fbpx
Connect with us

Tech

3 most common — and dangerous — holes in companies’ cyber defenses

Published

on

3 most common — and dangerous — holes in companies’ cyber defenses

We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 – 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!


Cyberattack warnings have become so frequent that it’s easy to tune them out. Your company has loaded up on security tools and run its Red Team drills. You’re confident you’ve done all you can.

Executives at Microsoft and the chip-making giant Nvidia were likely feeling the same way until the companies suffered excruciating breaches through common, easy-to-exploit holes. It just goes to show that even the most tech-savvy companies are at risk. Cyberattacks in the U.S. more than quadrupled last year and hackers are still gaining entry in ways both sophisticated and obvious. Here are three common holes they’re exploiting in corporate cyber defenses, plus some easy-to-implement solutions:

Cyber defense and privilege escalation

Say you’ve hired someone on the help desk, granting them privileges to install patches and software. Later, the employee is transferred elsewhere in the organization, but their privileges remain. That’s because most companies have strict protocols for handing them out – but not many for withdrawing them. This lack of withdrawal is a major cybersecurity weak point. 

As the help desk situation is repeated across your organization, companies become laden with unneeded privilege. Each account pushes you closer to a successful attack. Privilege escalation was the root cause for a breach at Block, where an ex-employee leveraged access that should have been removed. 

Some organizations de-emphasize the problem. Most CISOs know hackers gain little by burrowing into frontline workers’ accounts. Without admin privileges, there’s no way to install malware or ransomware. Yet as privilege escalates, more fruitful points of entry multiply. 

Take the recent breach of Okta, which was as simple as it was effective. Hackers exploited the privileges of a subcontractor’s engineer, installed code downloaded from the internet and soon had the keys to a $23 billion cloud software firm.  

Then they gained access to about 366 Okta customer accounts. To add insult to injury, Lapsus$, the group responsible, posted screenshots of its bounty and publicly taunted Okta for its failings.  

Though no cyber defense is perfect, companies can reduce risk by allowing privilege only as needed – and employ even greater vigor to withdrawing it. Protect your company by stopping the problem before it starts. 

The risk of lateral movement 

Hackers aren’t much different from bank robbers. They both need reconnaissance to be successful. They get it by laterally moving through your organization. 

After capturing one system, criminals can move to the next and the next, sizing up defenses and probing for a path to your crown jewels. To be sure, breaching an administrator’s account for shipping and receiving might not bring treasure in the form of confidential information, privilege escalation or lateral movement. But if hackers can access someone in the financial group, devops or even the CEO’s executive assistant, they’ve found a route to sensitive material. 

At some companies, an administrator credentialed for one part of a network is automatically granted access to another. It’s a recipe for disaster. If there’s no pressing need for them to be there, it only adds another gateway to attack. 

One solution is air gapping, meaning there’s no direct connection between one part of your network and another. Preventive software then adds a second rampart, allowing for adjustments on the fly. When an attack is identified, it automatically air gaps critical data, isolating data you can least afford to lose. 

A stale response plan 

You already have an incident response plan. How fresh is it? If you haven’t been running tabletop exercises – staging varied levels of attack to check for vulnerabilities – you’re likely at risk. As modes of assault change, you need to know how effectively your defenses can adjust. How quickly can you respond? Who’s responsible for shutting down which systems? Who needs to be informed at various levels of a breach?  

We once got a call from a Fortune 500 medical technology firm with an attack in progress. Privileged escalation and lateral movement were happening at network speeds: As soon as a system was reinstated with its golden image, it was compromised again, literally in milliseconds. At the same time, alarms were ringing across the entire network, with tens of thousands of systems at stake. The incident response plan simply couldn’t keep up. 

Hackers continue to escalate their game by writing new ransomware and dusting off old tricks thought to be solved. CIOs and CISOs respond by throwing the latest software at the threats and implementing new responses. Yet the real danger lies in complacency. Sometimes it pays to get back to basics: Review privilege escalation, shut down lateral movement and never stop updating and testing response plans. 

The time and money a company invests in its cybersecurity today is nothing compared to what comes after a breach. No one wants to explain to one’s customers why your efforts weren’t enough.   

Raj Dodhiawala is president of Remediant.

DataDecisionMakers

Welcome to the VentureBeat community!

DataDecisionMakers is where experts, including the technical people doing data work, can share data-related insights and innovation.

If you want to read about cutting-edge ideas and up-to-date information, best practices, and the future of data and data tech, join us at DataDecisionMakers.

You might even consider contributing an article of your own!

Read More From DataDecisionMakers

Go to Source

Click to comment

Leave a Reply

Tech

Both of Valve’s classic Portal games arrive on the Switch today

Published

on

Both of Valve’s classic Portal games arrive on the Switch today

A few months ago, Valve announced that both of its excellent Portal games were coming to the Nintendo Switch, but we didn’t know when. Today’s Nintendo Direct presentation cleared that up. Portal Companion Collection will arrive on the Switch later today for $19.99. The collection includes both the original Portal from 2007 as well as the more expansive, story-driven Portal 2 from 2011. Whether you missed these games the first time out or just want to replay a pair of classics, this collection sounds like a good way to return to one of the most intriguing worlds Valve ever created.

While the original Portal was strictly a single-player experience, Portal 2 has a split-screen co-op experience; you can also pay this mode with a friend online as well. And while these games originated on the PC, Valve also released Portal 2 for the PlayStation 3 — and if I recall, the game’s controls mapped to a controller very well. Given that the Portal series is more puzzle-based than traditional first-person games, you shouldn’t have any problems navigating the world with a pair of Joy-Con controllers. 

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.

Go to Source

Continue Reading

Tech

‘Persona 5 Royal’ and ‘Nier: Automata’ are coming to Switch this October

Published

on

‘Persona 5 Royal’ and ‘Nier: Automata’ are coming to Switch this October

Today’s Nintendo Direct Mini: Partner Showcase featured a bunch of third-party games that are coming to Switch, including a bunch of big hitters. For one thing, three Persona games are coming to the hybrid console. Persona 5 Royal is the only one with a confirmed release date (October 21st) for now, but more details about Persona 4 Golden and Persona 3 Portable are coming soon.

It recently emerged that Atlus’ games are also coming to Xbox Game Pass, as well as Steam, PlayStation 4 and (in P5 Royal‘s case) PS5. Persona 3 Portable and Persona 4 Golden were ports of PlayStation 2 titles Persona 3 and Persona 4. They were released on PlayStation Portable and PlayStation Vita, respectively.

Nintendo confirmed Nier: Automata is bound for Switch too. Nier: Automata The End of YoRHa Edition will arrive on the console on October 6th. It includes all previously released DLC expansions, as well as some exclusive costumes.

Leaks had suggested Mario + Rabbids Sparks of Hope will debut on Switch on October 20th and that turned out to be the case. Even though the game stars Mario, Nintendo technically stuck to its claim that the showcase would only feature third-party titles, since Ubisoft’s Paris and Milan studios co-developed it.

Meanwhile, a cloud version of A Plague Tale: Requiem will be available for Switch on October 18th, the same date that the game will hit other platforms. Focus Home Interactive brought the first game in the series, A Plague Tale: Innocence, to Switch last year, also as a streaming-only version.

You can find out more about all these announcements, as well as other third-party games that are coming to Switch, by checking out the Nintendo Direct Mini: Partner Showcase below:

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.

Go to Source

Continue Reading

Tech

How to buy a vlogging camera

Published

on

How to buy a vlogging camera

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.

With the explosion of TikTok and the growth of video on YouTube, Twitch, Instagram and other platforms, interest in vlogging has increased exponentially since we last updated our guide. If you’re one of those creators and a smartphone is no longer good enough, it may be time to upgrade to a purpose-built vlogging camera.

Some models are specifically designed for vlogging, like Sony’s ZV-E10 mirrorless camera that launched last year, or Panasonic’s compact G100. Others, like the new Panasonic GH6, Sony A7S III and Canon EOS R6 are hybrid cameras that offer vlogging as part of a larger toolset.

All of them have certain things in common, like flip-around screens, face- and/or eye-detect autofocus and stabilization. Prices, features and quality can vary widely among models, though. To that end, we’ve updated our guide with all the latest models designed for every vlogger from novice to professional, in all price ranges. Engadget has tested all of these to give you the best possible recommendations, and we’ll even discuss a few rumored upcoming models.

One caveat to this year’s guide is that a parts shortage has limited production of many cameras, causing shortages and higher prices. Sony, for one, halted production of the aforementioned ZV-E10 for a time, and models from Fujifilm and others are also hard to find. The good news is that the shortage appears to be easing, so hopefully we’ll see normal supply levels in the near future. 

What do you need in a vlogging camera?

Vlogging cameras are designed for filmmakers who often work alone and either use a tripod, gimbal, vehicle mount or just their hands to hold a camera. It has to be good not just for filming yourself, but other “B-roll” footage that helps tell your story.

The number one requirement is a flip-around screen so you can see yourself while filming. Those can rotate up, down or to the side, but flipping out to the side is preferable so a tripod or microphone won’t block it.

How to buy a vlogging camera in 2020
Steve Dent/Engadget

Continuous autofocus (AF) for video with face and eye detection is also a must. It becomes your camera “assistant,” keeping things in focus while you concentrate on your content. Most cameras can do that nowadays, but some still do it better than others.

If you move around or walk a lot, you should look for a camera with built-in optical stabilization. Electronic stabilization is another option as long as you’re aware of the limitations. You’ll also need a camera with a fast sensor that limits rolling shutter, which can create a distracting jello “wobble” with quick camera movements.

4K recording is another key feature. All cameras nowadays can shoot 4K up to at least 24 fps, but if possible, it’s better to have 4K at 60 or even 120 fps. If you shoot sports or other things involving fast movement, look for a model with at least 1080p at 120 fps for slow-motion recording.

Video quality is another important consideration, especially for skin tones. Good light sensitivity helps for night shooting, concerts, etcetera, and a log profile helps improve dynamic range in very bright or dark shooting conditions. If you want the best possible image quality and can afford it, get a camera that can record 4K with 10-bits (billions) of colors. That will give you more options when you go to edit.

Don’t neglect audio either — if the quality is bad, your audience will disengage. Look for a camera with a microphone port so you can plug in a shotgun or lapel mic for interviews, or at least one with a good-quality built-in microphone. It’s also nice to have a headphone port to monitor sound so you can avoid nasty surprises after you’ve finished shooting.

You’ll also want good battery life and, if possible, dual memory card slots for a backup. Finally, don’t forget about your camera’s size and weight. If you’re constantly carrying one while shooting, especially at the end of a gimbal or gorillapod, it might actually be the most important factor. That’s why tiny GoPro cameras are so popular for sports, despite offering lower image quality and fewer pro features.

The best action and portable cameras

If you’re just starting out in vlogging or need a small, rugged camera, an action cam might be your best bet. In general, they’re easy to use as you don’t have to worry about things like exposure or focus. Recent models also offer good electronic stabilization and sharp, colorful video at up to 4K and 60 fps. The downsides are a lack of control; image quality that’s not on par with larger cameras; and no zooming or option to change lenses.

DJI Pocket II

DJI Pocket 2

DJI

Last time around we recommended the original Osmo Pocket, but the Pocket II (no more “Osmo”) has some big improvements. As before, it’s mounted on a three-axis gimbal and has impressive face tracking that keeps your subject locked in focus. However, the new model has a larger, much higher resolution 64-megapixel sensor, a faster lens with a wider field of view and improved microphones. As before, you can get accessories like an extension rod, a waterproof case and more.

What really makes the Pocket II great for vlogging are the follow modes combined with face tracking. If you’re working solo, you can simply set it up and it’ll rotate and tilt to follow you around. That also applies for walk-and-talk vlogging, so you don’t have to worry about focus or even pointing the camera at yourself. For $346, it’s not only good for beginners, but is a handy tool for any vlogger.

Buy DJI Pocket II at Amazon – $349

GoPro Hero 10 Black

The GoPro Hero 10 Black is $100 off at Amazon

Engadget

The Hero 10 Black is what we called a “big, invisible upgrade” over the Hero 9, itself a much improved camera over the Hero 8 Black we recommended last time. That’s largely due to the new processor that unlocks features like higher-resolution 5.3K 60p and 4K 120fps video, much improved Hypersmooth 4.0 stabilization, an improved front-screen and more. All of that makes it ideal to mount on a drone, vehicle, helmet, bicycle and more, at a very manageable $350 price with a 1-year GoPro subscription.

Buy Hero 10 Black bundle at GoPro – $350

DJI Action 2

Someone holds up the new DJI Action 2 camera against a dingy monotone background.

DJI

DJI took a much different approach compared to GoPro with its latest Action 2 camera – no with more Osmo branding. Rather than being a standalone camera, it’s a modular system with a magnetic mount that lets you add a touchscreen module with a secondary OLED display and three additional microphones, or a battery module for longer life and an extra microSD slot. As with the Pocket 2, it offers tons of accessories like a 3-in-1 extension rod and more. It’s a versatile option if you do more than just action shooting, and is priced well starting at $399.

Buy DJI Action 2 at Amazon – $399

The best compact vlogging cameras

Compact cameras are a step-up option from smartphones or action cameras, with larger sensors and much better image quality. At the same time, they’re not quite as versatile as mirrorless or DSLR cameras (and not necessarily cheaper) and they lack advanced options like 10-bit video. For folks who want the best possible quality without needing to think too much about their camera, however, it’s the best option. 

Sony ZV-1

How to buy a vlogging camera in 2020
Steve Dent/Engadget

Sony’s ZV-1 came out in 2020 and it’s still the best compact vlogging camera available. Based on the RX 100 V, it has a decently large 1-inch 20.1-megapixel sensor and fixed 24-70mm f/1.8-2.8mm equivalent lens. Based on the RX100 V, it has a 1-inch 20.1-megapixel sensor and fixed 24-70mm f/1.8-2.8mm (equivalent) lens. It also offers a lightweight body, built-in high-quality microphone (plus a microphone port), flip-out display, best-in-class autofocus and excellent image quality. It also has vlogging specific features like “product showcase” and background blur.

While the $799 ZV-1 can’t shoot 10-bit video, it comes with Sony’s S-Log picture profiles that give you increased dynamic range for shooting in challenging lighting conditions. The flaws include a lens that’s not quite wide enough when you’re using electronic stabilization, mediocre battery life and the lack of a true touch display and headphone port. That aside, if you’re looking to step up from a smartphone, it does the job nearly perfectly.

Buy Sony ZV-1 at Amazon – $799

Canon G7 X Mark III

Canon G7X Mark III vlogging
Engadget

Canon’s G7 X Mark III should also be front of mind for vloggers looking for a compact option. It also packs a 20-megapixel 1-inch sensor, but has a 24-100 mm f/1.8-2.8 35mm equivalent zoom — quite a bit longer than the ZV-1 at the telephoto range. It can shoot 4K at up to 30 fps, while offering optical image stabilization, a microphone input (though no headphone jack) and even the ability to livestream directly to YouTube. The downsides are contrast-detect only autofocus and a screen that tilts up but not to the side. For $749, it’s still a great option, though.

Buy Canon G7 X Mark III at Amazon – $749

The best mirrorless/DSLR vlogging cameras

This is the class that has changed the most over the past couple of years, particularly in the more affordable price categories. Interchangeable lens cameras give you the most options for vlogging, offering larger sensors than compact cameras with better low-light sensitivity and shallower depth of field to isolate you or your subject. They also offer better control of your image with manual controls, log recording, 10-bit video and more. The drawbacks are extra weight compared to action or compact cameras, extra complexity and higher prices.

Fujifilm X-S10

Fujifilm X-S10 APS-C mirrorless camera

Jonas Dyhr Rask/Fujifilm

Fujifilm’s X-S10 has displaced the X-T4 as the best vlogging camera out there, thanks particularly to the more affordable price. It ticks all the boxes for vloggers, offering in-body stabilization, 10-bit 4K external video with F-Log recording (at up to 30fps) along with 1080p at a stellar 240 fps, a screen that flips out to the side and easy-to-use controls. It also comes with a headphone jack and USB-C port that doubles as a headphone jack. The main downside is the limited touchscreen controls, but you get a lot of camera for just $1,000.

Buy Fujifilm X-S10 at Adorama – $999

Sony ZV-E10

Sony suspends orders for the new ZV-E10 because of chip shortages

Sony

The best Sony APS-C camera for vlogging is now the ZV-E10. While using many of the same aging parts as the A6100, including the 24.2-megapixel sensor, it has a number of useful features for self-shooters. High on the list is Sony’s excellent autofocus, which includes the same background defocus and Product Showcase features found on the ZV-1 compact. It also offers electronic SteadyShot, a fully articulating display and more. The biggest drawback is rolling shutter that can get bad if you whip the camera around too much. If you can find one, it’s priced at $700 for the body or $800 in a bundle with Sony’s 16-50mm F/3.5-5.6 power zoom lens.

Buy Sony ZV-E10 at B&H – $698

Panasonic GH6 and GH5

Panasonic GH6 review: A vlogging workhorse and improved camera

Steve Dent/Engadget

Panasonic’s GH5 was an incredibly popular vlogging camera for a very long time and was actually replaced by two cameras, the $2,200 GH6 and more budget-oriented $1,700 GH5-II. The GH6 is a large upgrade in nearly every way, offering 5.7K at 60 fps and 4K at up to 120 fps, along with ProRes formats that are easy to edit. It also comes with the best in-body stabilization on any camera and great handling. The downside is sub-par contrast-detect autofocus and battery life that’s not amazing.

It’s also worth a look at the GH5 Mark II, which is not only $500 cheaper but particularly well suited for live-streamers. It’s not a huge upgrade over the GH5, but does more than most rival cameras for the price, offering 4K 10-bit 60p video, a fully articulating display and excellent in-body stabilization. As with the GH6, the main drawback is the contrast-detect autofocus system.

Buy Panasonic GH6 at Amazon – $2,200
Buy Panasonic GH5 at Amazon – $1,700

Panasonic G100

Panasonic G100 vlogging camera

Panasonic

Panasonic’s G100 is purpose built for vlogging like the ZV-1, but also allows you to change lenses. It has a fully-articulating flip-out screen, 5-axis hybrid (optical/electronic) stabilization, 4K V-Log-L video at up to 30 fps (though sadly cropped at 1.47X for 4K video), 1080p at up to 60 fps, and contrast detect AF with face/eye detection. The coolest feature is the Nokia OZO system that can isolate audio to a specific person via face-detection tracking — something that can theoretically improve audio quality. Best of all, you can grab it right now with a 12-32mm lens for $750.

Buy Panasonic GH100 at Amazon – $750

Canon EOS M50 Mark II

Canon EOS M50 Mark II APS-C mirrorless camera

Canon

Another good buy if you’re on a budget is Canon’s EOS M50 Mark II, particularly if you’re okay with 1080p video only. While not a huge upgrade over the original M50, Canon has made it more compelling for vloggers with a fully-articulating display, continuous eye-tracking in video and live streaming to YouTube. It does support 4K, but with a heavy 1.5 times crop and contrast-detect autofocus only. Still, it’s a good option for folks on a budget, selling for $699 with a 15-45mm lens.

Buy Canon EOS M50 Mark II at B&H – $699

Canon EOS R6

Canon EOS R6 camera

Steve Dent / Engadget

If you’ve got the budget for it, Canon’s EOS R6 offers nearly every feature you need in a vlogging camera. You can shoot 10-bit 4K video at up to 60 fps, and the Dual Pixel autofocus with eye and face tracking is incredibly reliable. It also offers 5-axis optical stabilization, a flip-out display and a relatively compact size. As you may have heard, overheating can be an issue, but firmware updates have improved that issue and it only applies to the more demanding video settings.

Buy Canon EOS R6 at Amazon – $2,500

Fujifilm X-T4

Fujifilm X-T4 mirrorless camera review

Steve Dent/Engadget

The Fuijfilm X-T4 is a great all-around mirrorless camera for vlogging. It has everything you need, including a fully-articulating display, continuous eye- and face autofocus, 10-bit 4K log recording at up to 60 fps, 5-axis in-body stabilization, microphone and headphone jacks (the latter via USB-C) and lower noise in low light.

Image quality, especially in the skin tones, is lifelike and the sensor has minimal rolling shutter. It also offers good battery life and comes with dual UHS-II card slots. Finally, it’s fairly light considering all the features, and Fujifilm has a good selection of small lenses ideal for vlogging. What I don’t like is an autofocus system not quite as fast or accurate as Sony’s and the fairly steep $1,700 asking price for the body only.

Buy Fujifilm X-T4 at Amazon – $1,700

Nikon Z fc

The Nikon Z FC camera seen from head on.

Nikon

If you want to look great while vlogging, check out Nikon’s stylish Z fc. It’s largely identical to the Z50, with features like a 20.9-megapixel APS-C sensor, 4K at 30 fps and a reliable phase-detect autofocus system with face detection. However, the Z fc brings a vari-angle touchscreen to the party and has a beautiful vintage body covered with convenient manual controls. It doesn’t have built-in optical stabilization, but you can get that via a lens. The best feature, though, is the price – you can get one for $1,100 with a 16-50mm lens.

Buy Nikon Z fc at B&H – $1,100

Upcoming cameras

If you’re not quite ready to buy, there are some interesting options on the horizon. Canon just announced the EOS R7, a mirrorless EOS R version of its popular EOS 7D DSLR. It has an APS-C sensor and all-new RF-S lenses, meaning that it might replace Canon’s current M-series cameras. Specs include a 32.5-megapixel APS-C sensor, 4K 60 fps video, an articulating display and more. All of that will make it a top vlogging option, if our upcoming review confirms the hype.

On top of that, Canon also announced a cheaper EOS R10 model with a 24.2-megapixel sensor that could also be an ideal vlogging camera. Both cameras are coming out towards the end of 2022.

In addition, Fujifilm just launched the X-H2S, its new $2,500 flagship mirrorless camera. With a 26.2-megapixel stacked and backside-illuminated sensor, it offers a raft of impressive features. Some of the highlights include 40 fps blackout-free burst shooting, faster autofocus, 6.2K 30fps video, a flip-out display and 7-stop in-body stabilization. If you’ve got the budget, this could be a solid vlogging choice when it arrives on July 7th.

Go to Source

Continue Reading
Home | Latest News | Tech | 3 most common — and dangerous — holes in companies’ cyber defenses
a

Market

Trending