The top five antivirus blunders you must never make

In the same way that genuine viruses may cause havoc, computer viruses can also. As your computer tries to recover, programs that used to function normally sputter to a halt. Antivirus software is therefore essential: If you stay away from the most typical errors, they protect your digital life.

 The idea that anything will work as antivirus software is one of the most widespread myths. They believe the first free program they can locate will function just as well as a premium one from an established brand, so they download it. In fact, using free antivirus software could end up costing you a lot of money.

 You get what you pay for when securing your PC.

 First error: You don't conduct any study.

 Although it may seem strange, many antivirus products are really merely malware in disguise. Cybercriminals are aware of how trustworthy many people are. They are betting that you won't do your homework and would simply accept the word "antivirus" at face value.

 If you fall for one of these scams, you risk infecting your device with malware. Free antivirus programs should be avoided as they are more likely to be provided by scammers. Cybercriminals realize that by providing free services, they can attract a larger audience.

 The bottom line is to conduct research when trying to secure your computer. If you make the wrong decision, you might unintentionally ruin it. See what other people like you have to say about the antivirus programme by reading reviews. Believe individuals when they claim it's a con.

 The second error is that you don't get your antivirus programme from reliable websites.

 Perhaps you click on an advertisement for a reputable programme. This directs you to a website that appears to be trustworthy. Your digital life could be in risk if you download the application from this website.

 Cybercriminals frequently use deception to try to convince you to let your guard down. Bemidji State University claims that many fraudulent antivirus and malware eradication solutions impersonate real tools from reputable vendors.

 Because of this, you should never download software from an arbitrary website, regardless of how professional-looking its design may be. Otherwise, you can be purchasing a phoney application that is infected with malware.

 Search for the official website instead, and make your purchase there.

 Mistake No. 3: One of the most frequent antivirus mistakes is not having backups.

 Although antivirus software is a crucial component of your cybersecurity toolkit, you shouldn't rely solely on it. Additionally, you ought to employ VPNs, firewalls, and other security measures. Expecting too much from a single programme is unreasonable.

 Keep in mind that every cybersecurity technology protects you in a unique way. Numerous risks will need to be addressed by you, including:

 ·         Phishing tactics.

·         Hackers.

·         Breaches of data.

·         Spyware.

·         Ransomware.

·         Typosquatting.

 These are but a few illustrations. There are other additional cyberattacks that you should be aware of. Use more than simply an antivirus programme to safeguard yourself as much as possible.

 The fourth error is that you don't update your antivirus software.

 A lot of individuals will download antivirus software and then forget about it. They consider installing it as an additional duty they can complete.

 In actuality, you must take part in your cybersecurity plan. You cannot simply recline and wash your hands. Not keeping their antivirus application up to date is one of the most typical mistakes people make.

 Keep an eye out for updates to keep yourself safe. Download the latest fixes that the company releases. You won't overlook important security measures if you do it this way. You run the danger of hurting yourself if you don't do this. Hackers frequently discover outdated bugs and weaknesses in well-known programmes.

 If you don't update your antivirus software, your device could be compromised. By staying current, you can safeguard your computer from infections that can be avoided.

 The fifth error is that you have several antivirus products running.

 More is always better! Only parties are affected by this. You just need one antivirus application at your disposal when talking about cybersecurity.

 You could put yourself in risk if you double up. This is due to the fact that every antivirus product has a different manner of communicating with your computer. If you simultaneously download two, they can conflict with one another.

 In fact, they might consider the other to be malicious software. Therefore, one antivirus application might quarantine the other and label it as a hazardous programme. A programme you purchased has been instantly made useless.

 S:komando.com

Use the browser's spell checker? It might divulge your credentials.

Nobody wants to misspell something when writing a crucial email. A helpful free tool is Grammarly. For faultless writing, use the spell checkers in the Microsoft Edge and Google Chrome browsers.

 They can be useful, but they can put your privacy at danger. Some browser spell-checking features convey personally identifying information (PII) to Big Tech companies, according to security researchers.

 Continue reading to learn how browsers might expose your passwords and what you can do to prevent it.

 This is the history.

 You might want to reconsider using Chrome's and Edge's enhanced spell check tools after security researchers at otto-js found a discovery that could compromise your computer. This is why.

 Every single thing you type into any page is transmitted to Google for spell checking when the Google Enhanced spell check function is enabled. That could contain private information like Social Security numbers, home addresses, banking information, and more, depending on the form you're filling out.

 Here's another ominous turn. If you choose "Show password" when logging into an account, Google will also be emailed your password to perform a spell check. Yikes!

 The good news is that you can cease sending PII to these companies and safeguard your privacy. This is because Google isn't sent this information by Chrome's Basic spell check. To have everything you enter transmitted to Google, you must enable Enhanced spell check.

 Your privacy is not violated by Microsoft's built-in spell check. It is an add-on for the Microsoft Editor: Spelling & Grammar Checker browser. You'll be safe if you don't apply the extension to Edge. Remove it as soon as possible if you previously added it and want to keep your data safe. Continue reading, and we'll explain how.

 What you can do in response

 In Microsoft Edge, there are two ways to get rid of an extension. This is how:

 Choose and hold (or right-click) the icon of the extension you want to delete in Microsoft Edge (to the right of your browser address bar). Choose Remove > Remove from Microsoft Edge. Alternately, click Extensions to the right of your browser's address bar, then click More actions next to the item you want to remove. Choose Remove from Microsoft Edge > Remove after that.

 Regarding Google Chrome:

 As we have stated, Chrome's basic spell checker appears to be acceptable in terms of privacy. You should be concerned about the Chrome Enhanced spell check. Fortunately, in order to be vulnerable, you had to have the Enhanced spell check feature enabled.

 Here's how to find out which version you're using and, if the enhanced tool has been turned on, how to turn it off.

 On a computer, start Google Chrome.  In the top right corner, select Settings by clicking the three dots stacked menu button. From the menu selections on the left side of your screen, choose Languages. Make sure the Basic option is selected under the Spell check section. Toggle the switch next to Check for spelling errors when you write text on web pages to the left if you don't want to use spell check at all.

 S:komando.com

Three Cybersecurity Tools Everyone Needs

There are many beneficial possibilities offered by technology, but there are always downsides. It is essential to preserve online safety as consumers spend more time online. Therefore, cybersecurity tools are required, and the purpose of this essay is to go deeper into the subject.

 First, a virtual private network (VPN)

 Websites track a lot of user information these days. It is possible to regain some degree of control, though. You can first limit the information you disclose and then increase the difficulty of tracking you. The second of these issues can be resolved using a virtual private network.

 You can connect to one of the numerous servers spread over the world using a VPN. When you do this, your IP address is no longer accessible to the websites you visit. This essentially indicates that they are unable to determine where you are. Instead, they will erroneously believe you are connecting to the website from the address specified in your VPN software. While it's beneficial to avoid websites from following you, adding a protective wall against hackers has an added benefit, especially when utilizing a public network.

 2. Firewall and antivirus software

 The majority of brand-new PCs come with a free antivirus software trial, and many companies provide this service. Online threats are pervasive, so it's essential to have some kind of defense in place.

 Antivirus software alerts you to these attacks and risky websites, but threats are still likely to come up from time to time. You can take certain safeguards, such not entering personal information on websites that aren't secure. Everyone needs to use this software to protect themselves because it frequently also offers some level of defense against dangerous email attachments.

 3. A password supervisor

 Your random, secure, and distinctive passwords are generated by a password manager, who then saves them. Although hardly many people use them, password managers are a great way to safeguard your online data. The issue is that users frequently repeat the same password across numerous websites, creating weak credentials that are simple to hack.

 A password manager can also easily log you into each website automatically, and the majority of them function across all of your devices. It's important to note that data is encrypted and only you have access to it using the software's master password.

 It's critical to take cybersecurity precautions seriously as people conduct more activities online. Although most people's devices often have some kind of cybersecurity, there is usually more that can be done. Therefore, keep in mind to use a VPN to mask your location, antivirus software to safeguard you from online risks, and a password manager to secure your login information.

Disconnection Between CEOs, Boards, and Cybersecurity Managers Is Shown by New Numbers

The security services company LogRythm has published a report (see logrhythm.com/making-security-priorities-business-priorities/) that shows that, contrary to popular opinion, key cybersecurity officials aren't reporting directly to the CEOs of their firms. An inability to immediately communicate should a security problem arise could limit a fast reaction to a danger given how heavily businesses rely on technology to do business while safeguarding their resources and customer data. According to the LogRythm research, there are typically three levels between cybersecurity managers and their CEOs.

 LogRythm also found that organizational management may frequently operate on the assumption that their technical security executives completely grasp their companies' commercial goals, which compounds the communication problem. Budget management is one area where this ignorance of the subject affects IT security managers. LogRythm found that many cybersecurity managers lack complete control over their departments’ budgets and are required to go through approval processes before allocating funds to acquire new resources. If they are not informed of management's intentions and objectives early enough, they probably won't have the money they need when changes are implemented.

 The statistics

 According to research from LogRythm, 60% of the firms surveyed's management stated that their CEOs and cybersecurity managers should keep open lines of communication. The CEO must be informed right once of any potential security problems, according to the respondents. By doing so, the threat response would be sped up and other organization stakeholders' knowledge of the situation would be maintained. Sadly, according to LogRythm, 93% of cybersecurity managers surveyed do not directly report to their CEOs. They were actually three links apart on average in the communication network. Resources could be at risk if threat response times are delayed because of the need to communicate through channels.

 According to LogRythm's report, 77% of cybersecurity managers did not have full control over how their expenditures were allocated or managed. Before allocating funds to purchase the resources required to successfully safeguard their environments and resources, they were required to have organizational management's approval. Even though 64% of cybersecurity managers claimed they went to their management boards for approval of budget allocations, representatives of 63% of the firms polled claimed their budgets ultimately fall short of their needs. This indicates that the majority of these businesses lack the resources necessary for their cybersecurity staff to adequately defend their resources. Additionally, it implies that organizational administrators frequently are aware that they are not supplying all necessary resources.

 A lack of communication has more effects.

 54% of the cybersecurity managers in the 93% of the studied organizations who lack direct access to their CEOs said they either speak to their boards of directors just once a year or only when security issues arise. According to LogRythm, 46% of top organizational leaders asked said that their cybersecurity managers comprehended the objectives of their companies. Given the apparent lack of opportunity they have to debate those aims, this seems implausible.

 So that cybersecurity executives are not caught off guard, organizational goals including those connected to growth, establishing new locations, extending services, and potentially expanding into regulated areas of operation must be shared. They must be given enough time to deal with rising threats, evolving attack vectors, and recently identified vulnerabilities while also planning for changes in the environment, creating budget proposals, and expanding personnel security training programs. Ample warning is crucial for the 77% of organizations that do not have complete control over their security budgets and spending.

 In summary

 CEOs and boards of directors need to think about the potential repercussions of failing to respond in a timely manner to a security issue, such as a data breach or ransomware attack, just because of the way their chain of command is set up and the limitations on their capacity to communicate. When necessary, cybersecurity leaders must be able to speak with C-level executives directly. In order to prepare appropriately and have enough time to execute the necessary adjustments and protections within the environment, IT security managers must also be kept informed of changing and evolving organizational plans and goals. CEOs and boards of directors may want to think about giving cybersecurity managers more budgetary flexibility so that, when demands occur, they may be handled without needless delays. Last but not least, cybersecurity executives must stress to organizational management the necessity of enhancing communication and, if necessary, exerting more control over their financial resources.

Why would you want to use macOS Ventura's USB Restricted Mode?

USB Restricted Mode: What is it?

 The additional layer of security is introduced with macOS Ventura and takes the shape of USB Restricted mode, which is activated by default and should provide enterprise IT some comfort.

 This security measure is described in an Apple developer notice, which reads, "On portable Mac laptops with Apple silicon, new USB and Thunderbolt devices require user approval before the accessory may communicate with macOS for connections wired directly to the USB-C port."

 You're right if this sounds familiar. On iPads and iPhones, it is already available. It's important to note that both of those platforms have always lagged behind the Mac in their support for mass storage devices, and it has only been possible to use external storage with those since iOS 13.

 Things have kind of gone the opposite way on the Mac. External storage devices have always been supported by Macs, but Apple has now improved security using Apple Silicon systems.

 Functions of USB Restricted Mode

 The user will be prompted for authorization whenever a new USB or Thunderbolt device is attached to the Mac. Before a Mac will identify an attachment if it is locked, the end user must unlock it. This employs the brand-new allowUSBRestrictedMode restriction for the Mac. When your Mac has been locked for about an hour, the protection starts.

 Devices will continue to charge even if you select Do Not Allow for use of a connected accessory, according to Apple, which claims that it does not apply to power adapters, displays, or connections to an authorized hub. Energy flows, but data does not, according to the theory.

 What makes you want it? The aim behind this protection is to add another layer of defense for Mac users and their data as the security landscape continues to deteriorate. Additionally, it prevents programs like GrayKey from breaking hardware security to access data.

 Making honest people content

 In actuality, the majority of folks won't run into an issue. They will connect a USB device, accept it, and then they won't have to give it any more thought. (They might need to sporadically allow use, but that's all.)

 The following is explained in Apple's engineering notes for the feature's iPad/iPhone implementation:

 Your iOS device won't be able to communicate with the accessory or computer, and in certain situations, it won't be able to charge, if you don't first unlock your password-protected iOS device, or if you haven't unlocked and connected it to a USB accessory within the past hour. An alert requesting that you unlock your device in order to use accessories may also appear.

 The new security measure complements the soon-to-be-available Automated Device Enrollment feature, which requires anyone setting up an enrolled Mac to go through the enrollment procedure. This makes it far more difficult for unauthorized individuals to attempt to open a Mac in order to access data that is not theirs to take.

 S:computerworld.com

What DAST is and how it can increase the security of web applications

Many businesses will use "white-hat" hacking teams to look for software vulnerabilities, from national security agencies to global enterprises. Teams of "white hats," or ethical hackers, test environments from the perspective of potential attackers and give businesses knowledge about potential security holes.

 The same principle governs Dynamic Application Security Testing, or DAST. Although an application's developers may be fully aware of it from the inside, they cannot be certain of its integrity until they observe how it responds to an external threat. DAST is a kind of application security that attacks web apps mercilessly, via trial and error, without any prior knowledge of or access to the source code of the program, in an effort to find vulnerabilities.

 Organizations gain from DAST integration.

 The reasons behind why businesses ought to implement dynamic application security testing. Because attacks on online applications will not soon come to an end.

 According to a 2021 NTT survey, 50% of all websites had at least one exploitable vulnerability. Threat actors often use critical vulnerabilities as an inviting entry point and as a primary target.

 Similar conclusions were obtained in the 2022 Verizon Data Breach Investigation Report: online applications topped the list of attack vectors, with approximately 20% of breaches carried out using exploitable vulnerabilities. In particular, exploit-based attacks on mail servers increased from 3% in 2020 to 30% in 2021. Why would hackers think of using a different method if there were no protections like DAST in place as long as these vulnerabilities continue to exist year after year?

 SAST versus DAST

 Application security is not limited to DAST. Another method frequently used by experts is static application security testing (SAST).

 SAST processing allows for complete access to an application's internal workings during scans. This method differs from DAST processing, which takes an impartial viewpoint and doesn't have access to the underlying source code.

 DAST tests an application while it is in use to see how it responds to changes in real time, which is another distinction.

 SAST, on the other hand, only examines flaws in the source code itself and evaluates programs that are idle.

 Penetration testing should not be confused with DAST. DAST does not require human input, in contrast to pen testing, which typically requires a human to manually detect vulnerabilities. As a substitute, it automates the process of locating and reporting vulnerabilities, giving developers more time to implement solutions early in the software development lifecycle.

 How DAST may increase the security of web apps

 It's hardly surprising that cybersecurity experts advise implementing DAST early in the software lifecycle given the mounting pressure on businesses to protect their online apps from assaults. The following are some of the main justifications for why include DAST in the SDLC can enhance web app security:

 1.       Reduce erroneous positives, first.

 By assisting in the separation of vulnerabilities from benign lookalikes, dynamic web app testers help to drastically lower the frequency of false positive warnings. When DAST and IAST collaborate, they are particularly effective since their combined search adds accuracy to the process of determining which vulnerabilities are real.

 2.       Recognize weaknesses that are only present in runtime/production environments.

 Some flaws can only be found when an application is actively being used. Static and manual testing cannot catch flaws in software libraries, server configuration errors, or inappropriate user input validation.

 3.       Capable of handling microservices/containers' complexity

 Distributed microservices architectures are being used by more businesses, which might increase the attack surface and types of vulnerabilities that can appear during the SDLC. DAST can track how microservices communicate and assist developers with prioritizing exploits as they emerge during runtime.

 4.       Works well with IAST and other web app scanners

 Organizations can't do better than integrating DAST with other app security testing technologies to gain a thorough 360-degree view of their web app's potential vulnerabilities. For instance, software provider Invicti connects DAST and IAST so that the IAST uses crawlers to visit every area of the application and the DAST to identify vulnerabilities precisely where they exist.

 5.       Can speed up remediation and shorten reporting timeframes.

 Early SDLC integration of DAST enables quicker reporting cycles and more thoughtful corrective action. DAST enables developers to swiftly find and correct blind spots before they become a security concern later on in the pipeline, as opposed to finding holes in production or even later.

 Final Thoughts

 "If you know yourself but not the opponent, for every triumph obtained you will also suffer a defeat," the ancient Chinese military philosopher Sun Tzu wrote.

 It may seem out of place to re-gloss Tzu's teachings for the present day, but it's hard to argue with their applicability. Take the auto industry as an illustration; they are familiar with every piece of equipment used in the production of their vehicles. Yet they continue to conduct crash testing to assess how well the car's structural integrity holds up under stress.

 In order to be successful on the cyber battlefield, one must also be aware of, foresee, and even simulate external threats in order to be ready to thwart the actual attack when it occurs. DAST gives businesses an efficient approach to gauge how their apps handle incursion attempts early in the SDLC without having to deal with the negative effects of a real-world attack. Organizations can boost visibility of their attack surface and address blind spots before it's too late by implementing DAST alongside other scanning techniques.

 S: scmagazine.com

Redesigning technology for the future

Since the last few years have brought about unforeseen change beyond what many could have anticipated, businesses are rushing into a future that is significantly different from the one they were built to operate in. The metaverse, a more recent phenomenon, will change how corporations connect with clients, how work is done, what goods and services they offer, how they create and deliver them, and how they run their enterprises.

 According to Accenture's recent Technology Vision 2022 research, these new, digitally enhanced worlds, realities, and business models are set to alter both life and business in the following ten years.

 Here are five effects that these technologies will have on privacy and security as we shape our shared future.

 Developing trust

 A trustworthy and authentic digital basis will be necessary for the metaverse. Society is currently at a turning point as less trust is being placed in social media and the internet. As the distinction between physical and digital life blurs more and more, problems with privacy, bias, fairness, and human welfare become much more prominent. Businesses are at the forefront of building trust and have a unique opportunity to define the human experience in these brand-new environments.

 However, people are also in a special situation. Particularly in the metaverse, we need to learn how to connect in a way that fosters trust. There is a learning curve associated with this since, for example, some people may not be familiar with Web 3 words and protocols or virtual reality (VR) and augmented reality (AR) platforms, which are effectively the next generation of the internet. The main objective of all metaverse initiatives, however, is to give people authority over their own data by utilizing technologies like blockchain in order to build a layer of trust throughout the web.

 A world with programs

 Numerous possibilities exist for enhancing, personalizing, and otherwise "programming" our physical environments. Becoming a leader in the programmable world will involve extensive investigation, experimentation, and development that goes beyond the foundations of cross-device interactions, privacy, and security. In order to achieve "full stack" programmability, organizations will need a thorough grasp of the three programmable world layers—the Connected, the Experiential, and the Material.

 Businesses should first look for ways to improve their fundamental, linked layer. In terms of speed and low latency, 5G is primed to be a game-changer, but rollouts are still in the future. In order to influence the creation of new technology standards, firms must also actively participate in industry-wide coalitions.

 Businesses can begin bridging the sensory layer between the digital and physical worlds by creating digital twins. In the future, digital twins will power every company's programmable world strategy, enabling them to create goods, create user experiences, and manage their enterprises in ways that were previously unthinkable.

 Last but not least, it's critical to continuously research emerging technologies for the material layer. You can make sure you're at the forefront of practical technological innovation by partnering with startups and academic institutions. Digital twins are a key component of the experience layer, building on data gathered by IoT and edge devices and processed at 5G speeds. The global market for digital twins, which  was valued at $3.21 billion in 2020, is anticipated to grow to $184.5 billion by 2030.

 Overcoming the toughest obstacles

 Computers that could effectively address the "grand challenges" facing the globe have only existed as theoretical ideas for decades. Currently, they are advancing quickly, and their potential impact on the core issues facing industry may represent the greatest opportunity in generations.

 To comprehend the most recent changes in their sectors and to create for a better future in all contexts, leaders must forge connections and alliances. Businesses and leaders will be well-positioned to exist and even thrive in the metaverse by forming a futurist team to consider how new technologies might either threaten—or evolve—the status quo of the firm as well as the influence on society and on individuals.

 S:cio.com

Optimize your cloud operations with the help of CloudOps.

DevOps is a collection of activities that integrates software development and IT operations with the aim of reducing the development lifecycle and enabling continuous delivery and high-quality products. Anyone involved in the creation of software products should be well-familiar with DevOps.

 As businesses migrate more workloads and application development to the cloud and as those cloud investments get more complicated, a related notion known as "cloud operations," or CloudOps, has evolved.

 Here, we look at what CloudOps is, how it may help your business, and the important considerations you need to make when putting it into practice in your organization.

 CloudOps: What Is It?

 Managing the delivery, improvement, and effectiveness of IT services and workloads running in a cloud environment is done through the use of the operations practice known as "CloudOps."

 CloudOps aims to provide policies and best practices for cloud-based processes, much like DevOps does for the development and delivery of applications, regardless of whether a company employs a multicloud, hybrid cloud, or private cloud strategy.

 Advantages of CloudOps

 According to Hatch of Capgemini, the business benefits of CloudOps can be significant and start with an organization's general attitude toward cloud services.

 CloudOps "assists in promoting more enterprise cloud adoption and usage. Companies should use the cloud more frequently and be able to experiment and develop with new services and technology if they can build, administer, and secure their cloud environments successfully, according to the author. This can, in turn, increase their agility, shorten their time to market, and promote innovation.

 According to Hatch, organizations who utilize CloudOps may improve administrative and financial control over the increasing number of cloud services they use.

 Hatch says, "We are hearing from customers that they are going over their cloud budgets and either don't know why or can't put the controls in place to manage it. "This is mitigated by effective CloudOps. We can improve budgeting, financial tracking, and optimization at the governance layer. The operations level is also made easier by improved deployment and management automation.

 According to Will Thomas, managing director at the company, the ability to automatically release approved resources in the cloud is another top benefit mentioned by clients of consulting firm Protiviti. This feature aids enterprises in managing the expanding complexity of the cloud.

 The methodology "ensures alignment to security rules, standards, and/or frameworks with the establishment of policies that can prevent noncompliant actions while reporting on health and activities within the cloud," according to Thomas, who lists increased security as a primary benefit of CloudOps.

 A CloudOps engineer will focus on exploiting approved resources within the cloud to modernize apps with the best services, according to Thomas, who also thinks that businesses that employ CloudOps are better positioned to optimize their cloud settings.

 Furthermore, according to him, organizations using CloudOps can create plans for efficient resource allocation based on performance and cost considerations, continuously report and review metrics on cloud health, and support proactive resource configuration while upholding regulatory compliance inside the cloud.

 The potential of CloudOps to scale cloud services affordably without affecting QoS, according to Replicon's Kuppahally, is cited. He claims that it is very strategically important to align QoS goals and CloudOps investment because "a dedicated CloudOps staff can be incentivized to manage operating, and hence will have a vested interest in reducing the operational costs."

 Culture of CloudOps

 Like DevOps, the success of CloudOps depends greatly on creating a culture that is focused on utilizing the framework and tools to their full potential.

 Additionally, organizations need to concentrate on developing their CloudOps skills as more and more tasks and processes are moved to the cloud.

 According to Thomas of Protiviti, "the majority of clients live in a state of reaction while interacting with the cloud and cannot respond to events, changes, or demands for new services." "CloudOps sets the framework for deployments made possible by automation, enables monitoring, evaluating, and resource optimization of current resources, and evaluates corporate policies for cloud alignment."

 According to Stretto's Tsounis, for cloud operations to be successful, firms must have "a broader grasp of the optimal alignment of suitable organizational structure, expertise, and collaboration."

 "CloudOps is not just one team or division. The CTO argues that in order to implement standard CloudOps practices, the IT, security, architectural, and application teams must work together. "If these teams are operating in silos, CloudOps won't operate properly,"

 And based on his practical experience with CloudOps, Tsounis thinks that in order for enterprises to succeed and avoid reinventing the wheel, they also need a better understanding of the fundamental skills needed for CloudOps.

 The networking, security, automation, and cloud-based architecture must all be understood by the technical teams, he adds. The teams run the danger of adopting solutions where cloud services already exist without the necessary basic knowledge.

 S:cio.com

What makes Google's 'translation glasses' so special?

At Google's I/O developer conference this week, the company teased translation glasses, promising that one day you'll be able to converse in a foreign language while looking at the English translation in your glasses.

 In a video, company officials demonstrated the glasses, which included not only "closed captioning" — real-time text spelling out in the same language what another person is saying — but also translation between English and Mandarin or Spanish, allowing people speaking two languages to converse while also allowing hearing-impaired users to see what others are saying to them.

 As Google Translate hardware, the glasses would address a significant flaw in the service: while utilizing audio translation, the translation audio interrupts the conversation in real-time. You can follow talks much more simply and naturally if you present translation visually.

  The translation-glasses prototype, unlike Google Glass, is also augmented reality (AR). When a device gathers data from the outside world and recognizes what it means, it adds information to it that the user can see.

 It was a heads-up display, not augmented reality. It could only deal with a location in terms of contextual or environmental awareness. It could provide turn-by-turn directions or reminders based on the user's location. However, it couldn't routinely collect visual or auditory input and then relay that information to the user.

 By capturing audio data from the environment and delivering to the user a transcript of what is being said in the language of choice, Google's translation glasses are, in reality, AR.

 As far as I could tell, members of the audience and the tech media reported on the translating function as the only application for these glasses, with no analytical or critical study. The most obvious truth that should have been addressed in every report is that translation is only an arbitrary decision for cloud audio data processing. The spectacles have so much more potential!

 They could process any audio for any application and send back any text or audio for the wearer to consume. That's self-evident, right?

 In actuality, the gear transmits noises to the cloud and shows whatever text it receives in return. The glasses have no further purpose. Make some noise. Text can be received and displayed.

 Audio processing applications that produce actionable or informative contextual information are nearly limitless. The glasses could make any noise and then show any text received from the remote app.

 Noise may even be encoded, like an old modem. A noise-generating gadget or smartphone app might send R2D2-like beeps and whistles to the cloud, which could be analyzed like an audio QR code and return any information to be displayed on the glasses once deciphered by servers. This text could represent operating instructions for machinery. It could be information about a particular museum artifact. It could be detailed on a particular item in a store.

 Within five years or more, we'll be expecting visual Augmented reality technology to deliver applications like these. Most of this could be done using audio in the meantime.

 Using Google's "translation glasses" with Google Assistant is an obvious and powerful application. It'd be like using a smart display with Google Assistant — a home gadget that displays visual data in addition to voice data from Google Assistant questions. However, no matter where you are, that visual information would be available in your glasses, hands-free. (Note that this is not AR, but rather a heads-up display application.)

 Consider what might happen if the "translation glasses" were combined with a smartphone. Bluetooth transfers of contact data might display (on the glasses) who you're talking to during a business event, as well as your history with them, if others allow permission.

 S:computerworld.com

How to Boost the Security of Your Mobile Device Policy

In and out of the office, mobile devices are frequently utilized for work-related activities. It's critical to check your mobile device security strategy on a regular basis to guarantee that your data doesn't get into the wrong hands. Due to the ever-changing nature of cyberattacks, a managed IT service provider can also help you improve your mobile device policies.

 Here are some basic suggestions for improving your company's mobile device security strategy.

 Your mobile device policy should be updated.

 One of the first steps in enhancing security is to update your employees' mobile device policies. A mobile device use policy should address a variety of issues, including which apps can be downloaded and how sensitive data should be managed. Giving your staff these rules provides them with more direction, which can help to reduce the risk of a data breach or cybersecurity problem.

 Install Security Updates Automatically

 Limiting vulnerabilities requires downloading the most recent security patches. It's not a good idea to rely on your employees to maintain their devices up to date with the newest patches. It is critical to enable automatic updates for mobile devices in order to patch vulnerabilities as quickly as feasible.

 Virtual Private Networks are required.

 When working outside the office, employees frequently use public Wi-Fi. Unfortunately, using a public Wi-Fi network puts your data at risk, especially if you're accessing bank accounts or personal information. A virtual private network (VPN) is essential for encrypting data when utilizing other networks, allowing your staff to remain productive outside of the office.

 Workplace Data Backup

 For your business, mobile devices can typically carry a lot of data. Mobile devices are convenient, but they also increase the danger of data loss. A tablet or smartphone, for instance, can be easily misplaced, damaged, or stolen. Making data backups for all of your vital information is the greatest approach to prepare for such a severe situation. To ensure that your data is always protected, an IT service provider can create data backups in real time.

 Engage the services of a mobile device manager.

 Managing your employees' mobile devices is considerably easier with a mobile device manager. Whether allowing or denying device access to your network, applying patches, or employing remote lock functions, an IT team can conduct a wide range of tasks. For added cybersecurity protection, these IT specialists will keep an eye on work-related gadgets for any suspicious activity.

 Final Thoughts

 For work-related activities, mobile devices will continue to be frequently used.In order to create a   work environment, you must find strategies to improve your mobile device security policies. A managed service provider will collaborate directly with your team to update your mobile device use policy, as well as automatically deploy upgrades and create real-time backups for vital data. Because keeping your mobile device policy up to date is critical for data protection, cyber threats targeting mobile devices will only continue to increase.

4 Reasons to Hire Managed IT Services to Protect Your Network

For organizations, keeping their networks safe from cyber assaults is a full-time job. Unfortunately, many businesses lack the resources to dedicate an in-house IT team to cyber security. Working with an IT service provider can help you overcome these obstacles by providing much-needed protection for your network against these developing threats. These IT experts will keep an eye on your network 24 hours a day, seven days a week, and you can contact them at any time if you have any questions.

 Here are some of the most important reasons why you should hire a managed IT service provider to keep your network safe.

 1) Data Breach Prevention

 Cybercriminals are always coming up with new ways to steal sensitive information. Many criminals profit handsomely from gaining access to this data and selling it on the dark web. Limiting the chances of a data breach requires a focus on strengthening network security. Network segmentation, intrusion prevention systems, access control, and firewalls are some of the tools and tactics used by a managed IT service provider to prevent data breaches.

 2) Trade Secrets Protection

 Protecting your company's trade secrets is another reason to prioritize network security. Many businesses are fiercely competitive, and disclosing your trade secrets through a data breach can be disastrous. Financial projections, planned acquisitions, and funding sources are all examples of secret information that might be exposed in a data breach. To protect your personal information, a managed service provider will take a more proactive approach to network security.

 3) Stay Away From Penalties

 Dealing with a network-related cybersecurity problem can be expensive. Many sectors are required to adhere to stringent data security regulations, as failing to do so can result in harsh penalties and costly litigation. Failure to implement proper security standards might result in your company paying hefty charges. Using a managed service provider to take a proactive approach to network security is well worth the cost of protecting your company from a potentially disastrous situation.

 4) Protect Your Reputation

 When compared to your competitors, a bad reputation in your sector might put you at a big disadvantage. A cyber assault can severely harm your client's trust in you, making it much more difficult to rebuild it. Protecting your reputation requires working with an IT service provider to keep your network secure. A managed IT service will take aggressive steps to improve network security and will never be satisfied with the status quo.

 Final Thoughts

 Staying vigilant against fraudsters requires a focus on network security. Botnets, brute force assaults, port scans, and distributed denial-of-service (DDoS) attacks are all common ways for thieves to target your network. Trying to keep your company safe from these ever-changing threats on your own is practically impossible. Using managed IT services gives your company access to the most up-to-date solutions in the industry, ensuring that your company is well-prepared for these attacks.

In 2021, about 80% of businesses experienced an email-based ransomware assault.

Proofpoint presented research on Tuesday claiming that in 2021, 78 percent of firms would suffer an email-based ransomware assault, and 77 percent will encounter business email compromise (BEC) threats.

 Proofpoint's State of the Phish report for 2022 concluded that hackers are still focusing on compromising individuals rather than using technical flaws to get access to systems.

 According to Alan Lefort, senior vice president and general manager of security awareness training at Proofpoint, "email remains the preferred attack tool for cyber criminals, so there's definite value in developing a culture of security." "As the threat landscape evolves and work-from-anywhere becomes more popular, it's vital that firms empower their employees and support their efforts to learn and apply new cyber skills at work and at home."

 According to Matthew Warner, co-founder and CTO of Blumira, phishing has become one of the most popular means of ransomware entry into an environment. To get initial access, some ransomware gangs would brute force public RDP servers or exploit vulnerabilities like Exchange with ProxyShell or VMWare Horizon with Log4j, according to Warner, although this requires more tools and targeting.

 "It has long been proven — and the Proofpoint figures support this — that attackers will succeed if they hit a company with phishing emails enough times," Warner said. "Then it's just a question of whether the attackers can send weaponized documents via email or persuade the victim to download and run a payload." Ransomware created from phishing has become just another tool for attackers in the grand system of defensive protection. The chances of success grow dramatically if threat actors can send phishing emails while concurrently checking for known-vulnerable services and credential stuffing."

 It's not that 78 percent of the 600 survey participants were victims of a full-fledged ransomware attack, according to Chris Clements, vice president of solutions architecture at Cerberus Sentinel, but that they saw phishing emails that attempted to begin a ransomware attack.

 "In light of that, the 78 percent figure seemed to me to be quite low," Clements added. "I would expect any firm of any size to receive a phishing email attempting to deploy ransomware over the course of a year." It's possible that all of the respondents received ransomware-targeted phishing attempts, but that they went unnoticed or were stopped by spam filtering or antivirus measures that the participants were unaware of."

Cloudflare announces the launch of a public bug bounty program.

Cloudflare, a supplier of web performance and security services, announced this week that its bug bounty program is now open to all HackerOne vulnerability hunters.

 HackerOne has had a private bounty program since 2018, although the company built its responsible disclosure policy four years prior to that to assist security researchers in reporting vulnerabilities.

 While no cash rewards were granted as part of the vulnerability disclosure program, HackerOne's private bug bounty program does reward valid reports, and the online security platform deems the initiative a success.

 The corporation paid $4,500 in bug bounty prizes in 2018, after initiating the program, and the sum increased to $101,075 in 2021. To date, Cloudflare has paid out over $210,000 in bug bounty payments to security researchers who took part in the program.

 Members of the HackerOne community who participate in Cloudflare's initiative can earn up to $3,000 for finding serious vulnerabilities in key targets. For critical defects in secondary and other targets, the maximum bounty amounts are $2,700 and $2,100, respectively.

 Stream, 1.1.1.1 resolver, 1.1.1.1/WARP Android and iOS apps, Magic Transit, Cloudflare Pages, Cloudflare Workers, Argo/Argo tunnel, Spectrum, Load Balancing, AMP Real URL, CDNJS, Bot Management, Cloudflare Marketplace (platform only), WAF, and Cloudflare for Teams are among the Cloudflare products targeted by the program.

 "We began the program [in 2018] by inviting a few researchers and gradually increased the number of participants. "We were able to fine-tune our policies and documentation as well as establish a more scalable vulnerability management approach internally as a result of this," the company claims.

 CumulusFire, a website that showcases product features that are generally only available to paying customers, was established to aid in the vulnerability hunting process. The site not only allows researchers to test their exploits, but it also aids the security team in reproducing them.

 "We will continue to adapt our public bug bounty program to provide the best experience for researchers, just as we did our private program." Cloudflare continues, "We hope to add more documentation, testing platforms, and a method for researchers to connect with our security teams so that they can be satisfied that their submissions represent real security problems."

On promotional materials, the Philippines bank would no longer provide clickable website connections

UnionBank of the Philippines announced on Tuesday that it will no longer utilize clickable website links in promotional materials to safeguard internet customers from phishing, smishing, and other forms of online fraud. This is an intriguing initiative by a foreign bank to protect consumers.

 The action, according to bank executives, is part of the company's effort to combat an increase in smishing attempts sent via text messages to consumers.

 According to GMA News Online, UnionBank senior executive vice president Henry Aguda said the bank had complemented the recent measure with its #CyberSure information campaign, which provides Filipinos with actionable guidance on how to protect themselves from cyber threats and practice good cyber hygiene.

 "The interconnected banking world will be more robust for everyone if everyone does their part," Aguda added.

 According to Oliver Tavakoli, CTO at Vectra, "a single firm aiming to train clients not to click on links will probably not have much of an influence as long as most other financial organizations use links in their legitimate communications."

 "The combined experience they have with reputable businesses sets end-user expectations," Tavakoli added.

 "Finding strategies to encourage users to allow MFA is more likely to reduce online fraud affecting customer bank accounts," says the report.

 When financial institutions notify a user of an important information, the user should check into their application and verify the message, according to James McQuiggan, security awareness advocate at KnowBe4.

 "Users should trust and check all messages," McQuiggan added, especially if they are unexpected or from someone they don't know. "People should use the notification as a prompt to visit the website and verify its accuracy."

SIM Jacking: How Criminals Gain Access to Your Accounts

Just because you're paranoid doesn't mean someone isn't out to get you, as Joseph Heller memorably wrote. This idiom rings especially true in today's digital world. Cybercriminals are always changing their techniques in order to find exploits for any system or service you use on a regular basis. SIM jacking is a new approach for threat actors to harm you (also called a SIM Swap Scam).

 What You Should Know About SIM Swapping Theft

 SIM Swapping, unlike the majority of cybercrime, does not necessitate hacking or the installation of any software on your phone. Your phone's SIM card is the means through which it communicates with a cellular network. When a phone breaks, is stolen, or you move to a newer model that requires a different type of SIM card, it's usual for people to keep the same identity (or phone number). Carriers offer a service to transfer all of your data to a new SIM card to facilitate this.

 Cybercriminals take advantage of this tactic, known as "porting," to acquire access to your account information. Fraudsters abuse the service using a minimal bit of personal information to exploit your carrier and steal your identity.

 A Sim Swap Attack's Mechanics

 This type of attack can be carried out in a number of different ways by criminals. It usually necessitates some kind of personal data access.  In certain circumstances, simply knowing your date of birth, phone number, and name is sufficient to gain access to your account. Hackers use a variety of phishing techniques to get you to provide sensitive information.

 After that, hackers will contact your carrier and impersonate you to fool the agent. The attack is practically complete once you request that your phone number be ported to the criminal's phone. The two-factor authentication security methods are then exploited by hackers to gain access to your accounts and lock you out of your own device and digital services.

 How Can You Avoid a Simjacking Attack?

 The most important thing to remember is to keep all of your PPI confidential at all times. Never throw away your phone bills, and keep as much of your personal information on your computer as hidden as possible. You can save digital bills in an encrypted folder on your PC, which will be protected if your PC is hacked.

 Additionally, you should contact your carrier and request that your account be given additional security measures. When it comes to porting requests, make sure you have a pin number or password that isn't stored on the phone. Because carriers are now aware of this form of fraud, it will be on to them to devise additional security measures to protect their customers.

Advanced Threat Protection for Office 365

In today's world, email is a need. Many hours are spent sifting through business emails, and your email clients contain a wealth of information. As a result, cybercriminals and hackers have found it to be one of the simplest and most successful ways to exploit you.

 You've probably received emails in the past that were maliciously disguised as something far less serious. Consider receiving emails from your 'bank' claiming that your account security settings needed to be updated and requesting your login and password. This type of email can lead to the theft of your personal information as well as the installation of dangerous software on your computer.

 It's critical to learn how to defend yourself from email attacks, especially if you run a business that transmits and receives customer data over email. Thankfully, Microsoft's Office 365 Advanced Threat Protection appears to be a solution to this dilemma.

 What is Advanced Threat Protection in Office 365?

 Microsoft's Office 365 ATP is the company's latest offering in the fight against hackers and cybercriminals. While the Office 365 application has built-in security safeguards that protect against many types of email spam/threats, it isn't enough to keep out some of the most sophisticated thieves.

 It's a cloud-based system that filters your emails to keep anything harmful from getting into your inbox and causing difficulties. If an attack does occur, Office 365 Advanced Threat Protection responds quickly to neutralize the threat.

 What is the mechanism behind it?

 The new Advanced Threat Protection keeps your emails safe by addressing some of the most frequent issues that individuals confront on a daily basis all over the world. The following are the primary aspects of this system:

 ·         Safe Attachments: This helps defend against any potentially hazardous attachments by examining them automatically to see if they're suspicious.

 ·         Dynamic Delivery: This function works in conjunction with the one mentioned above, allowing you to read and respond to an email as the attachment is being scanned.

 ·         Safe Link/Internal Safe Link: Both of these functions will analyze links in emails (when you click on them) for dangerous content and block them if they include it. Internal Safe Link is used for links sent in emails between people in the same organization, whereas External Safe Link is used for links sent in emails between people outside of the organization.

 ·         Identity Theft Protection: This is a more complex feature that you must manually enable. It will assist you identify any risks posed as contacts in your address book. The software will learn to detect whether or not someone is sending a bogus email and will notify you.

 ·         Tracking and Reports: You may also utilize a function that keeps track of all attacks and generates reports so you can identify which ones are the most common and require the most attention.

 A Summary of Office 365 Advanced Threat Protection

  To summarize, this new email security program is an excellent addition to Office 365. With so many businesses relying on Office 365 for email, knowing that security is being addressed is reassuring. This should result in fewer cybercrimes, more secure data, and a more secure system overall.

The Future of SEO Is Voice Search

Every entrepreneur should understand the value of a solid SEO strategy in the realm of digital marketing. Consumers still use search engines like Google to find information, and the vast majority of them will visit a site that appears on the first page of results. As a result, getting high rankings on those platforms is crucial for driving visitors to your website.

 While the basics stay essentially same, the SEO environment, like other internet technologies, is continually evolving. If you want to stay ahead of the competition in today's industry, one feature stands out: voice search.

 In a Nutshell: Voice Search

 Voice search is a tool that allows web users to search for items and services by just speaking into their device. Two excellent examples are Alexa and Siri.

 Users can locate what they're looking for in an instant with voice search, even if they don't want to open their favorite search engine. It's easy to grasp the appeal in an age when speed is everything.

 Furthermore, voice searches avoid the difficulties of needing to write search phrases in a way that search engines comprehend. This has the potential to alter the internet experience for both businesses and consumers.

 Voice Searches Are Growing In Popularity

 It's hard to believe that mobile optimization wasn't a must at the millennium's start. However, it is now impossible to find an effective digital marketing strategy that does not include this component. Voice searches are the most recent addition to the industry, and their importance is rapidly expanding.

 In 2016, the voice search feature was used to perform roughly one out of every five searches. By 2020, that is expected to become one in two.

 Quick Tips for Getting Your Business Found in Voice Searches

 Rethinking your SEO strategy doesn't have to be as stressful or difficult as you would think. Making tiny changes to assist those search platforms find your site can, in fact, make a huge difference. To get you started, here are three suggestions.

 Google My Business: Service provided by Google that allows you to manage listings. Fill in all of your contact information, as well as some additional information, to assist Google to locate your business throughout the voice search process.

 FAQs: Adding a FAQ to your site benefits more than just the folks who are already there. When customers perform voice searches, they will frequently receive quick, conversational responses. Consider how people communicate, and you won't go far wrong.

 Customer Reviews: Search engines reward businesses with high reputations because they aim to offer the greatest results to their users. To increase your chances of ranking highly, stay on top of your reviews and feedback.

 The Last Word

 It may be a few years before voice search optimization becomes as important as mobile optimization, but firms who make the changes now can already reap the rewards. Given that this will also give you a leg up on the competition for many years to come, you can't afford to ignore it any longer.