Connect with us

ZDNET

Vietnam targeted in complex supply chain attack

Hackers have inserted malware inside an app offered for download by the Vietnam Government Certification Authority (VGCA).

Published

on

Vietnam flag Image: T.H. Chia

A group of mysterious hackers has carried out a clever supply chain attack against Vietnamese private companies and government agencies by inserting malware inside an official government software toolkit.

Special feature

Cyberwar and the Future of Cybersecurity

Cyberwar and the Future of Cybersecurity

Today’s security threats have expanded in scope and seriousness. There can now be millions — or even billions — of dollars at risk when information security isn’t handled properly.

Read More

The attack, discovered by security firm ESET and detailed in a report named “Operation SignSight,” targeted the Vietnam Government Certification Authority (VGCA), the government organization that issues digital certificates that can be used to electronically sign official documents.

Any Vietnamese citizen, private company, and even other government agency that wants to submit files to the Vietnamese government must sign their documents with a VGCA-compatible digital certificate.

The VGCA doesn’t only issue these digital certificates but also provides ready-made and user-friendly “client apps” that citizens, private companies, and government workers can install on their computers and automate the process of signing a document.

But ESET says that sometime this year, hackers broke into the agency’s website, located at ca.gov.vn, and inserted malware inside two of the VGCA client apps offered for download on the site.

The two files were 32-bit (gca01-client-v2-x32-8.3.msi) and 64-bit (gca01-client-v2-x64-8.3.msi) client apps for Windows users.

ESET says that between July 23 and August 5, this year, the two files contained a backdoor trojan named PhantomNet, also known as Smanager.

The malware wasn’t very complex but was merely a wireframe for more potent plugins, researchers said.

Known plugins included the functionality to retrieve proxy settings in order to bypass corporate firewalls and the ability to download and run other (malicious) apps.

The security firm believes the backdoor was used for reconnaissance prior to a more complex attack against selected targets.

ESET researchers said they notified the VGCA earlier this month but that the agency had already known of the attack prior to its contact.

On the day ESET published its report, the VGCA also formally admitted to the security breach and published a tutorial on how users could remove the malware from their systems.

PantomNet victims also discovered in the Philippines

ESET said that it also found victims infected with the PhantomNet backdoor in the Philippines but was unable to say how these users got infected. Another delivery mechanism is suspected.

The Slovak security firm didn’t formally attribute the attack to any particular group, but previous reports linked the PhatomNet (Smanager) malware to Chinese state-sponsored cyber-espionage activities.

The VGCA incident marks the fifth major supply chain attack this year after the likes of:

  • SolarWinds – Russian hackers compromised the update mechanism of the SolarWinds Orion app and infected the internal networks of thousands of companies across the glove with the Sunburst malware.
  • Able Desktop – Chinese hackers have compromised the update mechanism of a chat app used by hundreds of Mongolian government agencies.
  • GoldenSpy – A Chinese bank had been forcing foreign companies activating in China to install a backdoored tax software toolkit.
  • Wizvera VeraPort – North Korean hackers compromised the Wizvera VeraPort system to deliver malware to South Korean users.

Source: https://www.zdnet.com/article/vietnam-targeted-in-complex-supply-chain-attack/

vietnam-targeted-in-complex-supply-chain-attack

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

ZDNET

Best gadgets to help you get fit in the new year

Need to get fit in the new year? Here are the gadgets that can help!

Published

on

Do you spend too long in front of your desk, and not enough time moving? I know I do, and 2020, with all the COVID, lockdowns, and closed gyms and such, hasn’t helped.

At some point during the pandemic, I decided to take control back, and put my health and fitness at the top of the list once again.

Here’s how you can do the same!

Apple Watch My very own fitness instructor on my wrist

Apple Watch

The Apple Watch continues to be lynchpin of my fitness goals. It keeps me motivated, logs my exercise and activity, and keeps an eye on aspects of my health that might otherwise go neglected.

I’ve tried dozens of other smartwatches, and while many were good, none came close to the breadth of offerings that the Apple Watch brought to the table (or, more accurately, my wrist!).

For iPhone owners, there’s nothing better.

$399 at Apple

Onnit Hydrocore Bag Far more forgiving than swinging around steel!

Onnit Hydrocore Bag

I sure love swinging kettlebells, maces, and clubs around, but they’re very unforgiving. Knock yourself in the head or your leg with a lump of steel and you’re going to know about it. A bag — a tough one — filled with water is a lot more forgiving, but no less challenging.

Also, if you’re exercising indoors, it’s a heck of a lot less damaging if you drop it on the floor.

I also love the fact that I can empty the Hydrocore, pack it down, and take it with me when traveling.

Looking for workout ideas? Check out Mark Wildman’s YouTube channel.

$109 at Onnit

Crossrope Get Lean Jump Rope Remember the jump rope?

Crossrope Get Lean Jump Rope

Seems old-school, but Crossrope has brought the jump rope into the 21st century with precision engineering, and, of course, a cool app.

This kit comes with a set of precision handles (they are indeed lovely), two different weighted ropes 0.5lb and 0.25lb), and a carry pouch.

There’s also a comprehensive app offering loads of exercises, workouts, and challenges.

Super kit!

$99 at Crossrope

TRX Home2 System Suspension Trainer This bit of kit will last you a lifetime

TRX Home2 System Suspension Trainer

The TRX is not cheap, but I’ve had a couple of sets, and after years of use, abuse, and neglect, they’re still going strong. And TRX has made the leap into the 21st century by developing a very comprehensive app that offers workouts and challenges, as well as logging your workouts.

What I love about the TRX system is the versatility: I can use it at home, in a hotel room, or even outdoors. That way, there are no excuses not to train!

$184 at TRX Training

Peleton Bike Go places, while being indoors!

Peleton Bike

All the benefits of owning a bike and going to a riding club, but in a workout device that you can fit into an apartment.

The peloton isn’t for me, but I’ve spoken to a number of owners who absolutely love their bike, and feel that even after months of ownership that it continues to deliver masses of value and fun.

Not sure if it’s for you? Take advantage of the 30-day home trial.

$1,895 at Peleton

Sennheiser CX Sport Bluetooth Sports Headphones Far cheaper than AirPods Pro for guy use!

Sennheiser CX Sport Bluetooth Sports Headphone

As much as I like my AirPods Pro, they’re just not suited to hard exercise because they pop out of my ears a lot (and since I exercise a lot outdoors, it can sometimes take some time to find them again!). This is why I’ve made the switch to the Sennheiser CX Sport.

They’re light, comfortable, sound good, have a decent microphone, and are good at resisting sweat and other moisture.

I also love the color — it makes them easy to spot!

$109 at Amazon

Need more gift ideas?

Check out our ZDNet Recommends directory or Holiday Gifts hub for some more inspiration.

Our sister sites also have the following gift guides:

The Apple Watch continues to be lynchpin of my fitness goals. It keeps me motivated, logs my exercise and activity, and keeps an eye on aspects of my health that might otherwise go neglected.

Source: https://www.zdnet.com/article/best-gadgets-to-help-you-get-fit-in-the-new-year/

best-gadgets-to-help-you-get-fit-in-the-new-year

Continue Reading

ZDNET

NSW says QR codes are the most effective system for COVID-19 contact tracing

State government reminds hospitality businesses and hairdressers they need to use the Service NSW QR code system come January 1.

Published

on

qr-code-nsw.jpg Image: Service NSW

The New South Wales Minister for Customer Service Victor Dominello has lauded the state’s QR code venue check-in system, prior to it becoming mandatory for hospitality businesses and hairdressers when 2021 arrives.

If businesses do not use the Service NSW QR code check-in system, they face AU$5,000 fines, closure of the business for a week, and should the venue further fail to comply, potentially a month’s closure.

“The consequences of non-compliance and complacency when it comes to electronic record keeping are serious — it puts people’s health at risk and destroys jobs,” Dominello said.

“The feedback we’ve received from contact tracers is that the Service NSW QR code is the most effective system in assisting NSW Health to protect the community.

“Our QR code also prevents the use of fake names as a customer’s personal details are automatically captured via the Service NSW app when they scan their smartphone over the QR code.”

Government advice on the check-in arrangements says customers who do not have the app, can still register at a venue via an online form.

The mandatory use of the Service NSW QR code was first announced last week, with Dominello adding on Wednesday over 50,000 businesses were already on board, and 2 million people have used it.

NSW is looking at whether to extend the mandatory requirements to other industries later in the year.

See also: 2021 outlook: he year of scanning QR codes until a vaccine arrives

Speaking at a press conference on Wednesday where 18 new positive cases were identified in the state in the past 24 hours, Premier Gladys Berejiklian said the usage of the app would allow for increased accuracy should the need to contact trace occur, would allow for people to quickly move in and out venues, and lessen the chances of congregation around business entrances, particularly on New Year’s Eve.

Sydneysiders are being encouraged to “limit non-essential gatherings over the New Year period where possible”.

Meanwhile at the federal level, the Commonwealth government has continued to push its expensive and problematic COVIDSafe app.

The app has cost millions to create and just shy of AU$7 million to promote.

A recent Victorian report into the state’s contact tracing system said the effectiveness of the app was insignificant. Despite analysis of the COVIDSafe app being outside the scope of the inquiry, it noted that no evidence has been given to suggest that the app has been effective or contributed to supporting Victoria’s public health response.

After pausing usage of the app, Victoria returned to using it, but only to validate the manual work of contact tracers.

Over in New Zealand, the nation’s COVID Tracer app recently adopted the Apple/Google Exposure Notification Framework.

Related Coverage

“Our QR code also prevents the use of fake names as a customer’s personal details are automatically captured via the Service NSW app when they scan their smartphone over the QR code.”

Source: https://www.zdnet.com/article/nsw-says-qr-codes-are-the-most-effective-system-for-covid-19-contact-tracing/

nsw-says-qr-codes-are-the-most-effective-system-for-covid-19-contact-tracing

Continue Reading

ZDNET

How to design your business to deliver better customer outcomes

To successfully compete in the next normal, companies must develop a new strategic playbook for improving the stakeholder experience and business growth opportunities.

Published

on

postitsbrainstorm.jpg

In the next normal, businesses must develop a new customer engagement model that places a strong emphasis on measuring progress based on outcomes.

COVID-19 pandemic has significantly accelerated digital business transformation. The pandemic led to breakneck speed shift to digital-first customer engagement and remote work, prompting service and support organizations to reconsider the future of their people, process, and technology. According to recent research from Salesforce, teams are navigate new standards of engagement. As customer expectations shift, a new digital-first playbook is emerging. Eighty-one percent of decision makers say they’re accelerating digital initiatives.

As the pandemic panic gives way to post-pandemic planning, how well-positioned is your organization to deliver growth? A series of intimate conversations with Customer Experience and Customer Success executives reveals a new playbook for growth in the next normal and beyond.

Research shows that in order for businesses to connect with their customers, they must focus on outcomes, a new set of customer health metrics, improved service agility and opportunities to co-create value.

The new customer experience playbook is here: https://t.co/NKP28MQzB2 pic.twitter.com/8N00xDygSs

— Vala Afshar (@ValaAfshar) December 22, 2020

Here are eight strategic questions your organization can ask right now to look in the direction of growth, inspired by groundbreaking new research from Karen Mangia and Mathew Sweezey of Salesforce:

The first four plays with a question prompt to consider are:

  • Instead of trying to be all things to all people, who can you serve best? Go narrow and deep.
  • Who is your customer now? Invest in new buyers and influencers.
  • How many Voice of the Customer (VOC) repositories does your organization maintain? Simplify and centralize customer insights.

  • Which more strongly correlates with results for your organization: Customer Outcomes or Customer Experiences? Redefine Customer Success.

  • Once you create alignment with your key stakeholders about the answers to these questions, the next four plays with a question prompt to consider are:

  • Which organizational silos could you break down using customer outcomes as a catalyst? Correlate Customer Experiences with Customer Outcomes.
  • What is the best measure of your customer relationship health? As you evolve your definition of who your customer is and how you define customer success, evolve your metrics as well. This may mean a shift away from Net Promoter Score (NPS) toward Time To Value (TTV).
  • How can you move at the speed of customer relevance? Innovating a new future requires organizational agility. What’s one process step you can remove to enable your customer facing teams to become more agile?
  • Are you co-creating with your customers? What would it mean to your organization if you could collaborate with your customers to design the outcomes you aspire to achieve together?

  • What is the customer experience of the future?

    Delivering the customer experience of the future begins with leveraging the current shift in customer expectations and operating context as an opportunity to reset priorities and develop a new CX playbook. https://t.co/u12dtrBhtN pic.twitter.com/tTd8zywxjQ

    — Vala Afshar (@ValaAfshar) December 9, 2020

    Once you set your strategic direction, consider the organizational structure that sets you up for success. Experience Executives reveal that organizational hierarchies of the past are no longer effective to deliver the outcomes of the future. While the executives represented organizations of varying sizes and industries, four common core principles influenced their structural redesigns beyond what we’ve detailed above:

    The most effective employee loyalty program ever launched is leadership trust.

    — Karen Mangia (@karenmangia) November 18, 2020

    • Executive Support is the mission-critical first step. Visible, vocal executive support is required to launch the transformation and to sustain the transformation. Leaders responsible for delivering new results in new ways must go beyond having a seat at the table to have decision making influence and authority. Access to budget – particularly for change management, reskilling and retooling – is also critical. Resource investment signals this portfolio is a priority.

    • Correlate employee effort with employee success. Create a clear between employee effort, employee results, and employee rewards and recognition. Do your employees see themselves in your mission as well as your metrics? Ask your employees for feedback to confirm or deny your hypothesis.

    • Create a ‘customer outcomes’ council. Create an internal council to help drive these changes across the organization. The council should be constructed of senior leaders from various departments and broken into working groups focused on the key experiences and moments of truth along the customer journey.

    • Create and celebrate mini-milestones. Break your long-term journey down into a series of mini-milestones and micro-moments. Make sure to measure what matters to your customers and their definition of successful outcomes. Share the results and progress made. Celebrate progress. Celebrate behavior change. Celebrate new results.

    picture1.png

    Strategy: 6 Keys to Align Teams Around Customer Outcomes

    Businesses must continue to measure effort and progress and the journey towards earning your customer’s future business starts with measuring and reporting outcomes to all stakeholders. Cultivating a culture of responsibility and accountability starts with trust and radical transparency. Growing companies measure their progress based on their customer’s ability to achieve their desired business goals. The two most important core values of successful companies will be trust and customer success. In the next normal, business leaders must adopt an outside-in approach of ensuring that they are consistently able to deliver outcomes that matters to their customers, partners, and communities.

    Discover additional insights, strategies and actions you can take using the slide deck here.

    What are you discovering about how to transform your customers’ experience? We invite you to join us on Twitter @valaafshar, @karenmangia and @msweezey.

    This article was co-authored by Karen Mangia, vice president, Customer and Market Insights, at Salesforce and Mathew Sweezey, director of Market Strategy, at Salesforce.

    Karen Mangia is vice president, Customer and Market Insights at Salesforce. Her work focuses on strategies for personal and professional success, and she regularly works with executives, managers, and future leaders at companies of all sizes globally. She launched two new books in 2020: Listen Up! How to Tune In To Customers, And Turn Down the Noise and Working From Home: Making the New Normal Work For You – both from Wiley. She has been featured in Forbes and regularly writes for Thrive Global and ZDNet. Committed to diversity and inclusion, she serves on her company’s Racial Equality and Justice Task Force. She is a TEDx speaker and the author of Success With Less, a book that chronicles her own personal journey through a life-threatening health crisis. Her high-impact keynotes help organizations to access the future of work via innovative insights around the voice of the customer.

    Mathew Sweezey is Director of Market Strategy at Salesforce. His work focuses on the future of marketing, and what brands must do to stay relevant with consumers amidst the continuously shifting landscape. His latest book The Context Marketing Revolution was published by Harvard Business Press in 2020 and has become an Amazon Best Seller. His work is often featured in leading publications such as The Economist, Forbes, AdAge, The Observer, and Brand Quarterly.

    Source: https://www.zdnet.com/article/how-to-design-your-business-to-deliver-better-customer-outcomes/

    how-to-design-your-business-to-deliver-better-customer-outcomes

    Continue Reading

    Title

    Ventureburn4 weeks ago

    Driving entrepreneurial growth through mentoring [Opinion]

    The rise in the amount of knowledge sharing and mentoring by businesspeople through partnerships with SMEs and entrepreneurs in order...

    Coindesk4 weeks ago

    Proposed FinCen Rule on Crypto Wallets Would Likely Be Ineffective, Elliptic Says

    Elliptic said that the rules overstate the risks proposed by unhosted wallets since transactions involving cryptocurrencies and could end up...

    Entrepreneur4 weeks ago

    Tesla could include Apple Music and Amazon to its cars

    Elon Musk's company plans to introduce more and more fitness apps.

    CNBC4 weeks ago

    China scores an EU investment deal before Biden takes office — and it wants to do more

    China wrapped negotiations with the EU on an important investment deal and talked up hopes for more, less than a...

    Bioengineer4 weeks ago

    Study: Telemedicine use disparity during COVID-19 among head and neck cancer patients

    Patients more likely to complete a virtual visit by telephone, not videoCredit: Henry Ford Health System DETROIT (December 2, 2020)

    Coinpedia4 weeks ago

    Delisting XRP Continues in Exchanges, XRP Price Crash to Lowest Levels

    XRP price may experience a small bounce which will be short-term but in the long term, the price may visit...

    Reuters4 weeks ago

    Ticketmaster pays $10 million criminal fine for invading rival’s computers

    Ticketmaster LLC will pay a $10 million criminal fine to avoid prosecution on U.S. charges it repeatedly accessed the computer...

    Techcrunch4 weeks ago

    Samsung vice chairman Jay Y. Lee faces nine-year sentence in bribery case – TechCrunch

    Samsung Electronics vice chairman Jay Y. Lee faces a nine-year prison term in the bribery case that contributed to the...

    Reuters4 weeks ago

    Fauci sees U.S. gaining control over pandemic by next autumn

    The leading U.S. infectious disease specialist, Dr. Anthony Fauci, said on Wednesday he foresees America achieving enough collective COVID-19 immunity...

    ZDNET4 weeks ago

    Best gadgets to help you get fit in the new year

    Need to get fit in the new year? Here are the gadgets that can help!

    Review

      Select language

      Trending