Web Application – HCG Injections Webs http://hcginjectionswebs.com/ Fri, 12 Aug 2022 01:50:14 +0000 en-US hourly 1 https://wordpress.org/?v=5.9.3 https://hcginjectionswebs.com/wp-content/uploads/2021/07/icon-2-150x150.png Web Application – HCG Injections Webs http://hcginjectionswebs.com/ 32 32 SaaS-Based Network Security Revenue Will Surpass $60 Billion, Says Dell’Oro Group https://hcginjectionswebs.com/saas-based-network-security-revenue-will-surpass-60-billion-says-delloro-group/ Fri, 12 Aug 2022 01:34:35 +0000 https://hcginjectionswebs.com/saas-based-network-security-revenue-will-surpass-60-billion-says-delloro-group/ Network Security Demand – which includes Email Security, Firewall, Security Services Edge (SSE), Secure Web Gateway (SWG) and Web Application Firewall (WAF) technologies ) – should remain strong over the next five years as strong enterprise investments in cloud applications and hybrid working reinforce the need for security and offset macroeconomic headwinds, according to Dell’Oro […]]]>

Network Security Demand – which includes Email Security, Firewall, Security Services Edge (SSE), Secure Web Gateway (SWG) and Web Application Firewall (WAF) technologies ) – should remain strong over the next five years as strong enterprise investments in cloud applications and hybrid working reinforce the need for security and offset macroeconomic headwinds, according to Dell’Oro Group.

Additional highlights from the July 2022 Network Security 5-Year Forecast Report:

SSE market revenue will grow at a compound annual growth rate (CAGR) of nearly 30% from 2021 to 2026. Secure Web Gateway (SWG) and Cloud Access Security Broker (CASB) are expected to remain the largest revenue components during of the five-year period. forecast horizon, but Zero Trust Network Access (ZTNA) and Firewall-as-a-Service (FaaS) are expected to thrive at a faster rate. The firewall market is expected to remain the largest network security segment by revenue and is expected to grow at a CAGR of 8% over the forecast horizon.

Mauricio Sanchez, Research Director, Network Security and SASE & SD-WAN at Dell’Oro Group
Compared to our previous January 2022 forecast, the world is a different place with stubbornly high inflation and a regional war in Europe, and as a result, we have gradually lowered our near-term network security revenue projections. However, we believe the near-term weakness will be transitory and offset by stronger growth in the years ahead as companies remain focused on securing the shift to cloud-first and mobile-friendly.

]]>
Kali Linux 2022.3 Released: Test Lab Packages, New Tools, and a Community Discord Server https://hcginjectionswebs.com/kali-linux-2022-3-released-test-lab-packages-new-tools-and-a-community-discord-server/ Tue, 09 Aug 2022 17:30:39 +0000 https://hcginjectionswebs.com/kali-linux-2022-3-released-test-lab-packages-new-tools-and-a-community-discord-server/ Offensive Security has released Kali Linux 2022.3, the latest version of its popular penetration testing and digital forensics platform. Packaged apps for setting up test labs The Kali team knows the importance of practicing rather than relying on theory, and for infosecurity professionals, the test labs are a way to test tools and hone their […]]]>

Offensive Security has released Kali Linux 2022.3, the latest version of its popular penetration testing and digital forensics platform.

Packaged apps for setting up test labs

The Kali team knows the importance of practicing rather than relying on theory, and for infosecurity professionals, the test labs are a way to test tools and hone their own skills in a legal environment. .

Therefore, the team decided to help users create test labs, packing (so far) the Damn Vulnerable Web App and the OWASP Juice Shop – more test labs will be added to the kali-linux-labs metapackage in the future.

Like all professionals, security professionals need to understand the tools they use to master their craft, the team noted, and benchmarks will help them discover tool capabilities and retain knowledge. (As they rightly pointed out, it’s one thing to read something, and another to actually do it.)

New tools in Kali Linux 2022.3

As usual, a new version of Kali comes with new tools. This time it’s:

  • BruteShark – a network forensic analysis tool (NFAT)
  • DefectDojo – An open source application vulnerability correlation and security orchestration tool
  • phpsploit – A post-exploitation framework that provides an interactive shell-like connection over HTTP between client and web server
  • shellfire – An exploit shell for exploiting LFI, RFI, and command injection vulnerabilities
  • SprayingToolkit – A set of scripts to facilitate password spraying attacks against Lync/S4B, OWA and O365

Kali NetHunterthe distribution’s mobile pentesting platform has also been updated, as have some of the penetration testing and forensics Android apps available in the NetHunter Store.

New and updated documentation!

The team has created a number of new and updated old pages documenting the use of Kali Linux and various applications in different configurations. They also delivered the promised documentation on using the distro on Linode instances.

They have also updated documentation for various tools, but are calling on users to help with this effort by contributing to the kali-tools repository (now open).

“Our goal is to have general information about each tool, as well as examples of the tool used and how to use it,” they explained.

A Discord server for the community

As we talk about community contribution and involvement, the “big” news is that the team has opened a new discord server – aptly named Kali Linux & Friends – “a new place where the community Kali can meet and discuss in real-time everything about Kali Linux (as well as other community projects offered by OffSec).

They also announced that starting with this version of Kali, they will host a live session where various Kali developers will voice chat on Discord to answer questions and gather feedback from the community.

Download Kali Linux 2022.3

Kali Linux 2022.3 can be downloaded or you can update your existing installation to this version.

Check out the Offensive Security blog post for more details on the new release.

Kali Linux users can also read more about how the creators of Kali Linux plan to handle the future of penetration testing, and the Offensive Security CEO’s thoughts on why automated pentesting won’t solve not the lack of cybersecurity skills.

]]>
5G is almost here and so are black hats, here are 3 ways to secure your organization https://hcginjectionswebs.com/5g-is-almost-here-and-so-are-black-hats-here-are-3-ways-to-secure-your-organization/ Sun, 07 Aug 2022 10:58:41 +0000 https://hcginjectionswebs.com/5g-is-almost-here-and-so-are-black-hats-here-are-3-ways-to-secure-your-organization/ The past two years have prompted organizations in all sectors to undergo significant transformations and rethink new ways of working more efficiently. As remote work continues to grow, businesses rely heavily on automation and interconnectivity to support, create value, and meet changing customer demands in the next normal. Additionally, with the dramatic increase in the […]]]>

The past two years have prompted organizations in all sectors to undergo significant transformations and rethink new ways of working more efficiently. As remote work continues to grow, businesses rely heavily on automation and interconnectivity to support, create value, and meet changing customer demands in the next normal. Additionally, with the dramatic increase in the adoption of Industry 4.0 and the Industrial Internet of Things (IIoT), organizations are integrating IT/OT to optimize processes and unleash agility.

This, coupled with the fact that 5G technology is set to revolutionize connected devices, organizations are looking to transform their operations and enable more accessible remote working. This increased functionality, faster speeds and ultra-low latency that come with 5G will result in greater employee productivity. However, despite the many benefits that this digital transition promises in terms of supercharging businesses and profoundly changing the way they operate, it introduces new security and privacy vulnerabilities.

The dramatic increase in remote working has presented organizations with various security challenges in network architecture. With 5G capabilities attracting more and more IoT devices, the better connectivity that comes with it means that more real-time data will be collected from more devices to enable real-time decisions. . This expands the attack surface and multiplies the opportunities for outsiders to gain access to the network. Data transfer, information sharing and the use of third-party systems are the main areas of concern. Additionally, hosting applications in distributed edge computing sites brings new security threats and new attack vectors, and the powerful connections of 5G will help accelerate these attacks even further.

Therefore, the transition to 5G requires new approaches to security in all aspects of the network. Here are 3 ways companies can create digitally safe work environments by integrating robust 5G cybersecurity strategies to ensure services are not included in the impending 5G revolution:

1. Protect 5G API-driven ecosystems

Businesses are increasingly relying on APIs for service and business integration. However, a lack of authentication or inadequate authorization can make APIs vulnerable to attacks as they have the potential to introduce additional threat vectors into the network. Therefore, enterprises must scan, authenticate, and secure APIs before they are allowed on the network, and manage them throughout their lifecycle to ensure security.

In fact, API gateways are growing in importance because they help prevent accidental or deliberate use of requests targeting infrastructure and services, and further limit the impact of intrusion when an API endpoint accessible to the public is compromised. However, to ensure that 5G services meet their requirements for low latency and other performance parameters, it is necessary for enterprises to choose the right API Gateway solution that provides care without reducing gateway functionality during traffic routing.

2. Securing the IoT in the 5G access network

The new era of connectivity is expected to lead to an explosion of IoT devices. This growing number of connected devices, coupled with device limitations for allocating security, creates an attractive network environment for botnets and potential vulnerabilities. It is therefore essential to include security in design when designing IoT service architectures and to address IoT security in all systems. However, with the emergence of 5G, there is a need to build in protection at the critical point where IoT data enters the network edge. A practical and robust solution designed to mitigate network and device threats, as well as service abuse, will keep networks secure.

3. Adopt application-centric firewalls for application-centric 5G networks

Applications are often the target of attacks and compromised applications can enable fraudulent transactions, lead to service disruptions and exposure to sensitive data. These attacks are difficult to detect and prevent because companies accidentally leave their applications unprotected, allowing bots to bypass standard protections. Using scalable, flexible firewalls with performance and control capabilities can mitigate the most aggressive attacks. Organizations need firewalls that secure access to applications and firewalls that secure the applications themselves.

Firewalls with advanced network protection capabilities protect container-based applications regardless of platform or location on the network. Its high-performance protection capabilities mitigate network flooding, DNS threats, DDoS attacks, and other attacks while allowing legitimate traffic to flow without compromising application performance. Advanced web application firewalls (WAFs) secure web applications, microservices, containers, and APIs. An advanced WAF with built-in intelligence and auditing capabilities helps ensure compliance with key security standards and regulations, performs dynamic security testing and automatic virtual patching to quickly identify and resolve vulnerabilities, while providing direct visibility into attacks.

In conclusion, the deployment of 5G requires that every aspect of an organization’s network be secure. Now is the time to evolve and get smarter to protect networks against the various cyber risks that come with 5G. Along with a strong end-to-end 5G threat mitigation security strategy, organizations should strengthen ongoing training to raise cybersecurity awareness and implement a Zero Trust security model across the organization to remain resilient in their cybersecurity posture. This can help mitigate operational, legal and reputational risks in the workplace.



LinkedIn


Disclaimer

The opinions expressed above are those of the author.



END OF ARTICLE



]]>
Deep Instinct Prevention for Applications defends critical business applications https://hcginjectionswebs.com/deep-instinct-prevention-for-applications-defends-critical-business-applications/ Fri, 05 Aug 2022 02:05:32 +0000 https://hcginjectionswebs.com/deep-instinct-prevention-for-applications-defends-critical-business-applications/ Deep Instinct has provided Deep Instinct Prevention for Applications, an agentless, on-demand anti-malware solution for the enterprise that is device and operating system independent. This offering revolutionizes threat protection beyond the endpoint with flexible in-transit file scanning, deployable anywhere, via the API to return a malicious-vs-benign verdict at enterprise speed. It protects any web application […]]]>

Deep Instinct has provided Deep Instinct Prevention for Applications, an agentless, on-demand anti-malware solution for the enterprise that is device and operating system independent.

This offering revolutionizes threat protection beyond the endpoint with flexible in-transit file scanning, deployable anywhere, via the API to return a malicious-vs-benign verdict at enterprise speed. It protects any web application or cloud storage from malicious content while ensuring data privacy.

Financial services and other industries with petabytes of data in motion every day have been threatened by malicious uploaded content that can explode when downloaded from storage. These organizations rely on slow solutions, consume vast CPU and memory resources, and miss unknown malware, leaving this threat segment underserved.

In the wake of the pandemic, fintech transactions alone increased by 13% and their volume by 11%, indicating growth in the sector. With tens of millions of files in transit each day connected to high-value business data, mortgage applications, insurance claims, and other sensitive information, financial institutions are at risk from unchecked malicious downloads. and lack viable options to ensure that infected content is not a threat to their operations or their customers.

As threat actors seek alternative entry points into corporate environments, this risk factor will only increase. In fact, a study found that 35% of malicious files were hidden in Microsoft Office and PDF files.

“As threat actors compromise entry points beyond the endpoint, financial services institutions that exchange tens of millions of files every day are at heightened risk. This has been primarily created by the failure of Antivirus, network and other established solutions to scale.They are slow, cannot scale or handle high volumes of daily traffic or handle large file sizes, and often resort to sandboxing.As a result, they continue to miss threats unknowns and incur high infrastructure costs. It’s the worst of both worlds for a business,” said Guy Caspi, CEO and co-founder of Deep Instinct.

“Deep Instinct disrupts the cybersecurity status quo by setting a new standard for stopping malicious files, both known and unknown, before they reach storage,” Caspi continued.

Deep Instinct Prevention for Applications provides organizations with an on-demand scanning solution that prevents unknown malware from hiding in files and scales to scan tens of millions of files per day. With very low CPU requirements, low false positive rate and low processing requirements, Deep Instinct provides the solution to this underserved threat gap.

Traditional AV/sandbox solutions are ineffective in addressing this issue as they are easily evaded and slow to respond. This increases risk and negatively affects user experience, but impacts business by slowing down critical processes.

“Deep Instinct addresses a major problem in today’s enterprise – its exposure to an ever-increasing number of attack vectors,” said David OLeary, Field CISO – Sr. Director, Global Cybersecurity, SHI. “We look forward to bringing this truly unique solution to our enterprise customers and helping them better protect themselves and their customers from malicious content when exchanging important files every day.”

Other benefits of Deep Instinct Prevention for apps include:

  • Doesn’t rely on the cloud to provide a verdict.
  • Only the file hash leaves the environment maintaining full confidentiality of customer data.
  • No customer data is used for training or updating AI models.
  • Minimal infrastructure resources, including CPU and memory usage, combined with a small footprint, ensure a low total cost of ownership.

]]>
Capital One Violation Conviction Exposes Scale of Cloud Access Rights Risk https://hcginjectionswebs.com/capital-one-violation-conviction-exposes-scale-of-cloud-access-rights-risk/ Tue, 02 Aug 2022 17:01:26 +0000 https://hcginjectionswebs.com/capital-one-violation-conviction-exposes-scale-of-cloud-access-rights-risk/ The recent conviction of a Seattle technician accused of carrying out a cyber attack on Capital One is not the end of the story. The trial showed how someone could perpetrate a massive data breach by exploiting misconfigurations and excessive privileges common in many cloud environments. As a result of the attack — and the […]]]>

The recent conviction of a Seattle technician accused of carrying out a cyber attack on Capital One is not the end of the story. The trial showed how someone could perpetrate a massive data breach by exploiting misconfigurations and excessive privileges common in many cloud environments.

As a result of the attack — and the resulting data breach — Capital One was fined $80 million by the federal government and settled customer lawsuits for $190 million. This should encourage organizations to put measures in place to avoid the same mistakes.

The attacker, who was an Amazon Web Services employee, built a tool that allowed him to scan the AWS platform for misconfigured accounts. She used anonymization services such as the Tor network and IPredator VPN to hide her IP address.

The attacker carried out a server-side request forgery (SSRF) attack that allowed him to trick a server into making calls engineered on a misconfigured web application firewall (WAF). This allowed the Capital One attacker to easily extract and exploit credentials from the machine and gain access to sensitive customer data such as names, addresses and social security numbers.

Lateral Movements and Least Privilege

This case illustrates how vulnerable cloud systems are to rights and misconfigurations. The attacker was able to not only exploit a misconfiguration in the WAF to gain access to the system, but also to then gain privileged credentials, move around to discover data buckets, and then exfiltrate that data.

An MIT Sloan case study of the breach concluded that “it is highly likely that Capital One had insufficient identity and access management (IAM) controls for the environment that was breached.” The study also noted that the incident could have been avoided by periodic reviews of user configurations to ensure that access controls were properly using the principle of least privilege.

Least privilege, as the name suggests, dictates that users and service identities can access only the resources and applications they need to do their job and no more. This allows organizations to operate with agility while limiting risk to the business and its customers. In Capital One’s case, the compromised WAF machine’s IAM role had access privileges beyond what was necessary for its functions.

This case is a good example of how easily it is possible to find vulnerabilities and exploit them to open a backdoor into a company, even one that seems well protected. Workloads can be compromised in so many ways that it is impossible to protect them from hacking. Even the best efforts to patch and update software, secure network access, and implement other security best practices can leave gaps that a hacker can exploit.

Once inside, an attacker’s ability to move laterally, undetected, defines the “blast radius” or extent of damage. The best way to mitigate lateral attacks is to control access by scaling the permissions granted to human and machine (service) accounts. In the Capital One case, the hacker was able to use an identity with permissions to access sensitive user records that the role clearly did not need.

The complexity of cloud environments makes it difficult to enforce the policy of least privilege. Native tools do not provide the visibility into permissions required for proactive risk mitigation. Additionally, the much-talked-about lack of cybersecurity talent means that most organizations are understaffed and lack cloud expertise.

As a result, permissions management doesn’t get the attention it deserves. In fact, nearly 60% of CISOs and other security decision makers say that lack of visibility, along with inadequate identity and access management, are major threats to their cloud infrastructure. In a recent IDC survey, respondents cited access risk and infrastructure security among their top cloud security priorities for the next 18 months.

Right-sizing permissions is possible if an organization’s security and development teams can identify excessive permissions and know how to create a least-privilege policy that will allow workloads to operate effectively. This can be accomplished using the right mix of technology, processes and procedures. Consider the following best practices for mastering cloud entitlements and configurations:

  • People:
    Make someone in the organization responsible for implementing a least-privilege architecture.
  • Treat:
    Establish a regular cadence for reviewing and remediating rights risks in your organization, including access reviews for human users and remediation of unused privileges for services.
  • Technology:
    Deploy technology that can continuously monitor rights risks, automatically troubleshoot issues, and identify anomalies at cloud scale.

Organizations can learn valuable lessons from this case and the financial consequences of not caring about their cloud Ps&Cs, namely permissions and configurations.

]]>
Unjected is a dating site for unvaccinated “safe blood” people https://hcginjectionswebs.com/unjected-is-a-dating-site-for-unvaccinated-safe-blood-people/ Sat, 30 Jul 2022 16:00:00 +0000 https://hcginjectionswebs.com/unjected-is-a-dating-site-for-unvaccinated-safe-blood-people/ I was on Facebook the other day and I was recommended a Facebook Live called “Pure Blood Love Live”. I was like huh, does “pureblood” mean what I think it means? I watched the video a bit and read a bit of the page it was featured on – which was an anti-masking group – […]]]>

I was on Facebook the other day and I was recommended a Facebook Live called “Pure Blood Love Live”. I was like huh, does “pureblood” mean what I think it means? I watched the video a bit and read a bit of the page it was featured on – which was an anti-masking group – and of course, yes, by “pure blood” they mean “people who don’t have not contracted the COVID-19 vaccines.” So I wondered how common this was and decided to see if I could find out more.

As it turns out, in the first year of the pandemic, many “vaccine-free” dating sites popped up around the world, while mainstream dating sites like Match, eHarmony, and Tinder have also added a feature allowing you to restrict your choices by vaccination. status. I guess these two phenomena aren’t too surprising, and being able to narrow down your choices to vaxxed or not vaxxed is certainly helpful to site users. But one of the most popular dating sites for the unvaccinated, “Unjected,” takes it all to another level. Unjected adopts language around blood purity (see description of themselves on their website, below) – “mRNA-free blood”, “contaminated blood supply”, “safe blood match”, “integrity of the population” – which is disturbingly reminiscent of Nazi talk of “purity of blood”.

As the Museum of Tolerance explains:

Hitler’s racial ideology stemmed from what he called “the basic principle of blood.” This meant that the blood of each person and each race contained a person’s soul and also the soul of their race, the Volk. Hitler believed that the Aryan race, to which all “true” Germans belonged, was the race whose blood (soul) was of the highest degree. God himself had, in fact, created the Aryans as the most perfect men, both physically and spiritually.

Maybe that connection is huge, but at the very least people should be aware of the language they use and look to find other ways to express their ideas, if they don’t want people to do this jump. So what is Unjected? The website describes the site and the project this way:

Created by two moms in Hawaii, at the height of the vaccine rollout in the spring of 2021; Unjected is a multi-faceted platform of health-conscious humans, unvaccinated against covid-19, who believe in medical freedom, freedom of choice, freedom of expression and bodily autonomy. After the slander in the media, we have grown to an ever growing number of 110,000 members in 85 different countries around the world looking for love, friendships, community, business connections and even directories of blood and fertility without mRNA to protect the integrity of the population. .

-Unjected is for any unvaccinated Covid-19 adult, who is looking for a connection with like-minded people in their area or across the world.

-Features to help you find love with mRNA-free partners.

-Find friendships with those who really understand “what’s really going on”.

– Social feeds without fact checkers.

-Announcements features to connect and do business with those who have always been out of office or find local artists and creatives to support your local unvaccinated community.

-If you are concerned about the contaminated blood supply, find your compatible blood. Or even if you are looking for mRNA-free donors for breeding services. Unjected is for you.

Recently, a programmer called GeopJr discovered that the Unjected website posed a security risk and all of its users’ data was vulnerable. The Daily Point explains:

The site admin dashboard was openly accessible to everyone. The Dashboard allows Unjected administrators to add, edit, or disable pages, such as the “About Us” section of the website, as well as user accounts.

The discovery was made after GeopJr noticed that Unjected’s web application framework had been left in debug mode, allowing them to learn relevant information “that an attacker could misuse”.

After the Daily Dot created a test account on the platform, GeopJr was able to change the account’s private email address, username, and profile picture. GeopJr was also able to edit a public post posted by the Daily Dot and change its wording.

Other data such as site backups may be downloaded or deleted. GeopJr was able to offer $15 per month subscriptions to Unjected as well as respond to and delete help center tickets and flagged messages.

When alerted to the security breach, Unjected co-founder Shelby Thomson emailed daily item to let them know that Unjected’s security team will fix the problem as soon as possible. Even after “fixing” the vulnerabilities, however, users continued to report “experienced numerous issues on Unjected that made their personal information even more exposed than before.”

Good job, Unjected, way to be on top! It’s shocking – SHOCKING, I tell you! – that a website dedicated to “pureblood” anti-vaxx propaganda is not fully knowledgeable about cybersecurity and up to date on security protocols. As if you needed more reasons to stay far away.

]]>
Tech start-up wins innovation funding for its bio-acoustic listening device https://hcginjectionswebs.com/tech-start-up-wins-innovation-funding-for-its-bio-acoustic-listening-device/ Fri, 29 Jul 2022 09:28:12 +0000 https://hcginjectionswebs.com/tech-start-up-wins-innovation-funding-for-its-bio-acoustic-listening-device/ York-based insect pollination and biodiversity innovator AgriSound has secured funding from Tesco and WWF to pilot its agro-tech listening equipment in the supermarket supply chain. This aims to reduce the environmental impact of the average basket and to build resilience and sustainability in the UK food system. AgriSound has secured funding under ‘Innovation Connections’, a […]]]>

York-based insect pollination and biodiversity innovator AgriSound has secured funding from Tesco and WWF to pilot its agro-tech listening equipment in the supermarket supply chain.

This aims to reduce the environmental impact of the average basket and to build resilience and sustainability in the UK food system.

AgriSound has secured funding under ‘Innovation Connections’, a new accelerator program created as part of a collaboration between the international supermarket and the global environmental charity.

The program matches pioneering start-ups with Tesco suppliers to accelerate supply chain innovation.

The business has been associated with AM Fresh, one of Tesco’s fruit suppliers, based in Huntingdon, Cambridgeshire.

AgriSound deploys its bio-acoustic listening devices, called PollyMTthrough AM Fresh’s orchards to listen and identify the sounds of pollinating insects, to identify areas where there are too few of them, so that corrective action can be taken, naturally increasing crop yield and thereby reducing costs .

Founder and CEO Casey Woodward said: “At a time when biodiversity, including pollinating bee populations, are rapidly declining and the cost of food production is skyrocketing, securing this funding from Tesco and WWF is a great achievement for our young company.

“It’s exciting to be able to introduce our technology into Tesco’s fruit supply chain to help growers encourage pollinators in the right areas at the right time, increasing yields, without the need for fertilizer or additional pesticides.

“We look forward to showcasing the technology to Tesco’s entire supplier base and helping agricultural businesses streamline biodiversity monitoring and promote nature-friendly farming practices.”

He explained that the Polly device works similar to a smart speaker.

It is equipped with a microphone and environmental sensors, measuring temperature, light and humidity. Each is fully solar powered.

“Polly listens 24/7 for insect sounds and uses advanced sound analysis to translate the data into activity scores,” he said.

“These are automatically sent back to the cloud, where the farmer or food producer can view them through an app or web application.

“This information, available in real time, can be used to target the introduction of pollinator protection measures to areas that need it most, and also determine actions such as planting wildflowers or creating new ones. habitats.”

]]>
Givex announces a partnership with Benjamin for a technological and innovative expansion plan in Brazil https://hcginjectionswebs.com/givex-announces-a-partnership-with-benjamin-for-a-technological-and-innovative-expansion-plan-in-brazil/ Tue, 26 Jul 2022 15:01:00 +0000 https://hcginjectionswebs.com/givex-announces-a-partnership-with-benjamin-for-a-technological-and-innovative-expansion-plan-in-brazil/ The Brazilian bakery chain will benefit from Givex’s omnichannel technology platform, including its point-of-sale system with data-driven loyalty program capabilities to help its continued expansion TORONTO, July 26, 2022 /PRNewswire/ – Givex, a global IT platform focused on providing its customers with valuable and strategic end-customer information, today announces an innovative partnership with Benjamin, a […]]]>

The Brazilian bakery chain will benefit from Givex’s omnichannel technology platform, including its point-of-sale system with data-driven loyalty program capabilities to help its continued expansion

TORONTO, July 26, 2022 /PRNewswire/ – Givex, a global IT platform focused on providing its customers with valuable and strategic end-customer information, today announces an innovative partnership with Benjamin, a chain of traditional Brazilian bakeries in São Paulo. Benjamin will use Givex technology to deliver its digital bakery concept, creating an even closer relationship with customers throughout the retail experience, from point of purchase to after-sales, enabling innovation and continued expansion of the brand in the Brazilian market.

“Benjamin has reinvented himself and is living a new moment. With the pandemic, we revisited our strategy and understood that it was time to reposition our brand with an even more modern and digital look”, explains Paulo Calil, CEO of Benjamin. “Our customers are increasingly looking for a consumer experience that brings convenience and ease to their everyday lives. That’s why we’ve focused our efforts on all aspects – products, people and technology – to give consumers what they need. there is the best in the bakery segment. The support of Givex, a company recognized in the market for its omnichannel solutions, has been fundamental to the advances we are seeking.”

Givex entered for the first time Brazil in 2009 and introduced its GivexPOS system to the country ten years later in 2019. The cloud-based omnichannel technology provides restaurant owners with everything they need in a streamlined solution accessible on a Givex tablet. Givex’s all-in-one platform, including Point of Sale, Givex Mobile App, Kitchen Display System (KDS) and Inventory Management, provides a simple solution that fosters more customer interactions. as well as maximum local and remote management for Givex customers.

“The technology that Givex has brought to Brazil is a game-changer and delivers management, innovation and customer relationship solutions that go way beyond what the market is used to,” said Maria Costa, General Manager of Givex Brazil. “We are proud to have been chosen as Benjamin’s partners to support existing operations and the continued growth of the brand. Their partnership is a testament to the endorsement and satisfaction of our product and its ability to evolve.”

In addition to point of sale, Benjamin will also utilize Givex’s loyalty program capabilities, enabling the brand to analyze its customer trends and purchase data to learn more about consumer habits, drive sales repeated and create new menus specially designed to meet the preferences of its customers. With this information, Benjamin will also be able to use the data to create personalized promotions through a real-time cloud portal that focuses on gamification, analytics and more.

“Our goal at Givex is not just to sell a system, but to provide a great technology product to the customers we serve, enabling them to grow their business and gain unparalleled consumer insights,” Costa said. “This is just the start of another great partnership.”

Benjamin also launched a new online ordering application using Givex’s progressive web application solution. This creates a seamless ordering experience for customers who can place delivery or pickup orders through the app, schedule pickup time, or scan a QR code and pay directly in the app inside the bakery . Because the app and POS are part of the Givex platform, orders are automatically sent to Benjamin’s production areas and displayed in the correct reports, eliminating manual work and potential data errors. Additionally, as Benjamin launches several innovative store models, including prepaid fast food stores and dark kitchens, the application of Givex technology will allow the brand to customize its menus to meet the needs of each type of store and of channel. Additionally, Givex’s integration with the iFood delivery platform allows for seamless communication and delivery.

Following the launch in August, Givex and Benjamin rolled out their system to all 20 chain bakeries within a month, including six newly opened stores, a testament to the ease and simplicity of its interface. This partnership marks an important milestone as Givex continues to expand its retail network.

About Givex

Givex (TSX: GIVX) (OTCQX: GIVXF) is a global financial technology company that provides merchants with customer engagement, point-of-sale and payment solutions, all on one platform. We are integrated with over 1000 technology partners, creating a complete end-to-end solution that delivers powerful customer insights. Our platform is used by some of the biggest global brands, including around 100,000+ active sites in over 100 countries. Learn more at www.givex.com.

About Benjamin

Benjamin presents the #TeamBakery concept, which brings together network enthusiasts, those fans who have Benjamin as their favorite place to live their best and most important moments. On his menu, Benjamin has more than 300 products, offering different types of naturally fermented, traditional and rustic breads, sweets and a variety of cold and hot drinks. Considered a benchmark in the city of São Paulo, the chain has 20 units, 12 of which have consumption areas and 8 with dark kitchens, reserved for delivery services. There are thousands of orders a day, whether in person at the counter of its units or digitally in all areas of São Paulo. In Benjamin’s stores, consumers find unique experiences of a real bakery with all the necessary amenities to facilitate daily life, in a familiar, welcoming and at the same time modern environment.

SOURCEGivex

]]>
The rise of adaptive cybersecurity https://hcginjectionswebs.com/the-rise-of-adaptive-cybersecurity/ Mon, 25 Jul 2022 00:43:58 +0000 https://hcginjectionswebs.com/the-rise-of-adaptive-cybersecurity/ GUEST NOTE: As the network perimeter blurs and attack surfaces expand for Australian organizations, it is becoming clear that a new defensive posture and approach is needed. Practitioners know the dynamism of cybersecurity. Maybe that’s part of the reason they got into it in the first place. Taking a single measurement, 55 common vulnerabilities and […]]]>

GUEST NOTE: As the network perimeter blurs and attack surfaces expand for Australian organizations, it is becoming clear that a new defensive posture and approach is needed.

Practitioners know the dynamism of cybersecurity. Maybe that’s part of the reason they got into it in the first place.

Taking a single measurement, 55 common vulnerabilities and exposures (CVEs) were recorded on average every day last year, a record high. 2022 is already on track to surpass that. These vulnerabilities are spread across all of the technologies used by organizations. With systems and applications as interconnected as they are today, multiple vulnerabilities can be chained together by attackers to improve their chances of exploitation or to escalate attacks.

Attackers also have a greater choice of potential targets and entry points to choose from, while conversely, practitioners have more doors to protect and can limit traffic through their organization.



A recent study found that 75% of Australian businesses now live with a significantly increased attack surface. The biggest contributor to this is the increased use of web applications to interact with dispersed and often “location-agnostic” employees, customers, and other stakeholders. The increase in the number of endpoints inevitably widens the attack surface and exposes organizations to new vulnerabilities. Companies often aren’t aware of the status of all devices accessing their resources.

Additionally, the need to modernize and digitize infrastructure has led to the adoption of new technologies, further increasing the risk.

While Australian CISOs can say they have it all covered, the survey revealed that security maturity could well be further developed and nurtured.

But our research simultaneously shows that when you dig in and talk to people lower in the security hierarchy, reaction and response are inconsistent at best, and everywhere at worst.

Frontline security in SOCs is struggling to cope with the combined impacts of a rapidly expanding attack surface, changing architectures, more people working remotely, and ongoing digitization.

In short, current cybersecurity postures struggle to align with dynamic attack surfaces.

This must change.

Break the moat

Cybersecurity teams have traditionally focused on preventing all attacks, using what might be called a “castle and ditch” approach. The “castle” is the network of offices, protected by the “moats” (the perimeter of the network). Everyone inside the “moat” was trustworthy, but no one outside. A “drawbridge” lowered over the “moat” allowed control of traffic movements in and out.

It works on the assumption that people work in a closed and protected environment, accessing sensitive data and systems primarily from an office on company-owned devices.

Most organizations don’t work that way anymore. Only 18% of Australian businesses say they still have this traditional “castle and moat” defence.

The reason is that this defensive model simply does not work when the perimeter of the network becomes blurred. It also does not offer effective prevention against the increasing dynamism of the attack surface.

Adapt to change

A completely different approach to cybersecurity is needed.

The desirable end state—easier said than done—is to adopt an adaptive cybersecurity posture, supported by people, process, and technology—that is more responsive to the dynamism of the current cybersecurity landscape.

As research firm Ecosystm notes, “Anticipating threats before they arise and reacting instantly when attacks do occur are essential to modern cybersecurity postures. Being able to adapt quickly to the evolving regulations. Organizations must evolve to a position where monitoring is continuous, and postures can adapt, based on business risks and regulatory requirements. This approach requires security controls to detect, detect, automatically react and respond to access requests, authentication needs and external and internal threats, and meet regulatory requirements.

Adaptation is also likely to involve artificial intelligence in the future. A perfect example of an adaptive AI application for cybersecurity would be to be able to detect the presence of code, packages or dependencies that are impacted by zero-day flaws or other vulnerabilities, and block these. threat. It may still be a long way off – it would require a model, and enough time and data to train it. But it’s an example of the adaptive cybersecurity thinking and discussion that’s going on right now.

Tackle the attack surface

Although an adaptive cybersecurity posture is the end game, there are things Australian organizations can do in the meantime to better master their environments.

An intermediate goal could be to better protect web applications – the biggest contributor to Australia’s extensive attack surface.

To do this, development and security teams must embrace security as code and policy as code. Using a security-as-code approach allows developers to communicate runtime security assumptions to the application infrastructure during deployment. Limiting the types of requests an application must process can be more efficient because it allows input preprocessing at the edge of the application’s infrastructure, rather than inside the application.

Additionally, next-generation web application firewalls (WAFs) give teams more options to address threats. They allow security to be approached in a more automated way, by detecting and logging or blocking malicious request traffic before it reaches the web application.

Leveraging WAFs and Content Delivery Networks (CDNs) should be part of any holistic defense-in-depth security strategy and provide a pathway to immediate protection, as well as more adaptive forms of cybersecurity protection.

]]>
The Centerton couple are developing a new app that helps caregivers of medically complex children https://hcginjectionswebs.com/the-centerton-couple-are-developing-a-new-app-that-helps-caregivers-of-medically-complex-children/ Thu, 21 Jul 2022 20:52:54 +0000 https://hcginjectionswebs.com/the-centerton-couple-are-developing-a-new-app-that-helps-caregivers-of-medically-complex-children/ A northwest Arkansas startup has launched a web-based app that helps parents and caregivers simplify, organize, and share their child’s medical and care information. The app is called mejo, a registered trademark. Centerton founder Ryan Sheedy said he wanted a way to humanize the data found in medical records and make a child “more than […]]]>

A northwest Arkansas startup has launched a web-based app that helps parents and caregivers simplify, organize, and share their child’s medical and care information.

The app is called mejo, a registered trademark. Centerton founder Ryan Sheedy said he wanted a way to humanize the data found in medical records and make a child “more than just their diagnosis.” Sheedy and his wife, Ashley Gibbs, have three young boys, one of whom has an ultra-rare genetic condition called Costello Syndrome.

“I’m a father who goes through this; we are a family going through this,” he said. “If it was just a company with an idea, it wouldn’t resonate. We’ve never built a startup before and don’t have a background in healthcare. We’re passionate about helping.

Sheedy developed the first beta prototype of mejo a few years ago just for his family. The app went live on June 6 this year and had over 400 users from all over the country in the first month.

Sheedy said he and his wife started the business — “we’re scrappy but smart,” he joked — but a pair of angel investors have also backed mejo. Businessman and entrepreneur Nick Dozier and pediatrician Bryan Harvey, both of Rogers, are personal friends of Sheedy.

Harvey, a pediatrician for nearly 30 years, said it was essential to have a standardized tool for parents to succinctly document and track what is happening with their child’s health and care network. This is especially true when trying to accurately convey information to busy and sometimes unknown vendors.

Harvey said he invested in mejo because of its unique nature in the healthcare market.

“They hand-built an app that reflects what they found necessary to do this in the best possible way,” Harvey said. “It’s a game-changer for parents and caregivers.”

Dozier and Sheedy once worked at the same company and have known each other for almost a decade. Successful or not, Dozier said he invested in Sheedy’s idea because of his altruistic factor.

“Mejo was created for the ‘right’ reasons,” he said. “He [Sheedy] created it out of love, out of necessity and trying to help. In very early stage investments, you invest more in people than in the product. In the case of mejo, you have a solid founder and an even more powerful product that solves a real problem and helps so many. It’s a combination for success.

Sheedy said the company will soon open a pre-seed fundraiser with a goal of $500,000.

“Right now it’s 100% free,” Sheedy said. “Users own their data, but our goal is to get enough users to be able to create other offers to generate revenue. Increasing the number of users will allow us to train [business] partnerships to grow the business.

Sheedy has had preliminary discussions with various rare disease organizations. He will also speak in September at the RARE Patient Advocacy Summit in San Diego. The non-profit group Global Genes organizes the event each year as one of the world’s largest gatherings of rare disease patients, caregivers, advocates, medical professionals and researchers.

HOW IT WORKS
Mejo offers parents a new way to organize and share a child’s most important medical and healthcare information for all life situations. Specifically, medically complex children who require ongoing medical care.

The goal is to help simplify the complexities of the medical world for parents by giving them a product to print or save and take with them to appointments, to share during an unexpected medical emergency, or to keep handy for a babysitter.

Sheedy said in his initial research he didn’t find any similar apps for what he envisioned.

“Nothing as high, wide and deep as what I wanted to build,” he said. “There are apps available to feed the information, but there is no output. If I can’t share it, then it’s only good for me.

“No caregiver told us, ‘This [mejo] looks like an app I use.

Sheedy said keeping track of everything is complicated and time-consuming, regardless of a child’s age or medical situation. Mejo is a unique tool that builds a medical diary tailored to a child’s unique situation.

“Most of the information is scattered across multiple platforms that don’t speak to the caregiver in a way that makes sense to them,” Sheedy said. “We wanted to humanize the data in medical records and make a child more than their diagnosis. Whether you have a medically complex child or not, mejo can help every parent feel more organized and prepared.

Mejo allows a parent to quickly create an explicitly tailored medical diary for their child through the web application. From medical conditions and allergies to fun facts that make their child unique – think “loves getting high fives” or “afraid of needles” – mejo compiles a child’s essential details into one document that a parent can save and Quickly share via text or email.

Last November, Bret Koncak, a former executive at electronic health records company Cerner, joined mejo as a co-founder. He met Sheedy through a mutual friend and brings more than 20 years of healthcare and IT experience to the company.

“It’s really important that we launch a product that makes it easier for parents,” Koncak said. “Parents already juggle a lot on a daily basis. Our goal is to provide them with a safe and secure solution that makes it easy to organize and share custody information about their children. »

DEC. 8, 2017
Their professional careers brought Sheedy and Gibbs separately to northwest Arkansas about a decade ago. They finally met and recently celebrated their sixth wedding anniversary. She is from North Carolina and he is from Pennsylvania.

Gibbs is vice president of marketing for Sam’s Club in Bentonville. Sheedy has been a stay-at-home dad for over four years.

“I always thought I wanted to be a CEO and run my own business; basically I am now – it’s called a home,” he joked. “We have three young sons and one with special needs.”

Sheedy and Gibbs became parents to twins on December 8, 2017, one of whom was born with Costello syndrome, an extremely rare genetic condition with fewer than 1,000 cases worldwide.

According to the kidshealth.org website, Costello syndrome occurs when there is a genetic mutation in the HRAS gene. It occurs in a child’s DNA before birth. Costello syndrome causes problems that affect the heart, muscles, bones, skin, brain, and spinal cord. The disease is incurable, but doctors can help children manage most symptoms.

Sheedy said her son has had more surgeries than most families combined and spent more than 100 days in the NICU unit at Arkansas Children’s Campuses in Springdale and Little Rock.

Sitting at the NICU a few years ago is where the mejo concept began. Sheedy said that by managing countless specialists, coordinating surgeries, administering medication hourly and searching for answers, the family has experienced most health care situations.

“Our goal is to empower caregivers and parents to provide the best possible care,” he said. “Most don’t work in healthcare or speak ‘medical’. We just need the summary. Personal medical records lack the human element. Mejo is not just about drugs, surgeries, height and weight. It also helps keep track of the things that make your little one unique.

“Knowing that a child likes dinosaurs, bright colors, the song ‘Baby Shark’ or that they only eat with a g-tube is just as important as their medication or their blood type.”

]]>