Search This Blog

Showing posts with label Technology. Show all posts

Russian IT company reportedly lost contract in USA because of serving sites with content from Trump supporters

The CEO of the Russian provider DDoS-GUARD Evgeny Marchenko explained why the American CoreSite refused to work with his company.

DdoS-Guard, a company registered in Rostov-on-Don, has lost access to partner data centers in the United States. The reason for this was the fact that the company provided services to protect the websites of supporters of Donald Trump. This is reported by the Telegram channel Mash.

According to the founder of the company, Yevgeny Marchenko, the formal reason was to provide hosting to a site associated with the Hamas movement.

"The story began in November last year. One of our partners found out that we are working with a website related to the Hamas movement, which is banned in the United States. We immediately stopped cooperation, but the story was continued at the beginning of the year," said Marchenko.

Already on January 7, CoreSite announced that cooperation with DDoS-Guard was terminated, explaining the same reason - cooperation with Hamas.

"We conducted an internal investigation and found out that one of our partners distributed information to supporters of the current President Trump. Moreover, the content was distributed by a Canadian company. It all looks like an attempt to find at least some Russian company and by any means make a scandal that suggests that Russians support Trump," added Marchenko.

Also, the owner of DdoS-Guard noted that Hamas is now quietly working with the American company.

The DDoS-Guard company has already been repeatedly accused of supporting not entirely legitimate sites, but no measures were taken against them.

DDoS-Guard was founded in 2011 by Evgeny Marchenko and Dmitry Sabitov. The company provides traffic filtering services to protect against DDoS attacks to retail and corporate customers on the basis of its own network of filtering nodes located in several countries. DDoS-Guard also acts as a provider of secure hosting services. The company's head office is located in Rostov-on-Don.

Recall that almost all IT companies are against US President Donald Trump. The reason was the attack by his supporters on the Capitol, which took place on January 6. Many felt they were prompted to do so by Trump's words. After that, his accounts were blocked on almost all major social networks.

SAP Issued Warning and Updates Regarding the Serious Flaws with the Code Injection

 

A German multinational software corporation SAP ( Systems Applications and Products in Data Processing ) is known for developing software solutions that work on managing business operations as well as customer relations. SAP is the name of their software as well as of the company that works on this technology. SAP provides “future-proof Cloud ERP (Enterprise Resource Planning) solutions that will power the next generation of business.” With its advanced capabilities, SAP can boost your organization's efficiency and productivity by automating repetitive tasks, making better use of your time, money, and resources. 

SAP has published some 14 new updates or the Security Note on the 2020 December Patch Day. Whereas in January 2021 they published another set of 7 new Security Notes, later providing their new updates as well. Five of the seven have the highest severity rate of the Hot News. Later in the month, they made a proclamation where they published 10 advisories to a document of flaws ad fixes for a range of serious security vulnerabilities. In the congregation of asserted vulnerabilities, the most important issue bears a CVSS score of 9.9 in the SAP Business Warehouse. 

 The very first note addressed CVE-2021-21465 which according to SAP is multiple issues in the Database Interface. These bugs are an SQL Injection with a missing authorization check which should have featured a CVSS score of 6.5. A SQL Injection is basically a code injection technique that might at times destroy the database interface. One of the most common hacking technique used by hackers is SQL Injection. In the SQL Injection, another thing that was missing was Onapsis, a firm that secures Oracle and SAP applications. These missing authorization checks would easily exploit to read any table of a database. 

 Mentioning that minimum privileges are required for successful exploitation, Onapsis in a blog quoted, “An improper sanitization of provided SQL commands allowed an attacker to execute arbitrary SQL commands on the database which could lead to a full compromise of the affected system,” SAP decided to fix such bugs b disabling the function module and applying the patches that will result in abandoning of all the applications that call this function module. 

 Another serious issue, other than the aforementioned issue, is a code injection flaw in both Business Warehouse and BW/4H4NA , that addresses as CVE-2021-21466. This issue is a result of insufficient input validation. Such flaws are misused to inject malicious code that gets stored persistently as a repot. These issues potentially affect the confidentiality, integrity, and availability of systems. The remaining three from the total five updates are fixes for the programs released in 2018 and 2020. 

 Further SAP added as a warning, “An issue in the binding process of the Central Order service to a Cloud Foundry application” that could have allowed “unauthorized SAP employees to access the binding credentials of the service”.

Computing Giant Intel Launches New Processors with Ransomware Detection Features

 

One of the biggest computing giants of the world – Intel has utilized the power of technology and has launched four new series of processors in the Consumer Electronics Show 2021. They affirmed the users that these processors would offer a “Premium PC experience” that would also provide some additional and distinct features. 

Intel is known for its products that are apropos for this era devoted to technology. The digitalization of things is accelerating at an incredible pace. The base of this technology is persuasive computing that gave Intel the idea to build up a processor that has the best features to date in the market. Of the four series launched, one of them is the vPro series. It goes by the name Intel 11th Gen Core vPro series. 

Intel at the launch added that its 11th Gen Core vPro line offers the best performance in a thin a light form factor. It comes with added security features like the Intel Hardware Shield which as per the company is the industry’s first silicon-based AI threat detection to prevent ransomware and crypto-mining attacks. The company says that the Intel Control-Flow Enforcement technology shuts down an entire class of attacks. The new CPU also promises better battery performance.

Intel further announced its partnership with Boston-based Cybereason security firm. This partnership is expected to provide advanced security and support for the announced new features and its security software in the first half of 2021.

The special features that come with the vPro series are the HS (Hardware Shield) technology and the TDT (Threat Detection Technology). These come underneath the various protective antivirus layers of the software that enables the hardware to stay protected from any ransomware attacks. Another accentuate part is that both of the technologies perform on the CPU directly. 

The main intention of Intel behind adding such features is that these technologies allow it to share its data with proper security of the software and allowing it to detect if any malware had entered the software. The malwares that were unnoticed and were not detected by the antivirus will now be sensed by the new features. 

While declaring that “it detects ransomware and other threats that leave a footprint on the Intel CPU performance monitoring unit”, Intel stated in the press release,” Intel TDT uses a combination of CPU telemetry and ML heuristics to detect attack-behavior”

"Not Amazon" Canadian Website Takes on the Online Giant

The e-commerce giants, with their evidently endless collection and drive to deliver convenience along with affordable prices, have become an all-too-familiar and essential service for many consumers at the height of the ongoing global pandemic. 

While small businesses and local retailers have been ending up with nothing in this pandemic, the worldwide lockdowns, and restrictions, have been fruitful for the e-commerce market, especially for the Seattle-based e-commerce giant Amazon, which has made humongous profits in billions. 

The pandemic has proved as mounting inequity between people and markets, and it was brought into focus by Ali Haberstroh. As the pandemic deepened, offline markets were closed but online shopping continued which consequently created inequality that was highlighted by one Canadian woman who expressed her disapproval as she fought back for the cause. 

“I just hate how much Jeff Bezos and Amazon are making billions off the backs of working-class people,” said Ali Haberstroh. “It seems to me they’re putting money over the wellbeing of people.” 

It was in late November 2020 when the snow was painting Ali Haberstroh’s apartment into a white house when the idea occurred to her. At the time, Canada was about to shut the market again as the second wave of lockdown hit the Canadian lanes in an attempt to curb rising COVID-19 cases. 
In anticipation, Toronto’s vintage clothing owner who is a friend of Ms. Haberstroh’s had put together names of other local vintage shops offering product curbside pickup and deliveries instead of shutting doors. 

“It was a wake-up call,” Ms. Haberstroh, 27, said of the list, which reminded her how large retailers like Walmart, Costco, and Amazon had thrived during the pandemic while much smaller, local businesses had been increasingly forced to discontinue their operations. “I thought if there is one tiny thing I can do to help, then I should get on it.” 

Being as inspired as she was by this idea, Haberstroh readied herself to build a more comprehensive list; following up, she has created an Instagram post, tagging independent businesses, and shopkeepers across Toronto. Moreover, she came up with a new website by the name “Not-Amazon.ca” — a URL that she had bought for $2.99. 

Introduced as a local list to help keep small businesses alive, 'Not Amazon' was created “so you don’t have to give any money to Amazon this year!” her Instagram post read. 

“At first it started off as a bit of a joke, with the name, but soon I really wanted to make it like Amazon, having everything in one place,” she said. “I didn’t want people to have an excuse not to shop local.” 

So far, the website “Not-Amazon.com” has accumulated more than half a million page views and is witnessing the participation from 4,000 businesses across Toronto, Halifax Calgary, and Vancouver. 
Furthermore, the cause is seen to have gained worldwide acceptance as thousands of stores owner await their submission to this site along with Ms. Haberstroh’s approval. 

“In a big city like Toronto, where it feels like most businesses are local, I think it’s so easy to think these things will be here forever,” said Ms. Haberstroh, who works as a social media manager at a marketing firm and plans to expand her rebellious project 'Not Amazon' to even more cities. “You don’t think that they’re going to go anywhere.” 

 “Small businesses have always made Toronto magical. They’re what makes this city what it is. And so I think we owe it to them to keep them alive.” She added.

New Laws for Drone Users Across Europe and UK

 

As of December 31, 2020, the new European Drone Regulations spread out by the European Union Aviation Safety Agency (EASA) will come into power, making the way for an epoch of harmonization across the 27 EU Member States as well as Iceland, Norway, Liechtenstein, and the UK. The set of new rules clarify where drones can be flown, just making it simpler to follow/trace the owners. The UK Civil Aviation Authority (CAA) issued the rules, they have anticipated that there will be an escalation in the number of drone clients after they eliminated the differentiation among recreational and business applications.

At first, these drones didn't need to be enlisted because of their sub-250g weight, yet this prerequisite has now been extended out to all drones with a camera. This implies proprietors of those drones, or any with a camera, should enlist their drone with the Civil Aviation Authority (CAA) and get an Operator ID. All drone proprietors in the UK will require two IDs before flying outside: the Flyer ID, which includes breezing through a short online assessment, and an Operator ID, which means enrolling your drone at an expense of £9 every year. 

Three new classifications will consider the drone you have and where you mean to fly it, this will, at last, make it workable for novice drone pilots without a qualification. These categories are Open, Specific, and Certified. These have various prerequisites as far as training is concerned and the kinds of drones you can utilize. Recreational flying will be covered by the 'Open' category. 

Open category: The Open Category is for what are viewed as generally low-risk flights and will apply to the sort of consumer drones that most of the novice drone pilots use. It further has three subcategories – A1, A2, and A3.
 • A1 - drones weighing under 250g (0.55lb) can be flown over individuals. 
 • A2 - drones weighing more than 250g however under 2kg should be flown at least 50m (164ft) away from individuals. 
 • A3 - drones weighing more than 2kg should be flown well away from individuals. 

Specific category: The Specific Category covers drone flights that represent more danger than the 'Open' Category and requires a degree of planning, similar to all current commercial activities. The CAA will distribute a bunch of pre-characterized situations and danger assessments.

Certified category: The Certified Category identifies with complex tasks, for example, those where parcels or even individuals are conveyed by the drone. This category is profoundly trained professionals and won't apply to the vast majority of drone pilots.

Elliott Corke, director of Global Drone Training, said, “We would encourage people to read the manual and practise somewhere safe first.”

LiveLaw and Bar & Bench, Two Websites Which Revolutionized Legal Readings

Last year in November, Supreme Court of India Justice DY Chandrachud commented during a case hearing, he said "I will tell you something in a lighter vein, instead of wading through the pleadings before us, I thought I will check LiveLaw or other platforms for the documents. Justice Chandrachud's remark comes as an acknowledgment of the significant impact that law/legal news websites have over Indian court hearings in recent years. Especially two websites, 'LiveLaw' and 'Bar and Bench' have done great work for their in-depth coverage of court hearings.  

Despite Television Coverage being banned in court proceedings, the coverage from these two websites gives information about real-time ground coverage via a live Twitter tweet about proceedings. Besides this, the legal websites are appreciated for their speedy coverage of news upload of not only judgments and court orders, but also about pleadings and petitions related to cases. It comes as a good initiative because until now, the legal resources were available only from lawyers pertaining to specific issues. "LiveLaw’ and ‘Bar & Bench’ have revolutionized legal reporting by tweeting about proceedings in real-time, bringing them to the screens of general readers," reports Scroll.  

LiveLaw and Bar and Bench's readership are not limited to only judges and lawyers. The two websites have millions of readers and hundreds of thousands of followers on social media, they have revolutionized common people's access to law proceedings. The extensive coverage of court proceedings comes with criticism, that much is obvious. Few people think that real-time ground coverage of legal proceedings has undermined the court's integrity among the general public. 

The Scroll reports "While India’s various courts started uploading their judgments online around 2010, the exchanges between the lawyer and the judge were rarely available to people beyond the courtroom. Litigants struggled to understand the trajectory even of their own cases." "Lay readers now follow the intricacies of important matters as they unfold. Many have realized that even if the functioning of real-life courts isn’t quite as dramatic as the way they are depicted in the movies, the proceedings can often be very compelling," it says.

Apple iCloud Outage Caused Setup Issues and Account Activation Failures


On December 25th, Apple users started facing issues in iCloud sign-in in the early morning. The outage that lasted for around 24 hours prevented users from setting up new Apple gadgets and devices; users experienced problems in the activation of Apple Watch, HomePod, iPhone along with several other devices. Reportedly, the problem was caused by an unspecified problem that occurred in Apple's iCloud backend. However, it was only a matter of a day before Apple resolved the issue by the evening of December 26th. 

The problem surfaced around 5 a.m. on the day of Christmas, making users wait longer than usual to relish the experience of their Apple product for Christmas. On Friday, while replying to a supposedly eager customer, Apple's support team tweeted acknowledging the customer's eagerness and indicating that the iCloud outage that lasted until Saturday was a result of the heightened demand experienced by the company.  

"We know your mom is eager to have everything working and appreciate you helping to set them up. We are experiencing a high capacity at this time which is impacting your ability to set up iCloud, please try back in a couple of hours," the tweet read. 

A lot of users upon noting the unusually long waiting time, some for as long as 32 hours and device activation failures reported the same on Twitter, while others said to have faced complete activation failures.  

Furthermore, certain users facing similar troubles reported their problem at forums.macrumors.com, "I realize it's Christmas morning and Apple's activation servers are probably on overload, but this still seems unnecessarily frustrating," BeatCrazy wrote.  

While explaining the issue in-depth, BeatCrazy further told, " I'm able to start the pairing process using my iPhone, sign into their Apple IDs with their passwords, but I keep getting hung when Apple wants me to enter the passcode of another device. I'm given options like their iPad passcodes, or one of my Macs. After entering any of these, the watch spins for about 2 minutes and I get the error "Verification Failed - There was an error verifying the passcode of your (or insert family member name here) iPhone (or insert iPad/Mac)." Apple gives me a choice to "reset encrypted data", which I take as an offer to destroy all their existing Apple ID passwords and data - not a good option IMO."  

Seemingly, due to the ongoing COVID-19 pandemic, the year's wrap and the holiday season is busier than usual for Apple, which delayed the release of its newest iPhone 12 series by a month.

TruKno TTP based Threat Intelligence Platform

TruKno’s ThreatBoard is a platform that helps security professionals uncover the root causes behind emerging cyber-attacks, Improving proactive defense postures..

TTP Based Threat Intelligence

Trukno, a Community-based Threat Intelligence Platform uncovering the root causes behind the latest cyber-attacks, is set to release their open-access beta December 22nd.

Every second a new attack in cyberspace takes place, according to a report by Acronis, 32% of all major companies are attacked at least once a day. Unless the outcome of these attacks are notable (like the FireEye breach), the reports of these attacks often get buried in the never-ending flow of new cyber information. These reports, when in the hands of the right people, oftentimes contain valuable intelligence on the Tactics, Techniques, and Procedures used by adversaries. This knowledge can help cyber defenders better assess risk and take proactive measures to prevent these same attack techniques from being effective against their organization. It can give valuable insights on where to funnel resources for more effective defense postures.

Hunt Smarter, not Harder.

Traditionally, uncovering root causes and criteria behind emerging cyber attacks is done in one of two ways:

    1. Manually scrolling through vendor blogs, government reports, and news outlets to find long-winded reports of cyber-attacks (trivial & time-intensive)

    2. Getting hand-curated, confidential reports from your threat intelligence team (requires multiple employees dedicated full-time to threat analysis)

The thing is, cyber security professionals rarely have time to do the manual sourcing, and even if they did, there is no certainty they would be able to find that one attack report that is relevant to their situation. Additionally, Threat intelligence analysts are in high demand and low supply, making them reserved for only the most mature security operations. 

TruKno’s AI engine ensures with a high level of confidence that not breach, campaign, or attack report goes unnoticed. It is actively keeping a pulse on the industry’s leading intelligence sources, identifying critical reports in real-time. TruKno’s analyst team then does manual analysis on these reports, identifying affected industries, technologies, actors, malware, and more. Most importantly, TruKno analyses these cyber-attacks through the lens of the MITRE ATT&CK Framework, offering a universal lexicon and database of observed threat techniques. 

TruKno wants to make TTP-based threat intelligence the foundation of any organization’s (or individual’s) Security posture. 

E Hacking news had a discussion with TruKno’s Founding Team: 

Manish Kapoor (Founder & CEO), Ebrahim Saed (Co-Founder & CTO), and Noah Binstock (Co-Founder & COO), in which we talked about the importance of TTP-Based Security and their upcoming beta release on the 22nd.

Manish Kapoor discussed the origins of TruKno:

 “Trukno was founded with the mission of arming security professionals with the information they need to keep us safe. The name itself is a translation of Gyaan, or True Knowledge. It is the clarity that comes from knowing the right information, at the right time.”

Before Founding TruKno, Manish spent 10 years helping the world’s largest service providers better understand the evolving threat landscapes to build better cybersecurity solutions for their customers. 

“My job required me to always be up to date with the latest emerging attacks, but there was no way for me, as a busy professional, to quickly and accurately stay up to date with new adversarial techniques and procedures. I knew there had to be a better solution than scrolling through hundreds of articles a day.”

Manish commented on the ‘gray-space’ between advanced intelligence tools reserved for advanced analysts at mature security organizations, and tools available to the cyber security community as a whole.

“There are a lot of incredible intelligence tools out there. The issue is, they are reserved for a very select group within the industry due to price point and complexity. Cyber security is a team sport, and a winning team is built up of individuals. There is a need for universal tools that can benefit all security stakeholders.”

Noah Binstock, Head of Operations at TruKno, also commented on their mission and the power of accessible intelligence.

“Informed decision making starts with having a full understand of the subject matter, this is true no matter what industry you are in. People are at the core of cybersecurity, and it is our mission to arm them with the tools they need to make the best decisions on behalf of us all.”

TruKno built its foundation off of the MITRE ATT&CK Matrix, a globally accessible knowledge base of adversary tactics and techniques based on real-world observation.

“We are seeing MITRE ATT&CK become a staple in many security organizations, and we align very closely with their mission of empowering the cyber community as a whole. We use the ATT&CK Framework to offer a common lexicon for all defenders”

Ebrahim Saed, the CTO of TruKno, is at the core of TruKno’s technical capabilities, allowing TruKno users to access an infinite database of cyber intelligence with no load time on the user end. He commented on the importance of responsive & user-friendly interfaces when it comes to intelligence.

“Gathering the intelligence is one thing. The real differentiator is making this critical intelligence instantly available, all at the users fingertips.”

Ebrahim is currently developing a mobile application for TruKno as well, enabling users to access real-world intelligence anywhere anytime. 

The Product:

Since its founding in October of 2018, TruKno has interviewed over 500 cybersecurity professionals, from Threat Analysts to CISOs, working in close collaboration with the cybersecurity community during product development. Here is what they are unveiling:

CyberFeed: 

Trukno’s CyberFeed is a free, customizable cybersecurity news manager to help the community easily access and organize the industry’s top intelligence and news channels. Access key articles while avoiding information overload. 

ThreatBoard: 

TruKno’s Threat Intelligence platform, ThreatBoard uses an AI engine to identify cyber-attacks as they are first reported on the web. They are then broken down by TruKno’s analyst team, extracting & curating key information, affected Industries, Technologies, Actors, Malware, and more. Additionally, Techniques behind these latest breaches are documented and paired with MITRE’s ATT&CK Framework, enabling users to identify potential risks to their organization based off of real-world observations. 

Upcoming Features: 

    • TruKno has already developed team collaboration functionalities, enabling users to securely collaborate on intelligence from Threatboard with their teams. They are waiting for key user feedback before they release team collaboration (TeamBoards).

    • Cyberfeed is currently being developed to allow users to upload their own source URLs, social media intelligence feeds and more. Sharing functions will also be enabled to empower the security community to easily share valuable resources.

    • TruKno is actively finding new ways to present the data being extracted from these reports and are currently improving interoperability between Threatboard analysis and the MITRE Organization’s ATT&CK Framework. 

    • TruKno’s AI effort, led by Dr. Rob Guinness, is constantly improving, automating more and more analysis, meaning more insights.

    • The team is currently working with key industry stakeholders to enable API integration with TruKno’s intelligence data, enabling more actionable intelligence for security teams.

Hunt Smarter, Not Harder

In short, TruKno’s goal is to help the cyber security community get the intelligence they need to help keep us safe. TTP based threat intelligence is a valuable lens for all security professionals, and they hope that their tools can help make it a community staple.

The TruKno Open beta is live at  www.TruKno.com

Active Cypher: Great Deal of Orchestration of Our Intelligence in AI into Existing Systems

 
Active Cypher: The company is built upon a socially responsible fabric, that provides information security for individuals and corporations in an increasingly complex digital age. The guest speaker for the interview was Mr. Michael Quinn, CEO, and Mr. Caspian Tavallali, COO Active Cypher. Active Cypher’s Ransom Data Guard utilizes a combination of Active Cypher’s proprietary encryption orchestration, smart AI, and advanced endpoint protection. 
 
Please tell us about your company Active Cypher? 
 

I am Michael Quinn, CEO of Active Cypher. We are a data protection company; we have an ethos within a company that the data needs to be able to protect itself wherever it is created. We have built a product line that offers those capabilities of protection against ransomware attacks through protecting data at the file level in the server environment and in the cloud. What our product allows us to do is be crypto agile. We can work with numerous encryption schemes. Once we are installed we basically back out of the situation and allow the client to run and trust their own data. 

 
Your company talked about game-changing software “Ransom Data Guard” that will protect organizations against ransomware threats. Please describe more about it. 
 
What we developed is a capability where understanding what ransomware has to do in order to take control of the device in a user environment. We built a product just before the Covid-19 and work from home culture started and we realized that people are using shared environments on the same device at home. So we basically allow the organization to encrypt the data down to the device level and protect it. The ransomware protection that we provide basically allows us to manage the files in such a way that they are not accessible to external sources like ransomware. We put this product along with our cloud fortress product to make sure that we were meeting compliance regulations. What we found after working with the law firms is we allow the companies to meet compliance through this capability if the product was ransomed or even if it was exfiltrated because we encrypt the data so the actual data itself is useless. On the ransomware side, the beauty of it is we allow a lot of flexibility in how the data can be stored and used. 
 
Besides ransomware protection, what are the other solutions Active Cypher provides? 
 
We do a great deal of orchestration of our intelligence in AI into existing systems, we integrate into Microsoft tools as well as we have APIs that can write to any of the tools that are out there. We don’t bring in to replace anything or add to anybody’s burden, we integrate into it with our information.  
 
Let’s say somebody opens a doc. file or they load up a doc. file which has an exploit. How do you handle that? 

If somebody uploads an exploit or malware and when it’s opened, because of the process we use to interrogate the document for its integrity, we will stop any process that is trying to intervene with the environment and we’ll put a warning out. What will happen is you’ll get an alert from us, let’s say you open up a “wannacry” as an example, you will get a screenshot saying “your device has been ransomed.” The reality is you can still open all your files. What we do is, with our cloud fortress product, we do a real-time backup. 
 
At a time when hospitals and medical institutions are struggling with Covid-19, how has Active Cypher protected them from ransomware threats? 

In most of the hospitals and medical environments, their IT staff lacked the sophistication to understand what was happening. Earlier, the attackers were not really trying to damage the data, they were trying to ransom it and return it. Now what the attackers are doing is, that they are actually getting into the environment and not going after the data because most of the hospitals have upgraded their capabilities along with using our products. Now, the hackers are attacking the IoT (internet of things) at the device level, which is more life-threatening. What we have done to help healthcare institutions is basically putting a “Data Guard” which is the stand-alone ransomware product on devices. 
 
How do you handle the GDPR (General Data Protection Regulation) and Privacy requirements when it’s the home environment? 

With “Data Guard,” the way the product is designed, it can be installed on a consumer device. In that environment it allows people to protect what they have like personal data or business data that they have on their device is protected. And that’s the simplicity of Data Guard, is the fact that it protects your device and the files on it and ensures that ransomware can’t launch successfully.  
 
With cyberattacks rising, is there any advice you can give to our readers on cybersecurity? 

Everybody has to be aware, you don’t have to be afraid. With the stress of work, particularly with this remote work environment, the user has to be more diligent. So, ease of use and awareness are probably the keys to maintaining good data hygiene.

The European Commission added VKontakte and Telegram to the list of pirate sites

VKontakte is surprised by the decision of the European Commission to include the social network in the list of resources that contribute to online piracy, the company has been interacting with copyright holders for many years and quickly restricts access to controversial content

The European Commission has published a new list of resources that promote piracy and can benefit from it. The list for the first time included the Telegram messenger and the social network VKontakte.

The list is formed on the basis of reports from groups of right holders. According to the European Commission, Telegram users, including using public channels, "exchange illegal content, in particular music, books, news publications, films and TV programs." In addition, subscribers share links to other sites that host pirated content.

The social network "VKontakte" is also included in the list due to many complaints from copyright holders. Users of the social network can have unauthorized access to books, as well as to movies and TV shows, in particular through the built-in video players.

Both Telegram and VKontakte objected to their inclusion in the"piracy watch list". Telegram told the European Commission that it "does not tolerate any malicious content on its platform" and removes it within 24 hours. VKontakte also noted that it is fighting piracy. In particular, the social network indicated that the copyright holder can complain about copyright infringement through an electronic form. According to VKontakte, its employees processed more than 1.36 million such complaints, most of which ended with the removal of content.

"We are surprised by the inclusion of VKontakte in this list, as for many years we have been actively interacting with copyright holders in various areas," said the press service of the social network.

According to them, the company signed agreements with the world's largest copyright holders of music products, including Universal Music, Sony Music, and Warner Music, The Orchard, Merlin Network, Believe Digital.

Sberbank predicts an outflow of up to ₽4 trillion from banks to the digital ruble

Sberbank predicted an outflow of two to four trillion rubles (around $5,5 billion), which are currently stored in banks, to the digital ruble. According to the credit institution, this can happen within three years.

Deputy Chairman of the Board of Sberbank Anatoly Popov said that now the market does not have a large liquidity surplus. "These funds (2-4 trillion rubles) will no longer be available for lending, which will eventually lead to a shortage of liquidity and, as a result, to an increase in rates," predicted Mr. Popov.

According to Popov, the flow of about 10 percent of non-cash funds into the digital ruble will lead to an increase in credit rates by half a percentage point.

Earlier, in October 2020, the Central Bank of Russia presented the concept of the digital ruble. It was supposed to take the form of a unique digital code stored in a special electronic wallet. The transfer of the digital ruble from user to user will take place in the form of moving a digital code from one electronic wallet to another.

It is expected that the digital ruble will become a full-fledged means of payment, just like the regular ruble, and will be able to be used by the population, business, and the state, ensuring simplicity of payments, their high speed, high reliability, and low costs.

The largest market participants supported the concept of the Central Bank, but Sberbank proposed to expand the properties of the digital currency to all non-cash money. According to the state bank, the payment system will benefit more from the evolution of the non-cash ruble than from the creation of an additional digital currency.

Pavel Durov's team advised the Ministry of Finance of Ukraine on cryptocurrencies.

 The Minister of Digital Transformation Mikhail Fedorov said that his department is in contact with the team of the developer of the Telegram messenger Pavel Durov.

According to Fedorov, he is familiar with Durov's team. Employees of the Ministry of Digital Transformation received advice on bills related to virtual assets and cryptocurrency

"I know Durov's team. I know all its management, we communicate, consult even on bills related to cryptocurrency, virtual assets, and so on."

The Minister said that he actively uses the Telegram messenger for fast communications. However, the information exchanged by officials is protected as much as possible, and all documents pass through electronic document management.

"Of course, questions of national importance do not need to be sent in messengers, this is understandable," added Mikhail Fedorov.

Answering the question about which of the messengers is the safest for him, the head of the Ministry of Digital Transformation noted that he most often uses Telegram and WhatsApp.

Recall that on December 2, the Verkhovna Rada of Ukraine in the first reading adopted as a basis the draft law "On virtual assets" regulating operations with cryptocurrencies in the country. The bill classifies virtual assets (VA) as an intangible good.

The function of the market regulator is assigned to the Ministry of Digital Transformation, and in some cases to the National Bank and the National Commission on Securities and Stock Market.

According to experts, the daily volume of cryptocurrency transactions in Ukraine is about $150-200 million. One of the authors of the document, Deputy Oleksiy Zhmerenetsky, noted that the bill will allow cryptocurrency companies to pay taxes and allow specialized foreign firms to cooperate with Ukrainian banks and invest in the industry.

Ukraine did not follow the Russian path of banning virtual assets, because this market is a growth point for Ukraine's GDP and an opportunity to become one of the world's technology leaders. In addition, it makes no sense to prohibit something that is technically impossible to control, as we have already seen in the case of blocking Telegram in Russia.

Recall that Roskomnadzor has added the site of the Binance crypto exchange to the list of banned sites in Russia.

Putin announced a digital transformation in Russia

 In the next decade, Russia will face digital transformation and the widespread introduction of artificial intelligence and big data analysis, said President Vladimir Putin during the Artificial Intelligence Journey conference.

"In the implementation of our plans, we must use the developments of domestic innovative companies and startups, our mathematical schools,” noted the Russian leader.

He pointed out that billions of rubles will be spent only on the digital transformation of public administration and the transfer of all public services to an electronic format.

In addition, it is planned that next year a tenth of Russian medical institutions will be able to use AI technologies in their work.

According to the President, breakthrough technologies should improve the well-being and quality of life of Russians.

"We must build relations with artificial intelligence in such a way that breakthrough technologies will help us achieve our national goals, if we talk about our country, transform Russia, strengthen its position in the world,” stressed Putin.

At the same time, according to the head of state, artificial intelligence will never replace a person. In his opinion, it is important for humanity to learn how to manage artificial intelligence, and for this, it is necessary to "be skilled and competent". The state, society, business and every person need to meet the impressive dynamics of change and master new knowledge and technologies.

"When I say that people will control machines, that's what I mean. It is necessary to subdue one of the greatest technologies that humanity has ever created,” said Putin.

At the same time, he called for reducing the risks of using the Internet in advance, including eliminating the possibility of leakage of personal data of Russians and "ensuring unconditional respect for the rights of citizens."

The President noted that it depends on a person how carefully he will manage the opportunities provided by artificial intelligence.

Facial recognition payments(Face ID) to be introduced in Moscow metro in 2021

Deputy Mayor for Transport Maxim Liksutov said that paying for public transport in Moscow using facial recognition technology (Face ID) will be available next year.

All turnstiles in the Moscow metro already have cameras that recognize faces. If a passenger has linked biometric data to their Bank card, the turnstiles will open automatically in front of them. The reading speed should be no more than a second in order to avoid crowding. The system will be able to recognize faces even in masks. Mr. Liksutov clarified that the personal data of passengers will be stored in banks. The metro will provide only infrastructure.

Banks have been actively collecting customer biometric data for several years. Thanks to this, many operations can be safely performed online. However, there are certain risks. It is unclear how this data will be protected.

In addition, there is a risk of incorrect identifications. And if the system recognizes another person instead of one person and the money is debited from the wrong passenger, it is unclear how this will be formalized legally. There is no legal basis for such a case.

Last fall, the capital of Kazakhstan, Nur-Sultan, tested a similar fare payment mechanism, but in buses. Passengers sent their photos to a special telegram bot, and then linked the image to a Bank card account. At the entrance to the bus, the passengers' faces were captured by cameras. The fare was automatically debited from Bank cards. The test showed good results, the project is going to be launched in two more cities.


U.S Files Lawsuit Against Facebook For Discriminatory Recruitment Process Against U.S Workers

 On Thursday, the U.S. Department of Justice (DOJ) sued F.B., asserting that the company held positions for temporary visa holders but discriminated against the U.S. workers. According to DOJ, F.B. didn't consider U.S. workers suited or "qualified and available U.S. workers" for the 2600 job openings with an average salary of $1,56,000. Facebook deliberately built a contracting arrangement that denies fair and equal job opportunities to U.S. workers who have applied. Instead, the company offered jobs to temporary visa holders to sponsor for their green cards. 

A Facebook spokesperson said that the company provided full cooperation with the DOJ regarding the review but disagrees with the charges, not offering any more comments on the ongoing litigation. The lawsuit claims that F.B. favored the temporary visa workers while discriminating against U.S. workers. The incident began in January 2018 and lasted till September 2019. F.B. didn't openly advertise about the job vacancies on its career website and denied job roles to U.S. workers; these, DOJ believes, were the tactics used by F.B. 

Eric S. Dreiband, head of the DOJ's Civil Rights Division, in a statement, said, "our message to workers is clear: if companies deny employment opportunities by illegally preferring temporary visa holders, the Department of Justice will hold them accountable." "Our message to all employers — including those in the technology sector — is clear: you cannot illegally prefer to recruit, consider or hire temporary visa holders over U.S. workers," he further says. The lawsuit claims that Facebook's employing practices also negatively affect temporary visa holders by creating unequal employment status. The workers will rely on F.B's job to retain their immigration status. 

"Facebook knowingly and intentionally deterred U.S. workers from applying to and failed to meaningfully recruit U.S. workers for its PERM-related positions, when it subjected such applicants to more burdensome recruitment procedures because it preferred to employ temporary visa holders in those positions, because of their citizenship or immigration status," says the lawsuit. In a press release, DOJ noted that it was a two years investigation. In other cases, DOJ has been reviewing the tech industry since 2019 and has also filed an anti-trust lawsuit against Google recently in October.

MyOffice, the Russian alternative to Office 365 gains momentum in Africa

The MyOffice platform, the Russian equivalent of Microsoft Office 365, is conquering Africa. The Russian software developer has signed deals for the licensing of the MyOffice package with the governments of Cameroon, Burundi, and the Congo. In the future, the Russian company plans to enter the markets of 23 more African countries.

An important advantage of the information product for customers was the absence of the need to store data on foreign servers.

"We can be sure that government secrets will be protected from hackers or any third parties," said Minister of Education of Cameroon Laurent Etundi.

Dmitry Komissarov, founder and CEO of MyOffice, said that sales in Africa can make up 15% of the company's total revenue. "We were very surprised by the growth of the project in Africa,” added he.

"MyOffice is a small company. It is expected that this year its total income will be $26 million. However, the company is supported by Kaspersky Lab, which had sales of almost $700 million last year. The administration of President Vladimir Putin also helped promote the company in Africa.

Years of declining oil revenues have pushed Putin to find other ways to expand trade, including with Africa. Some MyOffice agreements are a consequence of a summit held last year in Sochi to promote trade with Africa. A representative of the Russian Ministry of Telecom and Mass Communications was present at the signing of the agreement between the company and Congo.

Millions of people in Africa are only now beginning to access the Internet. According to the GSMA, more than 300 million devices will be connected to the Internet in sub-Saharan Africa by 2026.

Interview with Dhruv Bagri, founder of the copyright timestamped entity Digital Witnessor

 The world is changing, technology is changing. We conducted an interview with one of the founders of a new startup Digital Witnessor(https://www.digitalwitnessor.com/) and lawyer Mister Dhruv Bagri. He shared with us his knowledge about copyright, how to securely register it, quickly and easily, using Blockchain, and from a legal point of view.

If you have created your own software, your clothes design, a choreographic dance, wrote a poem and do not know how to register copyrights to your creation, how to protect your rights, then this article is for you.


  • Please introduce yourself to our readers.

My name is Dhruv Bagri, I am a  Lawyer at RDB Associates. We frequently work on matters relating to Intellectual Property protection, including a lot of copyright infringement work. I’m also one of the founders of the platform Digital Witnessor.


  • How would you describe Digital Witnessor?

We have developed a platform called Digital Witnessor that creates timestamps using blockchain on your works. This allows you to protect your intellectual property rights in just a few seconds. The timestamp is considered official proof of ownership, and this saves you a considerable amount of time and legal fees in case of infringements and helps in more than one way. As the Company is based out of Estonia and the Service provided has been structured, studied, and developed by industry veterans from Cyber Security Privacy Foundation PTE Ltd, a Singapore based cyber security company, it boasts of maintaining high levels of privacy in accordance with GDPR guidelines and also provides high levels of security protection to any and all content passing through the Platform.


  • Why copyright is so important?

A copyright is a right in rem, which means that the right exists on the person who created the work right from the time such work was created. The platform is created at a time when there is a lot of uncertainty in the law with regard to copyright. Music and Art and their associated businesses are booming in the last decade. All these come under copyrightable work.  So, the copyright timestamped entity that is Digital Witnessor helps protect individuals and companies against copyright theft.


  • Are companies secure from their own programmers/employees and third parties?

Typically, the company would be the copyright holder, even though an employee might create it on behalf of the company. That is usually the structure that is in place and is an industry-standard. However, there are times when the company would not be holding the copyright. And that basically implies that the company needs to go ahead and register the copyright with country-specific entities/registrars that are available within their respective jurisdictions, which would create a legally binding registration that could be affected in a court of law. However, without that, litigation becomes a big hassle when copyright has not been registered. It becomes harder to prove that the work is originally theirs. So, Digital Witnessor takes away this problem for the company. We will generate a timestamp for the company data that needs copyright using blockchain technology. In fact, it's just a hash that is created and that could stamp your creation. The main file would also not be required to be uploaded. A file would be stamped without giving us access to its contents in case of any sensitive and confidential information which creates a bit of a hesitation in the holder of the works as to providing such content to us. 


  • How can a timestamp be useful in court? It’s legal?

From a legal point of view, a proceeding that includes a hash-signed block is an electronic document that can serve as written evidence in court.

It would also be helpful in case you are applying for copyright after a particular period of time, for example, you need to apply for copyright because the company is selling its entity and the buying entity would require such IP rights to exist. Similarly, a company receiving investments, the investor would always be more favorable to companies holding IP rights as this would deem to be an intangible asset in the company books. So, a timestamp would help the registration authorities to access this document in itself and in determining the exact time on which such the work was created. That makes things simpler. Secondly, a timestamp would be binding in a court of law. Blockchain has been implemented in quite a few countries across the world. So, it would definitely be helpful in most of the countries around the world.

Timestamp plays the role of a virtual notary and is much more credible than the traditional one. Because nobody can alter the information on the blockchain, not even the Company and I think that is the beauty of this Product. 


  • What kind of blockchain - private/public are you using? Why?

We are using a public blockchain. Firstly, in a public blockchain, anyone can take part by verifying and adding data to the blockchain. Secondly, A public network is more secure due to decentralization and active participation. Thirdly, a private blockchain is more prone to hacks, risks, and data breaches/ manipulation. In a private blockchain, anyone who is overseeing the network can alter or modify any transactions according to their needs.


  • How does it work? For example, I am a designer and I want to copyright a shoe model. What should I do and how will it happen?

As I mentioned earlier, it can be uploaded on the platform. It is not necessary that the design in itself be uploaded onto the platform.

Post which the platform would timestamp that particular uploaded file, in this case, that file will contain a shoe design. Once that is timestamped and the credentials of the author are stamped, it enters the blockchain. 


It should be noted that the content of the original works is never available to be viewed on the blockchain or exposed publicly. It is not visible to us as and it's not visible to any third party either.


So, what we provide is a time stamping facility which allows you to do three things:

    •    Legally establish yourself as the copyright owner of the work.

    •    Legally establish the date of creation.

    •    Take legal action against anyone who infringes on your copyrighted work.

Ease in assignment and transfer of said Copyrighted works to 3rd Party entities and individuals 


  • We know that Digital Witnessor works together with legal company RDB Associates? What is the role of this company?

RDB Associates is a full-service multi-specialty law firm based out of Bangalore in India and with multiple offices across India. I am one of the founding partners of the firm, which started in 2017. We believe that in our country as well many people are not going to go and get their copyrights registered, or we see that people do that for their other available Intellectual property rights such as trademarks, industrial designs, Patents, etc.

But with copyright, no one really gives that extra push to get their works registered. So, we noticed that there were many infringement matters wherein copyrights were in question and it was very hard for even the opposing counsel and for us to prove that such and such copyright existed at a particular time or not.

We did find a way to prove that the creations are in fact created on those particular timelines. It made the process a little more streamlined and a little more simple especially since it's not easy for everyone to approach the registrar for the Copyright and requires properly drafted applications. With the introduction of the platform Digital Witnessor, one can do it in a few seconds and get the process of registration started with ease.


We have a separate intellectual property team that works on registration and cases of infringement. We are integrated into the whole aspect through the onboarding of our clients onto this Platform or giving legal opinions on whether copyright exists or not, sending out legal notices in case of any infringements, and so on and so forth.


What is the distinctive feature of your company from others on the market?

Presently there aren’t many timestamping companies. We don't technically provide the same service as other competitors in the market dealing with similar platforms. However, one of the features that is distinctive is that we provide for easy assignment of copyrights from the copyright owner to third parties. So, that is a great feature that is available on our platform.

However, our other main USP is that our platform is going to be used across the world. Most of the companies that exist are very jurisdictional specific, so they only apply to certain areas thereby limiting their rights to such certain jurisdictions alone. 


  • What are the benefits that a company would get by using the platform Digital Witnessor?

Some benefits that the company would get is primarily establishing their definite right in rem and streamlining the process of registering with applicable registrars/entities in their jurisdictions by making it much easier for registration of their work.

It will ease the process in a way that quicker decisions would be made regarding the infringement of copyrights. And individuals do not have to wait longer and go through a long, arduous litigation process to get justice. So we believe that in case of IP rights, it is important to establish definite rights and to not leave it open-ended whereby one invites liability. Streamlining the process is very important and that's the main benefit that the platform would be providing.


  • How do you see the company in 5 years?

We do have certain things lined up and planned for the next couple of years, for starters, the integration of the technology for agreements. Enforceability of contracts and agreement terms would be made much easier. So once this facility is provided, I think many companies would be or would in fact like using this platform just to streamline the internal processes as well.

But currently, I think we need to concentrate on copyright protection, and we shall take it one step at a time.


  • We've covered quite a bit in this conversation. Before we wrap up, is there anything else you'd like to share about?

I think we covered most of the aspects of the platform and its benefits.  Just looking forward to see how this develops, grows, and integrates itself into the market in the coming few months

Group-IB presents patented-technologies to protect against cyber threats

The international company Group-IB presented its own patented technologies designed to identify hackers, search for threats on the Internet and investigate cybercrime

Using artificial intelligence technology, the patented system of Group-IB has helped Interpol identify members of the Nigerian hacking group TMT, which has attacked hundreds of thousands of private and state-owned companies in recent years.

In addition, Group-IB was involved in the Carding Action 2020 operation of Europol and the UK police, which aims to combat the illegal market for the sale of stolen bank cards. Using its own technologies, Group-IB analyzed and transmitted to the police data on 90 thousand compromised cards of clients of financial organizations in Europe. As a result, it was possible to prevent damage that could have been caused to European banks in the amount of 40 million euros.

"Law enforcement agencies effectively use our technology in cybercrime investigations to find criminals. There is a result, so our technologies work, "said Ilya Sachkov, founder and CEO of Group-IB.

Group-IB presented its solutions at the CyberCrimeCon 2020 cybersecurity conference. The Threat Intelligence&Attribution system, which has no analogs, saves all possible data about hackers, including those that were tried to delete, and sets detailed information about them, up to the identity of the criminals.

The second system, Threat Hunting Framework, is able to protect the entire company: from traditional IT networks to remote workplaces of employees. The AI system finds unknown threats and targeted attacks both inside and outside the protected perimeter, giving the security service the tools to properly respond to an incident.

All Group-IB technologies are integrated into a single system that automatically blocks attacks and immediately goes to specific criminals.

Pinterest soon to join the Online Classes Plethora

 

With 400 Million monthly active users (a 30% increase from last year), Pinterest is gaining foot among millennials and Gen Z. And their secret of success is their creative interface and their constant new features that attract Gen Z to the platform for future growth, learning, and inspiration. And thus, the photo-sharing social app is aired to be testing online events where users can sign up for Zoom classes by creators. 

The organization confirmed that the feature is undergoing tests with selected users but didn't comment further either on the confirmation or the launch. 

The creators can organize lessons through Pinterest’s class boards, manage class materials, notes, and other resources, and connect through a group chat option. The classes would work through communities- similar to pinboards, if a user wants to join a class, they'll have to click on a sign (a book) to join and they will be mailed with the class detail and zoom link. The communities will be a space to inform about notes, photos, class overview, description, group chat, and more. like lists of what to bring to class, notes, photos, and more. 

The feature was discovered by reverse engineer Jane Manchun Wong on Tuesday by looking into class details. Though, she adds that clicking on these links results in nothing as the feature is not yet active. There are some demo profiles that you can check out: “@pinsmeditation” or “@pinzoom123,” but their communities are empty.

 "We are experimenting with ways to help creators interact more closely with their audience," a Pinterest spokesperson said in a statement. 

 The social media company is constantly on the rise with 442 million global monthly users and a 50 percent increase in Gen Z loggers. Their Q3 revenue rose to 58 percent and a 60 percent increase is expected in Q4. With these numbers, it is no shock that the company will invest in new features and quirks for their users, and what could be more beneficial than online classes during a worldwide pandemic. As Pinterest commented, "We continue to navigate uncertainty given the ongoing COVID-19 pandemic and other factors".

WhatsApp's 'disappearing messages' now available for Indian users; here's how you can enable disappearing messages on your WhatsApp

 The much popular messaging application earlier announced that they will be rolling out a new 'Disappearing Messages' feature, where sent messages disappear after seven days around this month. Now, this particular feature is available for Indian users to avail on their smartphones.

The new feature is launched for Android, iPhone, KaiOS, Web, and Desktop supporting WhatsApp and made available to all 2 Billion of their users. 

There are still some key points you should know about the feature. Though the feature is for both individual and group chats, only admins can turn on the disappearing feature in groups otherwise your messages won't disappear even though your feature is 'ON'. The feature needs to be switched on for individual chats and if the disappearing message is forwarded to a user with the disappearing message off, then the texts won't go from their chat after seven days.

One should also be wary before turning on the disappearing message feature as the content of disappearing messages like media would disappear from the chatbox but if auto-downloaded to phone or saved in backup, it will remain there so. Also, people can take pictures or screenshots of the message.

As said before the messages will vanish after seven days but it won't apply to your past texts and media.

"This setting won’t affect messages you previously sent or received in the chat," WhatsApp said on its help page. 

Here's how you can enable disappearing messages on your WhatsApp:

  •  On Android and iOS phones, tap on the contact name in your chatbox.

  •  Along with other info, there will be an option of 'Disappearing messages'.
  • Tap on the 'Disappearing messages' option and in the next window turn the option 'ON'.
  • For turning the feature off, follow the same steps, and instead of 'ON', tap on the 'OFF' option.

The feature does not provide an option for reducing or increasing the time limit for the message to vanish, the period will remain seven days.