Kategorie

You can’t open your eyes these days without seeing something about generative AI and all the reasons it’s, like, totally gonna revolutionize the way you work.

And yet, call me surly, but most of the AI tools out there at this point seem far less impressive in practice than they do on paper. By and large, it’s the same sort of subpar stuff squeezed into slightly different places, with little in the way of concern around quality or reliability.

Yes, we get it: We can now summon answers of questionable accuracy, generate text of questionable quality and originality, and create images of — well, questionable quality and originality. Do we really need those functions in every possible surface?

Beneath all the hype, though, the generative AI systems at the heart of this movement genuinely do have some practical value. You’ve just gotta dig to get past the underwhelming also-rans and uncover the truly thoughtful, carefully conceived places where the technology is being put to good use.

But hey, you don’t have to get your hands dirty. I’ve had my metaphorical shovel out for months now as I’ve sifted through the rubble to find the buried diamonds — the standout AI-infused apps that actually enhance your workday productivity and add meaningful value into your life.

Here are eight such treasures you probably haven’t heard of that are well worth your while to try.

Part I: Documents and presentations 1. ChatPDF

The next time someone sends you a sprawling document that looks about as interesting to read as a tax return, remember the website ChatPDF.

ChatPDF — which notably is a strictly web-based tool and not the same as any mobile apps that share its moniker — does exactly what its name suggests: It lets you upload any PDF or even DOC/DOCX file and then ask questions about the file to get quick ‘n’ simple information.

You can ask for a simple summary, or you can dive into super-specific questions about the material within. You can even upload multiple documents together and then ask questions that pertain to all of them at the same time. However you go about it, it’s a fast and easy way to get the info you need without having to read pages upon pages of monotonous material.

ChatPDF makes it easy to get info from a long document without having to read it in its entirety.

class="close-button" data-wp-on--click="actions.core.image.hideLightbox">

ChatPDF makes it easy to get info from a long document without having to read it in its entirety.

JR Raphael / IDG

ChatPDF makes it easy to get info from a long document without having to read it in its entirety.

JR Raphael / IDG

aria-hidden="true">

JR Raphael / IDG

ChatPDF claims to be able to summarize documents in any language and chat in any language worldwide. The service is free for up to two documents a day, with each being as much as 120 pages and up to 10MB in size — a generous limit that’ll probably be plenty for most casual purposes. If you do need more than that, the service offers a premium plan that gives you unlimited uploads with up to 2,000 pages and 32MB per document for $140 a year.

ChatPDF promises that all data is stored securely, easy to delete upon request, and never shared in any way with anyone — but even so, it might be wise to avoid uploading any especially sensitive company-related documents and to use the service only for more casual, non-confidential-material-involving purposes. Better safe than sorry, right?

2. Beautiful.ai

When it comes to professional presentation creation, it simply doesn’t get any better than Beautiful.ai.

Beautiful.ai takes the typically painful process of building a presentation and makes it not only easy but also almost enjoyable. The web-based app relies on artificial intelligence to help you format and design slides and make ’em look polished and professional without any real effort — and with any specific parameters or company brand guidelines you have in mind.

You can claim as much control over the look of your slides as you want, but the best part of Beautiful.ai is how it just intelligently adapts the design for you as you go and makes it look good, no matter what you might be doing. It’s “design AI,” in a sense, and it’s shockingly impressive.

Beautiful.ai does also offer some more typical generative AI elements. You can ask the service to create a specific type of presentation for you, and it’ll not only format and design the thing but also pull in publicly available data and do all the heavy lifting. And while the result likely won’t be exactly what you need (and will require thorough fact-checking along with a fair amount of rewriting), its initial output could eliminate a lot of legwork and give you a time-saving head start for refining.

Beautiful.ai created this entire collection of slides in about five seconds, with a prompt to build a presentation about workplace transformation and the future of work.

class="close-button" data-wp-on--click="actions.core.image.hideLightbox">

Beautiful.ai created this entire collection of slides in about five seconds, with a prompt to build a presentation about workplace transformation and the future of work.

JR Raphael / IDG

Beautiful.ai created this entire collection of slides in about five seconds, with a prompt to build a presentation about workplace transformation and the future of work.

JR Raphael / IDG

aria-hidden="true">

JR Raphael / IDG

All in all, it’s a recipe that changes the way you think about presentations and will absolutely spoil you for all other such software.

Beautiful.ai costs $144 a year for individuals or $480 per user per year on a collaborative team plan. It also has a $45-per-project a la carte option.

Part II: Email 3. Superhuman

If there’s one AI-oriented tool that’s really struck a chord with me, personally, it’s the newly launched Ask AI feature within the Superhuman email app. No exaggeration: My jaw literally dropped the first few times I tried it and saw what it was capable of accomplishing and how much of a difference it’d make in my own email-centric workflow.

Superhuman, if you aren’t aware, is a cross-platform app that gives you a highly optimized, efficiency-oriented interface for interacting with your email. It’s designed for people who spend tons of time in their inboxes and wade through oceans of email every day.

And its Ask AI feature fits brilliantly within that framing. While using any of the service’s desktop apps — the native Windows or Mac programs or the web-based browser version — you can simply hit the question mark key from anywhere to pull up the new Ask AI prompt.

From there, you can type out any plain-English question or command related to anything in your email. And while you could just use that as a simpler way to search and find specific messages, the real power comes from asking for actual information contained within an email or even a series of emails. It’s a massive time-saver that makes regular ol’ searching seem almost antiquated in comparison.

For example, you might ask:

• When’s my next flight?
• Where’s my Airbnb in San Francisco?
• What did Val tell me about my last feature story idea?
• How much is my last accountant invoice?
• What’s the link for the new Computerworld WordPress site?
• Summarize all the emails from Nvidia this month
• Find some positive feedback about my Android Intelligence newsletter

These are all actual examples I’ve tried in my own inbox. And the results have consistently been fast, accurate, and helpful — noticeably more so than with Google’s own occasionally available Gemini-in-Gmail equivalent.

Superhuman’s new Ask AI feature makes it easy to find specific answers and info from anywhere in your inbox.

class="close-button" data-wp-on--click="actions.core.image.hideLightbox">

Superhuman’s new Ask AI feature makes it easy to find specific answers and info from anywhere in your inbox.

JR Raphael / IDG

Superhuman’s new Ask AI feature makes it easy to find specific answers and info from anywhere in your inbox.

JR Raphael / IDG

aria-hidden="true">

JR Raphael / IDG

The Ask AI feature is included as a part of all Superhuman subscriptions, which run $30 a month or $25 a month paid annually. The feature is in the midst of rolling out to all users on the desktop front now and is expected to expand to the service’s mobile apps sometime this summer.

Part III: Calendar 4. Dola

For all the productivity progress tech has brought us in recent years, one simple-seeming task that remains vexingly cumbersome is interacting with your calendar.

Dola does wonders for making that chore easy. In short, it’s an AI chatbot that integrates with your choice of four standard messaging platforms — WhatsApp, Telegram, Line, and Apple Messages (a.k.a. iMessage) — and then connects directly to Google Calendar, Apple Calendar, or any other calendar that supports the CalDAV protocol. (Microsoft Outlook, unfortunately, doesn’t make this easy, though you can use a third-party plugin like the favorably reviewed Caldavsynchronizer to bridge the gap.)

If you aren’t already using one of those messaging services, you can simply fire up a free account explicitly for this purpose. That’s what I did, with Telegram.

Then, once you add Dola into the service and connect it to your calendar, you can send Dola messages right within the regular chat app to accomplish everything from creating new events to canceling or moving existing appointments and also asking conversational questions about anything on your agenda.

Dola lets you interact with your calendar via simple commands in messaging apps you’re already using.

JR Raphael / IDG

Dola can also generate all sorts of information for you and add it into your calendar events — things like lists of popular lunch spots in a specific area or even ideas for company slogans.

Dola is free to use for now, during the service’s early access phase. Its founders say there’ll eventually be some manner of paid, premium option.

Part IV: Notes and transcriptions 5. Fathom

I think we can all agree that Zoom meetings — along with Google Meet meetings, Microsoft Teams meetings, and all other kinds of virtual meetings — are objectively the worst.

And while AI can’t (yet) keep you from having to sit through those virtual torture sessions, an app called Fathom can make ’em much more tolerable.

Fathom runs quietly in the background on your computer and then automatically records, transcribes, and summarizes all of your video calls. You can search through or share its summaries and even sync ’em directly into other productivity tools such as Slack or Asana if you want.

But even if you just stick with the basics, the app lets you relax and stop worrying about taking notes or missing something important — because you know it’s listening along with you and jotting down every last word along with a simple summary of the high points.

Using Fathom is like having a super-focused personal assistant in all of your virtual meetings.

JR Raphael / IDG

Fathom requires a Windows or Mac computer for its local software, and it currently supports English, French, Spanish, Italian, Dutch, Portuguese, and German. You can either activate its recording manually in each meeting or opt to connect it to your Google or Microsoft calendar and allow it to automatically record any Zoom, Meet, or Teams call on your agenda.

Data is encrypted in transit and at rest, and Fathom says it does not train AI models on customer data. (See more details about the company’s security and compliance practices in its Trust Center.)

Best of all? The service is completely free to use for those core features, with absolutely no limitations around the number or length of calls it’ll record and then store. The company makes its money by selling an optional premium subscription that adds in features like advanced AI summaries, AI-generated action items and follow-up emails, systems for team management, and integrations with HubSpot, Salesforce, Close, and Zapier.

6. Whisper Web

Transcribing a video call is fine and dandy — but what about when you want to turn a regular phone call, an in-person meeting, or an already-recorded conversation into text for simple searching and future referencing?

An open-source web app called Whisper Web is the answer. Whisper Web relies on OpenAI’s Whisper AI system to offer on-demand, real-time transcription right in your browser. It actually downloads the associated generative AI model and runs it right on your own device, which means your data never leaves that computer, phone, or tablet or gets sent to a remote server for processing.

Whisper Web works swiftly and efficiently right on your own device — and right inside your browser.

JR Raphael / IDG

Whisper Web can record audio live from your microphone or import audio from an existing file you already have ready. Its creators say it’s trained on multilingual data and able to support on-the-fly translation from other languages into English, too. And it’s completely free to use, without the need for any accounts or sign-ins.

7. Summarize.tech

When you’ve got YouTube on your to-do list and you have neither the time nor the patience to sit and watch an entire work-related video — say, a presentation of some sort, a marathon company keynote, or maybe a boring-as-can-be board meeting — a splendid site called Summarize.tech will make your life instantly easier.

Summarize.tech takes any YouTube link you feed it and generates an on-demand transcript of the entire clip in seconds. It breaks the video down into broadly summarized sections and lets you click on any section to expand it and dive into deeper, more specific summaries within. It can even take videos in other languages, including Spanish and French, and translate and then summarize them in English for you.

You can save yourself tons of time by letting Summarize.tech summarize and transcribe lengthy videos for you.

class="close-button" data-wp-on--click="actions.core.image.hideLightbox">

You can save yourself tons of time by letting Summarize.tech summarize and transcribe lengthy videos for you.

JR Raphael / IDG

You can save yourself tons of time by letting Summarize.tech summarize and transcribe lengthy videos for you.

JR Raphael / IDG

aria-hidden="true">

JR Raphael / IDG

Summarize.tech is free for “a few” videos per day. For anything more than that, the service offers a $10-a-month premium plan that raises the limit to 200 videos a month.

8. AudioPen

Last but not least, if you take lots of notes on the go, an AI-infused app called AudioPen is a tough tool to beat.

AudioPen is kind of like a dumping ground for any and all of your passing thoughts. Whenever something occurs to you — an idea for a client proposal, a potential project for your company’s upcoming quarter, or anything else imaginable — you just hit the record button within the service and yammer away.

AudioPen stores a complete audio recording of your ramblings and also cooks up near-instant plain-text summaries of everything you say, automatically editing out filler words and repetition. Each individual recording then becomes a note in your virtual notebook. You can search through the text, translate it into another language, and interact with it in all sorts of potentially useful ways from there.

srcset="https://b2b-contenthub.com/wp-content/uploads/2024/06/ai-productivity-apps-audiopen.jpg?quality=50&strip=all 782w, https://b2b-contenthub.com/wp-content/uploads/2024/06/ai-productivity-apps-audiopen.jpg?resize=257%2C300&quality=50&strip=all 257w, https://b2b-contenthub.com/wp-content/uploads/2024/06/ai-productivity-apps-audiopen.jpg?resize=768%2C898&quality=50&strip=all 768w, https://b2b-contenthub.com/wp-content/uploads/2024/06/ai-productivity-apps-audiopen.jpg?resize=596%2C697&quality=50&strip=all 596w, https://b2b-contenthub.com/wp-content/uploads/2024/06/ai-productivity-apps-audiopen.jpg?resize=144%2C168&quality=50&strip=all 144w, https://b2b-contenthub.com/wp-content/uploads/2024/06/ai-productivity-apps-audiopen.jpg?resize=72%2C84&quality=50&strip=all 72w, https://b2b-contenthub.com/wp-content/uploads/2024/06/ai-productivity-apps-audiopen.jpg?resize=411%2C480&quality=50&strip=all 411w, https://b2b-contenthub.com/wp-content/uploads/2024/06/ai-productivity-apps-audiopen.jpg?resize=308%2C360&quality=50&strip=all 308w, https://b2b-contenthub.com/wp-content/uploads/2024/06/ai-productivity-apps-audiopen.jpg?resize=214%2C250&quality=50&strip=all 214w" width="782" height="914" sizes="(max-width: 782px) 100vw, 782px">

AudioPen transforms any manner of rambling into concise, organized notes for ongoing reference.

JR Raphael / IDG

Like many of the other tools in this collection, AudioPen is completely web-based — which means it works on any device, be it a phone, tablet, or computer, and it doesn’t require any downloads or installations. You can, however, opt to install it as a progressive web app if you want a more native-feeling app-like experience.

AudioPen is free for recordings up to three minutes in length and with up to 10 stored notes at a time. An optional $99-a-year (or $159-for-two-years) premium plan eliminates those limitations and adds in a slew of extra features, including customizable styles for your summaries, summaries across multiple notes, and a simple system for sharing any notes you want to make public.

We’ll leave it to future retrospectives to show us if it turns out be a good or a bad thing, but artificial intelligence will change everything, so of course Apple is building a business around it. That shouldn’t surprise anyone.

Having likely spent billions on Private Cloud Compute, which Apple calls “the most advanced security architecture ever deployed for cloud AI compute at scale,” the company will — and does — want to recoup its investment.

But that investment may yet become the foundation of an Apple AI enterprise.

Putting the $ in AI

As I see it, while Apple has traditionally played its biggest role as a consumer-facing firm, there is a chance to think different when it comes to provisioning AI services.

Private Cloud Compute means Apple can offer generative AI tools to Apple Intelligence users, but it also gives the company a foundation from which to develop an enterprise-focused AI provisioning business.

Think AWS for private, secure, and sovereign cloud-based AI services. 

There is a need for these. Many enterprises want to do more with AI but are unable to do so due to concerns around data security and national boundaries. This is particularly true in regulated industries, where “Trusted Cloud” is a fast-rising buzzword.

Apple doesn’t need to change too much to give them what they need. It doesn’t need to go head-to-head on enterprise AI cloud services; it can simply dance to its usual tune. That’s a jive in which, once Apple has put enough of its newly announced Private Cloud Compute servers in place, it offers fee-based access to those servers to third parties who want to host their own cloud-based services.

The private cloud for the rest of us?

Privacy-conscious Apple developers will want to do this, as will security-minded enterprises running Macs, iPads, and iPhones. That fee will let them offer highly secure private AI, either for internal business or for consumer-focused plays. Of course, consumers will also be able to use these services, and there may be a fee for that.

There is, after all, likely to be a lot of money to be made in offering highly secure, private, sovereign cloud-based infrastructure for AI.

In the future, Apple will want to build on its investment in Apple Intelligence with the introduction of specific AI tools it thinks people will be prepared to pay for. I don’t think those fee-based services will be among the first tranche of Apple Intelligence tools. 

At first it makes sense to offer these services for no additional cost. It may even make sense in the longer term, given the probable spike in hardware sales Apple will enjoy as the AI PC/phone craze translates into Apple device sales — even as app sales decline to make way for AI agents.

Likely, plausible, possible

The most likely way Apple will recoup in the longer term is through offering some of its genAI models as services via iCloud, most likely within iCloud+, but also conceivably on a pay-per-use tariff.

It can also deliver services to Apple’s developer community that will enable them to offer trusted cloud-based AI experiences to iPhone, Mac, and iPad users.

But not every developer is consumer focused, which gives Apple the chance to provide support for proprietary enterprise-specific genAI apps. Given the fast pace at which enterprise users are adopting Apple products, that service may be a big win for the company, consolidating and extending upon its existing gains in enterprise tech.

The more you look at it, the clearer it becomes that Apple has lots of ways to benefit from the AI investments it is already putting into place. These opportunities are great, so it makes no sense at all for the company to ignore them.

All that said, in the EU, at least, Apple will need to convince the regulators that enabling an ecosystem for trusted cloud AI is a necessity, and while the nature and manner in which business is transacted in that space may need to be tweaked, there is real value (and real cost) in creating such an environment — particularly as the looming impact of genAI and quantum computing raises additional threats and opportunities in the computational world.

Please follow me on Mastodon, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.

Juniper Networks has released out-of-band security updates to address a critical security flaw that could lead to an authentication bypass in some of its routers. The vulnerability, tracked as CVE-2024-2973, carries a CVSS score of 10.0, indicating maximum severity. “An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or Conductor

Juniper Networks has released out-of-band security updates to address a critical security flaw that could lead to an authentication bypass in some of its routers. The vulnerability, tracked as CVE-2024-2973, carries a CVSS score of 10.0, indicating maximum severity. “An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or Conductor Newsroomhttp://www.blogger.com/profile/[email protected]

Google has announced that it's going to start blocking websites that use certificates from Entrust starting around November 1, 2024, in its Chrome browser, citing compliance failures and the certificate authority's inability to address security issues in a timely manner. "Over the past several years, publicly disclosed incident reports highlighted a pattern of concerning behaviors by Entrust

Google has announced that it's going to start blocking websites that use certificates from Entrust starting around November 1, 2024, in its Chrome browser, citing compliance failures and the certificate authority's inability to address security issues in a timely manner. "Over the past several years, publicly disclosed incident reports highlighted a pattern of concerning behaviors by Entrust Newsroomhttp://www.blogger.com/profile/[email protected]

Linux proxy servers are essential for individuals and organizations looking to enhance their online privacy, data, network security, and browsing experience. In this comprehensive article, we will explore the concept of proxy servers, discuss the advantages of using a Linux proxy server, dive into the risks associated with their usage, highlight Squid as an efficient and user-friendly Linux proxy server, and provide step-by-step instructions on how to set up the HTTP Linux proxy.

The US government reported the OPM Breach, one of the country's greatest hacks, in 2015. Over 22 million past and present employees' personnel records were compromised by hackers believed to be based in China. According to experts, the consequences of such a large-scale breach may persist for almost 40 years.

Small and medium-sized businesses (SMBs) are increasingly targeted by cybercriminals. Despite adopting digital technology for remote work, production, and sales, SMBs often lack robust cybersecurity measures.

SMBs face significant cybersecurity challenges due to limited resources and expertise. The cost of data breaches can cripple operations, making preventive measures essential. This is a growing tendency that continues to pose a challenge for businesses. For example, the UK’s National Cyber Security Centre reports that around 50% of SMBs in the UK are likely to experience a cybersecurity breach annually. Addressing cybersecurity requires a multifaceted approach, combining technological solutions with fostering a security-aware culture within the organization.

A rising tide of cyberthreats

Kaspersky presents the findings of its 2024 threat analysis for the SMB space, including real-world examples of attacks.

To get information on the threats facing the SMB sector, Kaspersky analysts cross-referenced selected applications used in the SMB space against Kaspersky Security Network (KSN) telemetry to determine the prevalence of malicious files and unwanted software targeting these programs, as well as the number of users attacked by these files. KSN is a system for processing anonymized cyberthreat-related data shared voluntarily by opted-in Kaspersky users. We included the following programs in our research:

• Microsoft Excel;
• Microsoft Outlook;
• Microsoft PowerPoint;
• Salesforce;
• Microsoft Word;
• Microsoft Teams;
• QuickBooks;
• Microsoft Exchange;
• Skype for business;
• ClickUp;
• Hootsuite;
• ZenDesk.

Percentage of unique files with names that mimic the top 9 legitimate applications, 2023 and 2024 (download)

Percentage of unique users targeted through the top 9 investigated applications, January 1 – April 30, 2024 (download)

As the graphs above show, for the period from January 1, 2024 to April 30, 2024, the total number of users who encountered malware and unwanted software hiding in or mimicking investigated software products for SMBs was 2,402, with 4,110 unique files distributed under the guise of SMB-related software. It shows an 8% increase as compared to the 2023 findings, which points at an ongoing rise of attacker activity.

The most notable development of unique files with names that mimic legitimate software used to deliver an attack saw Microsoft Excel move up the threat list from fourth to first place between 2023 and 2024. Microsoft Excel has been leveraged by cybercriminals for many years.

Top threat types that affected the SMB sector, 2023 vs 2024 (download)

The data finds that the overall number of infections in the SMB sector from January 1, 2024 to April 30, 2024, rose to 138,046 against 131,219 in the same period in 2023 – an increase of over 5%.

Trojan attacks remain the most common cyberthreat, which indicates that attackers continue to target SMBs and favor malware over unwanted software. Trojans are particularly dangerous because they mimic legitimate software, which makes them harder to detect and prevent. Their versatility and ability to bypass traditional security measures make them a prevalent and effective tool for cyberattackers. However, the biggest change year-on-year stems from DangerousObject attacks. This is malicious software detected by Kaspersky Cloud Technologies. DangerousObject-class verdicts are a collective of various previously undetected samples. The broad and unspecific nature of this category underscores the complexity and evolving nature of cyberthreats, making it a significant concern for cybersecurity efforts.

Phishing

Employee negligence remains a significant vulnerability for SMBs. Human error, often stemming from a lack of cybersecurity awareness, can lead to severe security breaches. Falling for phishing schemes can have catastrophic consequences for businesses.

Phishing attacks are distributed via various channels, including spoofed emails and social media, to fool users into divulging login details or other sensitive data. Attacks like these can be targeted at SMBs, which poses a threat for growing loyalty and securing infrastructures. Our research provides a deeper look at the current climate with a breakdown of examples.

Phishing websites can imitate popular services, corporate portals, online banking platforms, etc. Targets are encouraged to sign in, whereby they inadvertently divulge usernames and passwords to the cybercriminals, or trigger other automated cyberattacks. Or both.

Below is a spoofed site that replicates the login page of a legitimate delivery service that employees use on a regular basis. Harvesting login credentials enables cybercriminals to redirect orders and/or immediately cancel services, and have money refunded and redirected to a new account. A scheme like this can easily go unnoticed over a long period of time without appropriate enterprise cybersecurity mechanisms in place.

In the following example, attackers have spoofed the customer login page of a company that specializes in small business insurance. Armed with this information, the cybercriminals gained access to clients’ accounts, leading to further infiltration and potential theft of sensitive enterprise data.

In recent years, we’ve been observing a trend of spreading web pages that mimic the most commonly used Microsoft services (Microsoft 365, Outlook, OneDrive, etc.). This tendency, aimed at business users, arises from the widely popular business approach of using a software package for all business purposes, which makes its users more dependent on particular applications and services and thus more susceptible to this attack vector.

Email

Email remains one of the most widely used channels for phishing. In the example below, attackers passed themselves off as representatives of a legal entity that needs to sign an agreement with the target organization. The attackers generally use email addresses that are very similar to those used by legitimate companies. Here they used a phishing form that mimics a common enterprise service template.

Social media

Cybercriminals can hack or spoof a business’s social media accounts. Doing this enables them to post harmful content, spread false information, and carry out phishing schemes, damaging the business’s reputation and trustworthiness.

A hack like this can result in a loss of followers and customers, which in turn harms sales and revenue. Furthermore, the attackers could use the compromised account to deceive customers into giving away sensitive information, further eroding trust and potentially exposing the business to legal issues.

Imitating and abusing large social media platforms can not only disrupt business operations and cause financial losses, but also result in data leaks and major security breaches. In some cases, attackers use legitimate Facebook infrastructure to compromise corporate social media accounts. We have also found numerous cases of attackers mimicking genuine social media login pages. The following example is related to TikTok Shop, an e-commerce feature of TikTok allowing businesses to sell their products.

Spam

We have discovered multiple cases of SMB-oriented spam. Spammers target organizations with what seems like an appealing credit deal or a large one-off discount. The scope of available services is usually typical for SMB needs — tailored branding solutions, advertising products, financial support — although generally such companies are considered unreliable. In the example below, spammers offered a client database for research and marketing purposes.

Best practices for asset protection

By investing in end-to-end cybersecurity solutions and promoting vigilance, SMBs can mitigate risks and ensure business continuity. It is no less vital that SMBs educate employees about cyberthreats in addition to implementing robust security measures, such as spam filters, email authentication protocols, and strict verification procedures for financial transactions and sensitive information sharing.

Essential steps toward cyber resilience include recognizing the importance of comprehensive security protocols and periodical updates. Regular security awareness trainings, strong password policies, and multifactor authentication can also help mitigate the risks associated with phishing and scam threats.

Cyberprotection action plan for SMBs

1. Establish a policy governing access to corporate resources, including email accounts, shared folders, and online documents. Maintain strict control over the number of users who can access critical corporate data, ensure this access list is up to date and revoke permissions when an employee leaves the company. Use cloud access security broker software to manage and monitor employee activities within cloud services and enforce security policies.
2. Back up essential data regularly so that corporate information stays safe and can be recovered in case of emergency.
3. Offer transparent guidelines for using external services and resources. Design clear procedures of approval with IT and other responsible roles for specific tasks, such as new software adoption. Include basic cybersecurity rules in succinct staff policies, paying extra attention to safe account and password management, email security, and web browsing. Implement a comprehensive training program to equip employees with the necessary knowledge and practical skills.
4. Deploy specialized cybersecurity solutions that provide visibility over cloud services, such as Kaspersky Next.

1. Mở đầu Bài viết này là phần mô tả sơ lược và bình luận bài báo "Spoiled Onions: Exposing Malicious Tor Exit Relays"[1]. Tor exit relay là nút cuối dùng trong hành trình vận chuyển của các gói tin trọng mạng Tor, gói tin từ đây sẽ đi đến địa chỉ ...

Nhaccuatui vừa nâng cấp trình chơi nhạc trên web của mình có thể hiển thị lời nhạc theo thời gian khá tốt. Bài viết này sẽ trình bày các bước để lấy lời nhạc đó và cung cấp một công cụ để thực hiện trong 1 cú enter ;) (*). Lấy ...

Challenge was getting 0x1000 bytes from socket, and executing it following these rules (all shellcodes and codes are at the end of this writeup): [code] - all general purpose registers are 0 - stack is at 0x42000000 - pc    is at 0x41000000 [/code] All binaries: x86 : polyglot_9d64fa98df6ee55e1a5baf0a170d3367 armel : polyglot_6a3875ce36a55889427542903cd43893 armeb : polyglot_c0e7a26d7ce539efbecc970c154de844 PowerPC: polyglot_5b78585342a3c116aebb5a9b45e88836 Our shellcode ...

Lưu ý: các phân tích trong bài viết này được dựa trên phiên bản Btalk 1.0.6 tải về từ PlayStore. Các vấn đề được nêu trong bài viết này BKAV đã được gửi email thông báo từ trước. (pdah - cb_ - k9) Cơ chế đăng ký và kích hoạt Quá trình xác ...

In previous post, we analyzed and exploited stack based buffer overflow vulnerability in chunked encoding parsing of nginx-1.3.9 - 1.4.0. We mentioned that there was another attack vector which was more practical, more reliable. I talked about this attack vector at SECUINSIDE 2013 in July (btw, a great conference and ...

Challenge itself is very interesting, as we have typical use-after-free problem. It's running on Ubuntu 13.04 with NX + ASLR. When we run challenge it gives us message as : [code] ###################################### #                                    # #   Welcome to the movie talk show   # #                                    # ###################################### 1. movie addition 2. movie deletion 3. my movie list 4. quit : [/code] movie addition is very straight ...

Description: http://war.secuinside.com/files/reader ip : 59.9.131.155 port : 8282 (SSH) account : guest / guest We have obtained a program designed for giving orders to criminals. Our investigators haven't yet analyzed the file format this program reads. Please help us analyze the file format this program uses, find a vulnerability, and take a shell. From the description we can ...

Challenge summary: Binary : http://war.secuinside.com/files/pwnme Source : http://war.secuinside.com/files/pwnme.c =================================== OS : Ubuntu 13.04 with PIE+ASLR+NX md5 of libc-2.17.so : 45be45152ad28841ddabc5c875f8e6e4 IP : 54.214.248.68 PORT : 8181,8282,8383 This is the only exploit challenge comes with source. The bug is simple: buffer overflow with only 16-bytes at pwnme.c:67, just enough to control EIP. The goal is to bypass PIE+ASLR+NX. We ...

Description: IP : 59.9.131.155 port : 18562 (SSH) account :  control  / control porsche binary : http://war.secuinside.com/files/firmware data : http://war.secuinside.com/files/car.bin (To prevent meaningless waste of time on certain analysis, car.bin is open to public.) hint : root@ubuntu:~# uname -a Linux ubuntu 3.8.0-19-generic #29-Ubuntu SMP Wed Apr 17 18:19:42 UTC 2013 i686 i686 i686 GNU/Linux The evil group is running ...

A few days after the release of nginx advisory (CVE-2013-2028), we managed to successfully exploit the vulnerability with a full control over the program flow. However, in order to make it more reliable and useful in real world environment, we still explored several program paths and found some other ...