Reading Time: 2 minutes
We would never advise using an unsupported operating system. Everytime Microsoft issues a security patch for its supported OSs, it provides information that hackers can analyze and exploit against the unpatched Windows XP. However, one month after the end of Microsoft’s support for Windows XP there seems to be a hard core of users still on the venerable operating system and resisting upgrades. This in spite of a massive effort by the folks in Redmond to convince them to get off of XP.
Ultimately, we believe the user rules. If you are one of those hold outs, for whatever reason, here is some advice.
- Microsoft is still providing extended support and providing security patches, but at a considerable fee. If you are an XP user in a large organization that can afford it, you should investigate if it makes sense for your organization to participate. For some, like financial institutions that have ATMs using XP it is a no brainer and we would assume they are already on the Microsoft extended plan. Make sure you understand your organization’s position and be sure you are in compliance.
- Dump the Internet Explorer browser. There are numerous vulnerabilities already identified that are not going to be fixed in the older, Windows XP compatible versions.Comodo provides Firefox and Chromium based browsers that add security and privacy protection not found in other browsers. They have:Security enhancements that surpass those in Firefox and Chromium‘s technology.
Domain Validation technology that identifies and segregates superior SSL certificates from inferior ones
Privacy protection that stops cookies and other Web spies and prevents all Browser download tracking to ensure your privacy.
- Use a firewall. Many users think antivirus is enough to clean malware, but a firewall will detect and prevent intrusions in the first place.
- Use an antivirus that is committed to supporting Windows XP users. It just so happens that Comodo Internet Security is, and includes a firewall that can be installed with the suite or separately. Comodo Internet Security is a particularly appropriate choice. Its “Default Deny” architecture, that sandbox all programs that cannot be verified as safe, is the best protection against the type of “zero-day” threats that are growing for Windows XP
IOTW: Despite Patch, Zerologon Attack Still A Big Deal
A known Windows vulnerability is detected alive and well thanks to one man’s honeypot experiment.
Security vulnerability CVE-2020-1472, which was discovered and patched earlier this year, is still running rampant. Dubbed Zerologon, it is unique in its simplicity. It works by exploiting a Netlogon weakness. Netlogon is the always-on Windows service that enables end users to log into a network. The scripted hack runs incredibly quickly, searching for unpatched Active Directory systems and exploiting a weakness by adding the number zero in certain Netlogon authentication fields.
On October 16, a month after Microsoft released its first patch, independent researcher Kevin Beaumont drew the hack out by utilizing a honeypot he maintains to detect threats. Honeypots work by intentionally setting up vulnerabilities in order to bait and identify cyber security threats. Using an unpatched lure server, Beaumont discovered that hackers were able to backdoor the server by changing an admin password. From there, hackers have access to domain controllers that administrators use to create and manage accounts across an organization. The hacker can then impersonate any computer connected to the affected network, disable Netlogon security features, and change a network computer’s password.
The attack can only happen once inside a network. However, several noteworthy footholds include firewall and VPN vulnerabilities as well as third-party access through known issues with Citrix, Juniper, and Pulse Secure. Insider threats and phishing schemes can also leverage Zerologon in order to quickly infect an entire enterprise network. Once inside, hackers can deploy ransomware, steal data, commit espionage and other nefarious deeds.
Microsoft released the first patch in August 2020, but it wasn’t without its issues. It involved modifying billions of devices connected to corporate networks which temporarily paused enterprise operations. The temporary fix simply forces Netlogon security features on so the Zerologon attack can’t turn them off to sneak inside.
A more robust patch is scheduled to release in February of 2021. However, Microsoft predicts the new patch will permanently disable standing authentication procedures on some devices.
Related: Patchwork Of Privilege
The Cybersecurity and Infrastructure Security Agency (CISA) warned that Zerologon targets include government networks, potentially affecting election related networks. Their statement released on October 16 reads in part, “Although it does not appear these targets are being selected because of their proximity to elections information, there may be some risk to elections information housed on government networks.
CISA is aware of some instances where this activity resulted in unauthorized access to elections support systems; however, CISA has no evidence to date that integrity of elections data has been compromised.”
In theory, threats like Zerologon should never pose much of a problem. After the initial discovery, a patch is made and released as a Windows update. Once the update is installed, the network is secure.
In practice, however, updates don’t always happen with any sort of urgency. Especially in the case of the Zerologon patch, its time-consuming nature may prompt careless employees to bypass updates in order to keep their system up and running. Certain organizations may decide that the downtime involved in their 24/7 operation is too costly for a fix that may never threaten them in the first place. Some networks are running on servers that will no longer be supported as of November 2020, meaning that, although they will have received the first patch, the second patch won’t automatically install.
These are simple fixes for a holistic IT team and a solid cyber security framework—for enterprises that have one. Additional mitigation measures include:
- Applying the Microsoft patch ASAP
- Using a relevant script or third-party cyber security team to ensure that all domain controllers are patched.
- Monitoring for Group Policy Object (GPO) changes.
- Enacting a least privilege access policy to minimize internal threats
Read More: Incident Of The Week
Business Enablement By Way Of The BISO
Become a Member today!
PLEASE ENTER YOUR EMAIL TO JOIN FOR FREE
Already an IQPC Community Member?
Sign in Here or Forgot Password
Sign up now and get FREE access to our extensive library of reports, infographics, whitepapers, webinars and online events from the world’s foremost thought leaders.
We respect your privacy, by clicking ‘Subscribe’ you will receive our e-newsletter, including information on Podcasts, Webinars, event discounts, online learning opportunities and agree to our User Agreement. You have the right to object. For further information on how we process and monitor your personal data click here. You can unsubscribe at any time.
Top 10 Big Data trends of 2020
During the last few decades, Big Data has become an insightful idea in all the significant technical terms. Additionally, the accessibility of wireless connections and different advances have facilitated the analysis of large data sets. Organizations and huge companies are picking up strength consistently by improving their data analytics and platforms.
2019 was a major year over the big data landscape. In the wake of beginning the year with the Cloudera and Hortonworks merger, we’ve seen huge upticks in Big Data use across the world, with organizations running to embrace the significance of data operations and orchestration to their business success. The big data industry is presently worth $189 Billion, an expansion of $20 Billion more than 2018, and is set to proceed with its rapid growth and reach $247 Billion by 2022.
It’s the ideal opportunity for us to look at Big Data trends for 2020.
Chief Data Officers (CDOs) will be the Center of Attraction
The positions of Data Scientists and Chief Data Officers (CDOs) are modestly new, anyway, the prerequisite for these experts on the work is currently high. As the volume of data continues developing, the requirement for data professionals additionally arrives at a specific limit of business requirements.
CDO is a C-level authority at risk for data availability, integrity, and security in a company. As more businessmen comprehend the noteworthiness of this job, enlisting a CDO is transforming into the norm. The prerequisite for these experts will stay to be in big data trends for quite a long time.
Investment in Big Data Analytics
Analytics gives an upper hand to organizations. Gartner is foreseeing that organizations that aren’t putting intensely in analytics by the end of 2020 may not be ready to go in 2021. (It is expected that private ventures, for example, self-employed handymen, gardeners, and many artists, are excluded from this forecast.)
The real-time speech analytics market has seen its previously sustained adoption cycle beginning in 2019. The idea of customer journey analytics is anticipated to grow consistently, with the objective of improving enterprise productivity and the client experience. Real-time speech analytics and customer journey analytics will increase its popularity in 2020.
Multi-cloud and Hybrid are Setting Deep Roots
As cloud-based advances keep on developing, organizations are progressively liable to want a spot in the cloud. Notwithstanding, the process of moving your data integration and preparation from an on-premises solution to the cloud is more confounded and tedious than most care to concede. Additionally, to relocate huge amounts of existing data, organizations should match up to their data sources and platforms for a little while to months before the shift is complete.
In 2020, we hope to see later adopters arrive at a conclusion of having multi-cloud deployment, bringing the hybrid and multi-cloud philosophy to the front line of data ecosystem strategies.
Actionable Data will Grow
Another development concerning big data trends 2020 recognized to be actionable data for faster processing. This data indicates the missing connection between business prepositions and big data. As it was referred before, big data in itself is futile without assessment since it is unreasonably stunning, multi-organized, and voluminous. As opposed to big data patterns, ordinarily relying upon Hadoop and NoSQL databases to look at data in the clump mode, speedy data mulls over planning continuous streams.
Because of this data stream handling, data can be separated immediately, within a brief period in only a single millisecond. This conveys more value to companies that can make business decisions and start processes all the more immediately when data is cleaned up.
Continuous Intelligence is a framework that has integrated real-time analytics with business operations. It measures recorded and current data to give decision-making automation or decision-making support. Continuous intelligence uses several technologies such as optimization, business rule management, event stream processing, augmented analytics, and machine learning. It suggests activities dependent on both historical and real-time data.
Gartner predicts more than 50% of new business systems will utilize continuous intelligence by 2022. This move has begun, and numerous companies will fuse continuous intelligence during 2020 to pick up or keep up a serious edge.
Machine Learning will Continue to be in Focus
Being a significant innovation in big data trends 2020, machine learning (ML) is another development expected to affect our future fundamentally. ML is a rapidly developing advancement that used to expand regular activities and business processes
ML projects have gotten the most investments in 2019, stood out from all other AI systems joined. Automated ML tools help in making pieces of knowledge that would be difficult to separate by various methods, even by expert analysts. This big data innovation stack gives faster results and lifts both general productivity and response times.
Abandon Hadoop for Spark and Databricks
Since showing up in the market, Hadoop has been criticized by numerous individuals in the network for its multifaceted nature. Spark and managed Spark solutions like Databricks are the “new and glossy” player and have accordingly been picking up a foothold as data science workers consider them to be as an answer to all that they disdain about Hadoop.
However, running a Spark or Databricks work in data science sandbox and then promoting it into full production will keep on facing challenges. Data engineers will keep on requiring more fit and finish for Spark with regards to enterprise-class data operations and orchestration. Most importantly there are a ton of options to consider between the two platforms, and companies will benefit themselves from that decision for favored abilities and economic worth.
In-memory computing has the additional advantage of helping business clients (counting banks, retailers, and utilities) to identify patterns rapidly and break down huge amounts of data without any problem. The dropping of costs for memory is a major factor in the growing enthusiasm for in-memory computing innovation.
In-memory innovation is utilized to perform complex data analyses in real time. It permits its clients to work with huge data sets with a lot more prominent agility. In 2020, in-memory computing will pick up fame because of the decreases in expenses of memory.
IoT and Big Data
There are such enormous numbers of advancements that expect to change the current business situations in 2020. It is hard to be aware of all that, however, IoT and digital gadgets are required to get a balance in big data trends 2020.
The function of IoT in healthcare can be seen today, likewise, the innovation joining with gig data is pushing companies to get better outcomes. It is expected that 42% of companies that have IoT solutions in progress or IoT creation in progress are expecting to use digitized portables within the following three years.
Digital Transformation Will Be a Key Component
Digital transformation goes together with the Internet of Things (IoT), artificial intelligence (AI), machine learning and big data. With IoT connected devices expected to arrive at a stunning 75 billion devices in 2025 from 26.7 billion presently, it’s easy to see where that big data is originating from. Digital transformation as IoT, IaaS, AI and machine learning is taking care of big data and pushing it to regions inconceivable in mankind’s history.
Consumer Interest in IoT Devices Varies Among Gender, Need
IOTW: Despite Patch, Zerologon Attack Still A Big Deal
Horror-Comedy Hello Puppets! Continues Performance on Steam
Global Electrical SCADA Market Report 2020: Developments in IoT Technology and Cloud Computing has Increased Growth
Global $855 Billion Bio-Refinery Product Market to 2026 with Neste Oil, Renewable Energy, Pacific Ethanol, UOP, Abengoa Bioenergy, and Valero Energy Dominating
U.S. Chemical Production Expanded In September
$9.8 Billion Worldwide Thermal Spray Coatings Industry to 2027 – Impact of COVID-19 on the Market
Valisure Expands Testing Capabilities With The Addition Of Elemental Analysis
Somnium Space’s Next Updates to Add Buildable Worlds, Web Access & More
Beyond Limits and The Carnrite Group Create Alliance to Drive AI Innovation in Oil & Gas, Utilities, Power and Industrial Sectors.
BIG, OG, fnatic round out Flashpoint 2 team list
Earn $10,249 a Year in FREE “Crypto Income”
Ball Corporation and Kroenke Sports & Entertainment Announce Global Partnership to Advance Sustainability in Sports and Entertainment Through Aluminum Beverage Packaging, Improved Recycling Programs and Consumer Education
St. James Gold Announces Private Placement
Worldwide Water and Wastewater Treatment Equipment Industry to 2027 – Featuring SUEZ, Ecolab & DuPont Among Others
Automotive Refinish Coatings Market Size Worth USD 11.69 Billion by 2027 | CAGR of 3.7%: Emergen Research
Captain Toonhead vs the Punks from Outer Space Unleashes FPS Tower Defense in 2021
Vitality take down BIG to set up clash against Astralis in DH Open Fall
Dorian LPG Ltd Provides Update for the Second Quarter 2021 and Announces Second Quarter 2021 Earnings and Conference Call Date
SK Innovation Declares Ambition to ‘Lead the Efforts for Battery Safety, Charging Speed and Driving Range’ at InterBattery 2020
Canada Nickel Makes Third New Discovery at Crawford Nickel-Cobalt Sulphide Project
AEP Reports Strong Third-Quarter 2020 Earnings
Eyeing EU Banks, Hex Trust Teams With SIA on Crypto Custody
Collider Labs Raises $1M to Invest in Blockchain Startups
Voyager Agrees to Buy LGO Markets and Merge 2 Firms’ Tokens
Business Enablement By Way Of The BISO
Turing Pi 2 – compact edge clusters with 32 GB RAM and new Raspberry…
The Top eCommerce Companies in October, According to eCommerce…
Footwear Manufacturer Otabo Steps Up Digital Strategy with Centric…
Cloud Sales Veterans Release Essential Read for B2B Salespeople
LaserShip Announces Its Time Of Need Philanthropic Program
Gen.G in talks with Liazz – Report
cogu joins MIBR as manager and coach
Strategic Resources Files Mustavaara Technical Report
Ur-Energy Announces Extension of State Bond Loan and Provides Update
Pettit Marine Paint Develops the Most Effective Anti-fouling Paint to Hit the Market in Many Years – ODYSSEY® TRITON
Core Lab Reports Third Quarter 2020 Results From Continuing Operations:
Pelosi, Kudlow Signal Market-Moving US Stimulus May Wait Till After Election: Report
A Difference-Making Disinfectant
Market Wrap: PayPal Powers Bitcoin Past $12.8K as Ether Dominance Drops
Techcrunch6 days ago
Original Content podcast: It’s hard to resist the silliness of ‘Emily in Paris’
Gaming1 week ago
‘Call of Duty: Mobile’ Season 11 Anniversary Update Is Out Now with a New Battle Pass Coming Soon, New Maps, XP Card Changes, and a Lot More
Startups6 days ago
Three views on the future of media startups
Startups6 days ago
Solve the ‘dead equity’ problem with a longer founder vesting schedule
Startups6 days ago
Pear hosted its invite-only demo day online this year; here’s what you might have missed
AI7 days ago
How AI Revolutionize the Way Video Games Developed and Played
AR/VR1 week ago
Review: Oculus Quest 2
Startups6 days ago
VCs reload ahead of the election as unicorns power ahead