Addressing Threat Blindness

In just four years since launching Anomali we’ve seen Threat Intelligence become a standard element of enterprise security programs. Last week we published a Ponemon Institute report on “The Value of Threat Intelligence” (our 2nd year sponsoring this research) – in it we found:

80%

of enterprises now leverage threat intelligence in their security programs

84%

indicated threat intelligence is “essential to a strong security posture”

Despite this rapid adoption we still see organizations struggling to take full advantage of threat intelligence. Fully 68% of Ponemon respondents said threat intelligence is too voluminous and complex. This speaks to the real promise of threat intelligence – what matters isn’t the list of threats itself, but which of those threats are active in my environment. This requires finding the cross section between my threat feeds and my network activity.

New Versus Old Threats

Most organizations subscribe to numerous threat feeds, whether from open source, premium/3rd party, ISACs, government sharing, etc. Security teams will typically collect and accumulate millions of IOCs (indicators of compromise) from their various threat sources. Every day new threats are added to the list. As it turns out, we need to handle newly discovered threats differently than previously known threats. Here’s why:

Previously known threats: All previously known threats need to be monitored daily to make sure we haven’t become a target. It’s like routine health checks – we need to verify that nothing bad happened today from any of these threats.

Newly discovered threats: Newly discovered threats discovered threats are a different beast altogether. These threats became known today, but they didn’t become bad today. They may have been active for weeks, months or years. Attackers do their best to stay under the radar. When new threats are discovered it’s not enough to be on the lookout for them going forward. Perhaps more importantly, we need to go back in time to see we’ve already been targeted by these actors.

Organizations Flying Blind

The challenge for security teams is how to realistically monitor for known threats and assess exposure to new threats on a daily basis.

Consider the previously known threats. Sounds easy enough to simply alert against any matches against my threat list. Here’s the issue – if you’re a moderate sized enterprise you’re likely generating 1 billion or more log events per day. If you’ve got a (relatively small) threat list of, say, 1 million indicators then you need to compare 1 billion events against 1 million threats. That’s 1,000 TRILLION comparisons per day!

Now consider newly discovered threats. Here you might get 10, 100, 1000 new threats on a given day. The challenge here isn’t the daily monitoring – it’s going back to assess prior exposure. Given how long attacks often take (200 days or more), it’s important to be able to back at least 1 year to get a clear picture of possible prior exposure. Let’s do the math: 1 billion events/day, 365 days, 100 new threats/day = 36.5 trillion comparisons.

The Ponemon survey asked respondents how much historical data they maintain online (e.g., in a SIEM). 72% keep 3 months or less. Plus, running a query over that amount of data would take hours or even days. The end result is organizations are pretty much flying blind with respect to the vast majority of these known threats. Our solution for this is Real Time Forensics.

Real Time Forensics

Anomali innovated the concept of Real Time Forensics (RTF) to address this fundamental threat visibility issue. RTF is the core technology that powers Anomali Enterprise. RTF is an extraordinarily powerful engine that can perform searches over massive amounts of data instantly. In just a few seconds RTF can literally:

  • Identify all matches for millions of IOCs across billions of events
  • Search years of historical data and return all matches

RTF does this WITHOUT duplicating log storage. It integrates with existing log repositories/sources such as SIEMs, syslog, Netflow/sFlow and AWS S3.

We developed RTF with three key objectives in mind:

Visibility Visibility: providing complete visibility into all threats, all network activity, for all time
Clarity Clarity: integrating threat context from ThreatStream to provide a complete picture of the threat and how to respond
Automation Automation: automatically evaluating new and existing threats; alerting security teams to real, active threats in their networks

These objectives aren’t new, but RTF’s capabilities give them a whole new meaning. The second an organization gets a hold of indicators from the latest network breach they can identify whether or not they were affected. Unmanageable data sets are no longer an obstacle to full threat visibility.

As it turns out, the future of security isn’t the ability to look forward, but the ability to look back.


Source: Honeypot Tech

SecureAuth to Merge with Core Security

K1 Investment Management, which owns Core Security, plans to acquire the identity management and authentication company for more than $200 million.
Source: Vulnerabilitys & Threats

How Ransomware has become an ‘Ethical’ Dilemma in the Eastern European Underground

By Vitali Kremez, Flashpoint and Travis Farral, Anomali

It’s no secret that the Deep & Dark Web (DDW) is home to illicit marketplaces and forums, as well as an array of cybercriminal communications. Less obvious, however, are the nuances of these communications, the unspoken code of conduct that exists in cybercriminal communities, and the “ethical” dilemma that certain types of attacks can cause.

For example, let’s discuss ransomware.

While monitoring DDW communities in Eastern Europe from early 2014 to early 2016, Flashpoint researchers discovered the forewarnings of a shift in attitude toward ransomware.

Prior to 2016, administrators of the Russian underground stated that ransomware should not be practiced for two reasons:

  • It was a waste of botnet installs and exploit kits;
  • ​It was “intellectual death” and therefore a low-end maneuver.

These administrators firmly believed that ransomware attracts too much attention, may impede other types of cybercrime, could be too-easily turned toward Russian targets, and an increase in its use may cause the Russian government to take a harsher stance towards DDW communities.

It’s very important to note that underground administrators are incredibly powerful in the DDW. Regardless of whether administrators are revered or reviled, the community respects their decisions. Those who don’t comply with such decisions risk being exiled from the forums or even doxed.

The Ethical Dilemma

Indeed, on Feb. 5, 2016, an ethical dilemma arose following a ransomware incident at Hollywood Presbyterian Medical Center. The small hospital was demanded to pay 40 bitcoin (roughly $17,000 at the time) or risk a shutdown of its lifesaving equipment. While healthcare companies had been hit with cyberattacks before, the attacks had never before gone as far as to threaten human life. While Hollywood Presbyterian’s management claimed that the hospital’s infrastructure was never truly at risk, they chose to avert the perceived risk and pay the ransom.

Although the unspoken code of conduct amongst Eastern European cybercriminals strictly prohibits any malicious activity directed against citizens of the Commonwealth of Independent States (CIS), the targeting and exploitation of Westerners — in particular United States citizens – is highly encouraged. Nevertheless, news of the attack against Hollywood Presbyterian was coldly received by Eastern European cybercriminals, many of whom regarded the incident as reckless and unacceptable. While some in the community supported the attack, the majority condemned the unknown assailants, which created an ethical divide in the underground.

One highly reputable member of a Russian top-tier cybercrime forum expressed his frustration with ransomware, writing “from the bottom of my heart, I sincerely wish that the mothers of all ransomware distributors end up in the hospital, and that the computer responsible for the resuscitation machine gets infected with [the ransomware]…”

In response, a prominent ransomware operator countered that view: “[the attackers] scored. It means everything was done properly.” Rather than adhering to the ethical code imposed by administrators, he proposed that targeting places that were guaranteed to pay was not wrong because, at the end of the day, cybercrime is always about making money.

In the following months ransomware increased a staggering 6000%, earning 2016 the title of “The Year of Ransomware”. Of the businesses affected, 70% chose to pay the ransom, making it one of cybercrime’s most profitable ventures.

The WannaCry Shift

Ever since the May 12, 2017 start of the global “WannaCry” (also known as “WanaCry,” “W-cry,” and “Wcry”) ransomware worm attack that largely affected healthcare organizations affiliated with the UK’s National Health Service (NHS), criminals debated the ethics behind the attack. Consequently, Russian-speaking cybercriminals revisited the topic of ransomware and its place within the criminal underground. Previously, ransomware presented cybercriminals with the aforementioned ethical dilemma, as it prevented hospital professionals from providing care. However, Flashpoint’s May 2017 review of cybercriminal discussions on ransomware indicated that many threat actors in the Russian-language underground are moving past their ethical concerns and now view banning ransomware as predominantly a business issue.

One threat actor who suggested banning ransomware cited the following reasons:

  • “It attracts attention to malware and causes companies to introduce measures to increase their security.
  • It increases general awareness of topics related to information security.
  • It kills malware tools predicated on loaders, js (javascript execution), doc macro (payloads) etc., as these get blocked everywhere.
  • It’s a business which is built not on intelligence and mental dexterity, but on brute-force and luck.”

The actor went on to say that by “allowing ransomware operators on the forum, we are digging our own grave. Of course, banning this work on the forum doesn’t stop this type of business, but as a minimum we can use community disapproval to make it more difficult to enter into it.”

The post generated multiple unique responses, almost half (48.5%) of which expressed support for the ban.

Threat actors in favor of the ban echoed concerns that Russian underground administrators shared in 2016: ransomware attracts too much attention, may impede other types of cybercrime, could be too-easily turned toward Russia, and may incentivize the government to act more harshly toward underground communities.

Some threat actors, however, suggested that the use of ransomware is still a personal decision — as long as Russia is protected:

“There is only one rule – don’t target Russia. All other cases depend on one’s degree of perversion. Some people take grandma’s last 10k, some encrypt a corporate company and ransom [their files] for 2k, some brute-force WordPress control panels, upload shells and then send spam or host their own malware, some install skimmers.

Everyone has their own thing.”

This one example speaks volumes about how the ethics of cybercrime are constantly evolving, often in unanticipated ways. The culture of underground communities, the power of their administrators, and the ethical dilemmas and other criminal disagreements they face cannot be determined by looking at technical indicators of compromise (IOCs) alone. Applying tradecraft, language, vernacular and culture savvy to actively listening in to a group are what truly provide the best perspective for defenders to consider as they work to mitigate their organization’s risk. It’s also important to look at these threat actors as individuals — not just as shadowy villains. After all, these problems stem from threat actors, are developed by threat actors, and ultimately can be ended by threat actors.

For now, we know that ransomware is no longer off limits and that cybercriminals are being less selective in their targets.

The cybercriminal ecosystem has been historically and traditionally driven by the value of data on the cyber black markets. Recently, successful attacks have illustrated both a shift in cybercriminals’ business models and a nascent understanding in the cybercriminal community of another way to assign value to data: by assessing the value it presents to its owner.

Protecting Businesses

Organizations seeking to mitigate risks posed by threat actors operating on the DDW must first recognize that these actors are human beings and not faceless, shadowy villains. Defenders should continually establish and/or further develop profiles of relevant threat actors, such as those who have previously attacked, targeted, and/or are seen as a threat to that organization. These profiles shouldn’t simply consist of IOCs; they should also provide insights into the human being represented by the profile. What are their preferences? What types of behaviors do they exhibit?

The combination of monitoring activity in the DDW and closely-monitoring observed attacker behaviors inside the organizational environment yields a much deeper perspective on the actors threatening the organization. This dramatically improves situational awareness and provides needed perspective when developing effective mitigation strategies for defense.

Operationally, processes for collecting and storing this information should be implemented to enhance visibility and limit repetitive, low-value tasks from taking time away from analysts. The following suggestions can help operationalize the necessary components of this collection and processing:

  • Ensure that incident response processes collect needed details for threat intelligence collection
  • Ensure there are mechanisms in place to store collected incident response details along with other observables from the environment such that they can be appropriately processed and searched by analysts
  • DDW collection from a professional, trusted provider with data and analysis made available to internal analysts
  • Provide needed context via automated means where possible (WHOIS data, passive DNS, connection to other observables and historical data, etc.)
  • Ensure that analysts can add their own analysis and notes not only to individual IOCs but also provide the ability to curate and store finished reporting along with associated connections to IOCs and related analysis

Conclusion

Visibility into criminal forums on the DDW is a huge asset for defenders, allowing them to understand the ethics and nuances of the mindsets of cybercriminals. Coupling this information with threat intelligence collections inside an organization helps defensive teams develop deep perspectives and create a “rudder” to guide effective mitigation strategies against current threats. The value this creates is significant for organizations that make investments in these areas versus operating largely in the dark regarding the origins of the attacks seen in the environment every day. As the mindsets and capabilities of cybercriminals change and adapt, so should defenders in how they approach their defensive posture.

This blog post has also been published on Flashpoint’s blog, here.

Flashpoint

Want more information?

Learn more with Flashpoint’s paper “An Analysis of Cybercriminal Communication Strategies“.

Download the report.


Source: Honeypot Tech

Laser Cookies: a YouTube collaboration

Lasers! Cookies! Raspberry Pi! We’re buzzing with excitement about sharing our latest YouTube video with you, which comes directly from the kitchen of maker Estefannie Explains It All!

Laser-guarded cookies feat. Estefannie Explains It All

Uploaded by Raspberry Pi on 2017-09-18.

Estefannie Explains It All + Raspberry Pi

When Estefannie visited Pi Towers earlier this year, we introduced her to the Raspberry Pi Digital Curriculum and the free resources on our website. We’d already chatted to her via email about the idea of creating a collab video for the Raspberry Pi channel. Once she’d met members of the Raspberry Pi Foundation team and listened to them wax lyrical about the work we do here, she was even more keen to collaborate with us.

Estefannie on Twitter

Ahhhh!!! I still can’t believe I got to hang out and make stuff at the @Raspberry_Pi towers!! Thank you thank you!!

Estefannie returned to the US filled with inspiration for a video for our channel, and we’re so pleased with how awesome her final result is. The video is a super addition to our Raspberry Pi YouTube channel, it shows what our resources can help you achieve, and it’s great fun. You might also have noticed that the project fits in perfectly with this season’s Pioneers challenge. A win all around!

So yeah, we’re really chuffed about this video, and we hope you all like it too!

Estefannie’s Laser Cookies guide

For those of you wanting to try your hand at building your own Cookie Jar Laser Surveillance Security System, Estefannie has provided a complete guide to talk you through it. Here she goes:

First off, you’ll need:

  • 10 lasers
  • 10 photoresistors
  • 10 capacitors
  • 1 Raspberry Pi Zero W
  • 1 buzzer
  • 1 Raspberry Pi Camera Module
  • 12 ft PVC pipes + 4 corners
  • 1 acrylic panel
  • 1 battery pack
  • 8 zip ties
  • tons of cookies

I used the Raspberry Pi Foundation’s Laser trip wire and the Tweeting Babbage resources to get one laser working and to set up the camera and Twitter API. This took me less than an hour, and it was easy, breezy, beautiful, Raspberry Pi.


I soldered ten lasers in parallel and connected ten photoresistors to their own GPIO pins. I didn’t wire them up in series because of sensitivity reasons and to make debugging easier.

Building the frame took a few tries: I actually started with a wood frame, then tried a clear case, and finally realized the best and cleaner solution would be pipes. All the wires go inside the pipes and come out in a small window on the top to wire up to the Zero W.



Using pipes also made the build cheaper, since they were about $3 for 12 ft. Wiring inside the pipes was tricky, and to finish the circuit, I soldered some of the wires after they were already in the pipes.

I tried glueing the lasers to the frame, but the lasers melted the glue and became decalibrated. Next I tried tape, and then I found picture mounting putty. The putty worked perfectly — it was easy to mold a putty base for the lasers and to calibrate and re-calibrate them if needed. Moreover, the lasers stayed in place no matter how hot they got.

Estefannie Explains It All Raspberry Pi Cookie Jar

Although the lasers were not very strong, I still strained my eyes after long hours of calibrating — hence the sunglasses! Working indoors with lasers, sunglasses, and code was weird. But now I can say I’ve done that…in my kitchen.

Using all the knowledge I have shared, this project should take a couple of hours. The code you need lives on my GitHub!

Estefannie Explains It All Raspberry Pi Cookie Jar

“The cookie recipe is my grandma’s, and I am not allowed to share it.”

Estefannie on YouTube

Estefannie made this video for us as a gift, and we’re so grateful for the time and effort she put into it! If you enjoyed it and would like to also show your gratitude, subscribe to her channel on YouTube and follow her on Instagram and Twitter. And if you make something similar, or build anything with our free resources, make sure to share it with us in the comments below or via our social media channels.

The post Laser Cookies: a YouTube collaboration appeared first on Raspberry Pi.


Source: RaspberryPi – IOT Anonimo

Source: Privacy Online


Source: Zologic

Now Available: TDR 5.1 with APT Blocker Built-in

We’re thrilled to announce the general availability of Threat Detection and Response (TDR) 5.1, which includes some great new features that enhance both detection and response to threats as well as the overall user experience when testing new features. This release further increases the value of both TDR and the Total Security Suite, enabling users to more broadly identify threats across their network and respond to them in real-time.

This release of TDR includes two new key features:

  • APT Blocker
    With this release TDR can now directly triage suspicious files discovered by a Host Sensor by sending them to APT Blocker for further analysis. The submitted files undergo deep analysis for APT activity in a sandbox environment at a Lastline cloud-based data center. If evidence of malware activity is discovered, TDR can adjust the original suspicious threat score assigned to the file to prevent future infection. With sandbox policy enabled, this process and subsequent response can be automated, making threat triage incredibly easy and effortless.
  • Localization
    The TDR user interface is now available in French, Japanese, and Spanish. TDR automatically displays the localized user interface if your browser language is set to one of these languages.

To learn more, visit Threat Detection and Response.


Source: WatchGuard

Facial Detection and AI Helping Customize Retail Experiences

When shopping online, today’s customers want all the personalization of an in-store experience. And when they walk into a brick-and-mortar store, they want continuity from this online experience, based on the choices they made across all other touchpoints.

Savvy retailers have met these expectations by pulling in incredible amounts of data for highly personalized cross-channel offerings. Online, they’re performing advanced real-time analytics on customer behavior to deliver digital experiences tailored around customers’ interests and needs. In store, they’re using cutting-edge software to understand who’s looking at displays, and to engage, entice, interact and motivate action.

This level of personalization uses artificial intelligence (AI) for facial analytics. It is an essential tool for any retailer who aims to keep up with the changing expectations of digital consumers and find more effective ways to generate revenue. Here’s how the power of AI and facial detection enable a deeper understanding of customers and provide more personalized experiences.

Two humans look at a tablet.

What visual experiences do

The goal of in-store personalization is to deliver experiences that are as individually tailored as those online. While this might sound like a tall order, the truth is that the latest digital displays can collect analytics and deliver content just as precise as those of any web platform.

Only 13 percent of in-store eye fixations are on signage, and the average shopper looks at signage for only three-tenths of a second. Less than half of those people can remember what they saw on the signs. In short, it’s not what you look at, but what you see, that’s really crucial — and a very effective way to ensure that shoppers see a display is to provide them with targeted content.

It all starts with deep insights about consumers. These can come from digital touchpoints, from in-store analytics or, ideally, from a combination of data from all channels. Taken together this data can reveal trends and deeper customer insights — for example, 50 percent more shoppers engage with alcohol brands on Tuesdays rather than on Thursdays, and they’re two times more likely to browse frozen foods on a Wednesday afternoon. This leads to a better understanding of the customer, greater data personalization, insight and a better overall customer experience.

When you connect online and offline data to arrive at these kinds of insights, you’ll deliver more personalized experiences and establish loyalty for your brand. The next step is to leverage AI to reach the shopper.

AI in retail experience

The latest data shows that interactive digital signage gets more than twice the engagement rate of top social networks. It also gets a dwell time that’s 24 percent higher than Google benchmark data for online rich media. But not all interactive signage gets these impressive results. To really activate the power of this channel, you’ve got to use it to learn about customers — then deliver personalized, customized content that connects with them at the right time.

Many retailers are scrambling to increase personalized experiences and are calling on companies with proven results that offer groundbreaking retail technology, specializing in driving brand and consumer engagement. One of the most powerful tools for in-store personalization is facial facial detection . This technology can play visually interesting content for individual customers, based on past purchases. But that’s only the beginning.

Digital and interactive displays go far beyond facial detection — they can detect returning customers’ emotions, demographic information, shopping time, location and more. These cognitive analytics enable the display to engage in a real-time feedback loop with the customer, refining its messaging in response to the shopper’s reactions, in order to reach the right consumers with even more precise messaging in the future.

The results speak for themselves. Using a combination of facial detection, emotion detection and advertising refinement raised the average dwell time per display to an almost-unheard-of 32 seconds. Impressions and engagements also went through the roof, as more shoppers interacted with personalized displays and were far more likely to purchase following those interactions.

Some brands are beginning to go a step even further by adding object detection to their personalization strategy. This can yield even better results, and serve targeted behavior-driven messages to individual customers. All touchpoints in all stores can deliver a single, consistent experience that spans every digital touchpoint and brick-and-mortar location.

This is the level of consistency and personalization demanded by today’s shoppers. Aside from the increase in engagement and revenue, the real value is the ability to build emotional connections with your customers. This personalization is an absolute necessity in the future of retail to keep customers coming back, time and time again.

Visit intel.com/retail to learn more about how Intel technology is shaping the future of responsive retail. To stay informed about Intel IoT developments, subscribe to our RSS feed for email notifications of blog updates, or visit intel.com/IoTLinkedInFacebook and Twitter.

The post Facial Detection and AI Helping Customize Retail Experiences appeared first on IoT@Intel.


Source: Network News

Facial Recognition and AI Helping Customize Retail Experiences

When shopping online, today’s customers want all the personalization of an in-store experience. And when they walk into a brick-and-mortar store, they want continuity from this online experience, based on the choices they made across all other touchpoints.

Savvy retailers have met these expectations by pulling in incredible amounts of data for highly personalized cross-channel offerings. Online, they’re performing advanced real-time analytics on customer behavior to deliver digital experiences tailored around customers’ interests and needs. In store, they’re using cutting-edge software to understand who’s looking at displays, and to engage, entice, interact and motivate action.

This level of personalization uses artificial intelligence (AI) for facial analytics. It is an essential tool for any retailer who aims to keep up with the changing expectations of digital consumers and find more effective ways to generate revenue. Here’s how the power of AI and facial recognition enable a deeper understanding of customers and provide more personalized experiences.

Two humans look at a tablet.

What visual experiences do

The goal of in-store personalization is to deliver experiences that are as individually tailored as those online. While this might sound like a tall order, the truth is that the latest digital displays can collect analytics and deliver content just as precise as those of any web platform.

Only 13 percent of in-store eye fixations are on signage, and the average shopper looks at signage for only three-tenths of a second. Less than half of those people can remember what they saw on the signs. In short, it’s not what you look at, but what you see, that’s really crucial — and a very effective way to ensure that shoppers see a display is to provide them with targeted content.

It all starts with deep insights about consumers. These can come from digital touchpoints, from in-store analytics or, ideally, from a combination of data from all channels. Taken together this data can reveal trends and deeper customer insights — for example, 50 percent more shoppers engage with alcohol brands on Tuesdays rather than on Thursdays, and they’re two times more likely to browse frozen foods on a Wednesday afternoon. This leads to a better understanding of the customer, greater data personalization, insight and a better overall customer experience.

When you connect online and offline data to arrive at these kinds of insights, you’ll deliver more personalized experiences and establish loyalty for your brand. The next step is to leverage AI to reach the shopper.

AI in retail experience

The latest data shows that interactive digital signage gets more than twice the engagement rate of top social networks. It also gets a dwell time that’s 24 percent higher than Google benchmark data for online rich media. But not all interactive signage gets these impressive results. To really activate the power of this channel, you’ve got to use it to learn about customers — then deliver personalized, customized content that connects with them at the right time.

Many retailers are scrambling to increase personalized experiences and are calling on companies with proven results that offer groundbreaking retail technology, specializing in driving brand and consumer engagement. One of the most powerful tools for in-store personalization is facial facial detection . This technology can play visually interesting content for individual customers, based on past purchases. But that’s only the beginning.

Digital and interactive displays go far beyond facial detection — they can recognize returning customers’ emotions, demographic information, shopping time, location and more. These cognitive analytics enable the display to engage in a real-time feedback loop with the customer, refining its messaging in response to the shopper’s reactions, in order to reach the right consumers with even more precise messaging in the future.

The results speak for themselves. Using a combination of facial recognition, emotion detection and advertising refinement raised the average dwell time per display to an almost-unheard-of 32 seconds. Impressions and engagements also went through the roof, as more shoppers interacted with personalized displays and were far more likely to purchase following those interactions.

Some brands are beginning to go a step even further by adding object detection to their personalization strategy. This can yield even better results, and serve targeted behavior-driven messages to individual customers. All touchpoints in all stores can deliver a single, consistent experience that spans every digital touchpoint and brick-and-mortar location.

This is the level of consistency and personalization demanded by today’s shoppers. Aside from the increase in engagement and revenue, the real value is the ability to build emotional connections with your customers. This personalization is an absolute necessity in the future of retail to keep customers coming back, time and time again.

Visit intel.com/retail to learn more about how Intel technology is shaping the future of responsive retail. To stay informed about Intel IoT developments, subscribe to our RSS feed for email notifications of blog updates, or visit intel.com/IoTLinkedInFacebook and Twitter.

The post Facial Recognition and AI Helping Customize Retail Experiences appeared first on IoT@Intel.


Source: Network News

Future of Brick and Mortar Begins With Responsive Retail: 7 Questions With JDA

We recently had the pleasure of sitting down with JDA Software GVP Product Strategy Todd McCourtie to discuss the future of brick-and-mortar stores. Successful retailing comes down to one thing: getting the right product into shoppers’ hands. That may sound simple, but success requires inventory accuracy, efficient sales associates and the flexibility to quickly adapt to shoppers’ needs in near-real time. That said, thanks to today’s emerging retail technology solutions I’m convinced that the retail industry’s future has never looked brighter! –Stacey Shulman

A picture of clothes on hangers.

Q: To start off, what are some of the challenges you see brick-and-mortar retailers facing that technology solutions can help solve?

A: Today’s retailers are looking for answers to the same questions that have always challenged the retail industry. How do I manage my inventory? How do I deliver a great customer experience? Moreover, how do I optimize my workforce for maximum results? Technology can help here, but what has really emerged is that as some retailers have tried to solve these challenges they’ve ended up cobbling together islands of technology. So it’s been very difficult for them to get that full 360-degree view of the store that leads to actionable results. I think that’s where we see opportunities emerging through technology solutions that can seamlessly support retailers with their immediate problem, which is how can they make sure they’ve got their inventories in the right place in the store.

 

Q: Can you talk a bit about how improving inventory management can solve several retail issues at once?

A: There’s a couple things. First, it’s not just a missed sale if the inventory is not in its place, but it affects the customer experience. Whether a retailer offers an inviting and easy-to-understand sales process is completely irrelevant if the product isn’t on the shelf. So, to me, that’s where it starts. If retailers have inventory visibility they can start to do localization because they’re seeing the real-time demand. A great example that focuses on localization is the question of why do sweaters arrive at Phoenix, Arizona, stores in May? It makes absolutely no sense. If near-real-time inventory management solutions are in place, then retailers have insights into the buying habits of individual stores and communities. They can then instantly replenish inventory, or not, based on the demands they’re getting from the store.

 

Q: How are JDA and Intel technology solutions uniquely positioned to address the localized inventory management solutions you mentioned?

A: I was hoping you’d ask! I’m excited to share that JDA and Intel have teamed up to offer retailers an intelligent technology solution to help manage and overcome age-old business challenges: the JDA Store Optimizer, supported by the Intel Responsive Retail Sensor. It tracks inventory accurately, so you always know where items are located and how many are in stock while also automatically updating store associates’ tasks. Having near-real-time inventory data makes it easy to run lean, save time and money and replenish products as needed with little risk of shortages, overstocking or preventable returns. The JDA Store Optimizer then uses this precise inventory data to automatically identify, prioritize and assign tasks that sales associates need to carry out to optimize operational efficiency, while freeing the store manager to spend more time making decisions that will improve store performance and increase revenue.

To put it simply, we know the future of retail because we’re building it with Intel. So we see the problems of today and both companies see what we need to do to solve them, but with an eye to the future.

 

Q: Data security is a hot topic these days. How is that being addressed with this retail technology solution?

A: When we deal with privacy, we always talked about opt-in [being] enabled right into the platform. From an application provider perspective, the core platform is built from the ground up with security in mind. We also want to make sure that data can be isolated per application, so that if a retailer has their specific set of data they’re bringing, it’s only for them and they know they can trust that verified data. So, that kind of end-to-end security is built in from the ground up. Then there’s end-to-end data encryption, as well, to help guarantee the security and privacy of the data.

 

Q: What about privacy? How is that being addressed with this solution?

A: From my perspective, privacy is very personal. Some people are completely OK with giving that away; other people are very guarded about it. Only 43 percent of shoppers say they are comfortable giving up personal data to a retailer — even if it is to improve their shopping experience. This is a relevant and prescient issue to retailers today. And so, when we’ve tried to approach it, we’ve said there needs to be a way to opt in; a loyalty program is a great way to do that, for example.

 

Q: Can you give us an example of some of the early results you’re seeing from a retailer that has piloted the JDA Store Optimizer?

A: I certainly can. We’re working with a specialty retailer in North America and are excited to see that we’re getting enormous response. I just received an email stating how pleased the associates are in that environment because they’re able to spend more time focusing on relevant customer engagement and that’s great news for us to hear. We know that this is so important from data that we have about customer behavior. Most consumers say that they want associates who are more knowledgeable and will leave a store empty-handed if they do not get the right person with knowledge to help them with purchasing products. A recent study shows that two in three shoppers who tried to find information within a store say they did not find all the information they needed; when they were unable to find the complete information, 43 percent of customers left the store frustrated; 22 percent said they were less likely to buy from that retailer and 41 percent more likely to shop elsewhere. It is so important to have engaged, knowledgeable and able sales associates and the JDA Store Optimizer enables sales associates to get back to the business of being available to customers rather than just running around the store in search of inventory.

 

Q: How do you see artificial intelligence coming to bear and being a part of this platform in the future?

A: Artificial intelligence can help us precisely because we don’t live in a static world. If store shelves were always perfectly stocked and arranged then we probably wouldn’t have much of a need for it. But we live in reality. People buy things so the stock is changing constantly. Things are shuffled as people look at them. Customer behavior enables an opportunity to use pattern matching and artificial intelligence to really go look at those environments and say, hey, these events have happened where there’s a $5 item covering a $100 item that was really supposed to be on display; let’s have an associate go fix that to give me insight into the ROI of an endcap. Was it actually stocked properly? Did people interact with it? I think we can learn over time, make it much better and make that store truly responsive. In a way, the store itself is learning. The platform helps the store learn so it can keep up in near-real time with the changes that are happening in consumer behavior and the retail environment. Moreover, there’s no lag time. You’re not being caught unaware.

Visit intel.com/retail to learn more about how Intel technology is shaping the future of responsive retail. To stay informed about Intel IoT developments, subscribe to our RSS feed for email notifications of blog updates, or visit intel.com/IoTLinkedInFacebook and Twitter.

The post Future of Brick and Mortar Begins With Responsive Retail: 7 Questions With JDA appeared first on IoT@Intel.


Source: Network News

WTB: CCleanup, A Vast Number of Machines at Risk

The intelligence in this week’s iteration discuss the following threats: Adware, Compromise, Data Breach, Malspam, Malicious Plugin, Phishing, and Vulnerability. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity.

Trending Threats

CCleanup: A Vast Number of Machines at Risk (September 18, 2017)
The system maintenance application, “CCleaner,” has been identified to contain malware, specifically, version 5.33, according to Cisco Talos researchers. The authentic version of CCleaner 5.33 distributed by the software company, “Avast,” was found to contain a multi-stage malware payload in addition to the CCleaner application. The malware was found to be the “Floxif” trojan. The downloaded installation executable was signed with a legitimate digital signature that was issued to software company, “Piriform.” The affected CCleaner version was released on August 15, and researchers discovered that the malicious version was still hosted on the download servers as recent as September 11, 2017.
Recommendation: Threat actors are willing to go to great lengths to abuse trust relationships in supply-chain attacks. If CCleaner version 5.33 was downloaded it is likely that the machine is infected with malware. As of this writing, detection signatures have been made available by and they should be run against your systems to check for potential malicious activity. Additionally, Piriform suggests that its CCleaner users updated to version 5.34 as soon as possible.
Tags: Compromise, CCleaner, Malicious version, Malware

Poisoned WordPress ‘Display Widgets’ Plugin Finally Purged (September 15, 2017)
Since June 2017, approximately 200,000 WordPress sites have been corrupted by a plugin called “Display Widgets,” according to Wordfence. Display Widgets was discovered to have been updated with malicious code on multiple occasions. Wordfence CEO, Mark Maunder, warned customers to remove the Display Widgets plugin as soon as possible because the plugin contains a backdoor, allowing the author to publish content on any site with the plugin installed.
Recommendation: Sometimes webmasters discover that one of their sites has been compromised months after the initial infection. Websites, much like personal workstations, require constant maintenance and upkeep in order to adapt to the latest threats. In addition to keeping server software up to date, it is critical that all external facing assets are monitored and scanned for vulnerabilities. The ability to easily restore from backup, incident response planning, and customer communication channels should all be established before a breach occurs.
Tags: Compromised websites, Malicious plugin, Display Widgets

Adware Installs InfoStealer Trojan That Loads via Chrome DLL Hijacking (September 15, 2017)
Researchers have discovered that the “AdService” trojan is being distributed by threat actors via adware bundles. This Trojan performs Dynamic Link Library (DLL) hijacking in Chrome web browsers. AdService is capable of stealing passwords for online accounts such as Facebook and Twitter. AdService uses DLL hijacking to load itself when Chrome is executed and attempts to load a DLL that contains malware. In this instance, AdService is placing a malicious version “winhttp.dll” in the “C:Program Files (x86)GoogleChromeApplication” folder.
Recommendation: The AdService Trojan is installed on a victim’s computer via free programs that do not disclose that other software is being installed along with it. All applications should be carefully researched prior to installing on a personal or work machine. Additionally, all applications, especially free versions, should only be downloaded from trusted vendors. If given an option between a “quick/express” installation or a “custom” installation, always choose the custom installation as it is more likely to disclose other applications being installed. If you are installing a desired application, check that you are getting the installer from the author’s website and not a third party installer. It is also recommended to have trusted antivirus software installed and that it always kept up-to-date, as AdService is detected by most of the antivirus vendors.
Tags: Adware, Trojan, AdService, Chrome

ExpensiveWall: A Dangerous ‘Packed’ Malware on Google Play That Will Hit Your Wallet (September 14, 2017)
More than 100 applications in the Google Play Store have been found to contain a mobile malware family called, “ExpensiveWall,” according to Check Point researchers. The malicious applications were identified to have been downloaded approximately 5.9 to 21.1 million times. The malicious code was found to reside within a Software Development Kit (SDK) named, “gtk.”ExpensiveWall’s objective is to generate revenue by registering users to premium services and sending premium SMS messages which charge the victim without their knowledge. ExpensiveWall is capable of mimicking clicks on any multi-step procedure as well as hiding confirmation SMS messages. As of this writing, Google has removed the malicious applications from the Google Play Store.
Recommendation: Always keep your mobile phone fully patched with the latest security updates. Use the Google Play Store / Apple App Store to obtain your software, and avoid downloading applications, even if they appear legitimate, from third-party stores. In addition, it is important to review the permission the application will request and comments from others who have downloaded the application. Furthermore, it is paramount that mobile devices be kept up-to-date with the latest security patches and employ trusted antivirus software.
Tags: Android, Mobile, Malware, ExpensiveWall

Potential Phishing Scams Related to Equifax Data Breach (September 14, 2017)
The U.S. Federal Trade Commission (FTC) has issued an alert warning individuals to be aware of malicious activity associated with the Equifax breach. The FTC is warning consumers to be aware of potential calls or emails from individuals purporting to be Equifax employees. Equifax representatives will not contact individuals asking to verify their information.
Recommendation: Significant data breaches often result in threat actors attempting to steal information by capitalizing on fear-tactics. Individuals who are concerned about the Equifax breach can check to see if their data may have been affected by using the following website “https://www.equifaxsecurity2017.com/potential-impact/”. Furthermore, it is important that individuals understand, as the FTC stated, that Equifax representatives will not contact consumers to verify their information.
Tags: Scams, Equifax, Data breach

Hangul Word Processor and PostScript Abused Via Malicious Attachments (September 14, 2017)
Trend Micro researchers have discovered a new campaign in which actors are exploiting PostScript code in the Hangul Word Processor (HWP) software. Older versions of HWP were discovered to have implemented a branch of PostScript called “Encapsulated PostScript,” incorrectly. Encapsulated PostScript adds restrictions to code that can be run within HWP documents. However, the incorrect implementation has caused malicious documents to be capable of dropping malicious files on the affected machine.
Recommendation: All employees should be educated on the risks of malspam, and how to identify such attempts. Poor grammar and urgent content are often indicators of these type of attacks. Additionally, messages that request a recipient to open a file attachment should also be avoided.
Tags: Vulnerability, HWP

Equifax Confirms Apache Struts Security Flaw It Failed to Patch is to Blame for Hack (September 14, 2017)
The consumer credit reporting agency, “Equifax,” has confirmed that the breach that affects approximately 143 million individuals was caused by a web server vulnerability in Apache Struts. The vulnerability, registered as CVE-2017-5638, was patched by Apache back in March 2017. The Equifax breach took place from mid-May to July 2017.
Recommendation: Zero-day based attacked can sometimes be detected by less conventional methods, such as behavior analysis, and heuristic and machine learning based detection systems. Threat actors are often observed to use vulnerabilities even after they have been patched by the affected company. As this story portrays, it is crucial that policies are in place to ensure that all employees install patches as soon as they are made available in order to prevent exploitation by malicious actors.
Tags: Vulnerability, Patch

Phishers Targeting LinkedIn Users via Hijacked Accounts (September 13, 2017)
Researchers have identified a phishing campaign in which threat actors are using compromised LinkedIn accounts in attempts to steal credentials. The actors are using LinkedIn’s “InMail” feature to distribute a shortened “Owd[.]ly” link that state that the sender has just shared a document via GoogleDoc/Drive. The link directs recipients to a fake login page for AOL, Gmail, or Yahoo that steals user credentials if entered.
Recommendation: All employees should be educated on the risks of phishing, specifically, how to identify such attempts and whom to contact if a phishing attack is identified. Emails that request that the recipient follow a link that then asks for credentials to be entered is often an indicator of a phishing attack.
Tags: Phishing, LinkedIn, Compromised accounts

Immediately Patch Windows 0-Day Flaw That’s Being Used to Spread Spyware (September 13, 2017)
Microsoft’s “Patch Tuesday” for September addresses 81 vulnerabilities that affect all supported Windows operating systems and other Microsoft products. The vulnerabilities affect eight Microsoft products. 27 of the vulnerabilities are rated critical and 54 are rated important. 39 vulnerabilities could allow an actor to remotely execute code on a vulnerable machine.
Recommendation: Your company should regularly check the software you use in everyday business practices to ensure that everything is always up-to-date with the latest security features. Using the automatic update feature in Windows operating systems is a good mediation step to ensure that your company is always using the most recent version.
Tags: Vulnerabilities, Windows, Malware

BlueBorne Bluetooth Attack Puts 5 Billion Devices at Risk (September 13, 2017)
A new attack vector has the potential to put billions of Bluetooth-enabled devices at risk of compromise, according to Armis researchers. Threat actors could potentially connect to a Bluetooth-enabled device using zero-day buffer overflow vulnerabilities researchers discovered in devices associated with Apple, Google, Linux, Microsoft, and Samsung. The vulnerabilities were reported to said companies who are currently working on patches.
Recommendation: All devices should be kept up-to-date with the latest software versions to use the newest security features implemented in the updated. Additionally, only trusted devices should be connected to via Bluetooth, and Bluetooth should be turned off when not in use.
Tags: Vulnerability, Bluetooth, BlueBorne

Massive ElasticSearch Infected Malware Botnet (September 12, 2017)
Thousands of publicly accessible ElasticSearch nodes have been identified to be hosting variants of Point of Sale (POS) malware, according to Kromtech researchers. Among the ElasticSearch servers, researchers discovered file names that are associated with the AlinaPOS and JackPOS malware families. This discovery coincides with other findings in which new variants of POS malware have been advertised for purchase on various underground forums. As of this writing, approximately 4,000 ElasticSearch servers were found to be infected with POS malware.
Recommendation: This story depicts the potential dangers that may reside in publicly accessible services. A public service that uses some form a authentication should be required if open source resources are being used. Additionally, databases should not be directly accessible over the internet, and they should require a form of authentication to access.
Tags: Breach, ElasticSearch servers, Malware, Botnet

Multiple Vulnerabilities in FreeXL Library (September 11, 2017)
Cisco Talos researchers have released information regarding two remote code execution vulnerabilities in the “FreeXL” library. FreeXL is an open source software that is used to extract data from a Microsoft Excel spreadsheet. The two vulnerabilities can be exploited via a buffer overflow that could possibly allow a threat actor to execute arbitrary code on a machine.
Recommendation: Zero-day based attacked can sometimes be detected by less conventional methods, such as behavior analysis, and heuristic and machine learning based detection systems. Threat actors are often observed to use vulnerabilities even after they have been patched by the affected company. Therefore, it is crucial that policies are in place to ensure that all employees install patches as soon as they are made available.
Tags: Vulnerabilities, FreeXL Library


Source: Honeypot Tech

Astro Pi upgrades on the International Space Station

In 2015, The Raspberry Pi Foundation built two space-hardened Raspberry Pi units, or Astro Pis, to run student code on board the International Space Station (ISS).

Astro Pi

A space-hardened Raspberry Pi

Astro Pi upgrades

Each school year we run an Astro Pi challenge to find the next generation of space scientists to program them. After the students have their code run in space, any output files are downloaded to ground and returned to them for analysis.

That download process was originally accomplished by an astronaut shutting down the Astro Pi, moving its micro SD card to a crew laptop and copying over the files manually. This used about 20 minutes of precious crew time.

space pi – Create, Discover and Share Awesome GIFs on Gfycat

Watch space pi GIF by sooperdave on Gfycat. Discover more GIFS online on Gfycat

Last year, we passed the qualification to allow the Astro Pi computers to be connected to the Local Area Network (LAN) on board the ISS. This allows us to remotely access them from the ground, upload student code and download the results without having to involve the crew.

This year, we have been preparing a new payload to upgrade the operational capabilities of the Astro Pi units.

The payload consists of the following items:

  • 2 × USB WiFi dongles
  • 5 × optical filters
  • 4 × 32GB micro SD cards

Before anyone asks – no, we’re not going outside into the vacuum of space!

USB WiFi dongle

Currently both Astro Pi units are located in the European Columbus module. They’re even visible on Google Street View (pan down and right)! You can see that we’ve created a bit of a bird’s nest of wires behind them.

Astro Pi

The D-Link DWA-171

The decision to add WiFi capability is partly to clean up the cabling situation, but mainly so that the Astro Pi units can be deployed in ISS locations other than the Columbus module, where we won’t have access to an Ethernet switch.

The Raspberry Pi used in the Astro Pi flight units is the B+ (released in 2014), which does not have any built in wireless connectivity, so we need to use a USB dongle. This particular D-Link dongle was recommended by the European Space Agency (ESA) because a number of other payloads are already using it.

Astro Pi

An Astro Pi unit with WiFi dongle installed

Plans have been made for one of the Astro Pi units to be deployed on an Earth-facing window, to allow Earth-observation student experiments. This is where WiFi connectivity will be required to maintain LAN access for ground control.

Optical filters

With Earth-observation experiments in mind, we are also sending some flexible film optical filters. These are made from the same material as the blue square which is shipped with the Pi NoIR camera module, as noted in this post from when the product was launched. You can find the data sheet here.

Astro Pi

Rosco Roscalux #2007 Storaro Blue

To permit the filter to be easily attached to the Astro Pi unit, the film is laser-cut to friction-fit onto the 12 inner heatsink pins on the base, so that the camera aperture is covered.

Astro Pi

Laser cutting at Makespace

The laser-cutting work was done right here in Cambridge at Makespace by our own Alex Bate, and local artist Diana Probst.

Astro Pi

An Astro Pi with the optical filter installed

32GB micro SD cards

A consequence of running Earth observation experiments is a dramatic increase in the amount of disk space needed. To avoid a high frequency of commanding windows to download imagery to ground, we’re also flying some larger 32GB micro SD cards to replace the current 8GB cards.

Astro Pi

The Samsung Evo MB-MP32DA/EU

This particular type of micro SD card is X-ray proof, waterproof, and resistant to magnetism and heat. Operationally speaking there is no difference, other than the additional available disk space.

Astro Pi

An Astro Pi unit with the new micro SD card installed

The micro SD cards will be flown with a security-hardened version of Raspbian pre-installed.

Crew activities

We have several crew activities planned for when this payload arrives on the ISS. These include the installation of the upgrade items on both Astro Pi units; moving one of the units from Columbus to an earth-facing window (possibly in Node 2); and then moving it back a few weeks later.

Currently it is expected that these activities will be carried out by German ESA astronaut Alexander Gerst who launches to the ISS in November (and will also be the ISS commander for Expedition 57).

Payload launch

We are targeting a January 2018 launch date for the payload. The exact launch vehicle is yet to be determined, but it could be SpaceX CRS 14. We will update you closer to the time.

Questions?

If you have any questions about this payload, how an item works, or why that specific model was chosen, please post them in the comments below, and we’ll try to answer them.

The post Astro Pi upgrades on the International Space Station appeared first on Raspberry Pi.


Source: RaspberryPi – IOT Anonimo

Source: Privacy Online


Source: Zologic