Page 1,792«..1020..1,7911,7921,7931,794..1,8001,810..»

Changes coming to CMMC; The cryptocurrency threat landscape; Getting ready for a CR – FedScoop

Changes are coming to one of the Cybersecurity Maturity Model Certifications key documents. Eric Crusius, partner at Holland & Knight LLP, says what changes he thinks could benefit industry and what could benefit the Department of Defense.

Federal government law enforcement agencies have clawed back more than 30 million dollars in crypto currency North Korean hackers stole earlier this year.

Brian Capra, director of strategic applications for Chainalysis, explains the threat landscape presented by cryptocurrency and how the federal government can defend against it. This interview is underwritten by Chainalysis.

The end of the fiscal year is about two weeks away now and the White House is prepping agencies to get ready for another continuing resolution.

Gerard Badorrek, former chief financial officer at the General Services Administration and founder of the Federal RPA Community of Practice, discusses how agencies can get ready for a CR and how CFOs can help other parts of the organization prepare.

The Daily Scoop Podcast is available every weekday afternoon. Listen more here.

If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast on Apple Podcasts, Google Podcasts, Spotify and Stitcher. And if you like what you hear, please let us know in the comments.

See the original post here:
Changes coming to CMMC; The cryptocurrency threat landscape; Getting ready for a CR - FedScoop

Read More..

How to fast-track the future of the African cryptocurrency market – Cryptopolitan

In recent years, Africa has been one of the most active regions in the cryptocurrency industry. The continent is home to several exchanges, startups, and initiatives pushing cryptocurrency innovation forward.

Most of sub-Saharan Africas population is relatively young, 70% under 30 years old, which is critical for cryptocurrency and blockchain innovation in Africa. It makes Africa an ideal birthplace for innovative technologies, including cryptocurrencies. Africa has a history of embracing new technologies, with mobile money being used across the continent.

Even though Africa gets just 2% of the global cryptocurrency market, its rapid growth will revolutionize finance in a more digital and urban sub-Saharan continent. Africans received $105.6 billion in cryptocurrency during the one year from July 2020 through June 2021, according to Chainalysis, a blockchain data firm. According to Chainalysis, Kenya, South Africa, and Nigeria are among the top ten countries for cryptocurrency usage.

The beauty of cryptocurrency is that it permits decentralized P2P lending, allowing everyone from all economic strata to succeed by providing more financial alternatives to underserved consumer demographics. Cryptocurrencies have the potential to address several economic issues in developing countries, including expanding access to finance for micro, small, and medium-sized enterprises (MSMEs), making remittance sending easier, and providing an alternative currency.

According to Chainalysis, in 2020, $562 million worth of cryptocurrency was utilized for remittance payments in Sub-Saharan Africaor 14% of the overall $48 billion sent. Because cryptocurrencies have made low-cost mortgages feasible, people who couldnt get credit because of irregular income sources can now access it.

To accept Bitcoin as a viable currency, one must recognize its value worldwide, a truly decentralized asset that populations may utilize to move and store value securely. Because of a lack of regulation, trust, big regulatory agencies restricting digital currencies, and a scarcity of cryptocurrency education, many African nations are lagging behind, despite the aforementioned booming adoption rates in some others.

There is currently no formal educational institution for cryptocurrencies in Africa. A few key players, such as foundations and individuals, have emerged to offer training, but it isnt nearly enough to place Africa on the international map as a cryptocurrency leader.

Africans use popular social networking sites such as YouTube, TikTok, Twitter, and Facebook to learn about digital currencies like Bitcoin. They may also find helpful information on the subject from books, blog articles, or materials provided by crypto platforms such as Binance, Coinbase, and Coinmarketcap, which require an internet connection. Because of the threat of central bank regulation or bans, most African media firms have avoided promoting crypto awareness.

With the internet becoming a primary source of information for many individuals on the continent, the internet connection rate must improve dramatically if cryptocurrency businesses develop in Africa, which is far from true now. Only 22% of the continent has access to high-speed internet, which is a significant problem considering how much African countries rely on mobile towers. 91% of mobile users need to use 2G or 3G networks, which are outdated by todays standards. One blockchain startup, 3air, is working on a solution to the continents internet problem.

The African continent is home to many internet users who cannot access the web due to a lack of broadband connectivity. By leveraging blockchain technology, 3air has ambitious plans to provide fault-free connections in Africa.

In late 2021, 3air partnered with K3 Telecom to provide people in Africa with easy access to broadband. The partnership allows the telecommunications operator to expand its K3 Last Mile initiative, which provides internet connectivity for regions with low coverage. 3air promises a blockchain-based internet software interface. The physical infrastructure would include mobile base stations with the capacity to provide 15,000 users at super-speeds of 1Gbps per user, more than a hundred times faster than what current mobile internet providers offer.

Cities will feature connected base stations, with at least one station linked to the internet. Users will connect via transceivers that may find in homes and structures. These transceivers are tiny, highly effective, sturdy, and simple to install, making them cost-effective and practical for citywide usage, according to 3air. Each base station consumes 500W of power, which wont affect the local environment.

With increased access to high-speed internet, 3air hopes more people will have the opportunity to learn about and adopt cryptocurrency. 3air hopes that increased access to the internet will close the digital divide and allow for a more level playing field regarding economic opportunities. Africans who are unbanked or underbanked have flocked to cryptocurrency since it is decentralized and can keep value. 3air aims to provide everyone in Africa with access to the internet so that they may take advantage of the benefits that digital currencies provide.

Africa presents a unique opportunity for new technologies and innovations, including cryptocurrencies. The continent has a young and growing population that is increasingly tech-savvy. With the proper infrastructure and education, there is excellent potential for cryptocurrency adoption in Africa.Cryptocurrencies would be enormously beneficial for Africans. They are decentralized and perfect for countries with unstable economies or currencies. In addition, cryptocurrency can be used to send money overseas with no fees.

See the original post:
How to fast-track the future of the African cryptocurrency market - Cryptopolitan

Read More..

Cryptocurrency Ethereum Classic Decreases More Than 12% Within 24 hours – Ethereum Classic (ETC/USD) – Benzinga

Over the past 24 hours, Ethereum Classic's ETC/USD price has fallen 12.88% to $33.56. This continues its negative trend over the past week where it has experienced a 13.0% loss, moving from $39.06 to its current price.

The chart below compares the price movement and volatility for Ethereum Classic over the past 24 hours (left) to its price movement over the past week (right). The gray bands are Bollinger Bands, measuring the volatility for both the daily and weekly price movements. The wider the bands are, or the larger the gray area is at any given moment, the larger the volatility.

The trading volume for the coin has decreased 2.0% over the past week, while the overall circulating supply of the coin has decreased 0.29% to over 136.91 million. This puts its current circulating supply at an estimated 64.98% of its max supply, which is 210.70 million. The current market cap ranking for ETC is #19 at $4.64 billion.

Powered by CoinGecko API

This article was generated by Benzinga's automated content engine and reviewed by an editor.

See the original post here:
Cryptocurrency Ethereum Classic Decreases More Than 12% Within 24 hours - Ethereum Classic (ETC/USD) - Benzinga

Read More..

Quantum Computing’s Impact Could Come Sooner Than You Think – CNET

In 2013, Rigetti Computing began its push to make quantum computers. That effort could bear serious fruit starting in 2023, the company said Friday.

That's because next year, the Berkeley, California-based company plans to deliver both its fourth-generation machine, called Ankaa, and an expanded model called Lyra. The company hopes those machines will usher in "quantum advantage," when the radically different machines mature into devices that actually deliver results out of the reach of conventional computers, said Rigetti founder and Chief Executive Chad Rigetti.

Quantum computers rely on the weird physics of ultrasmall elements like atoms and photons to perform calculations that are impractical on the conventional computer processors that power smartphones, laptops and data centers. Advocates hope quantum computers will lead to more powerful vehicle batteries, new drugs, more efficient package delivery, more effective artificial intelligence and other breakthroughs.

So far, quantum computers are very expensive research projects. Rigetti is among a large group scrambling to be the first to quantum advantage, though. That includes tech giants like IBM, Google, Baidu and Intel and specialists like Quantinuum, IonQ, PsiQuantum, Pasqal and Silicon Quantum Computing.

"This is the new space race," Rigetti said in an exclusive interview ahead of the company's first investor day.

For the event, the company is revealing more details about its full technology array, including manufacturing, hardware, the applications its computers will run and the cloud services to reach customers. "We're building the full rocket," Rigetti said.

Although Rigetti isn't a household name, it holds weight in this world. In February, Rigetti raised $262 million and became one of a small number of publicly traded quantum computing companies. Although the company has been clear its quantum computing business is a long-term plan, investors have become more skeptical. Its stock price has dropped by about three quarters since going public, hurt most recently when Rigetti announced the delay of a $4 million US government contract that would have accounted for much of the company's annual revenue of about $12 million to $13 million.

The company argues it's got the right approach for the long run, though. It starts in early 2023 with Ankaa, a processor that includes 84 qubits, the fundamental data processing element in a quantum computer. Four of those ganged together are the foundation for Lyra, a 336-qubit machine. The names are astronomical: Ankaa is a star, and Lyra is a constellation.

Rigetti doesn't promise quantum advantage from the 336 qubit machine, but it's the company's hope. "We believe it's absolutely within the realm of possibility," Rigetti said.

Having more qubits is crucial to more sophisticated algorithms needed for quantum advantage. Rigetti hopes customers in the finance, automotive and government sectors will be eager to pay for that quantum computing horsepower. Auto companies could research new battery technologies and optimize their complex manufacturing operations, and financial services companies are always looking for better ways to spot trends and make trading decisions, Rigetti said.

Rigetti plans to link its Ankaa modules into larger machines: a 1,000-qubit computer in 2025 and a 4,000-qubit model in 2027.

Rigetti isn't the only company trying to build a rocket, though. IBM has a 127-qubit quantum computer today, with plans for a 433-qubit model in 2023 and more than 4,000 qubits in 2025. Although qubit count is only one measure of a quantum computer's utility, it's an important factor.

"What Rigetti is doing in terms of qubits pales in comparison to IBM," said Moor Insights & Strategy analsyt Paul Smith-Goodson.

Along with those machines, Rigetti expects developments in manufacturing, including a 5,000-square-foot expansion of the company's Fremont, California, chip fabrication facility now underway, improvements in the error correction technology necessary to perform more than the most fleeting quantum computing calculations, and better software and services so customers can actually use its machines.

Rigetti Computing's plans for improvements to its broad suite of quantum computing technology.

To reach its goals, Rigetti also announced four new deals at its investor event:

Qubits are easily perturbed, so coping with errors is critical to quantum computing progress. So is a better foundation less prone to errors. Quantum computer makers track that with a measurement called gate fidelity. Rigetti is at 95% to 97% fidelity today, but prototypes for its fourth-generation Ankaa-based systems have shown 99%, Rigetti said.

In the eyes of analyst Smith-Goodson, quantum computing will become useful eventually, but there's plenty of uncertainty about how and when we'll get there.

"Everybody is working toward a million qubit machine," he said. "We're not sure which technology is really going to be the one that is going to actually make it."

Original post:
Quantum Computing's Impact Could Come Sooner Than You Think - CNET

Read More..

Are AI and Quantum Computing Infrastructure? The Feds Say Yes – MeriTalk

From the White House to the boathouse, infrastructure has traditionally been narrowly defined as the roads, bridges, waterways, and other projects that allowed a post-industrial America to flourish.

Not anymore.

In the latest sign that the technology revolution is moving in new directions, a six-line law with no name is helping to redefine the traditional notions of infrastructure to include artificial intelligence, quantum computing, and semiconductors.

The legislation, quietly signed by President Biden last month, amended a 2015 law widely known as a highway bill, as befitted its name: the Fixing Americas Surface Transportation (FAST) Act.

A provision of the law provides for expedited Federal environmental and permitting review for covered infrastructure construction projects. Currently, those projects include some of the largest, most complex, and novel infrastructure projects in the U.S., such as massive pipelines and multibillion-dollar renewable energy projects, according to a Federal steering council overseeing them.

Now, with the recent change in the law, the projects potentially qualifying for speeded-up review also encompass semiconductors, artificial intelligence and machine learning, high-performance computing and advanced computer hardware and software, quantum information science and technology, data storage and data management, (and) cybersecurity.

The amended law, titled only An Act, added those computer-related projects.

The legislations sponsor, Sen. Bill Hagerty, R-Tenn., says his intention is to boost national security, especially by fast-tracking permitting reviews of semiconductor plants expected to be built because of the Chips and Science Act. That law, also signed by Biden last month, provided funding incentives to establish such plants.

I came to Washington to create jobs for the American people and bolster our national security to beattheChinese Communist Partyin the competition that will define the century, Hagerty said after Biden signed the FAST Act law on Aug. 16. His office called the FAST Act legislation a watershed bill that enacts regulatory reform that benefits private-sector companies building products that are essential to American national and economic security.

A technology industry expert familiar with the legislation downplayed its effects, saying that Hagertys bill does not represent a collective movement to recast what critical infrastructure looks like. I think that smartly, what youre starting to see is more the ability to leverage technology as components of broader infrastructure projects. It doesnt make the components themselves infrastructure.

But the official summary of the bill by the respected Congressional Research Service calls AI, semiconductors and the other new technology projects now covered by the FAST Act infrastructure projects.

And infrastructure experts say that redefinition has the potential to fast-track a variety of tech projects beyond the scope of what has long been considered critical infrastructure.

Anthony Lamanna, a professor at the Del E. Webb School of Construction at Arizona State University, says infrastructure has traditionally been viewed as the built environment for civilization your water, your sewage, your electric.

When he first read the FAST Act revision, Lamanna says, I have a background in concrete and construction, so my gut was that the tech stuff doesnt really fit.

On further reflection, he says, Maybe we start looking at this as the chip manufacturers are part of this future cyber infrastructure I think somebody coming up with this stuff seems to be thinking far into the future. By fast-tracking these projects, were saying this is important to civilization in the future.

Adie Tomer, a senior fellow and infrastructure expert at the Brookings Institution, likened the language in Hagertys bill to last years high-profile Infrastructure Investment and Jobs Act, which he says makes it explicit that the way infrastructure is construed is that broadband and digital technology is considered infrastructure.

Clearly, we are modernizing our definition of physical infrastructure to include digital tech, says Tomer, who supports the change but says it also bears further scrutiny because data storage facilities and other projects potentially covered by Hagertys bill are privately owned.

What should be the Federal relationship with the private owners of those kinds of facilities? Tomer asked. I dont think its necessarily clear yet Its a critical area to watch.

On the day Biden signed the Infrastructure Investment and Jobs Act last year, a White House blog post hailing the legislation focused almost exclusively on projects such as roads, bridges, and rail, along with broadband.

But a MeriTalk review of the legislation shows that the word digital appears 144 times, including a Federal requirement to adopt digital management systems on construction sites using state-of-the-art automated and connected machinery and optimized routing software.

The bill also requires the administration to report to Congress on using digital tools and platforms as climate solutions, including AI and blockchain technologies.

The move towards redefining infrastructure for the tech age echoes recent developments in Europe, where the European Union adopted tougher cybersecurity rules for network and information systems. The European Commission, which proposed the measures, defined them as critical infrastructure protection that would make Europe fit for the digital age.

In Washington, the FAST Act legislation was introduced in the Senate by Hagerty and several co-sponsors on Jan. 10 and passed the same day by unanimous consent. After a brief floor debate, it cleared the House in July by a vote of 303-89.

During the debate, Rep. Jim Costa, D-Calif., called the legislation a commonsense bill that will build on the progress we are already making today with the CHIPS and Science Act.

The bill here simply adds key national security-related technologies, like semiconductors, to the types of projects that are eligible for an existing Federal program that improves the coordination between Federal departments on permitting, Costa added.

That environmental review and permitting process, Hagerty has said, should be much speedier for the tech projects now covered by his bill, dramatically (reducing) the time required to stand up new manufacturing capacity in strategically critical sectors, such as semiconductor fabrication.

The Federal Permitting Improvement Steering Council oversees that expedited permitting process. When it added another industry to the eligible projects last year, it chose one decidedly more traditional than high tech: mining.

Mining is an important infrastructure sector, the body wrote.

Follow this link:
Are AI and Quantum Computing Infrastructure? The Feds Say Yes - MeriTalk

Read More..

Moritz Schlick Postdoc, Quantum Computing for excited state chemistry and chemical dynamics job with UNIVERSITY OF VIENNA | 308872 – Times Higher…

Moritz Schlick Postdoc position in the field of Quantum Computing for excited state chemistry and chemical dynamics

The Moritz Schlick early-career programme (MSECP) at the University of Vienna supports early stage postdocs with high potential for an academic career. Participants in the programme receive outstanding financial support as well as training and mentoring to allow them to develop their full potential. Moritz Schlick early-career Postdoc Programm (univie.ac.at)

1. General Description (research group)

The Gonzlez research groups focus (https://theochem.univie.ac.at/) is driven by understanding chemical phenomena using contemporary computational and theoretical methods. In particular, we employ ab initio quantum chemistry to understand relationships between structure and function but we also develop chemical dynamics methods to model and predict chemical and photochemical process of complex systems and to control chemical reactions using light. Prof. Gonzlez's current research focus is put at using highly accurate electronic structure methods, developing molecular reaction dynamical methods and interfacing both fields to achieve basic understanding of chemical processes and structure-function relationships as well as obtain quantitative predictions in molecules, biological systems and materials.

2. Job Description for the Moritz Schlick position

A Postdoc position is available for an early stage researcher at the University of Vienna, Austria, in the field of quantum computing for excited state chemistry and chemical dynamics.

Quantum Chemistry is one of the leading applications for quantum computers. Simple model systems have already been made available on noisy intermediate-scale quantum (NISQ) computers. With the number of qubits growing larger, advanced algorithms of quantum chemistry can be applied to quantum computers.

Future quantum computers will be coupled to classical high-performance computer (HPC) systems and work as accelerators, where the algorithms showing unfavorable scaling on these classical systems will get offloaded onto the quantum devices. Coupling the quantum algorithms with computer codes executed on standard HPC systems is therefore extremely important.

Within this position, the candidate will explore and adapt currently available algorithms for quantum chemistry on quantum computers and combine the electronic structure calculations with our in-house ab initio molecular dynamics code SHARC. Potential applications on photophysical, photochemical or photobiological systems are possible. Exploratory simulations will be carried out on quantum simulators and NISQ type devices, with emphasis on in silico applications aimed at designing photoactive materials for energy conversion and storage.

The applicant will work within in quantum chemistry and chemical dynamics group at the Institute of Theoretical Chemistry, led by Prof. Leticia Gonzalez.

In this position, a one-time financial contribution of 75K will be made available.

3. Qualification profile (minimum)

4. Qualification profile (additional skills, necessary language, IT qualifications etc.)

5. Research Fields (keywords)

6. Mentor

The additional mentor for this position is Christoph Dellago.

7. Earliest Start Date: February, 2023.

Read more here:
Moritz Schlick Postdoc, Quantum Computing for excited state chemistry and chemical dynamics job with UNIVERSITY OF VIENNA | 308872 - Times Higher...

Read More..

The Ethereum Merge Just Unlocked a Hidden Cloud Computing Opportunity – InvestorPlace

Source: Shutterstock

TheEthereum(ETH-USD) Merge was the worst thing to happen for any miners relying on ETH hashing for passive income. The once lucrative venture has become obsolete as Ethereum moves to proof-of-stake. Now, these miners are left with heaps of worthless hardware. Or is it not so worthless? As some experts point out, these miners actually have a new use case to fall back on.

One of the major storylines emerging from the Merge is the networks switch away from proof-of-work, which had been its consensus algorithm since 2015. With it, transactions can only be validated and processed by solving a series of intensive cryptographic puzzles. These puzzles are also only capable of being solved by computers with sizable processing power. The very process of crypto mining is putting computers to work in solving these puzzles.

This has been an appealing way for anybody with the means to make income. All one needs to do is buy a mining rig. Of course, these casual miners must also compete with massive crypto mining farms owned by companies, which utilize many thousands of rigs. The consensus mechanism itself has been highly criticized as well. Crypto naysayers point to proof-of-work as a huge sap of energy, one many see as completely unnecessary to the market.

By transitioning to proof-of-stake, Ethereum can operate on a much more energy-efficient mechanism. This satiates the eco-conscious, with the added bonus of being much faster and cheaper than proof-of-work.

However, it leaves lots of miners in the dust. What is to become of all the Ethereum mining rigs of the world? Certainly there should be some new use case for them, lest it all turn to electronic waste. Well, there might actually be a solution for this hardware in another growing industry.

The Ethereum Merge may have stunted miners for the time being by taking hardware out of commission. But theres another use case on the horizon in cloud computing. It could prove just as lucrative and keep vast amounts of electronic waste from the landfills.

Protocol reports that the Merge will produce lots of waste if miners cant repurpose their machines. And as the outlet points out, only about 20% of all electronic waste is actually recycled. However, experts suggest that unlikeBitcoin(BTC-USD) mining rigs, ETH miners can put their devices to use in other savvy ways.

Blockchain validating is quite similar to the act of cloud computing. Transactors on the blockchain outsource cryptographic hashing to these miners in the same way websites and other entities outsource site hosting and web services to cloud computing companies. This is opening the door for ETH miners to put their expensive hardware to use even after the Merge.

Hive Blockchain Technologies(NASDAQ:HIVE) is one of the companies getting the ball rolling on ETH mining-turned-cloud computing farms. The company says it will be using its 38,000 Ethereum mining GPUs to provide bespoke web services to new clients. Hut 8 Mining (NASDAQ:HUT) says it will be doing the same with its 180 machines, focusing on machine learning and artificial intelligence (AI) applications.

Even still, theres also a market for secondhand Ethereum mining machines. This is because personal computers run using the same graphical hardware. However, with the CHIPS Act expected to bring down inflated GPU prices, investors will be less likely to pick up a mining machine that has been running 24 hours a day. Nonetheless, experts are pointing out plenty of second lives for these machines, hopefully bringing some solace to investors worried about post-Merge waste implications.

On Penny Stocks and Low-Volume Stocks:With only the rarest exceptions,InvestorPlacedoes not publish commentary about companies that have a market cap of less than $100 million or trade less than 100,000 shares each day. Thats because these penny stocks are frequently the playground for scam artists and market manipulators. If we ever do publish commentary on a low-volume stock that may be affected by our commentary, we demand thatInvestorPlace.comswriters disclose this fact and warn readers of the risks.

Read More:Penny Stocks How to Profit Without Getting Scammed

On the date of publication, Brenden Rearickdid not hold (either directly or indirectly) any positions in the securities mentioned in this article. The opinions expressed in this article are those of the writer, subject to the InvestorPlace.comPublishing Guidelines.

Brenden Rearick is a Financial News Writer for InvestorPlaces Todays Market team. He mainly covers digital assets and tech stocks, with a focus on crypto regulation and DeFi.

View post:
The Ethereum Merge Just Unlocked a Hidden Cloud Computing Opportunity - InvestorPlace

Read More..

Google Cloud Bets Big on Europe and Asia With Data Sovereignty Cloud – Business Insider

In 2020, Google Cloud signaled to the industry its plans to make big investments in data sovereignty the term for hosting cloud data in the same country where its users reside particularly in Europe and Asia, where data-privacy regulations are strictest.

Leaked internal documents that Insider viewed show that Google Cloud sees an initiative called "trusted partner cloud," or TPC, as the linchpin of this strategy. The push toward TPC entails Google Cloud partnering with local data-center providers in certain countries, the better to reassure customers that their data is being stored in accordance with local regulations. Those data-center partners would provide Google Cloud's platform services out of their own facilities.

An internal site for employees, dated August 30th, makes clear that TPC is a major bet for Google Cloud, calling it the "most important program" of 2022 for the division. In an internal FAQ dated August 9, Google Cloud estimates that data sovereignty is a $100 billion market.

"We either do this or risk half of our market share," the FAQ said.

Tech companies have been scrambling to help European customers comply with regulations like the General Data Protection Regulation. Court decisions like Schrems II in 2020 also restrict international data transfers between the US and Europe. Likewise, Asian countries including China, Indonesia, and Vietnam have laws that require sensitive data to be stored on servers within the country.

The organization-wide mandate to employees was to drop everything and make Google Cloud's services work for TPC by the end of the year, said an employee, who spoke on condition of anonymity because they aren't authorized to speak to the press. They added that this can be a challenge since many of these services were designed to work on Google's hardware rather than other data centers.

Google Cloud's FAQ said that TPC potentially required "invasive and disruptive changes to our production infrastructure and operational models" and that "if GCP can't evolve its operating model to meet these new requirements, we face being left behind in half the world."

Google Cloud has already been investing in data sovereignty in Europe for years, starting with a commitment to European businesses in 2019. It has partnered with T-Systems to offer a sovereign cloud in Germany and with Thales to offer a sovereign cloud in France. It also launched data sovereignty control features for European customers last year.

TPC would allow Google Cloud to better compete with Microsoft, which announced a similar product in July and operates similar partnerships in countries like France, Germany, and China.

"The lack of European hyperscale providers means that most European companies must negotiate with US-based companies," a Google Cloud internal deck from August 2021 about tech executives' perspectives on data sovereignty in Europe said. "Microsoft is perceived as ahead in terms of willingness to customize individual contracts, though AWS has improved."

Google's TPC project builds on its plans for a sovereign cloud in Europe, giving customers the choice of where to host their data. The documents Insider viewed, which were dated from June, show that Google Cloud plans to launch that European cloud service in different countries through 2023 and 2024.

TPC itself will aim for "region readiness" through the end of 2023, including launching data centers in Paris, the documents say. Meanwhile, Google Cloud plans to launch a "TPC Lite" program to let users host their data in Google's existing data centers in some countries.

The full version of TPC plans to offer features such as the ability for only personnel based in a certain country to handle data stored in that region; heightened data security; and tighter control over where data physically resides.

"Acting quickly and addressing the market not only lets us address these customers but gives us an opportunity for differentiation from our competitors," the FAQ said.

Got a tip? Contact this reporter via email at rmchan@insider.com, Signal at 646.376.6106, or Telegram at @rosaliechan. (PR pitches by email only, please.) Other types of secure messaging available upon request.

Read more:
Google Cloud Bets Big on Europe and Asia With Data Sovereignty Cloud - Business Insider

Read More..

Attacker Apparently Didn’t Have to Breach a Single System to Pwn Uber – DARKReading

Questions are swirling around Uber's internal security practices after an 18-year-old hacker gained what appears to have been complete administrative access to critical parts of the company's IT infrastructure using an employee's VPN credentials as an initial access vector.

Numerous screenshots that the alleged attacker posted online suggest the intruder did not have to breach a single internal system to essentially pwn the ride-sharing giant's IT domain almost entirely.

So far,Uber has not disclosed details of the incident beyond saying that the company is responding to it and working with law enforcement to investigate the breach. So, at least some of what is being is reported about the incident is based on a New York Times report from Sept. 15 in whichthe teenclaimed to have gained access to Uber's internal networks using credentials obtained from an employee via social engineering. The attacker used that access to move laterally across Uber's internal domain to other critical systems, including its email, cloud storage, and code repository environments.

Since then, he has posted numerous screen shots of internal systems at Uber to confirm the access he had obtained on it and how it was obtained.

The screenshots show the hacker gained full administrative access to Uber's AWS, Google Cloud, VMware vSphere, andWindowsenvironments as well as to a full database of vulnerabilities in its platform that security researchers have discovered and disclosed to the company via a bug bounty program managed by HackerOne. The internal data the attacker accessed appears to include Uber sales metrics, information on Slack, and even info fromthe company's endpoint detection and response (EDR) platform.

In a tweet thread that some security researchers reposted,Twitter user Corben Leo posted claims from the alleged hacker that heused the socially engineered credentials to access Uber's VPN and scan the company's intranet. The hacker described finding an Uber network share that contained PowerShell scripts with privileged admin credentials. "One of the PowerShell scripts contained the username and password for an admin user in Thycotic (PAM). Using this I was able to extract secrets for all services, DA, Duo, OneLogin, AWS, GSuite," the attacker claimed.

For now, the attacker's motivations are not very clear. Normally, it's pretty apparent, but the only thing that hacker has done so far is make a lot of noise, noted that Uber drivers should be paid more, and shared screenshots proving access.

"They seemed really young and maybe even a little sloppy. Some of their screenshots had open chat windows and a ton of metadata," saysSam Curry, a security engineer at Yuga Labs who has reviewed the screenshots,

Invincible Security Group (ISG), a Dubai-based security services firm, claimed that its researchers had obtained a list of administrative credentials that the threat actor had gathered. "They seem to be strong passwords, which confirms that it was indeed a social-engineering attack that got him access to Uber's internal network," ISG tweeted.

Curry tells Dark Reading thatthe attacker appears to have gained initial access from compromising one employee's login information and social engineering that person'sVPN two-factor authentication2FA prompt.

"Once they had VPN access, they discovered a network drive with 'keys to the kingdom,' which allowed them to access [Uber's] cloud hosting as root on both Google Cloud Platformand Amazon Web Services," Curry notes. "This means they probably had access to every cloud deployment, which is likely the majority of Uber's running applications and cloud storage."

One significant fact is that the employee who was initially compromised worked in incident response, he notes, adding that normally such employees have access to many more tools within Uber's environment than average employees.

"Having this level of access, and additionally the access they found in the PowerShell script, means that they probably didnt have too many limitations to do whatever they wanted inside Uber," Curry says.

In a series of tweets, independent security researcher Bill Demirkapi said the attacker appears to have gained persistent MFA access to the compromised account at Uber "by socially engineering the victim into accepting a prompt that allowed the attacker to register their own device for MFA."

"The fact that the attackers appear to have compromised an IR team member's account is worrisome," Demirkapi tweeted. "EDRs can bake in 'backdoors' for IR, such as allowing IR teams to 'shell into' employee machines (if enabled), potentially widening the attacker's access."

The apparent fact that the attacker gained access to Uber vulnerability data submitted via its bug bounty program is also problematic, security experts say.

Curry says he learned of the access after the hacker posted a comment about Uber being hacked on the company's bug bounty tickets. Curry had previously discovered and submitted a vulnerability to Uber, which if exploited would have permitted access to its code repositories. That bug was addressed, but it's unclear how many of the other vulnerabilities that have been disclosed to the company have been fixed, how many of them were unpatched, and what level of access those vulnerabilities could provide if exploited. The situation could become significantly worse if the hacker sells the vulnerability data to others.

"Bug bounty programs are an important layer in mature security programs," says Shira Shamban, CEO at Solvo. "A main implication here is that the hacker now knows about other vulnerabilities within the Uber IT environment and can use them to set up backdoors for future use, which is unsettling."

Vulnerability and pen-testing tools are important in enabling companies to better assess and improve the security postures, says Amit Bareket, CEO and co-founder of Perimeter 81. "However, if the correct security measures aren't put in place, these tools can turn into double-sided swords, enabling bad actors to take advantage of the sensitive information they may contain," he says.

Companies should be aware of this and make sure such reports are protected and stored in encrypted form to avoid being misused for malicious intent, Bareket notes.

The latest incident is unlikely to do much to improve Uber's already somewhat dinged reputation for security. In October 2016, the company experienced a data breach that exposed sensitive information on some 57 million riders. But instead of disclosing the breach as it was required to, the company paid $100,000 to the security researchers that reported the breach in what was viewed as an attempt to pay them off. In 2018, the company settled a lawsuit over the incident for $148 million. It arrived at similar but much smaller settlements in lawsuits over the incidents in the UK and the Netherlands.

Go here to see the original:
Attacker Apparently Didn't Have to Breach a Single System to Pwn Uber - DARKReading

Read More..

3 Stock-Split Stocks Set to Soar 33% to 133%, According to Wall Street – The Motley Fool

There's been quite a bit of hoopla this year over several big companies conducting stock splits. However, those stock splits haven't served as major catalysts in most cases.

But some of those stocks just might be able to deliver big gains over the next 12 months. Here are three stock-split stocks that are set to soar 33% to 133%, according to Wall Street.

Amazon (AMZN -2.18%) didn't get much of a bounce from its 20-for-1 stock split conducted in June. Instead, shares of the e-commerce and cloud giant fell in the days after the split.

Wall Street remains optimistic about Amazon's prospects, though. The consensus price target for the stock reflects a 33% upside potential over the next 12 months.

How might Amazon deliver such a strong return? The company's e-commerce business faces challenges with inflation and supply chain disruptions. If those headwinds die down (which seems quite possible), the outlook for Amazon's biggest business could improve.

Amazon's biggest growth driver, though, is its Amazon Web Services (AWS) cloud hosting segment. AWS should be likely to continue growing, regardless of what happens with the overall economy. If a recession doesn't materialize, however, that growth could be better than expected and lead to a strong rebound for Amazon stock.

It would be an exaggeration to say that no one paid attention toBrookfield Infrastructure's (BIP -1.55%) (BIPC 1.57%) 3-for-2 stock split in June. However, this transaction definitely didn't receive the coverage that stock splits by Amazon and other big companies did.

Brookfield Infrastructure has managed to do what most of those other stock-split stocks haven't by delivering a positive return so far in 2022. Analysts think the infrastructure stock could move a lot higher, too. The average one-year price target for the stock is 35% above the current share price.

Brookfield Infrastructure owns a diversified portfolio of assets across the world. Some of those assets, especially its 16,200 kilometers of natural gas pipelines, could enjoy higher demand with the prevailing energy market dynamics.

The dynamics for the stock market could continue to help Brookfield Infrastructure, as well, if the current volatility persists. This stock is one that risk-averse investors should love. The company's infrastructure assets generate reliable revenue. Brookfield Infrastructure also offers an attractive distribution that's increased by a compound annual growth rate of 10% since 2009.

Shopify (SHOP -6.26%) also conducted a stock split in June, giving shareholders 10 shares for every share they previously held. This split didn't cause a surge in Shopify's share price, though.

2022 has been a brutal year for Shopify. Its stock has plunged more than 75% year to date. Macroeconomic worries have hurt to some extent, resulting in slowing e-commerce growth. Shopify's investments in other publicly traded companies whose share prices have tumbled also contributed to the company posting net losses.

Wall Street analysts are very bullish about Shopify, though. The consensus price target for the stock reflects an upside potential of 133%.

What would be required for Shopify's share price to more than double over the next 12 months? An overall stock market rebound would help tremendously. That could cause investors to again flock to growth stocks such as Shopify.

Shopify also continues to expand its platform with new services. If these efforts pay off by attracting significant numbers of new merchants, Shopify's share price could make an impressive comeback.

John Mackey, CEO of Whole Foods Market, an Amazon subsidiary, is a member of The Motley Fool's board of directors. Keith Speights has positions in Amazon, Brookfield Infrastructure Corporation, and Brookfield Infrastructure Partners. The Motley Fool has positions in and recommends Amazon and Shopify. The Motley Fool recommends Brookfield Infra Partners LP Units, Brookfield Infrastructure Corporation, and Brookfield Infrastructure Partners and recommends the following options: long January 2023 $1,140 calls on Shopify and short January 2023 $1,160 calls on Shopify. The Motley Fool has a disclosure policy.

Read more from the original source:
3 Stock-Split Stocks Set to Soar 33% to 133%, According to Wall Street - The Motley Fool

Read More..