Connect with us

Technology

American insurance giant CNA reportedly pays $40m to ransomware crooks • The Register

Voice Of EU

Published

on

In brief CNA Finaincial, the US insurance conglomerate, has apparently paid $40m to ransomware operators to gets its files back.

In March the business revealed it had been hit by an extensive Phoenix Locker infection; this strain of malware was developed by Russian scam artists calling themselves Evil Corp, which may have links to Russian intelligence.

All CNA systems are now back up and running though it appears that the company didn’t manage this themselves and instead coughed up a widely reported $40m to the extortionists for the means to decrypt the scrambled files.

“CNA is not commenting on the ransom, but the company did consult and share intelligence with the FBI and OFAC [US Treasury’s Office of Foreign Assets Control] regarding the cyber incident and the threat actor’s identity,” a spokesperson told The Register.

“CNA followed all laws, regulations, and published guidance, including OFAC’s 2020 ransomware guidance, in its handling of this matter. Due diligence efforts concluded that the threat actor responsible for the attack is a group called Phoenix. Phoenix is not on any prohibited party list and is not a sanctioned entity.”

In other words: CNA wouldn’t be forbidden from doing a deal with the Phoenix crew, jus’ sayin’.

Luckily for CNA and its customers, an analysis of the ransomware code suggests it doesn’t steal data for later ransom, but instead simply locks it. However, banking mega-millions for a single attack is only going to encourage further intrusions.

Solarwinds CEO says sorry, again

As part of his ongoing apology tour, Solarwinds CEO Sudhakar Ramakrishna appeared at the 2021 RSA Conference this week to assure security professionals that his head of security Tim Brown was still in place and hadn’t been scapegoated. “We don’t like to flog people for failures; he’s highly competent and committed,” the chief exec said.

Too bad the previous CEO Kevin Thompson didn’t feel the same way, who in February blamed an intern for the infamous solarwinds123 password leak during a House committee hearing.

“What happened at the congressional hearings is not what we are about and is not what we are about,” said Ramakrishna. “We have learned from that and I want to reset it here by saying that we are a safe environment.”

Ramakrishna said he learned of the hack on December 12, his birthday, and a month before he officially took over as CEO. He said he had been urged not to take the job, but instead offered to stand down for a while and let the current chief exec run the cleanup operation to ensure continuity.

Oddly though, his half-hour keynote contained almost no technical details at all. Remember when RSA used to be a hardcore security conference? We do, and we miss it.

Stalkerware use surging and the code sucks

The creepy code used to spy on partners or other victims, is not only on the rise but could also be very bad for your digital health.

An analysis by ESET boffin Lukas Stefanko showed Android stalkerware apps are still a growing market, with use of the software seemingly up 48 per cent in 2020, despite them being kinda banned by Google and others after a successful campaign by the Electronic Frontier Foundation.

But such scummy apps are also very poorly written. Stefanko analyzed 86 Android stalkerware applications and found 58 had serious security issues. After contacting the makers as per responsible disclosure, only six fixed the holes, seven promised to do so, one decided it couldn’t be bothered, and 44 didn’t even reply.

“The research should serve as a warning to potential future clients of stalkerware to reconsider using software against their spouses and loved ones, since not only is it unethical, but also might result in revealing the private and intimate information of their spouses and leave them at risk of cyberattacks and fraud,” he concluded.

ExifTool users need to get patching

If your web application, or other software, uses ExifTool to process user-submitted images, it’s time to update to fix a security hole:

William Bowling explained that Perl code can be injected into ExifTool and executed, via a malicious processed file, and it is easy to exploit. Worse, from a security standpoint, multiple image formats are at risk.

Thankfully it’s now patched but considering how many people use the code, and the ease of infiltration, it’s worth checking to make sure everything’s updated.

So, so much cyber-crime

An unfortunate milestone were reached this week, with the FBI’s Internet Crime Complaint Center (IC3) recording its sixth million gripe about online scumbags, the fastest rise in its more-than-20-year history

“On one hand, the number holds some positive news. People know how to find us and how to report an incident,” said IC3 Chief Donna Gregory. “But on the other hand these numbers indicate more people are being affected by online crimes and scams.”

The top three complaints to the consumer reporting service were phishing, non-payment/non-delivery scams, and online extortion. But when it comes to losing money, business email compromises, romance scammers, and investment fraudsters cause the most damage.

We’re told the situation is getting rapidly worse: the latest million complaints have come in just the last 14 months and the trend is accelerating. ®



Source link

Technology

Tech neck: what are smartphones doing to our bodies? | Life and style

Voice Of EU

Published

on

Name: Tech neck.

Age: Two years old.

Appearance: The next stage of human evolution.

This sounds exciting! Are we all going to be cyborgs soon? Not exactly.

Then what on earth is tech neck? That’s easy. It’s the hunch you develop from staring at your phone too much.

That’s less exciting. And less deniable. It has been claimed by the Australian Chiropractors Association that our compulsive use of mobile devices is changing the shape of our bodies.

How? Let’s say you hold your phone at an angle that makes you lower your head by 60 degrees. That adds approximately 27kg (60lbs) of weight through your spine. Now, imagine doing that for several hours every day. That’s one messed up back.

Hang on, you said that tech neck is only two years old. Phones are older than that, and “text neck” was identified as an ailment in 2011, but the pandemic made things so much worse.

Posed by model Hunchbacked person with wrong bad posture, back bones pain and problems
All in the angle … tilting the head forward adds pressure (posed by model). Photograph: Михаил Руденко/Getty Images/iStockphoto

It did? For month after month you were starved of normal human contact, and had to communicate with the rest of the world through your phone. And when you weren’t doing that, you spent your time doom-scrolling in horror through a barrage of some of the worst news in modern history.

That sounds just like me. Me too. And guess what? All that bad news was a pain in the neck.

Well, on the plus side phones have only harmed us in one way. Or two, if you count “phone thumb”, a condition where your thumb can become inflamed from prolonged texting.

OK, fine, two ways. Or three, if you factor in the claim that the blue light emitted by phones can interfere with melatonin production. Or four, if you count the eye strain you get from prolonged use. And a couple of years ago it was suggested that humans are growing bone spurs at the base of their skulls to counter all the terrible phone-related posture.

Please, stop! Do you want to know the good news?

Yes! Anything! The posture problem is easy to correct. You can do a simple stretch, where you interlock your fingers behind your head and hold your elbows against a wall.

That’s promising. Or you could try holding your phone at eye level, to reduce the pressure on your spine. Or make an extra effort to stay active throughout the day.

This is good. I can do this. Then again, there is a better way to combat tech neck.

This sounds ominous. You could always try not using your phone as much.

Never! The humps are worth it! Suit yourself.

Do say: “The best way to avoid tech neck is to put your phone down.”

Don’t say: “You know, in a minute, after you’ve watched all those TikToks.”

Source link

Continue Reading

Technology

VMware demos ‘bare-metal’ performance from virtualized GPUs • The Register

Voice Of EU

Published

on

The future of high-performance computing will be virtualized, VMware’s Uday Kurkure has told The Register.

Kurkure, the lead engineer for VMware’s performance engineering team, has spent the past five years working on ways to virtualize machine-learning workloads running on accelerators. Earlier this month his team reported “near or better than bare-metal performance” for Bidirectional Encoder Representations from Transformers (BERT) and Mask R-CNN — two popular machine-learning workloads — running on virtualized GPUs (vGPU) connected using Nvidia’s NVLink interconnect.

NVLink enables compute and memory resources to be shared across up to four GPUs over a high-bandwidth mesh fabric operating at 6.25GB/s per lane compared to PCIe 4.0’s 2.5GB/s. The interconnect enabled Kurkure’s team to pool 160GB of GPU memory from the Dell PowerEdge system’s four 40GB Nvidia A100 SXM GPUs.

“As the machine learning models get bigger and bigger, they don’t fit into the graphics memory of a single chip, so you need to use multiple GPUs,” he explained.

Support for NVLink in VMware’s vSphere is a relatively new addition. By toggling NVLink on and off in vSphere between tests, Kurkure was able to determine how large of an impact the interconnect had on performance.

And in what should be a surprise to no one, the large ML workloads ran faster, scaling linearly with additional GPUs, when NVLink was enabled.

Testing showed Mask R-CNN training running 15 percent faster in a twin GPU, NVLink configuration, and 18 percent faster when using all four A100s. The performance delta was even greater in the BERT natural language processing model, where the NVLink-enabled system performed 243 percent faster when running on all four GPUs.

What’s more, Kurkure says the virtualized GPUs were able to achieve the same or better performance compared to running the same workloads on bare metal.

“Now with NVLink being supported in vSphere, customers have the flexibility where they can combine multiple GPUs on the same host using NVLink so they can support bigger models, without a significant communication overhead,” Kurkure said.

HPC, enterprise implications

Based on the results of these tests, Kurkure expects most HPC workloads will be virtualized moving forward. The HPC community is always running into performance bottlenecks that leaves systems underutilized, he added, arguing that virtualization enables users to make much more efficient use of their systems.

Kurkure’s team was able to achieve performance comparable to bare metal while using just a fraction of the dual-socket system’s CPU resources.

“We were only using 16 logical cores out of 128 available,” he said. “You could use that CPU resources for other jobs without affecting your machine-learning intensive graphics modules. This is going to improve your utilization, and bring down the cost of your datacenter.”

A road leading up to a question mark in a cloud

Broadcom to buy VMware ‘on Thursday for $60 billion’

READ MORE

By toggling on and off NVLink between GPUs, additional platform flexibility can be achieved by enabling multiple isolated AI/ML workloads to be spread across the GPUs simultaneously.

“One of the key takeaways of this testing was that because of the improved utilization offered by vGPUs connected over a NVLink mesh network, VMware was able to achieve bare-metal-like performance while freeing idle resources for other workloads,” Kurkure said.

VMWare expects these results to improve resource utilization in several applications, including investment banking, pharmaceutical research, 3D CAD, and auto manufacturing. 3D CAD is a particularly high-demand area for HPC virtualization, according to Kurkure, who cited several customers looking to implement machine learning to assist with the design process.

And while it’s possible to run many of these workloads on GPUs in the cloud, he argued that cost and/or intellectual property rules may prevent them from doing so.

vGPU vs MIG

An important note is VMware’s tests were conducted using Nvidia’s vGPU Manager in vSphere as opposed to the hardware-level partitioning offered by multi-instance GPU (MIG) on the A100. MIG essentially allows the A100 to behave like up to seven less-powerful GPUs.

By comparison, vGPUs are defined in the hypervisor and are time-sliced. You can think of this as multitasking where the GPU rapidly cycles through each vGPU workload until they’re completed.

The benefit of vGPUs is users can scale well beyond seven GPU instances at the cost of potential overheads associated with rapid context switching, Kurkure explained. However, at least in his testing, the use of vGPUs didn’t appear to have a negative impact on performance compared to running on bare metal with the GPUs passed through to the VM.

Whether MIG would change this dynamic remains to be seen and is the subject of another ongoing investigation by Kurkure’s team. “It’s not clear when you should be using vGPU and when we should be running in MIG mode,” he said.

More to come

With vGPU with NVLink validated for scale-up workloads, VMware is now exploring options such as how these workloads scale across multiple systems and racks over RDMA over converged Ethernet (RoCE). Here, he says, networking becomes a major consideration.

“The natural extension of this is scale out,” he said. “So, we’ll have a number of hosted connected by RoCE.”

VMware is also investing how virtualized GPUs perform with even larger AI/ML models,

Kurkure’s team is also investigating how these architectures scale with even larger AI/ML, like GPT-3, as well as how they can be applied to telco workloads running at the edge. ®

Source link

Continue Reading

Technology

The Irish start-up tackling employee mental wellbeing

Voice Of EU

Published

on

Pause offers coaching, audit, supervision and training services in a bid to deliver measurable mental wellbeing improvements for organisations.

A new Irish start-up called Pause aims to help employers implement good mental wellbeing practices in the workplace following a tough couple of years for workers.

The company is led by Báirbre Meehan, who has been in senior leadership roles for 25 years and is a trained executive coach with a master’s in business and executive coaching.

Future Human

Meehan realised that there was a gap in the market when it came to managing employee mental wellbeing, which was only widened by the stresses of the pandemic.

She undertook a research project into mental wellbeing after seeing first-hand the impact that mental health issues were having on employee performance. For five years, she worked with GPs, psychotherapists and word-of-mouth referrals to support and monitor mental wellbeing improvements in more than 100 people.

Her research found that short-term coaching intervention led to a 70pc improvement in collective employee mental wellbeing, with positive mental wellbeing maintained at six-month and two-year review stages.

Meehan used what she found out to develop Pause. She is now launching the company at a pivotal time for employer-employee relations, as workplaces continue reopening and companies negotiate hybrid and remote work policies with staff.

Pause offers coaching, audit, supervision and training services in a bid to deliver measurable mental wellbeing improvements for organisations.

Recent Pause research, carried out in 2021, revealed that senior HR leaders are finding it increasingly difficult to support employee mental wellbeing due to the distance involved in hybrid and remote working arrangements.

New ways of working have made identifying employees struggling with their mental wellbeing challenging, and it is also difficult to convince employees to seek support, according to the findings.

‘People are finding it difficult to cope’

Meehan acknowledged that the pandemic had a “significant impact on people’s stress levels, which were already high before the pandemic, but are now at an all-time high”.

“The pace of life and working life has escalated to such an extent that people are finding it difficult to cope. The phased return to the workplace is causing a large amount of anxiety for varying reasons,” she said.

She added that people are finding it hard to draw boundaries between work and home, pointing to the introduction of the right to disconnect in Ireland last year to help people switch off and achieve a better work-life balance.

“In addition, the global pandemic caused people to re-evaluate their attitudes to work-life balance,” Meehan said.

“This makes employee retention and attraction a critical issue for organisations, and one they are struggling to manage. This is a really complex area, but Pause has developed a provable and measurable system of improving employee mental wellbeing, which has a clear positive impact on business results and employee retention.”

Meehan was the 2021 winner of the Empower Start pitching competition for women entrepreneurs based on her work with Pause. This was a Dragon’s Den-style competition delivered through the innovation hubs at Galway-Mayo Institute of Technology, IT Sligo and Letterkenny IT, which recently amalgamated to form Atlantic Technological University (ATU).

Pause is based at ATU Sligo’s innovation centre. The team currently includes Meehan and two other coaches, one of whom is a psychotherapist based in the UK.

Meehan plans to employ and train more coaches in the Pause method over the coming years.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Source link

Continue Reading

Trending

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates 
directly on your inbox.

You have Successfully Subscribed!