Lumenova AI Empowers Companies to Make Responsible AI a Part of Their DNA

Posted in Commentary with tags on January 18, 2023 by itnerd

Lumenova AI, the platform that automates the Responsible AI lifecycle, announced today that it has officially launched to enable organizations to understand deeply complex models and gain insights into what’s driving the AI decision-making process. With the company’s leading-edge technology, its clients can detect deep-rooted biases, optimize their models’ reliability and robustness, and build trust and transparency into their AI.

While most business leaders believe AI is their key to competitive advantage, many report it is still not used as widely as possible in 2023 — a decade into the AI revolution. Amongst the barriers, enterprises need help understanding their own deeply complex models, scaling their systems and reaching deployment. Responsible AI, a framework that helps organizations address ethical and legal challenges, explain how their AI works, and improve data integrity, security and resilience, as well as accuracy and validity around Artificial Intelligence, is part of the solution.

The company offers its customers the most complete Responsible AI solution. It provides for policy development to help prepare for regulations and internal requirements with its custom frameworks. It offers technical evaluation by opening the algorithmic “black box” to evaluate risks and quickly detect performance opportunities. It also provides monitoring and remediation to help assess and manage potential issues proactively.

This is not a one-time endeavor. Achieving a successful Responsible AI program is a journey and a complex process involving multiple steps and stakeholders. Lumenova AI’s platform, extended team of business consultants and ML engineers help customers navigate the ever-changing regulatory landscape through end-to-end guidance and practical support.

Driving the new generation of Responsible AI

Lumenova AI is committed to delivering value through its state-of-the-art AI Trust Platform that enables businesses to make AI ethical, fair, transparent and accurate. With over 15 years of experience working with related technologies, such as data, machine learning and the cloud, and over three years of experience in Explainable AI, we pledge to be pioneers of change and help organizations make Responsible AI a key pillar of their ML strategy.

About Lumenova AI

Headquartered in Los Angeles, Lumenova AI empowers organizations to make AI ethical, transparent and compliant with new and emerging regulations and internal policies. As an end-to-end solution, Lumenova AI streamlines and automates the entire Responsible AI lifecycle, so enterprises can efficiently map, manage and mitigate AI risk, comply with regulations and maximize the inherent value.

Lumenova caters to a diverse group of stakeholders, including business leaders, IT leaders, and the risk and compliance community. It allows them to analyze and optimize model performance, increase robustness and promote predictive fairness across all dimensions of trust. Their extended team of technical experts and business consultants can also provide strategy and execution consulting for enterprises to design and deploy Responsible AI at scale.

For more information, please visit www.lumenova.ai.

Leave a comment »

Guest Post: New Linux malware hits record highs in 2022, rising by 50%

Posted in Commentary with tags on January 18, 2023 by itnerd

Despite Linux’s reputation as the most secure operating system, it is not immune to malware. In fact, Linux malware has become increasingly prevalent in recent years as more and more devices and servers run on Linux operating systems. 

According to data analyzed by the Atlas VPN team based on malware threat statistics from AV-ATLAS, new Linux malware threats hit record numbers in 2022, increasing by 50% to 1.9 million.

The majority — 854,690 — of new Linux malware samples were detected in the first quarter of 2022. In the second quarter, new malware samples dropped by almost 3% to 833,065.

New Linux malware numbers plummeted again in the third quarter of the year, this time by a whopping 91% to 75,841. However, in the fourth quarter of 2022, they picked up again, growing by 117% to 164,697. 

Other operating systems see a decline in new malware 

While Linux malware reached never-before-seen numbers in 2022, the total number of new malware developments actually fell. Compared to 2021, when 121.6 million samples were detected, new malware numbers dropped by 39% to 73.7 million in 2022. 

Android saw the most significant fall in newly-programmed malware. New Android malware samples declined by 68%, from 3.4 million in 2021 to 1.1 million in 2022.

Next up is Windows. Despite being the most targeted operating system last year, with over 95% of all new malware threats aimed at it, Windows still had a 40% decline in new malware samples. They fell from 116.95 million in 2021 to 70.7 million in 2022. 

Finally, new malware applications aimed at macOS plunged by 26% from 17,061 in 2021 to 12,584 in 2022. 

To read the full article, head over to: https://atlasvpn.com/blog/new-linux-malware-hits-record-highs-in-2022-rising-by-50

Leave a comment »

BlackFog Annual State of Ransomware Report For 2022 Is Out

Posted in Commentary with tags on January 18, 2023 by itnerd

BlackFog has today released their 2022 full Annual Ransomware Attack Report. Since 2020 BlackFog has measured publicly disclosed attacks globally. The 2022 ransomware attack report reflects on the key findings from 2022. They have also published a blog discussing the key lessons learned from ransomware in 2022 which expands on the general trends they see going forward. Reading this will give you an idea of what’s likely to come in 2023 based on the attacks of last year.

The full report can be found here: https://www.blackfog.com/wp-content/uploads/2023/01/2022_Ransomware_Report_v2.pdf

Leave a comment »

OpsGuru Announces Team Up With AWS

Posted in Commentary with tags on January 18, 2023 by itnerd

OpsGuru, a Carbon 60 Company and a leading Canadian cloud consulting organization, today announced it has signed an expanded multi-year strategic collaboration agreement (SCA) with Amazon Web Services (AWS). This multi-year agreement builds on OpsGuru’s existing AWS expertise and further allows the organization to accelerate digital transformation initiatives for the benefit of Canadian companies. 

As an AWS Premier Tier Service Partner in the AWS Partner Network (APN), OpsGuru is continuously adding to its key AWS competencies and holds five AWS competencies including AWS Migration Consulting Competency, AWS SaaS Consulting Competency, AWS DevOps Consulting Competency, AWS Networking Consulting Competency, and AWS Microsoft Workloads Consulting Competency. OpsGuru’s team maps their deep technical expertise with solutions and leadership in the cloud computing consulting industry.

OpsGuru, A Carbon60 Company, guides organizations through digital transformation journeys with deep technical expertise, service, and partnerships. We live and breathe cloud technology, helping customers focus on their business objectives by relieving them of the mystification of the cloud. We focus on solutions such as cloud adoption, application modernization, Kubernetes enablement, managed cloud operations, cloud security, and data analytics services. For more information, visit www.opsguru.io.

Leave a comment »

New LinkedIn Data On the 20 Fastest-Growing Job Titles in Canada

Posted in Commentary with tags on January 18, 2023 by itnerd

Despite economic uncertainty and global hiring slowing down, a recent global survey from LinkedIn reveals that 60% of professionals are considering a new job this year – driven by the desire for bigger salaries as the cost-of-living increases. The survey found that 38% desire higher pay while also revealing that 30% are looking to pursue a better work-life balance.  

To provide insight on these trends, LinkedIn’s 2023 Jobs on the Rise list shows the 20 fastest-growing jobs in Canada, offering insights into where job seekers can find opportunity and stability as they search for their next role. The report features links to open positions, average salaries, remote work availability, the top skills for each role along with free LinkedIn Learning courses.  

The top 5 roles in Canada include:  

  1. Growth Marketing Manager – including work in sales, marketing, and communications, and using data to develop and communicate strategies and processes to increase business revenue. 
  2. Product Operations Manager  usually have a cross-functional role, working with management and companies’ various teams to build and oversee the effectiveness of business processes, operations, products and/or services. 
  3. Dispensary Technician – typically involves taking and filing out orders at cannabis dispensaries. 
  4. Technical Program Manager – work involves developing and managing organizations’ various technical projects and programs. 
  5. Sustainability Manager – works to balance an organizations’ needs with its capacity for sustained profitability, involving the monitoring and forecasting of its impact on the surrounding environment.    

The full list, including industry, region, and salary insights for each role can be found here.

Methodology 

LinkedIn Economic Graph researchers examined millions of jobs started by LinkedIn members from January 1, 2018 to July 31, 2022 to calculate a growth rate for each job title. To be ranked, a job title needed to see consistent growth across our membership base, as well as have grown to a meaningful size by 2022. Identical job titles across different seniority levels were grouped and ranked together. Internships, volunteer positions, interim roles and student roles were excluded, and jobs where hiring was dominated by a small handful of companies in each country were also excluded. Additional data points for each of the job titles are based on LinkedIn profiles of members holding the title and/or open jobs for that title in the country. 

Leave a comment »

Microsoft Slashes 10,000 Jobs

Posted in Commentary with tags on January 18, 2023 by itnerd

News is filtering out that Microsoft is going to cut 10,000 jobs. Here’s the reason behind this according to a blog post from Microsoft:

We’re living through times of significant change, and as I meet with customers and partners, a few things are clear. First, as we saw customers accelerate their digital spend during the pandemic, we’re now seeing them optimize their digital spend to do more with less. We’re also seeing organizations in every industry and geography exercise caution as some parts of the world are in a recession and other parts are anticipating one. At the same time, the next major wave of computing is being born with advances in AI, as we’re turning the world’s most advanced models into a new computing platform.

As a result of this, this is where the job cuts come in:

First, we will align our cost structure with our revenue and where we see customer demand. Today, we are making changes that will result in the reduction of our overall workforce by 10,000 jobs through the end of FY23 Q3. This represents less than 5 percent of our total employee base, with some notifications happening today. It’s important to note that while we are eliminating roles in some areas, we will continue to hire in key strategic areas. We know this is a challenging time for each person impacted. The senior leadership team and I are committed that as we go through this process, we will do so in the most thoughtful and transparent way possible.

Not all the news is bad though:

Second, we will continue to invest in strategic areas for our future, meaning we are allocating both our capital and talent to areas of secular growth and long-term competitiveness for the company, while divesting in other areas. These are the kinds of hard choices we have made throughout our 47-year history to remain a consequential company in this industry that is unforgiving to anyone who doesn’t adapt to platform shifts. As such, we are taking a $1.2 billion charge in Q2 related to severance costs, changes to our hardware portfolio, and the cost of lease consolidation as we create higher density across our workspaces.

And I suspect, this is an attempt by Microsoft to not be seen as acting like Elon Musk:

And third, we will treat our people with dignity and respect, and act transparently. These decisions are difficult, but necessary. They are especially difficult because they impact people and people’s lives – our colleagues and friends. We are committed to ensuring all those whose roles are eliminated have our full support during these transitions. U.S.-benefit-eligible employees will receive a variety of benefits, including above-market severance pay, continuing healthcare coverage for six months, continued vesting of stock awards for six months, career transition services, and 60 days’ notice prior to termination, regardless of whether such notice is legally required. Benefits for employees outside the U.S. will align with the employment laws in each country.

I fully expect this to be the first of many announcements of this sort that we will hear in the coming days and weeks. As they say on Game Of Thrones, brace yourself.

1 Comment »

Apple’s Trade In Values Fall Through The Floor After Yesterday’s Announcement Of New Macs

Posted in Commentary with tags on January 18, 2023 by itnerd

The trade in values of Apple products have absolutely taken a nosedive after the the announcement of new Macs yesterday. Take for example my 16″ MacBook Pro. This is what I paid just over a year ago for the version that that I have:

Now take a look at the trade in value as of today:

While I get that it’s in Apple’s interest to spend the least that it possibly can on trade ins, Apple trying to argue that a nearly $4000 computer has dropped in value by something like 75% in about a year is insane.

And I am not the only one who thinks that, YouTuber MKBHD had this to say:

Now to be fair, the value of Intel Macs since Apple Silicon has come out has plummeted massively. But it is still a bitter pill to swallow.

Back to people with Apple Silicon machines. I’m not the only noticed this:

Again, I get nothing holds its value forever. But Apple has clearly missed the mark here. Or have they? The cynic in me says that this is a deliberate attempt by Apple to stop people who have Apple Silicon from trading in their computers to get the new hotness. I say that because if you look at the video that Apple posted on YouTube announcing these new computers, the marketing seems to be aimed at those who still have Intel Macs.

So if you want the new hotness, my advice would be to sell your current Mac on Craigslist or Ebay. You’ll get more money for it, and that’s always been the case even before this situation popped up. Meanwhile, I have to wonder if Apple is even going to try and quietly walk this back, or just say “too bad, so sad”, or more likely say nothing as Apple typically doesn’t admit mistakes. I am keeping my eye on this for sure as it is going to be interesting to watch.

Leave a comment »

New 2H 2022 OT/IoT Security Report Deep Dives Into ICS Finding Wiper Malware, IoT Botnet, Russia/Ukraine War Dominated Threat Landscape

Posted in Commentary with tags on January 18, 2023 by itnerd

Nozomi Networks has released the 2nd Half Review in its “OT/IoT Security Report: A Deep Look Into the ICS Threat Landscape” finding wiper malware, IoT botnet activity, and the Russia/Ukraine war significantly influenced the threat landscape as disruptive attacks on critical infrastructure continued into the second half of last year targeting rail, hospitals, manufacturing and energy. 

Malicious IoT botnet activity remained high and continued to rise in the second half of 2022. Nozomi Networks Labs uncovered growing security concerns for both hard-coded passwords and internet interfaces for end-user credentials. On the vulnerability front, manufacturing and energy remained the most vulnerable industries followed by water/wastewater, healthcare and transportation systems. In the last six months of 2022.

You can read the full report here.

Leave a comment »

Twitter Sued Over Data Breach

Posted in Commentary with tags on January 17, 2023 by itnerd

From the “It sucks to be Elon right now” department comes news that a lawsuit has been filed over the Twitter data breach that has recently come to light:

New York state resident Stephen Gerber claims his personal information was among the cache of data obtained by hackers between 2021 and 2022. He sued Friday in San Francisco federal court seeking class-action status for all those whose information was leaked.

Gerber blames a defect in Twitter’s application programming interface (API) that allowed cybercriminals to obtain usernames, emails and phone numbers of users of the social media website.

In January, an anonymous user on the hacker site BreachForums published a database that they claimed to contain basic information on hundreds of millions of Twitter users. Twitter said in a blog post that there was “no evidence that the data being sold online was obtained by exploiting a vulnerability of Twitter systems.”

“The data is likely a collection of data already publicly available online through different sources,” the company said.

Gerber claims in the complaint that Twitter “seemingly buried its head in the sand” and says the company may have tried to hide the magnitude of the leak.

Twitter “to this day, has inexplicably failed to notify or contact the victims of this particular API exploitation,” Gerber said.

Gerber is seeking unspecified monetary damages, likely to exceed $5 million, and court orders requiring Twitter to hire third-party security auditors to test and audit its systems as well as to implement and maintain a security program designed to protect the confidentiality of the users.

Forget about the what if’s in regards to if this guy wins. The fact is that this will spawn other lawsuits that Elon and Twitter will have to defend against. And the fact this that Elon and Twitter are both incredibly unfocused at the moment. Which means that their ability to give each lawsuit the time and attention it needs is going to be way less than it should be. That in turn means that the odds that Twitter will have to pay up big time increase.

Take it from me, Elon’s going to wish that he never bought this company.

Leave a comment »

CircleCI Pwned With Potentially Huge Negative Downstream Effects

Posted in Commentary with tags on January 17, 2023 by itnerd

CircleCI, a company that develops testing and deployment tools for software engineers, has shared details about how hackers broke into its systems last month and compromised customer data. CircleCI chief technology officer Rob Zuber said hackers gained access to its networks after infecting an employee’s laptop with malware. And here’s what happened next:

On December 29, 2022, we were alerted to suspicious GitHub OAuth activity by one of our customers. This notification kicked off a deeper review by CircleCI’s security team with GitHub.

On December 30, 2022, we learned that this customer’s GitHub OAuth token had been compromised by an unauthorized third party. Although that customer was able to quickly resolve the issue, out of an abundance of caution, on December 31, 2022, we proactively initiated the process of rotating all GitHub OAuth tokens on behalf of our customers. Despite working with GitHub to increase API rate limits, the rotation process took time. While it was not clear at this point whether other customers were impacted, we continued to expand the scope of our analysis.

By January 4, 2023, our internal investigation had determined the scope of the intrusion by the unauthorized third party and the entry path of the attack. To date, we have learned that an unauthorized third party leveraged malware deployed to a CircleCI engineer’s laptop in order to steal a valid, 2FA-backed SSO session. This machine was compromised on December 16, 2022. The malware was not detected by our antivirus software. Our investigation indicates that the malware was able to execute session cookie theft, enabling them to impersonate the targeted employee in a remote location and then escalate access to a subset of our production systems.

Because the targeted employee had privileges to generate production access tokens as part of the employee’s regular duties, the unauthorized third party was able to access and exfiltrate data from a subset of databases and stores, including customer environment variables, tokens, and keys. We have reason to believe that the unauthorized third party engaged in reconnaissance activity on December 19, 2022. On December 22, 2022, exfiltration occurred, and that is our last record of unauthorized activity in our production systems. Though all the data exfiltrated was encrypted at rest, the third party extracted encryption keys from a running process, enabling them to potentially access the encrypted data.

Clearly the threat actors knew who to target to get what they wanted. That’s scary. The company has put out a security alert that has been consistently updated since this incident happened. I’d spend some time reading this if you are using CircleCI products. An example of this is that Datadog’s RPM GPG signing keys and its passphrases were exposed during this breach. Anyone who uses their products, and any vendor who uses those products are potentially at risk.

Kevin Bocek, VP of Security Strategy and Threat Intelligence at Venafi had this to say: 

“Another day, another software supply chain attack. It’s clear that this type of threat isn’t going away. Targeting a developer tool and delivery platform, like CircleCI, was clearly intended to fly under the radar and slip into other development environments. In this case, they were able to gain access to Datadog’s environment meaning that its RPM GPG signing machine identities were exposed. Fortunately, Datadog has responded quickly to rotate the impacted identities and it doesn’t appear that they’ve been abused. But if an attacker had seized this opportunity, then it would have given them a very powerful weapon – potentially allowing them to spread across Datadog’s customer networks by enabling them to sign and send malware while appearing completely trusted. This could have had serious repercussions.

“This incident demonstrates the growing risk of attacks targeted at developers, machine identities and modern development pipelines. When combined with the speed of modern development, widespread use of automation and use of the cloud, an attacker with access to powerful machine identities can create ripples fast which are extremely hard to protect against or remediate. In a machine-driven world, having a control plane to manage the lifecycle of your machine identities is essential. As this incident shows, you can be doing all the right things and still find yourself exposed. All businesses – whether they be a software publisher, or a consumer of software – need to be able to automate controls that say who and what can and can’t be trusted, and to have the agility to respond to change.”

This isn’t a trivial hack and should not be treated as such. If you’re reliant on CircleCI products, you should be ensuring that you are not exposed. And you should double check with your vendors that they have done their due diligence as well.

Leave a comment »

« Older Entries
Newer Entries »