Posts

Singapore CIOs believe machine learning can improve speed, security ops

Image
Some 87 percent of IT decision makers in Singapore say machine learning will speed up decision-making process as well as facilitate automation in security operations. Just 32 percent of organisations in Singapore currently tap machine learning, although 52 percent believe such tools' ability to make complex decisions is imperative to the success of their business. A further 87 percent said greater automation brought about by machine learning would speed up decision-making process, while 80 percent said it would improve accuracy of such decisions, revealed a  survey by ServiceNow . Conducted by Oxford Economics, the study polled 500 CIOs across 11 countries, including 91 from three Asia-Pacific markets: Singapore, Australia, and New Zealand. Ten percent of the global sample were from Singapore. ServiceNow touted machine learning as software that analysed and improved its own performance without direct human intervention, enabling it to make increasingly complex decisions

​Linux totally dominates supercomputers

Image
It finally happened. Today, all 500 of the world's top 500 supercomputers are running Linux. Linux rules supercomputing. This day has been coming since 1998, when Linux first appeared on the TOP500 Supercomputer list . Today it finally happened:  All 500 of the world's fastest supercomputers are running Linux . The last two non-Linux systems, a pair of Chinese IBM POWER computers running AIX, dropped off the  November 2017 TOP500 Supercomputer list . Overall, China now leads the supercomputing race with 202 computers to the US' 144. China also leads the US in aggregate performance. China's supercomputers represent 35.4 percent of the Top500's flops, while the US trails with 29.6 percent. With an anti-science regime in charge of the government, America will only continue to see its technological lead decline. When the  first Top500 supercomputer list was compiled in June 1993 , Linux was barely more than a toy. It hadn't even adopted Tux as its masc

Cisco patches DoS vulnerability in IOS XE

Image
Exploiting the vulnerability can lead to denial-of-service (DoS) attacks. Cisco   has patched a vulnerability in IOS XE which if exploited can corrupt data and force denial-of-service (DoS) attacks. Last week, the tech giant said the bug,  CVE-2017-12319 , is found in the Border Gateway Protocol (BGP) over an Ethernet Virtual Private Network (EVPN) for Cisco IOS XE, a network operating system designed for the enterprise. In  a security advisory , Cisco said the medium-risk bug could be harnessed by attackers to "cause the device to reload, resulting in a denial of service (DoS) condition, or potentially corrupt the BGP routing table, which could result in network instability." The bug exists due to changes made between IOS XE software releases, and the implementation of  BGP MPLS-Based Ethernet VPN RFC (RFC 7432) , in particular, was at fault. "When the BGP Inclusive Multicast Ethernet Tag Route or BGP EVPN MAC/IP Advertisement Route update packet is receive

WordPress patches SQL injection bug in security release

Image
Webmasters should update immediately to prevent website takeovers. A bug discovered in WordPress allows attackers to trigger an SQL injection attack leading to complete website hijacking. The vulnerability was discovered in the WordPress content management system (CMS) versions 4.8.2 and below. On Tuesday,  WordPress announced  the launch of version 4.8.3 as a security release which mitigates the security flaw. The CMS provider "strongly encourage[s] you to update your sites immediately." The vulnerability,  CVE-2017-14723 , occurs as WordPress versions 4.8.2 and earlier mishandles certain characters, which can lead to $wpdb->prepare() creating "unexpected and unsafe queries" which can lead to potential SQL injection attacks. "WordPress core is not directly vulnerable to this issue, but we've added hardening to prevent plugins and themes from accidentally causing a vulnerability," WordPress says. The vulnerability was reported by se

Google Docs lockout: It's fixed, Google says, but users fret over 'creepy monitoring'

Image
A Google Docs glitch reminds users that the cloud's convenience can come at the expense of privacy and control. Google has fixed a glitch in Docs that triggered panic for some who could no longer access or share files because Google's systems had ruled they violated its terms of service. The problem left affected Google Docs users baffled when attempting to open files only to be told by Google that the item had been "flagged as inappropriate and can no longer be shared". Others were told they couldn't access the file, while some reported deleted files. Around 100 users reported the  issue on the Google Docs help forum  and for several hours were anxiously awaiting a response and fix from Google. National Geographic reporter Rachel Bale was surprised that her draft of a story about wildlife crime would be locked for a violation of Google's terms of service. After hearing that others experienced the same problem, she figured it was a glitch -- ra

WPA2 security flaw puts almost every Wi-Fi device at risk of hijack, eavesdropping

Image
Security experts have said the bug is a total breakdown of the WPA2 security protocol. A security protocol at the heart of most modern Wi-Fi devices, including computers, phones, and routers, has been broken, putting almost every wireless-enabled device at risk of attack. The bug, known as "KRACK" for Key Reinstallation Attack, exposes a fundamental flaw in WPA2, a common protocol used in securing most modern wireless networks. Mathy Vanhoef, a computer security academic,  who found the flaw , said the weakness lies in the protocol's four-way handshake, which securely allows new devices with a pre-shared password to join the network. That weakness can, at its worst, allow an attacker to decrypt network traffic from a WPA2-enabled device, hijack connections, and inject content into the traffic stream. In other words: This flaw, if exploited, gives an attacker a skeleton key to access any WPA2 network without a password. Once they're in, they can eavesdrop on

Cisco updates ACI for customers moving to a multi-cloud strategy

Image
The new features should simplify network management and improve security across complex environments. Cisco on Thursday announced updates to its software-defined networking (SDN) offering, Application Centric Infrastructure (ACI), with the intent of simplifying network management for the growing number of customers adopting complex, multi-cloud strategies. The latest release (ACI 3.0) offers improved security and simplified management for any combination of workloads in containers, virtual machines, and bare metal for private clouds and on-premise data centers. "By automating basic IT operations with a central policy across multiple data centers and geographies, ACI's new multi-site management capability helps network operators more easily move and manage workloads with a single pane of glass - a significant step in delivering on Cisco's vision for enabling ACI Anywhere," Ish Limkakeng, SVP for data center networking at Cisco, said in a statement. Cisco

Cloud vulnerabilities are being ignored by the enterprise

Image
RedLock's latest cloud security report suggests that organizations are failing in the most basic security practices. The enterprise is still ignoring the most basic security precautions when using cloud services, researchers claim. On Thursday, RedLock released its annual   cloud security report , which suggests that vulnerabilities in the cloud are being outright ignored, with poor database security and key leaks commonplace. After analyzing customer environments, the cloud security firm said that roughly 38 percent of organizations in the enterprise have user accounts active which have potentially been compromised, and 37 percent of company databases allow inbound connections from the web, which is generally a poor security practice to implement. In addition, seven percent of these databases are permitting requests from suspicious IP addresses, which suggests they have been compromised. Throughout their research, the RedLock team discovered that at least 250 org

Microsoft tries to stem its self-made collaboration-tool confusion

Image
Microsoft is using this week's Ignite conference to try to help clarify its collaboration-tool strategy. Here's how SharePoint, Teams and Yammer figure in the mix. Choice is good. But too much choice, especially when it comes to collaboration tools, has been a problem for Microsoft. This isn't news to customers, partners or Microsoft execs themselves. But at the company's Ignite IT Pro conference in Orlando this week, Microsoft execs took a step to try to clarify the company's strategy and messaging in this area. Microsoft Office 365 Marketing chief Ron Markezich kicked off the conference this week with a slide entitled "Microsoft 365 Teamwork: Where to Start a Conversation." That slide attempts to do what  Microsoft initially attempted with a 60-plus-page whitepaper : Clarify which collaboration tools customers should use when. The slide, which features SharePoint -- and its files, sites and content storage at the center -- is broken down into t

New Verizon leak exposed confidential data on internal systems

Image
Dozens of documents reveal detailed maps and configurations of internal Verizon servers. Security researchers have found yet another data exposure at Verizon. Confidential and sensitive documents, including server logs and several instances of credentials for internal systems, were found on an unprotected Amazon S3 storage server controlled by a Verizon Wireless customer, discovered by  security researchers at the Kromtech Security Research Center . The server contained several files, mostly scripts and server logs -- some appeared to show usernames and passwords to internal systems. Other folders contained internal Verizon documents, many of which were marked "confidential and proprietary materials," include detailed server and infrastructure maps, server IP addresses, global router hosts, and several scripts that could be used to gain elevated privileges within the system. A portion of the files were shared for verification. The files largely appear to refer