Posts

Oracle acquires DataFox, brings AI-based company data management to cloud apps

Image
DataFox uses artificial intelligence to help clients gain an up-to-date view of customer accounts and organizations. Oracle   has announced plans to acquire data management and AI solutions provider DataFox. Financial details were not disclosed. Founded in 2013, San Francisco, CA-based   DataFox   is the developer of an artificial intelligence (AI)-based engine which automatically locates and pulls the most current information available on public and private businesses. The engine currently manages the information of over 2.8 million companies, with 1.2 million being added on an annual basis. Customers, including Goldman Sachs, Bain & Company and Twilio, use the platform for account management, lead generation, and to keep customer-relationship management (CRM) solutions current. On Monday,   Oracle said   the acquisition will merge DataFox technologies with Oracle Cloud Applications, giving customers an "extensive set of trusted company-level ...

Zero-day in popular jQuery plugin actively exploited for at least three years!!

Image
A fix is out but the plugin is used in hundreds, if not thousands, of projects. Patching will take ages! For at least three years, hackers have abused a zero-day in one of the most popular jQuery plugins to plant web shells and take over vulnerable web servers. The vulnerability impacts the  jQuery File Upload  plugin authored by prodigious German developer Sebastian Tschan, most commonly known as Blueimp . The plugin is the second most starred jQuery project on GitHub, after the jQuery framework itself. It is immensely popular, has been forked over 7,800 times, and has been integrated into hundreds, if not thousands, of other projects, such as CMSs, CRMs, Intranet solutions, WordPress plugins, Drupal add-ons, Joomla components, and so on. A vulnerability in this plugin would be devastating, as it could open gaping security holes in a lot of platforms installed in a lot of sensitive places. This worse case scenario is exactly what happened. Earlier this yea...

Microsoft takes another step to fight patent trolls by joining the LOT Network

Image
Microsoft is joining the 300-member LOT Network in a move meant to advance the company's campaign against patent trolls. Last year, Microsoft created the  Azure IP Advantage program , which was designed to defend and indemnify developers against claims of intellectual property infringement. On October 4 this year, Microsoft took another step toward  combating patent trolls by joining the LOT Network . The LOT Network  is a nonprofit community working to fight trolls. The group has nearly 300 members, covering approximately 1.35 million patents, Microsoft officials said. Members include Amazon, Canon, Cisco, Lenovo, Red Hat Google, Lyft, Oracle, Salesforce, SAP and Tesla, to name a few. Members are free to cross-license, assert, sell or do nothing with their patents. But if any member of the LOT Network sells a patent to a troll, all LOT members automatically get a free license to that patent. According to the LOT Network officials, the average cost to defen...

Ten scenarios where edge computing can bring new value to the world

Image
Edge computing use cases span manufacturing, security, healthcare, and more. By 2022, more than half of enterprise data will be produced and processed outside traditional data centers and clouds -- up from about 10 percent currently, according to a  Gartner report . "The number of our enterprises who are saying edge is part of their core strategy has doubled in a year," said  Thomas Bittman , vice president and distinguished analyst at Gartner. "We think by next year about half of enterprises will have edge as a part of their strategy." The rise of edge computing has helped companies analyze information in near real-time, and create new value around Internet of Things (IoT) devices and data. However, there is no standard formula for implementing edge computing, Bittman said. "The biggest benefit is to be able to exploit data and insight faster," said  Brian Hopkins , vice president and principal analyst at Forrester. "Closing the gap betw...

AI security camera detects guns and identifies shooters

Image
Silicon Valley is hoping technology can provide some relief from gun violence. Athena Security, a San Francisco-based AI company that utilizes computer vision for security applications, has announced implementation of an AI camera system it says can identify guns in crowds. The system is one of a  growing number of technologies  aimed at preventing gun crime. In addition to detection, Athena's cameras can also alert police to the presence of an active shooter, potentially reducing response time, according to the company. Wood High School in Warminster, PA, will be an early testbed for the technology. Though mass shootings in schools have  declined  since the 1990s, the threat has never loomed larger in the minds of concerned parents. Information on mass shootings (defined as an event in which four or more people are shot, not including the gunman) is notoriously difficult to track, but the  Gun Violence Archive  places the overall number of mass...

Sapho aims to use machine learning to save employees more time navigating systems

Image
Sapho's Employee Experience Portal plans to use machine learning to monitor how an employee uses business applications and then dish out the most relevant information to them. Sapho is banking that machine learning will allow it to manage your personal enterprise applications so you don't have to. The company, which is focused on integrating enterprise applications into what it calls an Employee Experience Portal, plans to use machine learning to monitor how an employee uses business applications and then dish out the most relevant information to them. Time savings from Sapho's machine learning tools would come from less time searching, navigating various systems and completing work within legacy systems. Sapho estimates that employees spend one day a week searching enterprise systems for work information. Sapho's machine learning features are being rolled out with key features being in tech preview. Sapho's machine learning technology integrates with b...

FragmentSmack vulnerability also affects Windows, but Microsoft patched it!!!

Image
FragmentStack can drive CPU usage up through the roof, jamming servers bombarded with malformed IP packets. Just the ideal vulnerability for DDoS attacks on Windows servers. Microsoft has fixed this week a vulnerability that can cause Windows systems to become unresponsive with 100% CPU utilization when bombarded with malformed IPv4 or IPv6 packets.The vulnerability is already well known in the Linux community as FragmentSmack, part of a duo of DDoS-friendly vulnerabilities, together with SegmentSmack. Both vulnerabilities allow an attacker to bombard a server with malformed packets to trigger excessive resource usage.The SegmentSmack ( CVE-2018-5390 ) vulnerability uses malformed TCP packets, while the FragmentSmack ( CVE-2018-5391 ) vulnerability relies on IP packets. Because of their consequences, both bugs were deemed ideal to integrate into DDoS botnets, and as a result, many Linux distros hurried to patch their systems. The Linux Kernel team patched both issues in...

Microsoft: You complain Skype's too complicated, so we've redesigned it again

Image
Microsoft focuses on simplifying Skype after users find its calling and messaging 'overcomplicated'. Microsoft has redesigned Skype once again, after taking on customer complaints that the addition of features from Snapchat "overcomplicated" the app. As a result of user feedback, Microsoft has decided to kill off Highlights, a feature that let users post a collection of photos that friends could react to.Highlights was Skype's answer to Snapchat stories and came with its poorly received redesign a year ago aimed at making it more of a messaging app. Microsoft's experimentation with design changes "overcomplicated some of our core scenarios", including Skype's original purpose of making calls, according to Peter Skillman, director of design for Skype and Outlook. "Calling became harder to execute and Highlights didn't resonate with a majority of users. We needed to take a step back and simplify,"  he explained . Skype...

Most managers want IT operations managed by artificial intelligence

Image
AIOps -- or artificial intelligence for IT operations -- may help take the complications out of the Ops side of things. " AIOps " may be another new mashed-up term for the  xOps  lexicon, but it appears to have captured the attention of many an IT manager. A new survey finds a majority of IT managers, 68 percent, are working with or considering AIOps, or artificial intelligence for IT operations. So, where does AIOps fit into the scheme of things? In a recent Forbes  post , Janakiram MSV outlined the following potential use cases for AIOps.AIOps may help IT managers "differentiate between legitimate signals and inconsequential noise," according to the authors of a recent  survey  from OpsRamp.  The survey finds nearly three-quarters (73 percent) are taking advantage of AIOps capabilities to gain more meaningful insights related to system alerts. Capacity planning:  "As enterprise workloads start to migrate to the cloud, cloud providers will...

Philips reveals code execution vulnerabilities in cardiovascular devices

Image
Only a low level of skill is required to exploit the bugs. Vulnerabilities have been discovered in multiple versions of Philips cardiovascular imaging devices. According to a  security advisory  from the US Department of Homeland Security's ICS-CERT, the first vulnerability,  CVE-2018-14787 , is a high-severity flaw which affects the Philips IntelliSpace Cardiovascular and Xcelera IntelliSpace Cardiovascular (ISCV) products. The advisory says that the vulnerability takes only a "low-level skill" to exploit and is caused by improper privilege management. In ISCV software version 2.x or prior and Xcelera Version 4.1 or prior, attackers with escalated privileges are able to access folders potentially containing executables which give authenticated users write permissions. "Successful exploitation of these vulnerabilities could allow an attacker with local access and users privileges to the ISCV/Xcelera server to escalate privileges on the ISCV/Xcelera server...