Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Web Services. Show all posts

Oracle and Cohere Collaborate for New Gen AI Service

 

During Oracle's recent earnings call, company founder Larry Ellison made an exciting announcement, confirming the launch of a new generation AI service in collaboration with Cohere. This partnership aims to deliver powerful generative AI services for businesses, opening up new possibilities for innovation and advanced applications.

The collaboration between Oracle and Cohere signifies a strategic move by Oracle to enhance its AI capabilities and offer cutting-edge solutions to its customers. With AI playing a pivotal role in transforming industries and driving digital transformation, this partnership is expected to strengthen Oracle's position in the market.

Cohere, a company specializing in natural language processing (NLP) and generative AI models, brings its expertise to the collaboration. By leveraging Cohere's advanced AI models, Oracle aims to empower businesses with enhanced capabilities in areas such as text summarization, language generation, chatbots, and more.

One of the key highlights of this collaboration is the potential for businesses to leverage the power of generative AI to automate and optimize various processes. Generative AI has the ability to create content, generate new ideas, and perform complex tasks, making it a valuable tool for organizations across industries.

The joint efforts of Oracle and Cohere are expected to result in the development of state-of-the-art AI models that can revolutionize how businesses operate and innovate. By harnessing the power of AI, organizations can gain valuable insights from vast amounts of data, enhance customer experiences, and streamline operations.

This announcement comes in the wake of Oracle's recent acquisition of Cerner, a healthcare technology company, further solidifying Oracle's commitment to revolutionizing the healthcare industry through advanced technologies. The integration of AI into healthcare systems holds immense potential to improve patient care, optimize clinical processes, and enable predictive analytics for better decision-making.

As the demand for AI-powered solutions continues to rise, businesses are seeking comprehensive platforms that can deliver sophisticated AI services. With Oracle and Cohere joining forces, organizations can benefit from an expanded suite of AI tools and services that can address a wide range of industry-specific challenges.

The collaboration between Oracle and Cohere highlights the growing importance of AI in driving innovation and digital transformation across industries. As businesses increasingly recognize the value of AI, partnerships like this one are crucial for pushing the boundaries of what AI can achieve and bringing advanced capabilities to the market.

The partnership between Oracle and Cohere signifies a significant step forward in the realm of AI services. The collaboration is expected to deliver powerful generative AI solutions that can empower businesses to unlock new opportunities and drive innovation. With Oracle's expertise in enterprise technology and Cohere's proficiency in AI models, this collaboration holds great promise for businesses seeking to leverage the full potential of AI in their operations and strategies.

DoControl: Growing its SaaS Security Platform

DoControl offers an integrated, automated, and risk-aware SaaS Security Platform that protects apps and data which are essential to corporate operations promotes operational efficiency and boosts productivity. Protecting data and business-critical SaaS apps through automated remediation is DoControl's key strength.

DoControl's newest module adds shadow SaaS application identification, monitoring, and remediation to build on earlier advancements that target mission-critical use cases and better defend companies from SaaS supply chain assaults. By establishing machine identities that are frequently overprivileged, unapproved of, and unmonitored, SaaS application-to-application communication capabilities raise the risk. To address regulatory gaps and automatically close supply chain-based attack vectors, DoControl's SaaS Security Platform extension offers total control and transparency across all authorized and unauthorized SaaS apps.

One service platform that delivers unified security across various apps is required by the industry as a result of the rapid expansion of SaaS applications, the need to integrate them, or the economic pressures to integrate vendors. DoControl has established itself as the end-to-end SaaS security platform supplier, including CASB, DLP, Insider Risk, and Workflows, so now Shadow Apps enable security teams to accomplish more with less effort.

Extensive shadow application governance is aided by the DoControl SaaS Security Platform's expansion:

Facts and Awareness: All interlinked  SaaS applications within a company's estate can be found by organizations, both sanctioned and unsanctioned. Businesses can spot issues of non-compliance and comprehend the high-risk SaaS platforms, apps, or users vulnerable inside the SaaS estate with rigorous surveying and inventories.

Analyze and Operate: Utilizing pre-approval rules and workflows that demand end users present a business explanation for acquiring new apps, companies can conduct app reviews with business users. Security staff can also place suspect applications in quarantine, limit a user's access rights, and revoke such privileges.

Automated Cleanup: Organizations can automate the application of security policies throughout the entire SaaS application stack by using low-code/no-code solutions. Through automated patching of various threat vectors, DoControl's Security Workflows limit vulnerability brought on by third-party apps and stop unauthorized or high-risk app usage.

Data security is essential, but several systems lack the level of specificity and set of capabilities modern businesses require to secure sensitive data and operations, particularly in the intricate and linked world of SaaS apps. DoControl finds every SaaS user, partner company, asset, and metadata, as well as OAuth applications, groups, and activity events. Without hindering business enablement, DoControl helps to lower risk, prevent data breaches, and manage insider risk.


After a Security Incident, CircleCI Urges Customers to Rotate Secrets

 


There has been a security threat affecting CircleCI, an American software development service, and the service has urged its users to rotate their secrets to avoid this kind of catastrophe. 

Security Issue Alerts for CircleCI Users

It has recently been announced that the American DevOps platform CircleCI is urging its users after a security incident to rotate their secrets. CircleCI is one of the most popular CI/CD platforms today, providing developers with continuous integration and delivery, enabling them to create code more quickly. A million people use this tool each year, and thousands of companies rely on it for their business. However, in the wake of this security breach, they have been warned. 

Rob Zuber, the Chief Technology Officer of CircleCI, has stated on the CircleCI blog that all secrets stored in CircleCI should be rotated immediately. This includes variables in the project environment variables and contexts that may contain cryptographic information. This issue was also addressed by CircleCI on Twitter, warning customers to take precautions. 

CircleCI assured its users that building applications with CircleCI was safe and that the company offered a secure platform. 

Besides sharing tools intended to assist teams in tracking down all the potentially compromised secrets, CircleCI has also announced it is working with Amazon Web Services to notify those customers who might have their tokens breached. 

Earlier, CircleCI warned customers regarding the circulation of a credential harvesting scam. This scam was attempting to trick users into entering their GitHub login credentials through what was presented as updated Terms of Service. 

Zuber mentioned in a blog that it would be wise for customers from December 21, 2022, to January 4, 2023, to review their internal logs for their systems and ensure that no unauthorized access was made to them. A further point that Zuber brought up was that all API tokens associated with Projects have been invalidated, and as a result, users will have to replace them. 

Details on CircleCI Security Incident Not Provided

It is imperative to note that CircleCI has notified users of a security issue. It has offered advice on how to protect data. However, further details have yet to be released about what the problem is and what it entails. Despite this, as Rob Zuber stated in the blog post he wrote about CircleCI, it appears that the company intends to provide more details about the incident shortly. 

CircleCI Security Incidents Are Not New

CircleCI has dealt with breaches that have occurred in the past, although it is not clear what the details of the incident were. A breach occurred in 2019 when a third-party analytics vendor gained access to sensitive data through the infiltration of the company's network. 

Furthermore, an attacker gained access to several usernames, email addresses, branch names, repository URLs, and IP addresses that can be used as attack credentials. According to the company, users were warned to review their repository and branch names when the issue occurred.

Over 3.6M MySQL Servers Found Unguarded Online

 

Researchers at The Shadowserver Foundation have unearthed over 3.6 million MySQL susceptible MySQL servers on the internet, making them a lucrative target to attackers and extortionists. 

In scans conducted last week, researchers identified 3.6 million exposed MySQL servers using the default port, TCP port 3306. Out of 3.6 million, 2.3 million of these servers are linked over IPv4, while 1.3 million devices are connected over IPv6.

"While we do not check for the level of access possible or exposure of specific databases, this kind of exposure is a potential attack surface that should be closed," explains the report from Shadow Server.

The country with the most accessible IPv4 servers is the United States (at more than 740,000), followed by China (just shy of 300,000), and Germany (at roughly 175,000). 

The US also leads when it comes to accessible IPv6 MySQL servers (with close to 461,000 instances) followed by the Netherlands (at over 296,000), and Singapore (at 218,000). A detailed explanation of the results of the scan is mentioned below:  

• Total exposed population on IPv4: 3,957,457 
• Total exposed population on IPv6: 1,421,010 
• Total "Server Greeting" responses on IPv4: 2,279,908 
• Total "Server Greeting" responses on IPv6: 1,343,993 
• MySQL services can be accessed through the internet in 67% of cases. 

According to researchers, it is common for web services and applications to connect to remote databases. To mitigate the risks, servers should be guarded properly so only authorized devices can connect to them. 

Furthermore, public server exposure should always be accompanied by strict user policies, altering the default access port (3306), enabling binary logging, monitoring all queries closely, and enforcing encryption. Administrators are also recommended to keep their MySQL servers updated at all times especially since attacks targeting MySQL servers are not uncommon. 

"It is unlikely that you need to have your MySQL server allowing for external connections from the Internet (and thus a possible external attack surface)," Shadowserver explained in a post regarding the MySQL findings. "If you do receive a report on your network/constituency, take action to filter out traffic to your MySQL instance and make sure to implement authentication on the server." 

Failing to secure MySQL database servers can result in data breaches, ransom demands, remote access trojan (RAT) infections, or even Cobalt Strike compromises.