Kill test with P2060-002 study guide and Exam Braindumps
killexams.com real P2060-002 examination simulator is remarkably encouraging for our own customers for the particular P2060-002 braindumps. Greatly critical questions, recommendations, and definitions are usually featured in P2060-002 exam prep pdf file. The P2060-002 examination provides key focuses.
Exam Code: P2060-002 Practice exam 2022 by Killexams.com team IBM Managed File Transfer Technical Mastery Test v1 IBM Technical testing Killexams : IBM Technical testing - BingNews
Search resultsKillexams : IBM Technical testing - BingNews
https://killexams.com/exam_list/IBMKillexams : How Wimbledon is keeping its eye on the ball with IBM tech
Vish Gain visited Wimbledon to get a sneak peek of how IBM is using data and AI to help the tennis tournament engage with fans in its ‘pursuit of greatness’.
It’s not every day that you get to visit Wimbledon and walk around its hallowed courts during the tournament. An even rarer cohort of individuals gets to visit the underground bunkers where the behind-the-scenes action happens. I was lucky enough to do both last week.
Walking into the premises of the world’s oldest and most prestigious tennis tournament, I wasn’t sure what to expect. I’d watched Wimbledon matches growing up, but witnessing one live was a different ball game altogether, excuse the pun.
But my trip to Wimbledon wasn’t just about watching the action as it happened, but to dig deeper. And by digging deeper, I mean visiting the underground data rooms run by Wimbledon’s technology partner, IBM.
IBM has been a tech partner of Wimbledon since 1990. Since then, the two have been linked inextricably, trying to innovate new ways of engaging Wimbledon’s worldwide audience and using technology to live up to its motto: ‘In pursuit of greatness.’
Data analysis, automation and artificial intelligence are just some of the technologies developed by IBM and its partners that are being deployed to make watching Wimbledon, both in-person and from afar, a more meaningful experience.
“It all starts with the data,” Kevin Farrar, IBM UK sports partnerships lead, told me. “We’ve built this platform of innovation with the club to turn massive amounts of data into engaging and meaningful insights for the fans.”
Farrar works with a team of experts who, in collaboration with other technology partners, collect and process the immense amounts of data generated throughout the tournament.
“We’re collecting the test stats. There’s the direction of serve, how the ball is returned, backhand or forehand, the rally count, how the point is won, if it’s a forced or unforced error,” he whispered to me in a room full of experts wearing headphones watching the matches closely.
This information is collected from thousands of data points, which are then combined with data from other sources, such as Hawk-Eye’s electronic line-calling technology, to produce meaningful insights that are fed into the Wimbledon website and to global broadcasters.
Wimbledon and the IBM Power Index
The fruit of this behind-the-scenes work by IBM is best displayed on Wimbledon’s official website, where live updates on matches are combined with AI-powered match insights to make the sport exciting for those not within the premises.
This year, for example, has seen the introduction of the IBM Power Index, an AI-powered daily ranking of player momentum before and during Wimbledon. Using Watson, IBM’s powerful natural language processing system, the Power Index analyses player performance, media commentary and other factors to quantify momentum.
“A lot of people just watch tennis once a year – they watch Wimbledon. They’ll know the big names, but they won’t necessarily know the upcoming players. The Power Index gives a mechanism for them to sort of identify players that are hot at the moment,” Farrar said.
Users of the Wimbledon website or smartphone app can view the Power Index and click on any player they find interesting and want to keep an eye on. They can track the player’s progress and get personalised updates based on what or who they’re interested in.
“It’s an algorithm that takes both structured data and unstructured data,” Farrar explained. “The structured data is the scores and match results. But it’s also looking at the media buzz through trusted data sources, to see what the media is saying about the players.”
The Sherlock-like Watson (although named after early IBM CEO Thomas Watson) is also able to use vast amounts of data and expert input to predict which of the two players in any given match has a higher chance of winning. Fans on the app can weigh in too and see how far they stand from the AI estimate.
Serving the fans
Farrar said the reason IBM is doing all this is to engage with fans interested in both technical details as well as the “drama and beauty of it all” through a visual experience. In the 2021 championships, Wimbledon reached approximately 18m people through its digital platforms.
“Sports fans love debate. So, putting something out there in terms of a prediction that Watson has come up with, they’ll have their own views and their own win factors in their mind. It’s about engaging the fans in that social debate and asking them, ‘Well, what do you think?’”
For Deborah Threadgold, IBM Ireland country manager, the relationship between Wimbledon and IBM is a great example of what the company’s strategy is all around.
“When you look at the data piece, when you look at the automation piece, and the security and how it is all sitting on that platform, and how that’s allowing them to innovate, then that’s exactly what IBM brings to all of our clients,” Threadgold told me.
“So even here in Ireland, whether you’re in the sporting industry, or much more broadly, whether you’re in financial services, public sector, whatever it may be, all of those tools and those mechanisms, you can actually reimagine how that works into your own industry.”
Of the four cornerstone annual tennis tournaments, Wimbledon is by far the most traditional with the richest history. It has been played since 1877 at the All England Lawn Tennis and Croquet Club in London.
“Our challenges here is to get that balance right between the tradition and heritage of the club, and the way they present themselves with technology and innovation,” Farrar said. “The brand is very important to them, and we make sure that that remains the case while still innovating every year.”
10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.
Thu, 07 Jul 2022 12:00:00 -0500entext/htmlhttps://www.siliconrepublic.com/machines/wimbledon-2022-results-ibm-watson-technologyKillexams : Amazon, IBM Move Swiftly on Post-Quantum Cryptographic Algorithms Selected by NIST
A month after the National Institute of Standards and Technology (NIST) revealed the first quantum-safe algorithms, Amazon Web Services (AWS) and IBM have swiftly moved forward. Google was also quick to outline an aggressive implementation plan for its cloud service that it started a decade ago.
It helps that IBM researchers contributed to three of the four algorithms, while AWS had a hand in two. Google contributed to one of the submitted algorithms, SPHINCS+.
A long process that started in 2016 with 69 original candidates ends with the selection of four algorithms that will become NIST standards, which will play a critical role in protecting encrypted data from the vast power of quantum computers.
NIST's four choices include CRYSTALS-Kyber, a public-private key-encapsulation mechanism (KEM) for general asymmetric encryption, such as when connecting websites. For digital signatures, NIST selected CRYSTALS-Dilithium, FALCON, and SPHINCS+. NIST will add a few more algorithms to the mix in two years.
Vadim Lyubashevsky, a cryptographer who works in IBM's Zurich Research Laboratories, contributed to the development of CRYSTALS-Kyber, CRYSTALS-Dilithium, and Falcon. Lyubashevsky was predictably pleased by the algorithms selected, but he had only anticipated NIST would pick two digital signature candidates rather than three.
Ideally, NIST would have chosen a second key establishment algorithm, according to Lyubashevsky. "They could have chosen one more right away just to be safe," he told Dark Reading. "I think some people expected McEliece to be chosen, but maybe NIST decided to hold off for two years to see what the backup should be to Kyber."
IBM's New Mainframe Supports NIST-Selected Algorithms
After NIST identified the algorithms, IBM moved forward by specifying them into its recently launched z16 mainframe. IBM introduced the z16 in April, calling it the "first quantum-safe system," enabled by its new Crypto Express 8S card and APIs that provide access to the NIST APIs.
IBM was championing three of the algorithms that NIST selected, so IBM had already included them in the z16. Since IBM had unveiled the z16 before the NIST decision, the company implemented the algorithms into the new system. IBM last week made it official that the z16 supports the algorithms.
Anne Dames, an IBM distinguished engineer who works on the company's z Systems team, explained that the Crypto Express 8S card could implement various cryptographic algorithms. Nevertheless, IBM was betting on CRYSTAL-Kyber and Dilithium, according to Dames.
"We are very fortunate in that it went in the direction we hoped it would go," she told Dark Reading. "And because we chose to implement CRYSTALS-Kyber and CRYSTALS-Dilithium in the hardware security module, which allows clients to get access to it, the firmware in that hardware security module can be updated. So, if other algorithms were selected, then we would add them to our roadmap for inclusion of those algorithms for the future."
A software library on the system allows application and infrastructure developers to incorporate APIs so that clients can generate quantum-safe digital signatures for both classic computing systems and quantum computers.
"We also have a CRYSTALS-Kyber interface in place so that we can generate a key and provide it wrapped by a Kyber key so that could be used in a potential key exchange scheme," Dames said. "And we've also incorporated some APIs that allow clients to have a key exchange scheme between two parties."
Dames noted that clients might use Kyber to generate digital signatures on documents. "Think about code signing servers, things like that, or documents signing services, where people would like to actually use the digital signature capability to ensure the authenticity of the document or of the code that's being used," she said.
AWS Engineers Algorithms Into Services
During Amazon's AWS re:Inforce security conference last week in Boston, the cloud provider emphasized its post-quantum cryptography (PQC) efforts. According to Margaret Salter, director of applied cryptography at AWS, Amazon is already engineering the NIST standards into its services.
During a breakout session on AWS' cryptography efforts at the conference, Salter said AWS had implemented an open source, hybrid post-quantum key exchange based on a specification called s2n-tls, which implements the Transport Layer Security (TLS) protocol across different AWS services. AWS has contributed it as a draft standard to the Internet Engineering Task Force (IETF).
Salter explained that the hybrid key exchange brings together its traditional key exchanges while enabling post-quantum security. "We have regular key exchanges that we've been using for years and years to protect data," she said. "We don't want to get rid of those; we're just going to enhance them by adding a public key exchange on top of it. And using both of those, you have traditional security, plus post quantum security."
While Google didn't make implementation announcements like AWS in the immediate aftermath of NIST's selection, VP and CISO Phil Venables said Google has been focused on PQC algorithms "beyond theoretical implementations" for over a decade. Venables was among several prominent researchers who co-authored a technical paper outlining the urgency of adopting PQC strategies. The peer-reviewed paper was published in May by Nature, a respected journal for the science and technology communities.
"At Google, we're well into a multi-year effort to migrate to post-quantum cryptography that is designed to address both immediate and long-term risks to protect sensitive information," Venables wrote in a blog post published following the NIST announcement. "We have one goal: ensure that Google is PQC ready."
Venables recalled an experiment in 2016 with Chrome where a minimal number of connections from the Web browser to Google servers used a post-quantum key-exchange algorithm alongside the existing elliptic-curve key-exchange algorithm. "By adding a post-quantum algorithm in a hybrid mode with the existing key exchange, we were able to test its implementation without affecting user security," Venables noted.
Google and Cloudflare announced a "wide-scale post-quantum experiment" in 2019 implementing two post-quantum key exchanges, "integrated into Cloudflare's TLS stack, and deployed the implementation on edge servers and in Chrome Canary clients." The experiment helped Google understand the implications of deploying two post-quantum key agreements with TLS.
Venables noted that last year Google tested post-quantum confidentiality in TLS and found that various network products were not compatible with post-quantum TLS. "We were able to work with the vendor so that the issue was fixed in future firmware updates," he said. "By experimenting early, we resolved this issue for future deployments."
Other Standards Efforts
The four algorithms NIST announced are an important milestone in advancing PQC, but there's other work to be done besides quantum-safe encryption. The AWS TLS submission to the IETF is one example; others include such efforts as Hybrid PQ VPN.
"What you will see happening is those organizations that work on TLS protocols, or SSH, or VPN type protocols, will now come together and put together proposals which they will evaluate in their communities to determine what's best and which protocols should be updated, how the certificates should be defined, and things like things like that," IBM's Dames said.
Dustin Moody, a mathematician at NIST who leads its PQC project, shared a similar view during a panel discussion at the RSA Conference in June. "There's been a lot of global cooperation with our NIST process, rather than fracturing of the effort and coming up with a lot of different algorithms," Moody said. "We've seen most countries and standards organizations waiting to see what comes out of our nice progress on this process, as well as participating in that. And we see that as a very good sign."
Thu, 04 Aug 2022 09:03:00 -0500entext/htmlhttps://www.darkreading.com/dr-tech/amazon-ibm-move-swiftly-on-post-quantum-cryptographic-algorithms-selected-by-nistKillexams : IBM Expands Its Power10 Portfolio For Mission Critical Applications
It is sometimes difficult to understand the true value of IBM's Power-based CPUs and associated server platforms. And the company has written a lot about it over the past few years. Even for IT professionals that deploy and manage servers. As an industry, we have become accustomed to using x86 as a baseline for comparison. If an x86 CPU has 64 cores, that becomes what we used to measure relative value in other CPUs.
But this is a flawed way of measuring CPUs and a broken system for measuring server platforms. An x86 core is different than an Arm core which is different than a Power core. While Arm has achieved parity with x86 for some cloud-native workloads, the Power architecture is different. Multi-threading, encryption, AI enablement – many functions are designed into Power that don’t impact performance like other architectures.
I write all this as a set-up for IBM's announced expanded support for its Power10 architecture. In the following paragraphs, I will provide the details of IBM's announcement and provide some thoughts on what this could mean for enterprise IT.
What was announced
Before discussing what was announced, it is a good idea to do a quick overview of Power10.
IBM introduced the Power10 CPU architecture at the Hot Chips conference in August 2020. Moor Insights & Strategy chief analyst Patrick Moorhead wrote about it here. Power10 is developed on the opensource Power ISA. Power10 comes in two variants – 15x SMT8 cores and 30x SMT4 cores. For those familiar with x86, SMT8 (8 threads/core seems extreme, as does SMT4. But this is where the Power ISA is fundamentally different from x86. Power is a highly performant ISA, and the Power10 cores are designed for the most demanding workloads.
One last note on Power10. SMT8 is optimized for higher throughput and lower computation. SMT4 attacks the compute-intensive space with lower throughput.
IBM introduced the Power E1080 in September of 2021. Moor Insights & Strategy chief analyst Patrick Moorhead wrote about it here. The E1080 is a system designed for mission and business-critical workloads and has been strongly adopted by IBM's loyal Power customer base.
Because of this success, IBM has expanded the breadth of the Power10 portfolio and how customers consume these resources.
The big reveal in IBM’s exact announcement is the availability of four new servers built on the Power10 architecture. These servers are designed to address customers' full range of workload needs in the enterprise datacenter.
The Power S1014 is the traditional enterprise workhorse that runs the modern business. For x86 IT folks, think of the S1014 equivalent to the two-socket workhorses that run virtualized infrastructure. One of the things that IBM points out about the S1014 is that this server was designed with lower technical requirements. This statement leads me to believe that the company is perhaps softening the barrier for the S1014 in data centers that are not traditional IBM shops. Or maybe for environments that use Power for higher-end workloads but non-Power for traditional infrastructure needs.
The Power S1022 is IBM's scale-out server. Organizations embracing cloud-native, containerized environments will find the S1022 an ideal match. Again, for the x86 crowd – think of the traditional scale-out servers that are perhaps an AMD single socket or Intel dual-socket – the S1022 would be IBM's equivalent.
Finally, the S1024 targets the data analytics space. With lots of high-performing cores and a big memory footprint – this server plays in the area where IBM has done so well.
In addition, to these platforms, IBM also introduced the Power E1050. The E1050 seems designed for big data and workloads with significant memory throughput requirements.
The E1050 is where I believe the difference in the Power architecture becomes obvious. The E1050 is where midrange starts to bump into high performance, and IBM claims 8-socket performance in this four-socket socket configuration. IBM says it can deliver performance for those running big data environments, larger data warehouses, and high-performance workloads. Maybe, more importantly, the company claims to provide considerable cost savings for workloads that generally require a significant financial investment.
One benchmark that IBM showed was the two-tier SAP Standard app benchmark. In this test, the E1050 beat an x86, 8-socket server handily, showing a 2.6x per-core performance advantage. We at Moor Insights & Strategy didn’t run the benchmark or certify it, but the company has been conservative in its disclosures, and I have no reason to dispute it.
But the performance and cost savings are not just associated with these higher-end workloads with narrow applicability. In another comparison, IBM showed the Power S1022 performs 3.6x better than its x86 equivalent for running a containerized environment in Red Hat OpenShift. When all was added up, the S1022 was shown to lower TCO by 53%.
What makes Power-based servers perform so well in SAP and OpenShift?
The value of Power is derived both from the CPU architecture and the value IBM puts into the system and server design. The company is not afraid to design and deploy enhancements it believes will deliver better performance, higher security, and greater reliability for its customers. In the case of Power10, I believe there are a few design factors that have contributed to the performance and price//performance advantages the company claims, including
Use Differential DIMM technology to increase memory bandwidth, allowing for better performance from memory-intensive workloads such as in-memory database environments.
Built-in AI inferencing engines that increase performance by up to 5x.
Transparent memory encryption performs this function with no performance tax (note: AMD has had this technology for years, and Intel introduced about a year ago).
These seemingly minor differences can add up to deliver significant performance benefits for workloads running in the datacenter. But some of this comes down to a very powerful (pardon the redundancy) core design. While x86 dominates the datacenter in unit share, IBM has maintained a loyal customer base because the Power CPUs are workhorses, and Power servers are performant, secure, and reliable for mission critical applications.
Like other server vendors, IBM sees the writing on the wall and has opened up its offerings to be consumed in a way that is most beneficial to its customers. Traditional acquisition model? Check. Pay as you go with hardware in your datacenter? Also, check. Cloud-based offerings? One more check.
While there is nothing revolutionary about what IBM is doing with how customers consume its technology, it is important to note that IBM is the only server vendor that also runs a global cloud service (IBM Cloud). This should enable the company to pass on savings to its customers while providing greater security and manageability.
I like what IBM is doing to maintain and potentially grow its market presence. The new Power10 lineup is designed to meet customers' entire range of performance and cost requirements without sacrificing any of the differentiated design and development that the company puts into its mission critical platforms.
Will this announcement move x86 IT organizations to transition to IBM? Unlikely. Nor do I believe this is IBM's goal. However, I can see how businesses concerned with performance, security, and TCO of their mission and business-critical workloads can find a strong argument for Power. And this can be the beginning of a more substantial Power presence in the datacenter.
Note: This analysis contains insights from Moor Insights & Strategy Founder and Chief Analyst, Patrick Moorhead.
Moor Insights & Strategy, like all research and tech industry analyst firms, provides or has provided paid services to technology companies. These services include research, analysis, advising, consulting, benchmarking, acquisition matchmaking, and speaking sponsorships. The company has had or currently has paid business relationships with 8×8, Accenture, A10 Networks, Advanced Micro Devices, Amazon, Amazon Web Services, Ambient Scientific, Anuta Networks, Applied Brain Research, Applied Micro, Apstra, Arm, Aruba Networks (now HPE), Atom Computing, AT&T, Aura, Automation Anywhere, AWS, A-10 Strategies, Bitfusion, Blaize, Box, Broadcom, C3.AI, Calix, Campfire, Cisco Systems, Clear Software, Cloudera, Clumio, Cognitive Systems, CompuCom, Cradlepoint, CyberArk, Dell, Dell EMC, Dell Technologies, Diablo Technologies, Dialogue Group, Digital Optics, Dreamium Labs, D-Wave, Echelon, Ericsson, Extreme Networks, Five9, Flex, Foundries.io, Foxconn, Frame (now VMware), Fujitsu, Gen Z Consortium, Glue Networks, GlobalFoundries, Revolve (now Google), Google Cloud, Graphcore, Groq, Hiregenics, Hotwire Global, HP Inc., Hewlett Packard Enterprise, Honeywell, Huawei Technologies, IBM, Infinidat, Infosys, Inseego, IonQ, IonVR, Inseego, Infosys, Infiot, Intel, Interdigital, Jabil Circuit, Keysight, Konica Minolta, Lattice Semiconductor, Lenovo, Linux Foundation, Lightbits Labs, LogicMonitor, Luminar, MapBox, Marvell Technology, Mavenir, Marseille Inc, Mayfair Equity, Meraki (Cisco), Merck KGaA, Mesophere, Micron Technology, Microsoft, MiTEL, Mojo Networks, MongoDB, MulteFire Alliance, National Instruments, Neat, NetApp, Nightwatch, NOKIA (Alcatel-Lucent), Nortek, Novumind, NVIDIA, Nutanix, Nuvia (now Qualcomm), onsemi, ONUG, OpenStack Foundation, Oracle, Palo Alto Networks, Panasas, Peraso, Pexip, Pixelworks, Plume Design, PlusAI, Poly (formerly Plantronics), Portworx, Pure Storage, Qualcomm, Quantinuum, Rackspace, Rambus, Rayvolt E-Bikes, Red Hat, Renesas, Residio, Samsung Electronics, Samsung Semi, SAP, SAS, Scale Computing, Schneider Electric, SiFive, Silver Peak (now Aruba-HPE), SkyWorks, SONY Optical Storage, Splunk, Springpath (now Cisco), Spirent, Splunk, Sprint (now T-Mobile), Stratus Technologies, Symantec, Synaptics, Syniverse, Synopsys, Tanium, Telesign,TE Connectivity, TensTorrent, Tobii Technology, Teradata,T-Mobile, Treasure Data, Twitter, Unity Technologies, UiPath, Verizon Communications, VAST Data, Ventana Micro Systems, Vidyo, VMware, Wave Computing, Wellsmith, Xilinx, Zayo, Zebra, Zededa, Zendesk, Zoho, Zoom, and Zscaler. Moor Insights & Strategy founder, CEO, and Chief Analyst Patrick Moorhead is an investor in dMY Technology Group Inc. VI, Dreamium Labs, Groq, Luminar Technologies, MemryX, and Movandi.
Wed, 13 Jul 2022 12:00:00 -0500Matt Kimballentext/htmlhttps://www.forbes.com/sites/moorinsights/2022/07/14/ibm-expands-its-power10-portfolio-for-mission-critical-applications/Killexams : Three Common Mistakes That May Sabotage Your Security Training
Phishing incidents are on the rise. A report from IBM shows that phishing was the most popular attack vector in 2021, resulting in one in five employees falling victim to phishing hacking techniques.
The Need for Security Awareness Training
Although technical solutions protect against phishing threats, no solution is 100% effective. Consequently, companies have no choice but to involve their employees in the fight against hackers. This is where security awareness training comes into play.
Security awareness training gives companies the confidence that their employees will execute the right response when they discover a phishing message in their inbox.
As the saying goes, "knowledge is power," but the effectiveness of knowledge depends heavily on how it is delivered. When it comes to phishing attacks, simulations are among the most effective forms of training because the events in training simulations directly mimic how an employee would react in the event of an real attack. Since employees do not know whether a suspicious email in their inbox is a simulation or a real threat, the training becomes even more valuable.
Phishing Simulations: What does the training include?
It is critical to plan, implement and evaluate a cyber awareness training program to ensure it truly changes employee behavior. However, for this effort to be successful, it should involve much more than just emailing employees. Key practices to consider include:
Real-life phishing simulations.
Adaptive learning - live response and protection from real cyberattacks.
Personalized training based on factors such as department, tenure, and cyber experience level.
Empowering and equipping employees with an always-on cybersecurity mindset.
Because employees do not recognize the difference between phishing simulations and real cyberattacks, it's important to remember that phishing simulations evoke different emotions and reactions, so awareness training should be conducted thoughtfully. As organizations need to engage their employees to combat the ever-increasing attacks and protect their assets, it is important to keep morale high and create a positive culture of cyber hygiene.
Three common phishing simulation mistakes.
Based on years of experience, cybersecurity firm CybeReady has seen companies fall into these common mistakes.
Mistake #1: Testing instead of educating
The approach of running a phishing simulation as a test to catch and punish "repeat offenders" can do more harm than good.
An educational experience that involves stress is counterproductive and even traumatic. As a result, employees will not go through the training but look for ways to circumvent the system. Overall, the fear-based "audit approach" is not beneficial to the organization in the long run because it cannot provide the necessary training over an extended period.
Solution #1: Be sensitive
Because maintaining positive employee morale is critical to the organization's well-being, provide positive just-in-time training.
Just-in-time training means that once employees have clicked on a link within the simulated attack, they are directed to a short and concise training session. The idea is to quickly educate the employee on their mistake and provide them essential tips on spotting malicious emails in the future.
This is also an opportunity for positive reinforcement, so be sure to keep the training short, concise, and positive.
Solution #2: Inform relevant departments.
Communicate with relevant stakeholders to ensure they are aware of ongoing phishing simulation training. Many organizations forget to inform relevant stakeholders, such as HR or other employees, that the simulations are being conducted. Learning has the best effect when participants have the opportunity to feel supported, make mistakes, and correct them.
Mistake #2: Use the same simulation for all employees
It is important to vary the simulations. Sending the same simulation to all employees, especially at the same time, is not only not instructive but also has no valid metrics when it comes to organizational risk.
The "warning effect" - the first employee to discover or fall for the simulation warns the others. This prepares your employees to respond to the "threat" by anticipating the simulation, thus bypassing the simulation and the training opportunity.
Another negative impact is social desirability bias, which causes employees to over-report incidents to IT without noticing them in order to be viewed more favorably. This leads to an overloaded system and the department IT.
This form of simulation also leads to inaccurate results, such as unrealistically low click-through rates and over-reporting rates. Thus, the metrics do not show the real risks of the company or the problems that need to be addressed.
Solution: Drip mode
Drip mode allows sending multiple simulations to different employees at different times. Certain software solutions can even do this automatically by sending a variety of simulations to different groups of employees. It's also important to implement a continuous cycle to ensure that all new employees are properly onboarded and to reinforce that security is important 24/7 - not just checking a box for minimum compliance.
Mistake #3: Relying on data from a single campaign
With over 3.4 billion phishing attacks per day, it's safe to assume that at least a million of them differ in complexity, language, approach, or even tactics.
Unfortunately, no single phishing simulation can accurately reflect an organization's risk. Relying on a single phishing simulation result is unlikely to provide reliable results or comprehensive training.
Another important consideration is that different groups of employees respond differently to threats, not only because of their vigilance, training, position, tenure, or even education level but because the response to phishing attacks is also contextual.
Solution: Implement a variety of training programs
Behavior change is an evolutionary process and should therefore be measured over time. Each training session contributes to the progress of the training. Training effectiveness, or in other words, an accurate reflection of real organizational behavior change, can be determined after multiple training sessions and over time.
The most effective solution is to continuously conduct various training programs (at least once a month) with multiple simulations.
It is highly recommended to train employees according to their risk level. A diverse and comprehensive simulation program also provides reliable measurement data based on systematic behavior over time. To validate their efforts at effective training, organizations should be able to obtain a valid indication of their risk at any given point in time while monitoring progress in risk reduction.
Implement an effective phishing simulation program.
Creating such a program may seem overwhelming and time-consuming. That's why we have created a playbook of the 10 key practices you can use to create a simple and effective phishing simulation. Simply download the CybeReady Playbook or meet with one of our experts for a product demo and learn how CybeReady's fully automated security awareness training platform can help your organization achieve the fastest results with virtually zero effort IT.
Wed, 03 Aug 2022 22:37:00 -0500The Hacker Newsentext/htmlhttps://thehackernews.com/2022/08/three-common-mistakes-that-may-sabotage.htmlKillexams : Avnet, IBM announce ASIC distribution agreementAvnet selected as first channel Business Partner to execute IBM ASIC design methodologies
Phoenix, AZ and East Fishkill, NY, March 11, 2004 - Avnet, Inc. (NYSE: AVT) and IBM today announced the extension of their distribution agreement to include IBM application specific integrated circuit (ASIC) devices and technology in North America.
Under the agreement, Avnet Inc., through Avnet Cilicon, the Americas-based semiconductor distribution specialist division of Avnet's largest operating group, Avnet Electronics Marketing, will provide engineering design services to customers to help accelerate the adoption of IBM ASIC products and to help reduce customers' time to market. The agreement covers ASIC products and technologies from IBM at the .18 micron and .25 micron technology nodes.
In addition, Avnet Inc., through Avnet Cilicon, will provide sales and marketing support for IBM ASIC products to its large distribution customer base, along with providing these customers access to Avnet's materials management capabilities for their particular supply chain requirements.
This announcement marks the first time that IBM has opened up its ASIC design methodologies for execution by a channel business partner. As a result, a broader array of customers will now be able to gain access to IBM industry-leading ASIC technology through Avnet Design Centers.
"The expansion of our existing, successful distribution agreement to now include IBM ASIC products and technology is a big win for Avnet and most importantly for the distribution customer base," said Jeff Ittel, president of Avnet Cilicon. "IBM has the world's leading ASIC products and methodologies, which are proven to enable designs that are right the first time and to help reduce time-to-market for its customers' products. These capabilities will now be widely available to the Avnet distribution customer base."
"Avnet is the leading distributor in this segment and brings over 20 years of experience in the ASIC business and over 1000 completed designs by our ASIC design center engineering team, whose services include architectural design, IP integration, verification, test, timing closure and physical layout," Ittel noted.
"This agreement represents a new business model for IBM and a significant opportunity for our ASIC business," said Tom Reeves, vice president, ASIC product group, IBM Systems and Technology Group. "Avnet offers an established customer base and technical design support via four dedicated Design Centers in North America that can help our ASIC business expand into new opportunities."
About IBM Microelectronics IBM is a recognized innovator in the semiconductor industry, having been first with advances like more power-efficient copper wiring in place of aluminum and faster SOI and silicon germanium transistors. These and other innovations have contributed to IBM's standing as the number one U.S. patent holder for 11 consecutive years. More information about IBM semiconductors can be found at: http://www.ibm.com/chips.
About Avnet Cilicon Avnet Cilicon is the semiconductor distribution specialist division of Avnet Electronics Marketing in the Americas, an operating group of Avnet, Inc. (NYSE:AVT). Avnet Cilicon combines semiconductor expertise, technical excellence and deep market knowledge to enhance time to revenue for all supply-chain partners in the electronics arena. Avnet Cilicon's core competencies include materials management, technical support through Avnet Design Services, logistics support through Avnet Supply Chain Services, and customer-centric, dedicated sales channels. Avnet Cilicon, combined with Avnet IP&E, Avnet's interconnect, passive and electromechanical component and services division, delivers Support Across the Board. For more information, visit http://www.em.avnet.com/semi.
Mon, 18 Jul 2022 12:00:00 -0500entext/htmlhttps://www.design-reuse.com/news/7370/avnet-ibm-asic-distribution-agreement.htmlKillexams : Your Own Engineering Workstation, With Mame
There are some things that leave indelible impressions in your memory. One of those things, for me, was a technical presentation in 1980 I attended — by calling in a lot of favors — a presentation by HP at what is now the Stennis Space Center. I was a student and it took a few phone calls to wrangle an invite but I wound up in a state-of-the-art conference room with a bunch of NASA engineers watching HP tell us about all their latest and greatest. Not that I could afford any of it, mind you. What really caught my imagination that day was the HP9845C, a color graphics computer with a roughly $40,000 price tag. That was twice the average US salary for 1980. Now, of course, you have a much better computer — or, rather, you probably have several much better computers including your phone. But if you want to relive those days, you can actually recreate the HP9845C’s 1980-vintage graphics glory using, of all things, a game emulator.
Keep in mind that the IBM PC was nearly two years away at this point and, even then, wouldn’t hold a candle to the HP9845C. Like many machines of its era, it ran BASIC natively — in fact, it used special microcode to run BASIC programs relatively quickly on its 16-bit 5.7 MHz CPU. The 560 x 455 pixel graphics system had its own CPU and you could max it out with a decadent 1.5 MB of RAM. (But not, alas, for $40,000 which got you — I think –128K or so.)
The widespread use of the computer mouse was still in the future, so the HP had that wonderful light pen. Mass storage was also no problem — there was a 217 kB tape drive and while earlier models had a second drive and a thermal printer optional, these were included in the color “C” model. Like HP calculators, you could slot in different ROMs for different purposes. There were other options such as a digitizer and even floppy discs.
The machines had a brief life, being superseded quickly by better computers. However, the computer managed to play a key role in making the 1983 movie Wargames and the predecessor, the HP9845B appeared on screen in Raise the Titanic.
According to the HP Museum, the 9845C wasn’t terribly reliable. The tape drives are generally victims of age after 40+ years, but the power supplies and memory also have their share of issues. Luckily, we are going to simulate our HP9845C, so we won’t have to deal with any of those problems.
One other cool feature of just about every HP computer from that era was the soft key system. These were typically built into the monitor or, sometimes, the keyboard and lined up with labels on the screen. So instead of remembering that F2 is the search command (or whatever), there would be a little label on the screen over the button that said “Search.” Great stuff!
When you think about simulating an old computer, you probably think of SimH. However, the HP machines were very graphical in nature, so the author of the HP9845C emulator made a different choice: MAME. You normally think of MAME as a video game emulator. However, if you want color graphics, ROM slots, and a light pen, MAME is a pretty good choice.
As you can see, you get a view of the 9845C monitor replete with soft keys and, if you enable it, even a light pen. You can load different images as ROMs and tapes. The only tricky part is the keyboard. The HP has a custom keyboard that works a bit different than a PC keyboard.
In particular, the HP computers were typically screen-oriented. So the Enter key was usually distinct from the key that told the computer you were ready for it to process. This leads to some interesting keyboard mappings.
Quick Start Guide
In fact, the page that has the most information about the emulator is a little hard to wade through, so this might help. First, you want to scroll down to the bottom and get the prebuilt emulators for Linux or Windows. You can build with MAME or use the stock versions — assuming your stock version has all the right options. But it is easier to just grab the prebuilt and they can coexist with other versions of MAME; even if you want to go a different route eventually, you probably should still start there.
The emulator is called 45c and, on Linux, I had to make it executable myself (chmod +x). Here is a typical command line:
All of those tape and ROM files are in the distribution archive. You probably don’t need any of the ROMs, but I loaded them anyway. Add -window if you prefer not to run full screen. If you do that, you may also want to add -nounevenstretch and -nomax options to Improve appearance.
If you want to try the lightpen, use the -lightgun -lightgun_device_mouse option to turn your mouse into a lightpen. Note this will grab your mouse and you may need to use Alt+Tab or some other method to switch away from the emulator.
The keyboard mappings are listed on the web page but here are a few that are handy to know:
Enter – Continue
Right Shift+Enter – Store
Numeric Enter (or Right Shift+Enter) – Execute
Escape – Stop
Right Shift+Home – Clear screen
So faced with the prompt, you can enter something like:
Then press the numeric enter key to see the result. So this being a BASIC computer, you can enter:
10 PRINT "HOWDY!"
Right? Well, yes, but then you need to press store (Right Shift+Enter)
If you have the tapes loaded as above (you can view the tape catalog with the CAT command), try this:
Remember to use the numeric pad enter key after each line, not the normal enter key!
The king of the demos is the Space Shuttle graphic which was cutting edge in 1980. You could change various display and plot options using the soft keys.
Of course, the Space Shuttle is only fun for so long. There are many other demos on the same tape, but eventually you’ll want to play with something more interesting. The HP Museum has a good bit of software you can probably figure out how to load. You can’t obtain the software, but if you want to see what the state of gaming was on a $70,000 HP9845B in those days, [Terry Burlison] has some recollections and screen shots. You’ll also find tons of documents and other information on the main HP9845 site.
Wed, 03 Aug 2022 11:59:00 -0500Al Williamsen-UStext/htmlhttps://hackaday.com/2022/07/28/your-own-engineering-workstation-with-mame/Killexams : Bear of the Day: International Business Machines (IBM)
International Business Machines (IBM) is a Zacks Rank #5 (Strong Sell) provides advanced information technology solutions, computer systems, quantum computing and super computing solutions, enterprise software, storage systems and microelectronics.
“Big Blue” has struggled over the last decade, so they have tried to adjust and pivot to the cloud. Their acquisition of Red Hat helped this idea, but a exact earnings report has disappointed investors.
The stock is now trending lower and looks like it might challenge 2022 lows.
About the Company
IBM is headquartered in Armonk, New York. The company was incorporated in 1911 and employs over 280,000 people.
The company operates through four business segments: Software, Consulting, Infrastructure, and Financing.
IBM is valued at $114 billion and has a Forward PE of 13. The stock holds a Zacks Style Score of “C” in Value, “B” in Growth and “B” in Momentum. The stock pays a dividend of 5%.
The company reported EPS last week, seeing Q2 at $2.31 v the $2.29 expected. Revenues came in at $15.5B v the $15.1B. IBM affirmed FY22 at the high end of its mid-single digit model, but narrowed the FY22 FCF to $10B from $10-10.5B.
Margins were down year over year, from 55.2% to 53.4%. While software, consulting and infrastructure revenues were all higher year over year.
Here are some comments from CEO Arvind Krishna:
"In the quarter we delivered good revenue performance with balanced growth across our geographies, driven by client demand for our hybrid cloud and AI offerings. The IBM team executed our strategy well.”
Analyst are already starting to drop estimates as a result of the earnings report.
After stabilizing over the last few months, estimate have fallen off a cliff over the last 7 days. For the current quarter, estimates have fallen from $2.57 to 2.07, or 20%.
Things look to Improve next quarter, but we see estimates tracking lower again for next year. Over the last 60 days, numbers have been lowered from $10.81 to $10.26, or 5%.
The stock was holding up well before earnings, as it was seeing support at the 50-day moving average. But IBM is now trading under all its moving averages after the earnings report, slicing right through the 200-day at $130.50.
The lows of the year are just under $120. These should be taken out if the momentum continues and the bears could possibly target the 2021 lows around $113.
Looking at Fibonacci levels, a 61.8% retracement drawn from May lows to June highs was holding at $133. However, this support was broken and bears should target the 161.8% extension at $113. This lines up with that 2021 low support.
While big blue had some positive aspects to the quarter, investors were disappointed overall. The stock fell over 8% after earnings and looks like it could take out 2022 lows on any market weakness.
The stock pays a nice dividend, but with cash flow being taken down, investors might start to lose faith in that payout
For now, a better option in the sector might be Agilysys (AGYS). The stock is a Zacks Rank #2 (Buy) and has held up relatively well over the last six months.
Want the latest recommendations from Zacks Investment Research? Today, you can obtain 7 Best Stocks for the Next 30 Days. Click to get this free report
Mon, 25 Jul 2022 00:10:00 -0500en-UStext/htmlhttps://finance.yahoo.com/news/bear-day-international-business-machines-103010352.htmlKillexams : Average cost of data breaches hits record high of $4.35 million: IBM
The global average cost of data breaches reached an all-time high of $4.35 million in 2022 compared with $4.24 million in 2021, according to a new IBM Security report. About 60% of the breached organizations raised product and services prices due to the breaches.
The annual report, conducted by Ponemon Institute and analyzed and sponsored by IBM Security, is based on the analysis of real-world data breaches experienced by 550 organizations globally between March 2021 and March 2022.
According to the report, about 83% of the organizations have experienced more than one breach in their lifetime, with nearly half of the costs reported to be incurred more than a year after the breach.
Cloud and critical infrastructure remain at high risk
The report revealed that ransomware and destructive attacks represented 28% of breaches among critical infrastructure organizations studied, indicating threat actors specifically targeting the sector for disrupting global supply chain. The critical infrastructure sector includes financial services, industrial, transportation, and healthcare companies.
The report also noted that in the US, even a year after the Biden administration issued a cybersecurity executive order mandating federal agencies to adopt a zero-trust security model, only 21% of critical infrastructure organizations surveyed have done so, raising costs by $1.17 million for those who did not. Seventeen percent of the critical infrastructure breaches were caused due to a business partner being initially compromised.
Cloud computing infrastructure is an even easier target because of the security immaturity it suffers, according to the report. “Forty-three percent of studied organizations are in the early stages or have not started applying security practices across their cloud environments, observing over $660,000 on average in higher breach costs than studied organizations with mature security across their cloud environments,” it added.
Hybrid cloud, however, has offered a silver lining in digital transformation as organizations adopting hybrid clouds (45%) have witnessed lower breach costs than the ones with a solely public or private cloud model, according to the report. While the breach cost for hybrid cloud averaged $3.8 million, public clouds recorded $5.02 million while private clouds recorded $4.24 million in breach costs respectively.
Overall, 45% of the breaches occurred in the cloud, making cloud architecture the most sought after target. Forty-three percent of the organizations said they are either still in the early stages or have not started implementing security solutions to protect their cloud infrastructure.
While compromised credentials were the leading cause of data breaches among companies surveyed (at 19%), phishing—in second place at 16%—has emerged as the costliest, leading to $4.91 million in average breach costs for responding organizations, the report underlined.
Healthcare sector hit hardest by breach costs
Healthcare has been for the last 12 years and continues to be the industry hit hardest by the cost of breaches, with average costs per breach increasing by $1 million to a record total of $10.1 million.
According to the report, businesses that paid threat actors' ransom demands saw $610,000 less in average breach costs compared to those that chose not to pay—not including the ransom amount paid. However, when accounting for the average ransom payment, which according to Sophos reached $812,000 in 2021, businesses that opt to pay the ransom could net higher total costs—all while inadvertently funding future ransomware attacks with capital that could be allocated to remediation and recovery efforts. Organizations suffering data breaches could also be looking at costs of federal offenses.
Among concerning factors, 62% of the suryeyed organizations stated they are not sufficiently staffed to meet their security needs, averaging $550,000 more in breach costs than those that state they are sufficiently staffed. Implementing security AI and automation has helped reduce costs by $3.05 million on average, the report added.
Tue, 02 Aug 2022 02:59:00 -0500entext/htmlhttps://www.csoonline.com/article/3668655/average-cost-of-data-breaches-hits-record-high-of-435-million-ibm.htmlKillexams : Twitter Account Hacked? Even Security Companies Have Trouble Getting Back In
The regular reports from antivirus testing companies around the world are extremely helpful when I’m evaluating a new or updated antivirus program. I know all the players, so receiving an email from a lab’s executive team is no surprise, but the request in one such exact email was unusual. Andreas Marx, CEO and co-founder of AV-Test Institute(Opens in a new window), wanted to know if I had any inside contacts at Twitter. It turned out that AV-Test Institute's main Twitter handle, @avtestorg(Opens in a new window), had been hacked, and his attempts to get help from Twitter were going unanswered.
How could this happen in a company with more than 15 years of experience in the security industry? Speaking with Marx and with Maik Morgenstern, technical director of AV-Test and its other CEO, I learned that even when you do everything right, you can still get hacked. As of this writing, the AV-Test account is still posting and retweeting random NFT spam, rather than providing support for AV-Test’s business and its customers.
After an account takeover, a Twitter feed is replaced by spam.
Neil J. Rubenking: How did you first learn the account was hacked? Andreas Marx: I got a WhatsApp message from a well-known security researcher, just about 10 minutes after the account was hacked on July 25, with screenshots of the compromised Twitter account. Shortly thereafter, we got further notifications from other parties.
What was your first reaction to the hack? Well, I tried to log in to my mobile device with the Twitter account, but the @avtestorg account was no longer accessible. I tried to check the account on my PC, but I was not able to log in and just saw the compromised Twitter account there, too. (Twitter actually asked me to create a new account!)
In my email Inbox, I saw three mails from Twitter, all in Russian. One e-mail message from Twitter said, "Пароль был изменён" ("Password has been changed") with the information "Недавно вы изменили пароль своей учетной записи @avtestorg." ("You recently changed your @avtestorg account password."). Just two minutes later, this email message arrived: "Адрес электронной почты для @avtestorg изменен" ("Email address for @avtestorg changed"). It said to confirm by following a link sent to the new email and ended, “If you haven't made these changes, please contact Twitter support immediately."
Password change warning in Russian (Credit: PCMag)
I'm a German, and I've used Twitter in German language for the last decade, so it appears to me that someone changed the default language first.
To my surprise, the new email address for the account was blanked out (not fully visible), and I saw the message that only the new address needs to be confirmed. So, Twitter doesn't even ask if the person behind the current email address agrees with the account change.
What techniques did you use to try regaining access? We immediately contacted the Twitter support and opened a case, “Regain access - Hacked or compromised," providing all details to reclaim our account. When nothing happened after two days we filed another case, with the same result so far: nothing.
What was Twitter’s response? There is no response from Twitter so far, neither from the initial report via the website, nor from a second request two days later. We also tried to contact the support via @TwitterSupport, and tried to contact Twitter via email.
Well, “no response” is not entirely true. I've received a response from a bot who asked me, "Twitter would like your feedback. It should only take 2 minutes!" but that's from a third party.
What did you learn from this experience? I have to admit that I'm still feeling totally lost. More than one week has passed by, and there has been no reaction. I actually expected a response from Twitter after my reports somehow, as the changes to the account and the postings are very unusual. At least the account should have been blocked in the short term, until further verification. The account is still there, and we have no access to it, so it might still be in use by the malicious actors.
Any advice for others to protect their Twitter accounts? We used a strong password and 2FA (two-factor authentication) for protecting the account, but it looks like this was not enough. Maybe the attacker hasn't stolen the password, but taken over an active session, so they were already logged in and most of the security features are disabled then. I still don't understand why changing the email account wouldn't trigger a 2FA request. That's definitely a weakness of Twitter; other social networks handle this much better.
Recommended by Our Editors
My strong recommendation is actually for Twitter, not for other users. Before changing an email address for an account, please ensure that the current person behind this email address agrees to the transfer. For many other websites and social media platforms, a confirmation link or code is sent before the account can be transferred, or another form of 2FA is required to ensure that the account cannot easily be hijacked.
And, Twitter, please be kind and respond to messages.
When even the experts can’t prevent an account takeover, you may figure that you’re just out of luck. In truth, there’s quite a bit you can do to make sure your Twitter account and other important accounts remain secure. Start with the basics. If you don’t already have a password manager, get one. Use it to change the passwords for your sensitive accounts to something unique and random. Don’t worry; the password manager remembers them for you.
Even though the hackers in this story seem to have done an end-run around multi-factor authentication, that doesn’t mean it’s not valuable. When you engage multi-factor for your important accounts, you make it a lot harder for anyone to hack into them. Chances are good that a random hacker will skip your account and go for something easier, like an account that has a password of “password” with no added authentication.
Marx mentioned that the hacker might have gained access through an active, unlocked Twitter session. You can help your security by always logging out when you’re done using Twitter, or at least making sure your computers and smart devices are thoroughly secured. You can also view active and past sessions directly from your Twitter account and click a simple link to shut down all sessions except your current one.
So, what are you waiting for? Log into your Twitter account right now and make sure you have multi-factor authentication protecting it. Check those other sessions—if any of them look wonky, pull the plug and shut 'em all down. And be sure you're protecting that account with a strong password, not your birthday or your dog's name.
Like What You're Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
Wed, 03 Aug 2022 03:25:00 -0500entext/htmlhttps://www.pcmag.com/news/twitter-account-hacked-even-security-companies-have-trouble-getting-backKillexams : E-mini Dow Jones Industrial Average (YM) Futures Technical Analysis – Lifted by Better-Than-Expected Earnings
September E-mini Dow Jones Industrial Average futures are trading higher late in the session on Tuesday, helped as more companies reported better-than-expected earnings. The news is coming as a surprise to most investors who entered earnings season panic that higher inflation would put a major dent in the corporate bottom line.
The E-mini Dow is being led higher by strong performances in Goldman Sachs Group, Nike Inc and Boeing Co. They are up 5.65%, 5.18% and 5.14%, respectively. Solid earnings are fueling the surge in Goldman Sachs.
Twenty-eight of 30 Dow components are trading higher with the exception of Johnson & Johnson and International Business Machines Corp. They are off 1.70% and 5.84%, respectively. IBM fell after the tech company lowered its forecast for cash flow. Johnson & Johnson cut its full-year revenue and profit guidance, blaming a stronger U.S. Dollar for its weak performance.
Daily September E-mini Dow Jones Industrial Average
Short-Term Technical Analysis
The main trend is up according to the daily swing chart. A trade through 30109 will change the main trend to down. Taking out the next main top at 31867 will reaffirm the uptrend.
The intermediate range is 33255 to 29639. The E-mini Dow is currency testing its retracement zone at 31447 to 31874.
On the upside, the next major target zone is 32522 to 33202. On the downside, short-term support comes in at 30753 to 30490.
Short-Term Technical Forecast
Trader reaction to the retracement zone at 31447 to 31874 is likely to determine the direction of the September E-mini Dow into the close on Tuesday.
Taking out the main top at 31867 will reaffirm the uptrend, while a strong move through the Fibonacci level at 31874 could trigger an acceleration to the upside with 32522 the next major target.
A sustained move under 31874 will signal the presence of sellers. If this creates enough downside momentum then look for the selling to possibly extend into the 50% level at 31447. This price is a potential trigger point for an acceleration into the minor support zone at 30753 to 30490.