CIOs, CISOs and security executives from enterprises across Europe and the USA. The report provides insights on current IT and security budgets, cyber security validation practices, and how cyber exposure is being managed, while showing differences between the regions and enterprise sizes.  

Report highlights include:

  • Despite large investments in Defense-in-Depth strategies, 88% of organizations have suffered recent attacks – On average, companies have almost 44 security solutions in place, indicating a defense-in-depth strategy, where multiple security solutions are layered to best protect critical assets. However, despite the large number of security solutions implemented, 88% of organizations have admitted to being compromised by a cyber attack over the past two years. 
  • Cybersecurity budgets aren’t impacted by the financial slowdown – Despite the recent global economic slowdown, cybersecurity budgets are not expected to be impacted in 2023. 92% of organizations are reporting a raise of their IT security budgets, and 86% are reporting a raise of budget for pentesting specifically. 
  • The drivers for  pentesting have evolved beyond regulations – While the need for pentesting originated with regulatory requirements, the top-of-mind motivations for pentesting today are security validation, threat potential damage impact assessment and cyber insurance. With only 22% of respondents citing compliance as their primary motivation for the practice, regulatory or executive mandates are still impactful, but not the primary rationale driving pentesting.   

The results of the report will be presented by Aviv Cohen at Pentera’s XPOSURE Summit on March 1, 2023. The summit focuses on actionable methodologies for developing and executing successful Exposure Management strategies. Register online here.

Leave a comment »

New Malware Phishing Attack Targeting 15,000 Inboxes Disguised as a Microsoft OneNote file to Extract Sensitive Info

Posted in Commentary with tags on February 28, 2023 by itnerd

Armorblox has released its latest research analyzing a malware attack campaign that has been making waves, spreading its infection through a seemingly innocuous attachment disguised as a Microsoft OneNote note-taking app file. 

How it works: Victims are presented with an email coming from what appears to be a trusted vendor or service provider. The email uses financial-based language to talk about the completion of a sale and prompts recipients to open the attached OneNote file where the billing expenses can be found. The OneNote file contains Windows Command Script (.cmd), which when opened, initiates the encoded powershell command to download the Qakbot payload onto the victim’s device to steal sensitive information.

You can read the research here.

Leave a comment »

Aptum Announces Multi-Tenant Cloud Solution

Posted in Commentary with tags on February 28, 2023 by itnerd

Aptum, a hybrid multi-cloud managed service provider, today announced the launch of Multi-Tenant Cloud (MTC), a powerful virtual data centre solution providing the ability to deploy virtual machines, virtual appliances, and other services in a multi-tenant environment using a consumption-based billing model.

Aptum’s MTC was designed with today’s businesses’ needs in mind, regardless of their size. Available in the US, UK, and Canada, the new private cloud service ensures an organization’s data is stored in the region where they’ve deployed it, thereby meeting compliance and data sovereignty requirements. Additionally, it offers high levels of resiliency and assists with controlling costs. 

Aptum’s MTC portal enables customers to deploy virtual data centres, appliances and machines, as well as services, all through one simple-to use-interface.

Aptum leverages industry-leading technology solutions from VMware and enterprise-grade hardware from Dell to ensure continuous availability by building redundancies of critical components in the MTC cloud environment. Other key features of the solution include:

  • Control of the cloud infrastructure: Aptum’s MTC enables customers to provision and deploy virtual machines to build an IT environment tailored to their specific business and operational requirements
  • Effective cost management: Analytical insight provides organizations with the opportunity to optimize costs based on usage patterns, while reducing operating expenses
  • Flexibility and scalability: Organizations are able to rapidly scale through automation — leveraging APIs ­­— in order to meet demand as business needs and the market fluctuates 
  • High reliability: With multiple redundancies included in the MTC environment — including at the network, hypervisor, and storage subsystem levels — organizations are provided with a highly reliable infrastructure with low latency
  • 24/7/365 live support: Aptum’s accredited experts are available live at any time ­to speak with customers live to immediately provide support and address any issues

In addition to supporting Aptum customers, MTC is a new opportunity for the company’s partners who can now offer this high-performance cloud solution under their own brand to clients. This provides Aptum partners the opportunity to expand their business with existing and new customers. 

Aptum’s MTC is available now in the US, UK, and Canada. For more details about the solution, please visit https://aptum.com/services/private-cloud/multi-tenant-cloud/

Leave a comment »

Imply Launches Podcast for Developers Building Real-time Analytics Applications

Posted in Commentary on February 28, 2023 by itnerd

Imply, the company founded by the original creators of the real-time analytics database Apache Druid, today announced the launch of its new podcast “Tales at Scale.” The show will feature guests from across the database and analytics space as well as experts on Apache Druid. Topics include real-time analytics applications, real-time data architectures, the latest Druid releases and more. 

The data and analytics space is changing rapidly because of new analytics use cases. There is a greater demand for faster query performance on large data sets, higher queries per second from user-facing applications and real-time decisioning workflows, and large scale stream ingestion from Apache Kafka and Amazon Kinesis. New players are entering the market and new technologies are expanding the ecosystem. Developers, data engineers and data architects taking on new challenges are looking for guidance from their peers, and that’s what “Tales at Scale” aims to provide. 

The first few episodes feature co-creator of Apache Druid and Field CTO of Imply Eric Tschetter and co-founder and CPO of Nile Gwen Shapira, among others. “Tales at Scale” will launch a new episode twice a month and is available on most podcast streaming platforms. 

Learn about Tales at Scale on the podcast page.

Leave a comment »

The Twitter Layoffs Were Worse Than Reported…. And Who Got Laid Off Is Interesting As Well

Posted in Commentary with tags on February 28, 2023 by itnerd

Platformer has done it again by getting all the details of Twitter’s latest layoffs:

Last week, Twitter managers started receiving unexpected calls from Steve Davis. A longtime associate of Elon Musk’s — he began working at SpaceX in 2003 — Davis is currently CEO of The Boring Company. Since loaning himself out to Twitter last year, Davis has emerged as one of Musk’s top lieutenants there. 

Who on your team is exceptional? Davis asked managers when they got on the phone. Who would you bet your job on?

At first, managers assumed the questions were related to annual bonuses. In January, Musk’s associates told Twitter employees that high performers would receive new stock grants. That hadn’t happened yet. Perhaps now was finally the time?

On Saturday, though, the real reason for the calls was finally revealed. Twitter employees tried to log onto their work devices only to find that they’d been locked out, just like thousands of workers before them. Once again, there was no warning. If there was a twist here, it’s that the move came three months after Musk told employees that the company was done with layoffs

The cuts impacted more than 200 employees, we’re told, including product managers, engineers, and a number of people on data science. (The New York Times first reported the full scope of the terminations.) “Honestly, it felt like Elon got drunk and slept on the ‘del’ key on his phone,” a source said. “There is no pattern.”

Keep in mind that when reports of the layoffs started to surface, the figure that was “at least 50”. So going from 50 to 200 in a company that is estimated to have had about 1700 employees or less before these latest layoffs is a big swing of the axe.

And who got laid off is making news as well:

Among the more notable layoffs in this round were founders of companies that Twitter had acquired under its previous owners. Haraldur Thorleifsson, Martijn de Kuijper, Leah Culver, and Esther Crawford had previously been on a “do not fire” list, because it was going to be so expensive to pay them out: as part of their compensation packages, the founders had accelerated stock vesting. All four were cut over the weekend.

Chris Reidy, the company’s acting head of sales, also was cut, a source said.

The name Esther Crawford jumps out at me as she Tweeted this when Elon took over:

I guess that this proves that being loyal to Elon Musk gets you absolutely nothing at the end of the day. Seeing as Elon demanded people at Twitter be “hardcore” and Crawford responded. And got downsized anyway.

Though based on this, she’s taking it well. At least in public:

There is one other thing that Platformer is reporting:

Davis’ star has risen steadily since he came to Twitter as part of Musk’s transition team last year. In December, the Information reported that Musk tasked Davis with cutting $500 million in costs; instead, he cut close to $1 billion — all while sleeping in the office with his partner and their newborn child. His success in bringing costs down by any means necessary has led to growing speculation internally that Musk will choose him to be Twitter’s next CEO. 

Sure he is. Until Elon decides that he too needs to go in order to cut costs. Just watch. You’ll see.

Leave a comment »

Canadian Government Bans TikTok On All Government Devices

Posted in Commentary with tags on February 27, 2023 by itnerd

The problems for TikTok continue as news is coming out that the Chinese owned social media app has been Banned on all Canadian government devices. This is what The President of the Treasury Board, Mona Fortier had to say:

“The Government of Canada is committed to keeping government information secure. We regularly monitor our systems and take action to address risks. 

“Effective February 28, 2023, the TikTok application will be removed from government-issued mobile devices. Users of these devices will also be blocked from downloading the application in the future. Following a review of TikTok, the Chief Information Officer of Canada determined that it presents an unacceptable level of risk to privacy and security.

The decision to remove and block TikTok from government mobile devices is being taken as a precaution, particularly given concerns about the legal regime that governs the information collected from mobile devices, and is in line with the approach of our international partners. On a mobile device, TikTok’s data collection methods provide considerable access to the contents of the phone.

“While the risks of using this application are clear, we have no evidence at this point that government information has been compromised.

“For the broader public, the decision to use a social media application or platform is a personal choice. However, the Communications Security Establishment’s Canadian Centre for Cyber Security (Cyber Centre) guidance strongly recommends that Canadians understand the risks and make an informed choice on their own before deciding what tools to use.”

This falls into line with an EU government ban along with a US Government ban on TikTok. Not to mention an ongoing investigation by the Privacy Commissioner and calls for an outright ban from a US Senator. And this also means that TikTok is in deep trouble here. These government bans are becoming more and more frequent. And you can expect that when, not if, the first country bans TikTok outright, other countries will quickly follow suit. And the thing is that TikTok really hasn’t expressed any reason that I can find to give any government a reason to stop this sort of thing from happening. Thus it leaves them insanely vulnerable from being wiped off millions of phones in 2023.

1 Comment »

« Older Entries
Newer Entries »