Are your clients shifting to Desktop as a Service (DaaS), or sometimes called a Virtual Desktop Infrastructure (VDI) solution as a result of the recent current events taking place? How does this affect your clients’ network, and are you up-to-speed on what this means for the egress fees they could face?
It’s important to understand the implications and cost this change in business could have for your clients.
Read on this article and learn:
A detailed comparison of two methods: a multicloud networking platform + private connectivity vs. Cloud Service Provider VPN
How to solve one of the associated challenges—the dreaded cloud egress bandwidth charges
A cost comparison based on egress bandwidth traffic between private connectivity options vs. VPN over the public Internet
En Masse Entertainment is inviting everyone to come and celebrate the 2nd anniversary of TERA on PlayStation 4 and Xbox One!
Kakao Games and Pearl Abyss announced that Black Desert Online should consult the newly opened Fortune Teller on the website. Players interested in Black Desert Online can sign up for the 7-day free trial via the Black Desert Online official website, where they can also learn more about game updates and events.
While you’re now spending a lot more time at home, it might be worth investing in a new mattress — Caspar invites customers to its design labs.
COVID-19 social distancing and work-from-home measures mean more people are online and searching for news — or purchases. To capitalize on this trend, Verizon Media is focussing on shoppable content, essentially creating a “customer journey from content and discovery to transactions”.
How to create shoppable content. The trick for businesses is to produce content that leads the consumer to its website to make a purchase rather than a bigger retailer like Amazon. It’s best for brands to use unique videos and product media to share on social channels and incorporate a simple purchase function. In doing so, merchants are able to create sales channels beyond the big e-commerce platforms.
Finding the right social channel. Shoppable content does come with some drawbacks. Merchants are relying on the user experience of the social platform and can lose access to customer data. With the amount of traffic on social media though, it’s obviously a lucrative sales channel. The trick is finding the channel that offers real value to you, so do your research.
The global COVID-19 pandemic has seen a massive rise in the use of mobile. In South Korea, mobile phone usage has been used to determine who to test for the virus. In the UK, a robust mobile network has meant virus messaging has been largely successful as more people shift to mobile-first usage patterns. Unrelated to the virus, Google has announced mobile-first indexing will become the default from September 2020.
Why this matters? This change in behavior means content marketers need a mobile-first strategy, especially when it comes to writing for mobile. Keep in mind that the headline is basically the only thing customers will read and visuals are vital. If you’re not sure, Google has created a mobile-friendly test tool.
An overall mobile strategy. It’s not just content that needs to be re-imagined for mobile, advertising needs a mobile-first strategy too. In-app advertising practices are being developed which take into account the context of ad placement. Your ad placement needs to mirror user behavior. Optimizing for mobile user behavior is just one part of the puzzle. Resources also need to be directed to social engagement and voice search keywords. If you want to see the gold standard in mobile-first everything, have a look at Axios.
When the spike in unemployment claims is nearly the height of a broadsheet newspaper front page, it means two things. 1. You’ve got to find a way to visualise bad news in effective ways. 2. You have a truly great design team. Here’s a quick look at the evolution of a recent New York Times front page. The curious, cool thing is that the designer “tom bodkin conceptualized the front page several days ago when it was clear how this was all going to go down”.
A newsroom is much like a fish market — yelling, buy-ins, pitching, opinions, and chaos. But publishing workflows are changing around the world, and the NYT newsroom is no different. I like this investigation into the tools and workflows they tried, tested, threw out, and adopted — just like we’re all doing in this anxious, weird time. They hated Slack (those damn knocking notifications drive me batty — “It was like somebody knocking at your door for eight hours straight”) and switched to the relative peace of Google Hangouts. At least you’re back to simulating fish-market mode.
It’s hard enough trying to design news for people who love news. Try designing for people who don’t care. The Wall Street Journal pivoted their election news products into coronavirus news products. It turns out they translated well into products for people who just want to be caught up on the facts quickly. The new products — or tools — “include a clickthrough module to quickly catch readers up on political news, redesigned live update presentations for election nights and debates, and Q&A features”. They know what they’re doing — WSJ crossed 2 million paying subscribers last month, and they get that higher engagement reduces churn. The adapted catch-up module is testing well — you don’t have to leave the homepage to click-through it — even for specific use cases like this: “an illustration on the first card drew readers into clicking through the catch-up module better than a photo did”.
Here’s how you design a FAQ page. Q&A pages are deceptively hard to design well. The old accordion design is a solid, tried and tested device, but questions pop up: should you close the previous one when you open the next? Robin Kwong is the news innovation boss at the Wall Street Journal for a reason, and their designer Andrea Pappas can design the heck out of a coronavirus Q&A page. See it here.
Really excited to launch an experimental new look for our @WSJ Coronavirus Q&A articles!
Everybody takes notes. And everybody has their favourite way of taking notes. Meetings, briefs, debriefs, feedback, critique, audits… all these things were arguably born from notes. Note-taking is the ur-app, especially if you’re taking notes by hand. Fortunately, there are tools out there that make it easier.
I’m enjoying this first look at Pitch, a new presentation platform in the works. It works with your branding, connects to live data (this is potentially a game-changer), works with teams, has templates, and…and I want it. (Even though I love you, Google Slides — way better than Keynote and PeePeeTee.) I’ve signed up for early access.
You’re a designer. Where should you work? At a company that isn’t known for great design. “Being the first designer at a company isn’t going to be easy. You’ll be fighting windmills and it will be tiring. But it’s here you have the potential to see the effects of your work. You’re not just a cog in an already established system. You’re defining that system. Every conversation you have, project you lead and task you do is an opportunity. You’ll also have less competition for these jobs, as other designers simply don’t have these companies on their radar.”
Netflix needs a “UX/UI Designer for our Design System”. You need to get design systems, design tools, and libraries. “Remote OK!”
Hello, friends! 👋 At Netflix, we’re looking to contract a UX/UI Designer for our Design System team working on the Studio ecosystem. Remote OK!
If you’re passionate about design systems, design tools, and libraries, then this is for you! 🎉
Kwampirs Malware Targets Healthcare Sector. The FBI has released a private industry notification for the Kwampirs malware. Kwampirs, also known as “Orangeworm,” has been used to target different industries in the past, and according to this latest update, is now also being used to target the healthcare sector. Likely the work of nation state-linked attackers, Kwampirs uses the software supply chain to spread. This makes it particularly difficult to defend against. Kwampirs will likely enter your network as part of a software update from a trusted vendor.
Note: In defending against threats like Kwampirs, do not focus too much on specific indicators of compromise. They will change quickly, and are only useful to detect past infections. Instead, verify how well you are able to detect the techniques the malware uses to spread. For example, Kwampirs like other malware seeks out administrative shares and installs as a new service. These are fairly generic techniques used by other malware as well. Implementing techniques to detect this type of behavior has the benefit that it will not just detect this particular malware, but more generically help identify malicious behavior.
Snail Mail Malware Delivery. The FIN7 hacking group is distributing malware through the U.S. Postal service – sending users USB sticks in the mail. If users plug the stick in, it installs a backdoor on their computer. Some of the packages have included gift cards and teddy bears.
A good analogy for security awareness around this issue is to equate USB sticks that aren’t from IT or a store to be like a piece of what kids used to call ABC gum: Already Been Chewed gum. Don’t put ABC USB drives in your computer’s mouth.
It remains imperative to not insert unknown or untrusted media in systems. Right now many users are working from home outside many of the normal corporate security controls, so increased attention to work-from-home security measures is appropriate. Also, while enabling controls that limit the insertion of removable media to approved devices only will help raise the bar, the current environment makes it attractive for the user to insert these into their personal devices, so be sure to include that scenario in your awareness training.
Court Orders Injunctions Against VoIP Carriers for Facilitating Fraudulent Robocalls. A US district court in New York has issued injunctions against two companies for “facilitate[ing] the transmission of massive volumes of fraudulent robocalls to consumers in the United States.”. The callers claimed to be from government agencies or legitimate businesses and were designed to trick people into giving up information and money. The calls targeted elderly and otherwise vulnerable people.
Carriers of all flavors have refused to filter malicious calls/data that are known to be from spoofed addresses. It is good to see courts and the FTC (noted in another item) start to put appropriate pressure on them. Imagine if the water company said “Well, we knew the dangerous chemicals were in the water, but we just pass the water from left to right; don’t blame us. But, we will sell you a water cleaning service.”
The elderly are some of the hardest users to protect, as they have not “grown-up” with these threats, and are not necessarily connected with, or may not understand security awareness campaigns. Taking the time to work with them one-on-one to understand call security and enabling appropriate controls is the best mitigation while technical and carrier level controls evolve.
Georgian Database Published Online. A database containing personal information about every citizen in the Republic of Georgia has been posted to a hacker forum. The database includes information for more than 4.9 million people, some of whom are deceased. Georgian authorities are investigating.
Apple VPN Bypass Flaw. An unpatched flaw in Apple’s iOS could be exploited to access some traffic data. The issue prevents virtual private network (VPN) applications from protecting some data that are being sent between the iOS device and the servers they are communicating with. The vulnerability exists in the most recent version of the mobile operating system, iOS 13.4.
Note: While this bug remains in iOS 13.4, it also impacts iOS 13.3.1 and later. The problem is the VPN does not terminate all existing network connections when established. The primary risk is moderate, as this can be used to reveal metadata about the device’s connections as most application connections are themselves encrypted and short-lived. The risk can be partly mitigated by enabling auto-connect features in third-party VPNs or setting the always-connected feature of managed devices accessing the corporate VPN.
Windows Font Parsing Bug. Microsoft has suggested several workarounds to help protect their computers from attacks exploiting two critical vulnerabilities. The flaws affect the Windows font parsing component, Adobe Type Manager Library. On systems older than Windows 10, these flaws can be exploited to allow remote code execution. Microsoft is aware that there are targeted attacks exploiting these flaws and is working on a fix.
FTC Warns VoIP Companies Not to Facilitate Robocalls Preying on Coronavirus Concerns. The US Federal Trade Commission (FTC) has issued warnings to nine VoIP service providers take steps to ensure that their services are not being used to make fraudulent robocalls that exploit the current COVID-19 pandemic. The nine companies were given until March 30 to respond to the FTC, “describing the specific actions [they] have taken to ensure [their] company’s services are not being used in Coronavirus/COVID-19 robocall schemes.”
The FTC was awarded a prestigious SANS Difference Maker’s award a few years ago. It is good to see them continuing to make a difference.
What is needed is the implementation of security solutions such as SHAKEN / STIR to raise the bar on VoIP call security. Take note of the FTC advice on robocalls, particularly COVID-19 related ones, at the core: hang up, don’t press any buttons, better still don’t answer unrecognized calls. Leverage options to block unwanted calls. Some services have free call blocking tools, iOS allows you to silently send unrecognized callers to voicemail and Android allows you to block anonymous callers.
US Federal Court: Terms of Service Violations is Not CFAA Violation. A US federal court has ruled that violating a website’s terms of service is not a violation of the Computer Fraud and Abuse Act (CFAA). The plaintiffs in the case wanted to investigate racism in online job markets by creating accounts for phony employers and job seekers. They were concerned that the activity might find them in violation of the CFAA, so they filed a pre-enforcement challenge alleging that the portion of the CFAA that says it is a crime to “access a computer without authorization or exceed authorized access” is a violation of First Amendment rights. The Court did not address the constitutional issue, instead of writing “that the CFAA does not criminalize mere terms-of-service violations on consumer websites and, thus, that plaintiffs’ proposed research plans are not criminal under the CFAA.”
Note: Creating fraudulent accounts may not be criminal but it is unethical and not something we want to encourage. In this case, it contaminates the application and interferes with its objective.
Zeus Sphinx Trojan. A banking Trojan has made a resurgence after three years of relative quiet. The Zeus Sphinx Trojan is being used to exploit the economic relief measures that governments are sending to citizens. The campaigns tell email recipients that they need to fill out forms to receive the payments; those forms capture bank account access credentials.
Russian Man Arrested in Connection with Money Laundering Scheme. US federal law enforcement agents have arrested Maksim Boiko, a Russian Citizen, for his alleged role in a money-laundering scheme. Boiko is allegedly part of an organized crime group known as QQAAZZ, which converted stolen money into cryptocurrency to obscure its origins.
HackerOne Boots Voatz from Platform. HackerOne has “terminate[d] the [Voatz] program on the HackerOne platform.” HackerOne provides a number of security services, including the facilitation of bug bounty programs. Last month Voatz updated its policy with regard to HackerOne, noting that it could not guarantee a safe harbor for hackers who access its live election systems. That change, along with “hostile interactions with security researchers,” contributed to HackerOne’s decision.
There needs to be a balance between supporting research for bug identification and restricting activities that are out of the scope of the bug bounty program. This typically requires an organization of some size and maturity to have the resources to manage this balance as well as verify and respond to issues discovered.
Since Voatz has been discouraging bug bounty style assessment of the security of its product and points to the Department of Homeland Security as evaluating the remote voting application, no elections should use the software until DHS completes an exhaustive evaluation, any and all issues noted are fixed, the DHS re-evaluates the app and publicly gives it a clean bill of health for state and local use.
Said another way, Voatz has decided that inviting unknown “researchers” to attack its application is not a good idea.
There is some good news for U.S. teaching hospitals: the U.S. State Department says it will resume processing visas needed by international doctors to enter the country. Source: Update on Visas for Medical Professionals
The Black Screen Error “CDVD READ ERROR” happens in the PCSX2 PlayStation 2 emulator when playing multiple games and with several different configurators of this emulator. The error message can only be visible in the program log. Follow the below resolution methods to fix this error.
Narrowband IoT (NB-IoT) and LTE-M have set new standards for LPWA networking by prioritizing low-cost, low-power, minimal infrastructures, robust reach over massive distances, and scalability to cover a large number of deployed devices.
This article will help define the advantages of LTE-M over competing strategies, detail specific network nuances, talk to operational efficiencies, define reliable coverage, explain the necessity of security, and compare costs—all of which must be taken into consideration before initiating an IoT deployment. Finally, we will introduce the Aeris Fusion IoT Network, which was created for the sole purpose of connectivity management in the IoT universe.
This article will:
Help define the advantages of LTE-M over competing strategies
Detail specific network nuances
Talk to operational efficiencies
Define reliable coverage
Explain the necessity of security
And compare costs
Finally, we will introduce the Aeris Fusion IoT Network, which was created for the sole purpose of connectivity management in the IoT universe.
Many businesses have yet to upgrade their operating systems following the end of support for Windows 7…
Microsoft Windows 7 end of support (EOS) was on January 14, 2020; Microsoft will no longer issue security updates for the Windows 7 operating system (OS). Despite the long lead time for this EOS date, many businesses have yet to upgrade, leaving them at risk for application hardware and application compatibility, system and data security, and compliance issues.
EOS opens the door for managed service providers (MSPs) and IT consultants to build and offer a Windows 7 EOS service offering that helps businesses upgrade their systems and take advantage of new technologies and hardware.
Learn, in this article, why businesses are now facing compatibility, security, and compliance issues, what upgrade options are available, and best practices for service providers to help customers transition.
Read on this executive summary and learn:
Why businesses face compatibility, security, and compliance issues with Windows 7 EOS.
Upgrade options that are available to meet organizational needs and budgets.
How service providers can help customers transition.
How to be knowledgeable about the Dell Expert Network and the value it provides.