Category: Croyten’s Blog

Facebook Patches Bug That Spy on Android Users

By Amine Mekkaoui,

A vulnerability that could connect video and audio calls without the knowledge of the person receiving them has been patched by Facebook, the company reports. The vulnerability was a significant flaw in the Android version of Facebook Messenger which is the opposite of the normal scenario where audio from the person making the call would not be transmitted until the person on the other end accepts the call. The bug automatically transmits audio while the callee is being rang. This would have allowed cyber attackers to spy on users and potentially identify their surroundings without them knowing if left unchecked. The company fixed the flaw on November 19.

On other news, Croyten is offering a vulnerability assessment which can help you identify and immediately attend to your organization’s security weaknesses. To know more, visit our website.

Why DevSecOps is the Next Hot Trend in the IT Industry

By Amine Mekkaoui,

What is DevOps? – is a software development method which refers to the “combination of cultural philosophies, practices, and tools that increases an organization’s ability to deliver applications and services at a faster pace.” However, there is a new method coming into place that addresses the issues of code quality and reliability assurance.

What is DevSecOps? is known as the philosophy and a cultural shift in the software industry that aims to bake security practices into the rapid-release cycles that are typical of modern application development and deployment, also known as the DevOps process. This further development of the DevOps method is expected to bridge the gap that usually exists between development and security teams by automating security processes allowing security and reliability issues to be tackled more quickly and effectively. 

“Speed of delivery” and “secure code” are the language in which DevSecOps operates. While these are seemingly opposing goals, it is, in fact, a necessary response to the bottleneck effect of older security models on the modern continuous delivery pipeline. To put it simply, when everyone on a DevOps team is also focusing on security, that is DevSecOps.

Unlike traditional software development where developers buy time for the code to go through quality assurance and security testing by releasing new versions of their application every few months, DevSecOps is the “attempt to correct that and fully integrate security testing into the continuous integration (CI) and continuous delivery (CD) pipelines.” Basically, the misalignment of security processes and disintegration of these with the organization’s goal and current needs would never lead to the right thing.

DevSecOps offers benefits from speed and reliability to improved collaboration and security. It gives business operators the mindset of a cooperative system that is supplied with tools and processes that are helpful with security decision making.

The DevSecOps Approach

Many companies have tapped the opportunities that come along automated security. However, most of the time, the results might not be immediately apparent because of so-called “security debt”, or the vulnerabilities that developers chose to ignore and not fix. In comparison to DevOps, DevSecOps views security teams as a valuable asset that help prevent slowdowns rather than a hindrance to agility. Here are six important components of a DevSecOps approach:

  • Code analysis refers to the quick identification of vulnerabilities using code in small chunks;

  • Change management refers to submission to any type of change, regardless if it’s good or bad in nature, in order to increase speed and efficiency;

  • Compliance monitoring encourages the organization to be in a constant state of compliance and ready for an audit any time;

  • Threat investigation refers to a quicker response to potential emerging threats by identifying it with each code update;

  • Vulnerability assessment follows after code analysis where potential vulnerabilities are identified and quickly responded to and patched;

  • Security training refers to training software and IT engineers with common guidelines for set routine.

It is important to note that in a DevSecOps environment, automated testing is performed throughout the development cycle. In an article released by McKinsey, they cited that the approach will have implications for each stage of the product life cycle:

  • Planning. Development teams are aware of their security and reliability responsibilities so they start to quickly model threats and risks to make the product secure, reliable, and compliant; thereby observing best practices and speeding up the planning and design process;

  • Coding. Constant development of their knowledge on  secure and resilient coding practices is on the top of the mind of the team. This is to ensure improvement in code quality. The team takes advantage of services and reusable coding patterns in order to build the functionality needed to meet resiliency and security requirements;

  • Reviewing. The team takes the role of a specialist group to scrutinize a product for potential and emerging security vulnerabilities. They review the code as often as possible through automated and manual checks, as part of the regular agile sprint;

  • Testing. Automated security tests are run alongside automated functional and performance tests. This is to ensure that testing is consistent and efficient and that security requirements are explicit. Conducted automatically every cycle are common security tests such as penetration testing;

  • Deployment. Via well-engineered automated processes, code is delivered to production hosting environments that invoke through APIs; thereby speeding up the process;

  • Operations. Automated processes including but not limited to real-time monitoring, evidence attestation, and compliance validation, are used to increase efficiency while the software is in production. Resolutions are immediately identified, prioritized, and monitored in the event that defects or vulnerabilities are discovered.

According to CSO Insider, the three key things to establish a DevSecOps environment are (1) Security testing is done by the development team; (2) Issues found during that testing is managed by the development team; and (3) Fixing those issues stays within the development team. Using the ruggedizing process, combined with components previously mentioned, security becomes a higher priority. 

Security is needed by all businesses and business processes, and a dedicated team must be created in order to establish business understanding. This team shall be trained in tooling to discover flaws, run continuous testing, and generate forecasts to help business operators make effective decisions.

DevSecOps offers benefits from speed and reliability to improved collaboration and security. It gives business operators the mindset of a cooperative system that is supplied with tools and processes that are helpful with security decision making. Moreover, its automated and consistent nature help in managing complex or changing systems efficiently and with reduced risk.

 As technology-driven businesses evolve at a drastic pace, continuous threat modeling and management of system builds become essential. So, if your organization hasn’t explored the concept of DevSecOps, the time to do so is now. Best to get a partner onboard in your security transformation, too. Croyten works on building information and security infrastructures to help businesses thrive and safe from cyberattacks. You may check our website to know more about our services.

Zoom Rolls Out End-to-End Encryption

By Amine Mekkaoui,

Video-conferencing giant Zoom is rolling out a technical preview of its end-to-end encryption (E2EE). This is after receiving backlash over false marketing around its encryption policies. Zoom has faced various controversies including several lawsuits alleging that the company falsely told users that it offers full encryption. The company is also under fire for announcing that the E2EE is for paid users only. The topic of encryption is critical for Zoom as it ramps up its security and privacy measures. Zoom’s latest E2EE will use public-key cryptography, meaning that the keys for each Zoom meeting are generated by participants’ machines (as opposed to Zoom’s servers). 

On a different note, if your organization needs assistance with your IT and cyber security, feel free to check the services we offer at Croyten.

Scammers Send Malicious Links Via Google Drive

By Amine Mekkaoui,

Hundreds of thousands of Google Drive users are receiving malicious links from cybercriminals. This is after scammers are found to be leveraging a legitimate Google Drive collaboration feature to trick users into clicking on malicious links. Attackers are abusing Google Drive’s legitimate collaboration feature, which allows users to create push notifications or emails that invite people to share a Google doc. Because they are sent via Google Drive, the notifications come from Google’s no-reply email address, making them appear more legitimate. Other iterations of the attack are sent via email. Google is currently working on new security measures for detecting Google Drive spam.

Croyten specializes in building protection against these kinds of attacks. We help your organization stay protected by building proper infrastructures and providing security guidelines. Learn more about our services by visiting our website.

Cybersecurity Skills Shortage Is ‘Bad,’ Says Survey

By Amine Mekkaoui,

According to the survey published by Trustwave titled “How to Minimize the Impact of the Cybersecurity Skills Shortage,” more than half of cybersecurity professionals in a recent survey — 57 percent — reported that the cybersecurity skills shortage is either “bad” or “very bad” at their companies. Created a critical shortage of manpower in the cyber-defense sector are increasing exposure, ferocious growth in cybercrime numbers and a lack of qualified cybersecurity professionals to combat rising threats. In addition to this is the stressful nature of the job which stretches cyber professionals to their limits. All of this is making it challenging for companies to keep up. The prescription, according to the Trustwave report, is a “three-pronged approach of people, process and technology.”

Croyten follows the three-pronged approach. We help organizations build their infrastructure, streamline their data and security process, and then provide high-quality and experienced talents to help run the organization. To see more of our services, visit our website.

Looking Through AI: What Are We Signing Up For?

By Amine Mekkaoui,

The world has undergone a series of transformations in the past couple of centuries – transformations in politics, intellectual development, and industrialization. Some of these posed good changes, but of course, comes change are opportunities and challenges.

Changes in the industry, otherwise referred to as the Industrial Revolution, gravely altered basic social patterns. Industrialization promoted movement, but also disruption. Packed in slums and harsh labor conditions were workers who, while greeted the disruptions with outright resistance, failed to slow the pace of technological change bound to displace them.

Hundreds of years later, another transformation is bound to happen in the form of Artificial Intelligence (AI).  Many industry experts fear that the continuous and inevitable rise of this impressive invention will cause humanity too much of a toll. One has even compared the world’s current situation with a familiar scenario from the British Industrial Revolution where wages did not increase for nine decades and living standards continuously declined while technology progressed. 

AI is coming whether we like it or not, and there will be inevitable consequences. The best thing we can do is prepare ourselves as it completely takes over our workplaces and lives, and make sure that we have the right knowledge needed to deal and adapt to this major change that is about to come. 

As the world reinvents itself through artificial intelligence, it is crucial to question, what are we really signing up for? Will machines become super-intelligent and will humans eventually lose control? How that will balance out is anyone’s guess and up for much debate and for many people to contemplate.

The Challenges of AI

Work displacement. Replacement of cognitive progress. Removal of human elements. Alarmist headlines have used these points to show the threats of AI. According to an article written by Bernard Marr, an internationally known strategic advisor to companies, artificial intelligence will definitely cause our workforce to evolve. According to PwC, 7 million existing jobs will be replaced by AI in the UK from 2017-2037, but 7.2 million jobs could be created. 

Another issue surrounding AI is its tendency to fail what it’s programmed to do as it crosses ethical or legal boundaries. While originally intended to benefit humanity, some experts fear that AI will be our doom as well if it chooses to achieve goals that are destructive. Hence, it is important to keep in check that as we move along the further development of AI, its goals are aligned with the overarching goals of humans.

Moreover, since AI is highly fueled by data, issues concerning privacy are also on the hot seat. In order for AI algorithms to progress, it needs to be fed by more and more data that is collected about every single minute of every person’s day. One relevant example is China’s social credit system which can be a gateway to social oppression. 

AI surely has a huge transformative impact that will have far-reaching economic, legal, political and regulatory implications, and we should be ready to discuss these. Concerns on who is at fault if an autonomous vehicle hurts a pedestrian or if the social credit system is ethical are just some of the discussions waiting in the line; but one thing is sure, those unintended outcomes of artificial intelligence will likely challenge us all.

The Promises of AI

 “All will be well in the new world,” said Jeff Bezos, founder of Amazon, when asked if AI is something to worry about. While AI is mostly portrayed to be a ticking time bomb, it has its promises. Here are some of the positive impacts of AI on society.

Artificial intelligence can dramatically improve the efficiencies of our workplaces and can augment the work humans can do. AI can take over repetitive tasks and leave the essential ones that humans are better equipped to do, such as creativity and empathy, which could increase happiness and job satisfaction because people will now work on tasks that are engaging.

In terms of healthcare, AI can improve facilities and medical organisations, and reduce operating costs and save money, with better monitoring and diagnostic capabilities. An insight from McKinsey predicts that $100 billion can be saved annually by the medicine and  pharma industry through big data. With deep learning and AI algorithms, it is expected to change the landscape of diagnosing diseases such as early detection of breast cancer. 

With just the introduction of self-driving cars and other autonomous vehicles, society will gain countless productivity hours. Not to mention its attempt on solving traffic congestion, which if successful, can free up humans from stressful and time-consuming commutes. Human error is the main cause of 90% of most road accidents. Venture companies are investing on budding companies realizing self-driving cars and trucks which can drastically reduce road accidents.

While it appears to be ironic that wanting to solve human problems might need solutions that remove human elements, we can not afford to ignore that AI does show quite impressive promises as an aid, not just for industries, but humanity in general. AI is coming whether we like it or not, and there will be inevitable consequences. The best thing we can do is prepare ourselves as it completely takes over our workplaces and lives, and make sure that we have the right knowledge needed to deal and adapt to this major change that is about to come. 

One organization that specializes in AI is Croyten. It helps organizations prepare for the emergence of artificial intelligence and ensure that no organization will be left behind in this transition. If your organization is planning to get on board through artificial intelligence, then allow Croyten’s experienced consultants to assist you with your AI transformation. 

Cybercriminals Prey On Job Candidates Through Phishing

By Amine Mekkaoui,

Cybercriminals prey on job candidates through phishing

Cybercriminals cashed in on the surge of COVID-19 earlier this year, with email lures purporting to be from healthcare professionals offering more information about the pandemic. They sent spear phishing emails pretending to be about economic incentives, as governments offered financial aid to those affected by the pandemic. “As jobs started to be recreated in the industry we saw lures targeting candidates for jobs,” said Derek Manky, Chief of Security Insights & Global Threat Alliances at Fortinet’s FortiGuard Labs.

The rise of web-based threats, the continuance of low-volume, high-risk, targeted ransomware attacks can be prevented through proper and strong security systems. Croyten helps the organization make this happen. Our services can be found in this link.

Surge in IoT Devices Lures More Cyberattacks

By Amine Mekkaoui,

Surge in IoT Devices lures more cyberattacks

The COVID-19 pandemic, coupled with an explosion in the number of connected devices, have led to a swelling in IoT infections observed on wireless networks. IoT devices are now responsible for 32.72 percent of all infections observed in mobile and Wi-Fi networks, and this will continue to grow “dramatically” as connected devices continue to populate in homes and enterprise settings alike, according to Nokia’s Threat Intelligence Report 2020. 

There are more and more devices for cybercriminals to scan and IoT devices are even a target for ransomware. This is no surprise since IoT devices have long been under scrutiny for their lack of security measures.

Croyten’s services focus on trimming down vulnerabilities, such as the ones mentioned above, to a tolerable level. We do this through extensive vulnerability and risk assessments. To know more about our services, visit our website.

Ransomware Attacks Vaastamo; Hackers Blackmailing Patients

By Amine Mekkaoui,

Cybercriminals have already reportedly posted the details of 300 Vastaamo patients – and are threatening to release the data of others unless a ransom is paid. According to Vastaamo, the names and contact information of those 300 patient records have been published. Beyond names and contact data, it’s unclear how much other data was compromised in the breach. On top of this, the sensitive nature of the data makes this breach – and subsequent ransom threats – particularly insidious. 

Other data leaks have recently occurred that exposed sensitive user data. Last week, researchers found an unprotected Google Cloud storage bucket owned by pharma giant Pfizer that exposed data including phone-call transcripts and personally-identifiable information (PII). 

Attacks like this could have been prevented with strong and firm security foundations. Croyten helps its clients plan, protect, and prevent. To know more about our services, visit our website.

Changing the Industries: AI in Action

By Amine Mekkaoui,

Changing the Industries AI in Action by Croyten

Artificial intelligence has many great applications that are changing the world, not just of technology, but all kinds of markets. At present, the evolution of AI and its continuous rise is clearly overwhelming but at the same time promising. The healthcare industry is a good starting point to understand where AI is now. An advanced AI platform can access 200 million pages of structured + unstructured content at a given time, and with the aging of the Baby Boomer generation, the demand for doctors might be 90x higher than supply by 2025 (Folick, 2019).

Moreover, one of the most common applications of AI today is in the field of speech recognition. Alexa, Siri, Cortana and Google Assistant, and more personal virtual assistants, can understand speech and respond to it accordingly. According to Auer-Welsbach (2017), the biggest breakthrough in speech recognition thus far has come from IBM, which has managed to reduce the error rate in conversational speech recognition to 5.5% (relative to the human error rate is of 5.1%).

The rise of artificial intelligence (both in theory and in practice) has revolutionized computer science and the workplace. While it is starting to raise questions towards its promise for the future of, not just the workforce, but humanity, artificial intelligence seems to be doing and offering more good than harm, only if leveraged properly.

Here are some more examples of AI succeeding in practice in various industries:

1. Consumer Goods

Coca-Cola, the largest beverage company in the world is further winning the global market has embraced new technology and puts that data into practice to support new product development, capitalize on artificial intelligence bots and even trialing augmented reality in bottling plants.

Meanwhile, despite being the leading brewery in the world for 150 years, Heineken is looking to catapult their success specifically in the United States by leveraging the vast amount of data they collect. From data-driven marketing to the Internet of Things to improving operations through data analytics, Heineken looks to AI augmentation and data to improve its operations, marketing, advertising and customer service.

2. Culinary Arts

AI-enabled Chef Watson from IBM offers a glimpse of how artificial intelligence can become a sous-chef in the kitchen to help develop recipes and advise their human counterparts on food combinations to create completely unique flavors. Working together, AI and humans can create more in the kitchen than working alone.

3. Financial Services

American Express is leveraging its data flows to develop apps that can connect a cardholder with products or services and special offers. They rely heavily on data analytics and machine learning algorithms to help detect fraud in near real time, therefore saving millions in losses. 

4. Health Care

Neuroscience is the inspiration and foundation for Google’s DeepMind, creating a machine that can mimic the thought processes of our own brains. While DeepMind has successfully beaten humans at games, what’s really intriguing are the possibilities for healthcare applications such as reducing the time it takes to plan treatments and using machines to help diagnose ailments.

It’s true. We’re living through an extraordinary moment in technological history. The rise of artificial intelligence (both in theory and in practice) has revolutionized computer science and the workplace. While it is starting to raise questions towards its promise for the future of, not just the workforce, but humanity, artificial intelligence seems to be doing and offering more good than harm, only if leveraged properly.

Croyten paces itself alongside the use of AI to better its services in providing cybersecurity. With its state-of-the-art software solutions, our company takes a unique and innovative approach to help companies plan, protect, and prevent. If you need assistance in building up your organization become at par in an AI-driven market, contact us and feel free to check out our website at