Information Technology

A new report from WhiteHat Security has found that the average time taken to fix critical cybersecurity vulnerabilities has increased from 197 days in April 2021 to 205 days in May 2021. In its AppSec Stats Flash report, WhiteHat Security researchers found that organizations in the utility sector had the highest exposure window with their application vulnerabilities, spotlighting a problem that made national news last week when it was revealed more than 50,000 water treatment plants across the US had lackluster cybersecurity. In addition to an attack on a water treatment plant in Florida earlier this year, it was revealed that there had been multiple attacks on utilities that were never reported.  According to the report, more than 66% of all applications used by the utility sector had at least one exploitable vulnerability open throughout the year. Setu Kulkarni, a vice president at WhiteHat Security, said over 60% of applications in the manufacturing industry also had a window of exposure of over 365 days.  “At the same time, they have a very small number of applications that have a window of exposure that is less than 30 days — meaning applications where exploitable serious vulnerabilities get fixed under a month,” Kulkarni explained, noting that the finance and insurance industries did a better job of addressing vulnerabilities.  “Finance has a much more balanced window of exposure outlook. About 40% of applications have a WoE of 365 days, but about 30% have a WoE of fewer than 30 days.” WhiteHat Security researchers said the top five vulnerability classes seen over the last three months include information leakage, insufficient session expiration, cross-site scripting, insufficient transport layer protection and content spoofing.  The report notes that many of these vulnerabilities are “pedestrian” and require little effort or skill to discover and exploit. 

Kulkarni said the company decided to switch from releasing the report annually to publishing it monthly due to the sheer number of new applications that are developed, changed and deployed, especially since the onset of the COVID-19 pandemic. The threat landscape has also evolved and expanded alongside the explosion in application development.  Kulkarni noted that the situation had spotlighted the lack of cybersecurity talent available to most organizations and the general lack of resources for many industries struggling to manage updates and patches for hundreds of applications.  “We look at the window of exposure by the industry as a bellwether metric for breach exposure. When you look at industries like utilities or manufacturing that have been laggards in digital transformation when compared to finance and healthcare, we find that they have a window of exposure data in a complete disbalance,” Kulkarni told ZDNet. “The key takeaway from this data is that organizations that are able to adapt their AppSec program to cater to the needs of legacy and new applications fare much better at balancing the window of exposure for their applications. That is what I am calling it two-speed AppSec: focusing on production testing and mitigation for legacy applications; focusing on production and pre-production testing and balancing mitigation as well as remediation for newer applications.” Every application today is internet-connected either directly or indirectly, Kulkarni added, explaining that this means the impact of vulnerabilities can potentially affect hundreds of thousands of end-users, if not millions.  Kulkarni suggested organizations distribute the responsibility of security more broadly to all the stakeholders beyond just security and IT teams that often lack the budget or the resources to handle security meticulously. “Security is a team sport, and for the longest time, there has been a disproportionate share of responsibility placed on security and IT teams. “Development teams are pressed for time, and they are in no position to undergo multiple hours of point-in-time dedicated security training. A better approach is for the security teams to identify the top 1-3 vulnerabilities that are trending in the applications they are testing and provide development teams bite-size training focused on those vulnerabilities.” More

Ransomware has become such a significant problem that now even leaders of the global superpowers are discussing these attacks at high-profile summits. The cyberattacks – which involve criminals encrypting networks and demanding payments that can reach millions of dollars in exchange for the decryption key – were one of the key discussion points during the first face-to-face meeting of US President Joe Biden and Russian President Vladimir Putin. Ransomware was on the agenda following several high-profile campaigns against US targets, which caused significant disruption.

First, cyber criminals using DarkSide ransomware hacked the network of Colonial Pipeline, resulting in services being shut down – disrupting gasoline supplies for much of north eastern United States – and forcing the company to pay a ransom of almost $5 million in bitcoin. Just weeks later, criminals using REvil ransomware hit meat processor JBS, which paid a ransom of $11 million in bitcoin. SEE: Network security policy (TechRepublic Premium) Like many ransomware groups, both DarkSide and REevil are thought to be the work of cyber criminals working out of Russia. The consensus among cybersecurity researchers is that the Kremlin turns a blind eye to these activities. That’s why President Biden directly brought up the issue of ransomware during his meeting with President Putin. “I looked at him and said: ‘How would you feel if ransomware took on the pipelines from your oil fields?’ He said: ‘It would matter.’ I pointed out to him that we have significant cyber capability. And he knows it,” Biden told reporters.

Biden’s warning to Putin came following the G7 Summit in Cornwall, England, where the leaders of Canada, France, Germany, Italy, Japan, the United Kingdom and the United States issued a joint declaration on ransomware, agreeing that international action is needed to combat the issue. Ransomware has been a problem for years, but attacks have become increasingly disruptive and damaging for victims while cyber criminals make more and more money from campaigns. A few years ago, ransoms were hundreds of dollars – now cyber extortionists are demanding millions or even tens of millions of dollars in ransoms. And ransomware groups are able to keep demanding huge sums of bitcoin and other cryptocurrencies because, for one reason or another, victims are paying the ransoms. “It’s an effective business model because, from a criminal’s point of view, it works because people are paying. Then there are more attacks as a result as it’s so successful,” says Eleanor Fairford, deputy director for incident management at the National Cyber Security Centre (NCSC). SEE: Network security policy (TechRepublic Premium) For cyber criminals, ransomware is the easiest and most efficient way to make money from a compromised network. An intruder within a corporate network could spend months stealing sensitive information then struggle to find a way to make money from it. Or they could use that time and effort to move around a network laying the foundations for a ransomware attack – and walk away with millions of dollars. The most well-organised ransomware operations will even cherry-pick the organisations they see as potentially the most lucrative or most likely to pay a ransom and focus their efforts on those in order to maximise profits. “If you’re worth $40 million to someone to compromise, is your security good enough to prevent somebody who thinks they can get $40 million out of you? That’s a really hard question to answer,” says John Hultquist, VP of analysis at Mandiant Threat Intelligence. “The prices of ransoms has sky-rocketed and it’s going to be even harder than ever for organizations to secure themselves against an actor, who can afford advanced capabilities to gain access.” It’s because of this situation that hackers are targeting organisations that operate essential infrastructure, factories and other critical services that are reliant on uptime in order to remain functioning. It’s possible that an office-based business that gets hit by ransomware can take the time to restore the network without paying a ransom, even if it disrupts services for days or weeks. Ease of attack Not only is ransomware a lucrative activity, it’s often via relatively simple means that cyber criminals gain access to networks in the first place, exploiting common cybersecurity vulnerabilities as the first step in a ransomware attack. “It’s not super-sophisticated zero-day vulnerabilities or that the threat actor wrote an exploit; it’s things like VPN without multi-factor authentication, things like unpatched Microsoft Exchange servers, it’s things like remote desktops on a port that was publicly available to the internet, that are being leveraged for ransomware,” says Sherrod DeGrippo, senior director of threat research and detection at Proofpoint. Despite repeated warnings, organisations may be completely unaware that these vulnerabilities exist or may not have the procedures in place to apply the relevant security patches to close vulnerabilities in RDPs and VPNs. And the COVID-19 pandemic has exacerbated the problem as organisations have far more staff working remotely than before, making it harder to manage security updates or monitor for potentially unusual behaviour. Ransomware attacks are already damaging and disruptive enough, but many of the most successful ransomware gangs have added another string to their bow – double extortion. SEE: This company was hit by ransomware. Here’s what they did next, and why they didn’t pay up Not only do criminals encrypt data and demand a ransom in exchange for a decryption key, the access they’ve gained to the network means they’re able to steal sensitive information. They’re not looking to sell it on to rival firms or governments; they simply threaten to publish it if the victim doesn’t pay. It isn’t an empty threat, with ransomware gangs running dedicated leak sites where they publish data stolen from organisations that didn’t pay up – and that could scare some victims into paying the ransom, although there’s no real guarantee that cyber criminals won’t exploit that data in the future. Hard-to-trace payments When organisations do pay the ransom, it’s paid in cryptocurrency – and there’s an argument that it’s helped cyber criminals easily make money from ransomware. For criminals, getting the money out is the key thing and by using cryptocurrency like bitcoin, they’re able to do it in a way that’s difficult to trace – and crucially, avoids anything like a regular bank account that could be used to identify them. “When it comes to cybercrime, monetization becomes really complicated. It’s always been sort of the bottleneck – you can get your hands on a bajillion credit-card numbers, but the part where you convert it, that’s where everything stops,” says Hultquist. “Cryptocurrencies provided sort of a way around that because it allows them to move this cash freely around outside of regular systems and provided much easier monetization. It’s not necessarily the cryptocurrency that is fuelling this, the tremendous payouts are fuelling this. Cryptocurrency just makes the monetization easier,” he adds. The Russian angle And when ransomware attacks are this financially successful, they’ll keep happening – especially if cyber criminals are operating from countries where their governments turn a blind eye to their activities. The consensus is that many of the most notorious ransomware gangs are operating from within Russia and that they’re allowed to make money from ransomware, so long as they focus their activities against the west. “The Russian state and Russian criminal underworld are not the same thing, but there is understanding between them and understanding is that as far as the state’s concerned, Russians can make money a way that suits them,” says Ciaran Martin, professor of practice at the University of Oxford’s Blavatnik School of Government – and former director of the NCSC.

ZDNet Recommends

The best cyber insurance

The cyber insurance industry is likely to go mainstream and is a simple cost of doing business. Here are a few options to consider.

Read More

“But the conditions are: leave Russians and Russian interests alone, and when we need your best people, they have to come; that’s the way the model has worked.” SEE: Ransomware: A company paid millions to get their data back, but forgot to do one thing. So the hackers came back again Cyber criminals take heed of this warning, with many coding their ransomware with instructions to terminate if a scan reveals that it’s on a Russian language system. On top of this, it’s against the Russian constitution to extradite Russian citizens, so even if authorities in the West were able to identify members of a ransomware operation, they’re unlikely to be able to make arrests. Meanwhile, a ransomware group would be unlikely to succeed for long if it was working out of a western nation because law enforcement would quickly take action. “Why are there no major international ransomware syndicates in the West? Because if you set one up in London or Oxfordshire or Northern Ireland, the National Crime Agency will be kicking down the door within a week, you just couldn’t do it,” says Martin. “You can’t really do it in the West, but you can do in Russia. Why? Because it’s allowed.” Time for change? Ransomware has been a problem for years – particularly with hospitals regularly falling victim to attacks during the peak of the coronavirus pandemic, but the attack against Colonial Pipeline has struck a particular chord. The pipeline that provides almost half the gasoline supply to the north eastern United States was shut down and that was obvious to all: this wasn’t just a business not being able to operate without the use of particular files, this was critical infrastructure that got shut down due to ransomware. “There will be ‘before Colonial Pipeline’ and ‘after Colonial Pipeline’, it’s that much of a milestone in the way that the threat actor economy is going to work,” says DeGrippo. “It’s not a ransom of files any more, it’s a ransom of your existence. Ransoming the ability to get hot dogs and beer and gasoline is a whole different ballgame.” The United States has a strong relationship with oil and gas and that made the disruption caused by Colonial Pipeline ransomware attack impossible for the Biden administration to ignore – and it started with the Department of Justice seizing most of the bitcoin used to pay the ransom. Even the operators of DarkSide ransomware-as-a-service attempted to distance themselves from the attack, claiming that “our goal is to make money, and not creating problems for society”. They even claim that they’ll establish additional checks and balances on their “partners” in future. But now the ransomware gangs may have bitten off more than they can chew. “They don’t want this much notoriety, they want to be recognised, they want people to pay – but I don’t think they necessarily want the US government on their trail – they probably took it a step too far. I’m sure the other ransomware gangs are pretty upset with them,” says Hultquist. The threat from ransomware is still high – as evident by how Ireland’s healthcare service continued to suffer disruption weeks on from a Conti ransomware attack, which hit days after the Colonial Pipeline attack – but there’s a feeling that recent events could potentially be a turning point. “There is at least a plausible case to be made that the past month has been strategically damaging for the criminals and that one hopes that we might – please note, the very careful language – that we might be able to look back at some point on this period as peak ransomware,” says Martin. “Now that’s by no means certain yet, it’s not even likely yet, but governments are starting to see this can do real harm.” However, in the immediate future, ransomware will remain effective as long as organisations are vulnerable to being hacked by cyber criminals, as demonstrated by how attacks have continued to cause disruption around the world. But it is possible to build resilience to cyberattacks – including ransomware – and make it much harder for cyber criminals to compromise the network in the first place. SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)  Much of this resilience can be built-up by ensuring that cybersecurity hygiene procedures, such as installing security patches in a timely manner, preventing the use of simple passwords and using multi-factor authentication, are applied across the network. Because ransomware gangs are opportunists, by making things more difficult for them, it decreases the likelihood of a successful attack. “The sorts of things that are useful: having visibility on your network to be able to see if precursor activity is taking place, understanding where your assets and network are, and properly having that mapped and understood. These standard good processes will defend against ransomware,” says Fairford. Regularly updating backups – and storing them offline – also provides another means of lessening the severity of ransomware attacks, because even in the event of the network being encrypted, it’s possible to restore it without paying cyber criminals, which cuts off their main means of income. Nonetheless, the rise of double extortion attacks has added an extra layer of complexity to this issue because if the organisation doesn’t pay a ransom, they’re faced with the prospect of potentially sensitive information about employees and customers being leaked. “Do you have a plan if if your information starts leaking out?,” says Hultquist. “Those pieces need to be in place now, not when it hits the fan” The fact that the US and other governments are talking about ransomware should also act as a catalyst for any organisation – that, for whatever reason, didn’t have any specific plans for preventing or protecting against a ransomware attack – to decide on their plans now. Because even in the worst-case scenario, when the network has been encrypted with ransomware, having a set plan can help manage the incident and potentially make it less damaging. “Companies must sit down with their executives and they must decide, ‘if we are a victim of ransomware, how much are we willing to pay, who on the board is going to be authorized to negotiate this and what is our relationship, going to be with law enforcement when it happens?’. Then every quarter, you revisit it and you ask, ‘is this still our decision if we come under a ransomware attack, is this still our plan of action?'” says DeGrippo. “If you haven’t made the decision on how you’re going to handle it yet, it’s not going to work out in your favour,” she adds.

MORE ON CYBERSECURITY More

Can it work? It’s surely worth trying to animate people on the topic.
Screenshot by ZDNet
It’s easy to admire those with lofty dreams.

As long as they don’t express them with depressingly egotistical certainty, that is. Which does rule out one or two tech CEOs and three or four tech PR people. Still, I was moved when a Japanese company contacted me and claimed its aim is “to create a secure cyberspace that people around the world can use safely.” Wouldn’t that be something? Yet here we are with President Biden cyber-rattling at America’s enemies and worrying that the nation’s cybersecurity just isn’t good enough. What, then, could Japan’s Cyber Security Cloud do with its pleasingly idealistic bent? First, sadly, I had to endure the product hard sell. Cyber Security Cloud insists it has WafCharm. The mere idea that a security cloud could enjoy any charm at all seems wildly fanciful. CSC persisted, however, that WafCharm is actually “the only service on the market that automatically builds, tests and tunes AWS WAF rules, and continuously defends against zero-day threats.” While presumably offering an occasional quip, witticism or flattering remark to make users feel warm all over.

I wanted to believe it. I had little reason not to, other than my terminal skepticism. So I thought I’d flex a little of my off-charm and asked: “Look, you can’t really have cybersecurity because humans are deeply imperfect and make terrible mistakes, such as opening attachments coming from nefarious sorts.” “We have an answer to that,” said a vibrantly serene CSC spokesperson. “Well, at least the beginning of an answer.” “Pray, what would that be?” “Cartoons.” I feared a translation had been lost in an insecure cloud.  “Seriously,” came the polite interjection from CSC’s CEO Toshihiro Koike. “Japanese people are very used to learning things such as history and science through anime/manga at a young age. In our culture, we believe that anime/manga is a great way to learn, especially because it is convenient and entertaining.” But that’s not going to work in America, is it? We love shooting and killing games for convenience and entertainment. Koike wasn’t having it: “We believe teaching Americans about cybersecurity through anime/manga would work really well. If you educate Americans about cybersecurity using anime characters popular in the US, it will be easier for the audience to understand cybersecurity, especially since most people are unfamiliar with the topic.”

Past research has suggested that millennials are twice as likely to ignore office IT rules. Which warms CSC’s heart. “The anime/manga strategy may be especially relevant for millennials and Gen Z, who grew up with anime in American pop culture,” said Koike. So, I asked, does CSC teach its own employees this way?  “We create anime for our new employees so they can learn about cybersecurity basics,” said Koike. “We also utilize anime to teach our clients about security threats and countermeasures since, most of the time, they are unaware of certain strategies or don’t have enough knowledge regarding the topic.” Wait, significant companies don’t have enough knowledge about cyberthreats? Could this be one of the reasons why they’re being hacked? I can’t promise you cartoons will animate your cybersecurity. Somehow, those who created the internet-based systems upon which we rely didn’t sufficiently consider how easily they could be breached. Still, it’s worth exercising a little imagination to make things even slightly better. So, President Biden, perhaps cartoons are the way to get Americans to be more cyber-conscious.  Perhaps there might be some congressional money for this. After all, there are so many cartoon characters in Congress that they’ll surely all support it. More

GlobalFoundries has begun construction works on a $4 billion manufacturing plant in Singapore to meet growing global demand for semiconductors. It says i”long-term” customer agreements already have been inked in key market segments, including 5G and automotive.  Slated to be up and running in 2023, the new Singapore fab would be built with co-investments from customers, GlobalFoundries said in a statement Tuesday. The chip manufacturer is owned by United Arab Emirates state-owned wealth fund, Mubadala Investment Company.  Global semiconductor revenue climbed 10.8% year-on-year to hit $464 billion in 2020, according to IDC, which projected the market would continue to grow, at 12.5%, this year to reach $522 billion. The research firm pointed to high-growth markets 5G, automotive, consume products, and computing as key drivers for semiconductor demand. 

Revenue from smart phone chips, in particular, would increase 23.3% to hit $147 billion this year, IDC predicted. Its research director for connectivity and smartphone semiconductors Phil Solis said in a May report: “2021 will be an especially important year for semiconductor vendors as 5G phones capture 34% of all mobile phone shipments ,while semiconductors for 5G phones will capture nearly two-thirds of the revenue in the segment.” GlobalFoundries CEO Tom Caulfield said in the company’s statement that the new plant in Singapore would support “fast-growing end-markets in the automotive, 5G mobility, and secure device segments”. He noted that “long-term” customer agreements from these markets already had been inked. Caulfield added that the chipmaker was “accelerating” its investments worldwide as part of efforts to address the global semiconductor shortage, which the company said included plans to expand all its manufacturing sites in the US and Germany.The Singapore fab, when operational, would boost capacity by 450,000 wafers per year, pushing GlobalFoundries’ production of 300mm wafers in Singapore to some 1.5 million each year. 

The chipmaker said it was adding 250,000 square feet of cleanroom space as well as administrative offices, with the new plant creating 1,000 roles including technicians and engineers. Its launch was announced in partnership with Singapore’s Economic Development Board. The government agency’s chairman Beh Swan Gin said in the statement that global demand for chips also was fuelled by growth markets such as artificial intelligence and underscored the chip industry as “a key pillar” of the country’s manufacturing sector. According to stats from TrendForce, Taiwanese chipmaker TSMC led the global market by revenue in the first quarter of 2021, grabbing 55% market share. South Korean Samsung ranked in second with 17% market share, followed by Taiwanese UMC with 7% market share. RELATED COVERAGE More

In taking a forward-looking approach into what the future of South Australia will look like, the South Australian government has announced it will bolster investment in tech-focused sectors such as defence, space, and cybersecurity as it hands down the 2021-22 Budget [PDF]. “This Budget is our blueprint for a stronger South Australia, creating jobs, building what matters and delivering better services to further secure our growing global reputation as one of the safest and most attractive places in the world to live, work, and raise a family,” Treasurer Rob Lucas said on Tuesday. Some of the specific funding announcements include AU$20.8 million to upgrade the existing buildings at Lot Fourteen to make way for the expansion of space, digital, hi-tech, and cyber companies, with a particular focus on companies involved in small satellite development. Separately, AU$6.6 million will be contributed over five years to assist with the SASAT1 Space Services Mission, which will see a local manufacturer launch a small satellite in mid-2022 as well as deliver space-derived services to the state. South Australia’s Defence and Space Landing Pad program has also received a boost, with the state government saying it will deliver AU$860,000 over three years for the program that is used to support international defence and space companies that bring new, sought-after capability to South Australia. Local artificial intelligence and health technology companies are set to receive additional support through a AU$1.6 million allocation delivered over four years. Under this investment, AU$985,000 will be used for grants to support AI and health technology companies through matching co-funding for health application pilots, and $589,000 to deliver project support activities, including investment concierge services. Meanwhile, AU$2.6 million will be earmarked to support small businesses developing digital and cyber security capabilities as well as other capabilities to enter the national market.

The Budget papers also indicated AU$21.1 million over three years will be dedicated towards the implementation of stages three and four of the South Australia Police Shield project, which involves linking South Australia Police’s data and records management system directly with other justice sector agencies. The state government touted the move will improve collaboration and data sharing capabilities. In a bid to boost bushfire response, the 2021-22 Budget revealed that it will contribute AU$7.7 million over four years towards the ongoing management, support, and maintenance of automatic vehicle location systems (AVL) used by the emergency services sector. AVL provides real time location information of firefighting and other emergency response vehicles during incidents. AVL is expected to be installed in approximately 1,400 vehicles at a total cost of AU$12.7 million. Additionally, the 2021-22 Budget indicated support for the state government’s commitment to improving digital services for citizens remains ongoing through its AU$120 million Digital Restart Fund, noting that AU$4.3 million in 2021-22 will be put towards the South Australian government’s online services portal, AU$5.5 million over two years for the expansion of the residential aged care enterprise system, AU$1.3 million over two years for the child and family services information systems, and AU$500,000 in 2021-22 for the Safeguarding smartphone app. Related Coverage More

The New South Wales government handed down its 2021-22 Budget on Tuesday, revealing that digital initiatives across the state will receive handsome handouts.Treasurer Dominic Perrottet said the state’s “secret weapon” to economic recovery from COVID-19 has been its digital government platform, which he claimed was “light-years ahead of the competition”. Off the back of this praise, the state government noted in its Budget papers [PDF] that it would pour an additional half a billion dollars over three years into its Digital Restart Fund, which is aimed at lifting whole-of-government digital capabilities. “That takes our investment to transform digital services for our citizens to AU$2.1 billion,” Perrottet said. Using the additional investment for the Digital Restart Fund, the Ministry of Health will be able to commence phase one of building its single digital patient record; Department of Customer Service will be able to establish its digital platform for certification registries as part of its eConstruction initiative; and the cybersecurity capabilities of the Department of Education, Planning Industry and Environment, Premier and Cabinet, Communities and Justice, Police, Transport for NSW, and the Ministry of Health will be lifted.Under the Digital Restart Fund, AU$500,000 will also be invested towards the design and development of a new database for the NSW Pet Registry.Meanwhile, the Data Analytics Centre will receive AU$38.3 million over four years to provide additional insight that will inform state policy decisions.The Department of Customer Service is set to benefit from a AU$130 million funding boost, the Budget showed. The largest share, according to Minister of Customer Service Victor Dominello, will go towards the work of Service NSW.

“We want to save customers time and money when interacting with government, and technology is a critical part of the solution as we’ve seen with the Service NSW app, the NSW QR Code system, and Dine and Discover vouchers,” he said.”This funding also allows us to build on popular products like the Digital Driver Licence, FuelCheck, and Park’nPay, while also uplifting our cyber and information security systems.”The Budget also provides AU$660 million in funding to complete the state-wide rollout of the Critical Communications Enhancement Program (CCEP). Under the CCEP, the state government has been developing the public safety network to provide emergency services organisations with a single radio communications network. This latest funding will be the fourth tranche of funding the government has committed to the program since 2016.  “The final 318 (of 675) radio sites will be constructed and brought online delivering full state coverage. Network land coverage will increase from 47% to 85% of New South Wales and an increase in coverage of the state’s population from 96.0% to 99.7%,” the Budget papers said.At the same time, Investment NSW has been allocated AU$416 million, of which AU$35 million will be invested into an entrepreneurship and innovation fund to “promote new ideas, design, and investment while creating sustainable jobs in targeted sectors, precincts, and regional New South Wales”.The state government noted Tech Central and the Westmead Health and Innovation District will each receive AU$10 million. Tech Central will put the funds towards supporting investments, deep tech innovation infrastructure, and a program that will help develop talent needed to address the current tech skills gap. Westmead Health will use the cash to establish new infrastructure that will house a shared lab space and incubator for startups that are looking to commercialise research in biotechnology, diagnostics, and digital health. Furthermore, AU$500 million will be handed out to lift the spend on digital health initiatives, including virtual care and telehealth, while more than AU$214.3 million will be used to boost NSW Ambulance services by upgrading in-ambulance defibrillators that improve electronic medical record integration capabilities between NSW Ambulance and hospital emergency departments across the state. The state government has also signalled its support for regional and rural Australia with a AU$198 million digital connectivity package that will be invested into initiatives such as the Gig State project, the expanded Farms of the Future program, and the mobile coverage project.Looking at how NSW could better engage with the global community, the state government will fork out AU$87.5 million to target industry development programs in key industries such as space, medtech, cyber, fintech, regtech, and agtech. When it comes to education, New South Wales school teachers will soon have access to a new online portal designed to support them in delivering the school curriculum. The interactive digital portal is part of the NSW government’s move to overhaul the state curriculum under a four-year $196.6 million package.”The new portal will help teachers integrate syllabus materials and deliver lessons driven by the latest research and resources, meeting the needs of our students in a way we have never been able to do before,” Minister for Education Sarah Mitchell said.”The new curriculum and the portal will save time for teachers, improve clarity, and make the implementation of the syllabuses even easier. The investment will allow teachers to unlock the curriculum’s potential while arming them with the best resources, multiplying the positive impacts of the reform.”It will be the first major rewrite of the NSW curriculum in 30 years, according to the state government.The new platform currently under development is set to go live in Term 4, 2021 along with new kindergarten to year 2 English and mathematics syllabuses. Additionally, AU$19 million will be invested into refreshing video conferencing and computer facilities at TAFE campuses across the state. The state government has also set aside a further AU$268.2 million as part of its response to the NSW bushfire inquiry. Of that total package, AU$5.2 million will be used for additional drones for firefighting operations, AU$19.9 million will fund the upgrade of the NSW Rural Fire Service (NSWRFS) dispatch systems, and AU$10.6 million for the implementation of a new National Fire Danger Rating System.”This commitment will bolster the future of our fire agencies and preparedness of communities, many of whom of have personally witnessed the devastating effects of fire,” Perrotet said.This latest announcement follows the state government dedicating a total of AU$28 million over four years as part of the 2021-22 Budget into research and development of new technologies and industries to help NSW tackle future bushfires.Perrottet said the funding would be evenly split into AU$7 million chunks under the NSW Bushfire Response R&D Mission.Under the mission, the funding will be used to establish a bushfire technology network for researchers, investors, and industry, as well as work with local small businesses to develop and commercialise bushfire technologies through an early-stage Bushfire Technology Fund to ensure the new technologies are tested by NSW’s frontline bushfire services.Other funding announcements in the state Budget included an additional AU$1 million to enable the development of an interpreting mobile phone application, which will link police and emergency services in the field with on-the-spot interpreters in order to provide timely interpreting support when needed. Related Coverage More

Ping Identity on Monday announced it’s acquired SecuredTouch, a fraud and bot detection firm based in Tel Aviv. The terms of the deal were not disclosed. SecuredTouch, founded in 2015, has clients in multiple sectors globally. After the acquisition closes, they’ll be able to use SecuredTouch as a standalone product or as part of the PingOne Cloud Platform. The integration into the PingOne platform will give customers better visibility into potentially malicious activity across their digital properties. To detect and thwart bots and account takeover threats, SecuredTouch uses behavioral biometrics, AI, machine learning and deep learning. “Identity isn’t just about knowing who customers are, it’s about knowing when someone is pretending to be a customer,” Ping founder and CEO Andre Durand said in a statement. “As companies undergo massive digital transformation initiatives, the need for seamless, frictionless, and secure identity solutions to confidently understand both those situations is imperative.”Ping is one of several vendors in the competitive identity and access management (IAM) market, which also includes Okta, ForgeRock, IBM, Microsoft and others. The company also announced on Monday a significant expansion of the PingOne platform. Customers can now access the entire Ping Identity portfolio from a unified cloud admin for both workforce and customer identity use cases. Meanwhile, following its acquisition of Symphonic, Ping is enhancing its fine-grained authorization solution. Previously called PingDataGovernance, the updated PingAuthorize provides enterprises with dynamic authorization and attribute-based access control (ABAC). More

Smart home gadgets are all the rage, but it’s a slippery slope. As soon as you’re done installing your first gadget, you’re in the market for the next, and it can get pretty expensive.  Amazon Prime Day is a good time to pick up your next smart home device for less because there are some fantastic deals out there on a whole range of devices. With that in mind, I’ve trawled through the unbelievable number of deals that are available over Prime Day 2021 — tens of thousands! — and distilled them down into a handful of the best. Deals come and go over the two days, and I’ll be updating this post with fresh deals, so keep checking back. Also, if you find a good deal I’ve missed, feel free to drop me a note (a Twitter DM probably gets the quickest response). 

70% off

Add Alexa to your car – Connects to the Alexa app on your phone and plays through your car’s speakers via auxiliary input or your smartphone’s Bluetooth connection. Includes Vent Mount.Designed for the road – With 8 microphones and far-field technology, Echo Auto can hear you over music, A/C, and road noise.Do More with Auto Mode – Turn your phone into a driver-friendly display that complements your Echo Auto. See what’s playing and save time with easy-touch shortcuts to your favorite places, people, and content.

$15 at Amazon

62% off

This bundle contains an Echo Dot (4th Gen) and Sengled Bluetooth Smart Color Bulb.Easily automate your home through smart lighting. Use your voice to turn on your lights, set schedules and change colors. Just say “Alexa, turn on my Lights.”

$25 at Amazon

47% off

FORGET ABOUT VACUUMING FOR UP TO 45 DAYS: A bagless, self-emptying base holds up to 45 days of dirt and debris.FASTER MAPPING: Faster mapping speed for a quicker total home map compared to the previous model (RV1001AE)BETTER CARPET CLEANING: Improved carpet cleaning performance compared to the previous model (RV1001AE)MULTI-SURFACE CLEANING: Multi-surface brushroll pulls in all kinds of dirt and debris from carpets and floorsPHONE OR VOICE COMMAND: Schedule whole-home cleaning or target specific rooms or areas to clean right now with the SharkClean app or voice control with Amazon Alexa or Google AssistantPOWERFUL SUCTION: Deep-cleaning power to take on large debris, small debris, and pet hair on carpets and floors.ROW-BY-ROW CLEANING: Methodically cleans row by row and then navigates room to room for complete home coverage.

$320 at Amazon

40% off

The bundle includes Stick up Cam Battery (White) 2PK and Echo Show 5 (2nd Gen).See, hear and speak to people from your phone, tablet or select Echo device with Stick Up Cam Battery, a battery-powered camera that can be mounted indoors or out.With Live View, you can check in on your home any time through the Ring app.With a Ring Protect Plan (subscription sold separately), record all your videos, review what you missed for up to 60 days, and share videos and photos.

$169 at Amazon

20% off

Dimmable LED lights are great for setting the mood, whether you’re having a romantic night-in, watching a movie, or even playing your favorite video game. Gosund smart light bulbs support adjusting brightness (1%-100%) or set schedules to meet your various expectations.Gosund smart bulbs support voice control via Alexa and Google Assistant; just enjoy the convenience and comfort of automated lighting that you can control with your voice. Tell Alexa to turn off the lights on a cold winter night; you don’t need to get up.

$22 at Amazon

20% off

Gosund smart plugs that work with Alexa and Google Home Assistant. Just give a simple voice command to control your home device with a smart outlet via Alexa or Google Home Assistant. No hub required to install the wifi plug. Gosund Alexa outlet plug works with a stable 2.4GHz network.By setting schedules and timers for your home smart wifi electrical plugs, you can prepare a crockpot meal and get home with dinner’s ready. Get ready to have a smart home and create a customized schedule to automatically turn on/off any home electronic appliances such as lamps, Christmas lights, coffee maker, etc. Please note that the Alexa outlet plug is not suitable for the appliances whose power is more than 10A,1200W (e.g., air conditioner, microwave oven, induction cooker etc.)Gosund Google smart plug can help you control your home appliances from anywhere. Even you are not at home; you also can control your Alexa wifi outlet via Gosund App directly, as long as your phone access a secure 2.4 GHz Wi-Fi network. Ideal for someone who cannot move around very well and needs easy access to turn on/off a deviceSet a group for all Google home outlets and control them in one command. Share your wifi plugs that work with Alexa with all family members in a minute. No more worries, everyone can control them easily.Just plug a device into the mini wifi smart outlet and connect to your secured 2.4GHz network with “Gosund” App. The smart plug uses high-quality materials and technology, such as V-0 flame-retardant thermoplastics, pure copper connectors and advanced PCBA boards. It can avoid fire hazards and provide overload protection to ensure the safety of family members. And ETL certification ensures complete protection.

$19 at Amazon

42% off

See the time, alarms, and timers on the LED display. Tap the top to snooze an alarm.Ask Alexa to tell a joke, play music, answer questions, play the news, check the weather, set alarms, and more.Use your voice to turn on lights, adjust thermostats, and lock doors with compatible devices.

$34 at Amazon

33% off

The Roomba 692 is a great way to begin cleaning your home smarter. Just schedule it to clean up daily dirt, dust, and debris with the iRobot HOME app or your voice assistant.3 Stage Cleaning system & Dual Multi-Surface brushes grab dirt from carpets & hard floors; an Edge-Sweeping brush takes care of corners & edges.Learns your cleaning habits to offer up personalized schedules, while Google Assistant & Alexa allow you to start cleaning with just the sound of your voice.A full suite of advanced sensors allows Roomba to navigate under & around furniture & along edges. Cliff Detect keeps it from falling downstairs.Dirt Detect Sensors alert your robot about dirtier areas of your home, like high-traffic spots, & cleans them more thoroughly.Auto-Adjust Cleaning Head automatically adapts its height to effectively clean carpets & hard floors.It runs for up to 90 minutes before automatically docking & recharging.

$199 at Apple

27% off

Ring

With its 8-inch HD touchscreen, adaptive color, and stereo speakers, the all-new Echo Show 8 is the perfect hub for your smart home setup.8.0-inch touchscreen 1280 x 800 resolution display.13 MP camera that uses auto-framing to keep you centered.Built-in camera shutter and microphone/camera off button.

$94 at Amazon

50% off

Ring

It might be tiny, but it packs all the power and punch of a full-sized Echo. There’s a reason why this is Amazon’s most popular smart speaker!Better speaker quality than Echo Dot Gen 2 for richer and louder sound. Pair with a second Echo Dot for stereo sound.Stream songs from Amazon Music, Apple Music, Spotify, Sirius XM, and others.Turn on lights, adjust thermostats, lock doors, and more with compatible connected devices. Create routines to start and end your day.Call almost anyone hands-free. Instantly drop in on other rooms in your home or announce to every room with a compatible Echo device.

$19 at Amazon

41% off

Ring

Blink Outdoor wireless battery-powered HD security camera with infrared night vision.It runs for up to two years on two AA lithium batteries (included).Store video clips and photos in the cloud with the Blink Subscription Plan or save locally to the Blink Sync Module 2 via a USB flash drive (sold separately).Built to withstand the elements.No wiring or professional installation required.Get motion detection alerts on your phone.See, hear, and speak to visitors with live view in real-time and two-way audio features on your Blink app.

$224 at Amazon

36% off

Certified Refurbished Video Doorbell Pro has been refurbished, tested, and certified to look and work like new and also comes with the same limited warranty as a new device.1080p HD video doorbell lets you see, hear and speak to people from your phone, tablet, or select Echo device. Includes privacy features, such as customizable privacy zones and audio privacy, to focus only on what’s relevant to you.Get notifications whenever motion is detected by customizing your motion zones.With Live View, you can check in on your home any time through the Ring app.

$89 at Amazon

30% off

Ring

At the heart of any good smart home system is a solid, reliable Wi-Fi connection, and things don’t get much better than the Amazon eero Pro mesh.The Amazon eero Pro mesh WiFi kit (3 eero Pros) replaces the traditional WiFi router, WiFi extender, and internet booster.Capable of covering a 5+ bedroom home with fast and reliable internet powered by a mesh network.Unlike the common internet routers and wireless access points, eero automatically updates once a month, always keeping your home WiFi system on the cutting edge.Eero mesh WiFi network leverages multiple wireless access points to create an incredibly dependable internet experience, all on a single mesh WiFi system.Quick & easy setup.

$349 at Amazon

40% amount off

Ring

Quickly and easily set up your Ring Alarm by plugging in your base station, connecting to wifi via the Ring app, and placing your sensors in their ideal locations.A great fit for 1-2 bedroom homes.Kit includes one base station, one keypad, four contact sensors, one motion detector, and one range extender.Optional 24/7 professional monitoring with Ring Protect Plus for $10/month.

$149 at Amazon

More Prime Day 2021 deals

We plan to update this guide with more smart home device deals as we spot them.

Amazon Prime Day 2021

The best Amazon Prime Day 2021 deals: Windows 10 laptops

The best Amazon Prime Day 2021 deals: Robots, Raspberry Pi, Arduino, and electronic kits

The best Amazon Prime Day 2021 deals: Webcams, mics, green screens, and video studio gear

The best Prime Day 2021 deals: Storage, SSD, and flash drives

The best Prime Day 2021 deals: Chromebook laptops

The best anti-Prime Day deals: Sales from Walmart, Best Buy, and elsewhere

Amazon Prime Day creates halo effect for large rival retailers, email marketing More