Inside CTO/CIO - April 18th, 2019 |

Inside CTO/CIO (Apr 18th, 2019)

FLASHMINGO automation, Wipro lessons, 768k Day' approaches

Subscribe to Inside CTO/CIO

New blank template
Subscribe | View in browser

1. A new open source tool automates analysis of Flash files. Security firm FireEye announced the release of an open source tool called FLASHMINGO, which automates analysis of Adobe Flash files to identify malware and prevent infections. The tool integrates with analysis workflows as a stand-alone app, and can be used as a library. FLASHMINGO also expands its functionality with custom Python plug-ins. Flash will be deprecated in 2020, but is frequently in Adobe's monthly security updates. --SECURITY WEEK

2. The Wipro breach has worrisome implications for supply chain security. Forbes has a thorough breakdown on why the Wipro breach is “a huge example of potential outsourcing IT without oversight" -- and says Wipro should be a wakeup call to both outsourcing companies, and orgs that outsource their IT. The Target and British Airways breaches were both caused by supply-chain issues; no organization is immune, but now we know that those who outsource any IT functions are far more vulnerable than others. --FORBES

3. Corporations moving to software solutions have caused open source use to grow by 68%. According to a Red Hat survey of more than 900 IT leaders with a role in enterprise open source, one in three say open source is crucial to enterprise and "a negligible 1% dismisses" it altogether. The 68% increase of open source in corporate applications has occurred within the last 12 months; IT modernization is the top function for open source in enterprises. According to the report, open source is used almost equally in website development, big data and analytics, cloud management tools, databases and security. --CIO DIVE

4. Throwback Thursday: Internet outages expected as '768k Day' approaches. 768k Day stems from 512k Day, when routers ran out of memory for storing the global BGP routing table on August 12, 2014. On that day, hundreds of ISPs from all over the world went down -- including AT&T, BT, Comcast, Sprint, and Verizon -- leaving behind billions of dollars in damages from lost trade and fees, from a lack of internet connectivity, and packet loss. Now, "768k Day" is nigh, and it has network administrators stressed to the max with the expectation of downtime caused by outdated network equipment. 768k Day is expected sometime within the month. --ZDNET

5. Over 80% of global phishing attacks targeted US organizations. American enterprise orgs were the most attractive targets of phishing attacks throughout 2018, according to PhishLabs' 2019 Phishing Trends and Intelligence Report. There is one upside: 98% of attacks that made it past enterprise email security controls and into user inboxes contained no malware. --BLEEPING COMPUTER

6. CIOs are increasingly shifting IT away from ‘Big Bang’ digital transformations. While the trend in vendor pitches and PR thought-pieces push the notion of overnight digital transformations, many CIOs are slowing down and shifting to a more measured approach to innovation. --CIO

7. Continuous delivery and continuous deployment are the heart of the DevOps revolution. The Waterfall method of development, where developers work for months building code, isn't working out so well nowadays, as Software-as-a-Service (SaaS) has become the norm. Instead, agile methods of rapid code iteration – focusing on continuous development and deployment – is the approach favored by nimble and successful orgs. --DATAMATION

8. Organizations are increasingly turning to IT for revenue-generating initiatives. CIOs need to play a central role in creating financially-beneficial initiatives, like new products and services. CIO explains seven helpful ways IT can drive value at the intersection of company and client. --CIO

9. The State of Intelligent Automation gives insight on scaling and revenue generation. While enterprises are investing in intelligent automation technologies, many choke at scaling AI, advanced analytics, and robotic process automation fast enough to meet objectives. This report provides insight on navigating those pressure points. --DIGIRUPT IO

10. Privileged access abuse is a CIO nightmare. Privileged credential abuse is one of the most popular breach strategies organized crime and state-sponsored cybercrime organizations use, and CIOs need to protect their orgs while streamlining access to the information and systems their companies need to grow. Forbes nailed down five strategies CIOs need to concentrate on to stop privileged credential abuse. --FORBES

This newsletter is curated and authored by author and reporter Violet Blue, who covers security and privacy for outlets ranging from CBS News and CNET to Financial Times and ZDNet. Ms. Blue has been featured on The Oprah Winfrey Show and CNN, she writes the Engadget column "Bad Password," and she is the author of The Smart Girl's Guide to Privacy. Violet is on the Advisory Board for privacy nonprofit Without My Consent and a member of the Internet Press Guild. Find her sharing thoughts on Twitter @violetblue.

Editing team: Kim Lyons (Pittsburgh-based journalist and managing editor at Inside); Susmita Baral (senior editor at Inside, who runs the biggest mac and cheese account on Instagram); and David Stegon (senior editor at Inside, whose reporting experience includes cryptocurrency and technology).

Copyright ©, All rights reserved.

Our mailing address is:
767 Bryant St. #203
San Francisco, CA 94107

Did someone forward this email to you? Head over to to get your very own free subscription!

You received this email because you subscribed to Inside CTO/CIO. Click here to unsubscribe from Inside CTO/CIO list or manage your subscriptions.

Subscribe to Inside CTO/CIO