IT vendors have been hit in two recent supply chain cyberattacks by the North Korea-backed Lazarus Group, which breached vendor systems as an entryway to the networks of their corporate clients, Kaspersky reports. The Lazarus Group has also been ramping up their supply chain attacks, tapping improved versions of BlindingCan malware.
Data meshes, intelligent catalogs and automation are among the advances experts predict as data warehouse and data lake models increasingly converge. Qumulo CEO Bill Richter also points out that convergence is not always the best solution, as lakes handle unstructured data well and warehouses are designed for the structured variety.
A malware loader called Squirrelwaffle is injecting devices with Qakbot and Cobalt Strike malware, Cisco Talos reports. Squirrelwaffle taps a blocklist of security-firm IP addresses to dodge analysis and detection.
Lumen Technologies teamed up with Cisco Systems to develop Lumen Solutions for Cisco Unified Communications Manager Cloud, which provides Cisco's enterprise-grade calling and collaboration services on Lumen's worldwide fiber network. Cisco Webex integration, emergency call handling, instant messaging, network connectivity options, and collaboration phones and endpoints are among the features in the cloud-based offering.
Cloud analytics and security startup Devo has secured $250 million in a Series E funding round, valuing the company at $1.5 billion. Devo's technology supports "out-of-the-box machine learning as well as the ability to bring your own models," notes Marc van Zadelhoff, the company's CEO.
Speechmatics, a startup based in the UK, has created a voice recognition system that company officials say is more accurate at understanding Black voices than the models developed by large technology companies such as Amazon and Google. Researcher Allison Koenecke says such advances are important because of "the potential for disparate harm to individuals through downstream sectors ranging from health care to criminal justice" when recognition systems are biased.
The State Department is expected to announce this week the creation of a new bureau of cyberspace and digital policy to deal with global cybersecurity issues, which the agency views as a national security issue. Leading the department will be an ambassador-at-large and special envoy for critical and emerging technology, The Wall Street Journal reports.
The expansion of the attack surface means pen testers can no longer rely on a limited set of skills and tools. Pen testers must consider traditional desktop and server systems, newer embedded and IoT systems, cloud and hybrid environments, plus all the web applications running on them. In addition, web application software must be taken into consideration due to coding errors that often result in cybersecurity breaches. This all requires new skills for pen testers in areas such as scripting and code analysis. The CompTIA Blog has more on this trend.
SaaS vendors and technology solution providers can enhance their chances for success in the cloud market with an assist from the "Cloud Applications Playbook" created by CompTIA's Business Applications Advisory Council. The playbook can help SaaS vendors determine their IT channel readiness and which channels to use. Solution providers can assess their readiness to go-to-market with new cloud applications. Visit CompTIA Cloud Applications Playbook to download this free resource.