Information Technology

Singapore has unveiled plans to pilot a new common data infrastructure that it says is necessary to facilitate a more robust supply chain ecosystem for international trade flows. Organisations from both the public and private sectors will participate in trials that aim to improve data efficiencies in container flow and financial processes. 
Efforts are led by the Alliance for Action (AFA) on Supply Chain Digitalisation, one of seven industry groups put together by the Singapore government in June to identify and prototype new ideas to drive the local economy. The other alliances look at key growth growth areas such as robotics, e-commerce, and environmental sustainability.
The COVID-19 pandemic had resulted in a “reconfiguration” of trade flows and supply chains physically and digitally, pushing nations and businesses to seek out better efficiencies and resilience in their supply chains. 

Specifically, significant inefficiencies have been identified in physical event, documentation, and financial data flows across the value chain, according to a joint statement issued by the Infocomm Media Development Authority (IMDA), PSA International, and Trafigura. These gaps have resulted in cost and asset underutilisation impacting all enterprises. 
The alliance, hence, concluded that a common data infrastructure was necessary to resolve painpoints in the ecosystem, they said. The AFA, jointly led by PSA and Trafigura Group, over the past three months had gathered more than 50 supply chain players, including multinational corporations, local large enterprises as well as SMBs (small and midsize businesses), and government agencies to highlight gaps and opportunities across the supply chain. 
“For Singapore to remain relevant in the growing digital economy, it is laying a common foundational layer with digital utilities that enable businesses to move into the digital domain [and] build a stronger and more robust supply chain ecosystem for international trade flows, thereby, advancing our position as a global supply chain and trading hub,” the alliance said.
It added that a common digital platform would facilitate data sharing and enable all businesses to easily “plug and play” into the infrastructure. 

To kick off the initiative, two applications would be developed to improve trade finance and container flow node. 
Financial institutions, for instance, currently lack visibility over the physical movement of goods in the supply chain, hindering their ability to address demand from shippers. These sellers will be able to make better decisions from digitally tracking the physical movement of their goods, which provide higher visibility and traceability across the trade process. 
Logistics players, on the other hand, have limited visibility across container flows, resulting in frequent congestion at container flow nodes including depots and warehouses. This translates to long waiting times and added cost. 
For these organisations, a data common infrastructure would improve process flow efficiencies — enabling financial institutions to provide and access information directly from trusted parties to reconcile trade details — as well as enhance planning asset utilisation, since shipping lines, depot and warehouse operators, and hauliers more seamlessly share operational and event data, such as container bookings and job management. 
It also reduces dependency on physical documents, improve data flow, and build greater trust across trading and financial communities, the alliance said. 
The common data infrastructure would be developed based on key principles around “open, trusted, and secure data-sharing” and the scalability and interoperability of local as well as global data platforms. It also aimed to provide timely access to all players in the value chain.
IMDA and other government agencies would work alongside the AFA to develop and pilot the common data infrastructure.
Trafigura’s Asia-Pacific CEO Tan Chin Hwee said his organisation would work with Singapore banks during the pilot to “access data directly from reliable sources and parties to reconcile trade details with ease”. The platform also could potentially help detect and mitigate trade-related fraud, he added. 
“Building a ‘digital twin’ of the physical movement of goods will improve visibility across the trade process, and help stakeholders reduce dependency on physical documents in the long term,” Tan said.
PSA Group CEO Tan Chong Meng added: “COVID-19 has revealed both vulnerabilities and opportunities in the global supply chain ecosystem. It is Singapore’s ability to rally together multiple stakeholders to co-create and bring a common vision of supply chain end-to-end visibility to fruition, that will set us apart as a trusted global trade and logistics hub. 
“The development of a common data infrastructure is our opportunity to enable large and small businesses to optimise their supply chain flows through Singapore, promote long-term sustainability as a key nodal hub in the global supply chain, and at the same time, support Singapore businesses in expanding their export markets,” the PSA chief said.
Other organisations involved in the initiative include ExxonMobil Asia-Pacific, DBS Bank, and Standard Chartered Bank.
Pointing to the bank’s experience in tapping distributed ledger and other emerging technologies to digitise its processes, Standard Chartered’s Singapore CEO Patrick Lee said: “Establishing a common set of digital standards and guidelines around data sharing across trade platforms will be key to achieving enhanced interoperability, secured data flows, and a seamless e-invoicing experience for trade participants.”
RELATED COVERAGE More

Image: Jan Kopriva
A year and a half after Microsoft disclosed the BlueKeep vulnerability impacting the Windows RDP service, more than 245,000 Windows systems still remain unpatched and vulnerable to attacks.

The number represents around 25% of the 950,000 systems that were initially discovered to be vulnerable to BlueKeep attacks during a first scan in May 2019.
Similarly, more than 103,000 Windows systems also remain vulnerable to SMBGhost, a vulnerability in the Server Message Block v3 (SMB) protocol that ships with recent versions of Windows, disclosed in March 2020.
Both vulnerabilities allow attackers to take over Windows systems remotely and are considered some of the most severe bugs disclosed in Windows over the past few years.
However, despite their severity, many systems have remained unpatched, according to research compiled over the past few weeks by SANS ISC handler Jan Kopriva [1, 2].
Kopriva says that BlueKeep and SMBGhost aren’t the only major remotely-exploitable vulnerabilities that still have a strong presence online these days, exposing systems to attacks.
According to the Czech security researcher, there are still millions of internet-accessible systems that administrators have failed to patch and are vulnerable to remote takeovers. These include systems like IIS servers, Exim email agents, OpenSSL clients, and WordPress sites.
CVE
PRODUCT
UNPATCHED SYSTEMS
CVSSv3
CVE-2019-0211
Apache web server
3,357,835
7.8
CVE-2019-12525
Squid
1,219,716
9.8
CVE-2015-1635
Microsoft IIS
374,113
10
CVE-2019-13917
Exim
268,409
9.8
CVE-2019-10149 (Return of the WIZard)
Exim
264,655
9.8
CVE-2019-0708 (BlueKeep)
Windows RDP
246,869
9.8
CVE-2014-0160 (Heartbleed)
OpenSSL
204,878
7.5
CVE-2020-0796 (SMBGhost)
Windows SMB
103,000
10
CVE-2019-9787
WordPress
83,951
8.8
CVE-2019-12815
ProFTPD
80,434
9.8
CVE-2018-6789
Exim
76,344
9.8

The causes why these systems have been left unpatched remain unknown, but even recent warnings from US government cyber-security agencies have not helped.
This includes two warnings from the US National Security Agency (NSA), one issued in May (for the Exim bug CVE-2019-10149 that was exploited by Russian state hackers), and a second in October (for the BlueKeep bug that was exploited by Chinese state hackers).
Yet, despite these warnings, there are still more than 268,000 Exim servers unpatched for the Exim bug and more than 245,000 unpatched for BlueKeep.
Kopriva says the numbers show that “even very well-known vulnerabilities are sometimes left unpatched for years on end.”
“Given how dangerous and well known BlueKeep is, it rather begs the question of how many other, less well-known critical vulnerabilities are still left unpatched on a similar number of systems,” Kopriva also adds. More

The Australian Securities and Investments Commission (ASIC) has announced the former Australian promoter of BitConnect has been charged for his involvement in the folded cryptocurrency project that was accused of scamming millions out of investors.
ASIC said John Louis Anthony Bigatton promoted the cryptocurrency platform before its collapse in early 2018, alleging the man from Carss Park in NSW was the Australian national promoter of Bitconnect from around 14 August 2017 to 18 January 2018. 
ASIC alleges Bigatton operated an unregistered managed investment scheme, known as the BitConnect Lending Platform, in Australia and that he provided unlicensed financial advice on behalf of another person in, amongst other things, seminars he conducted at various locations around Australia.
The commission further alleges that during four seminars conducted by Bigatton, he made false or misleading statements which were likely to induce investors to apply for, or acquire, interests in the BitConnect Lending Platform.
The charges laid by ASIC are one count of operating an unregistered managed investment scheme, which carries a maximum penalty of five years imprisonment and/or a fine of AU$42,000; one count of providing unlicensed financial services on behalf of another person, carrying a maximum penalty of two years imprisonment and/or a fine of AU$42,000; and four counts of making a false or misleading statement affecting market participation.
The maximum penalty for each of the final four charges is 10 years imprisonment and/or a fine of AU$945,000, or a fine of three-times the proceeds derived from the commission of the offence.
See also: How the FBI tracked down the Twitter hackers

The matter was mentioned in the Downing Centre Local Court on Tuesday, at which time the matter was adjourned for further mention on 2 February 2021. It is being prosecuted by the Commonwealth Director of Public Prosecutions after a referral from ASIC.
BitConnect was touted as a “self-regulating financial system” and part of the “cryptocurrency revolution”. It used many buzzwords and the hype of celebrities to lure investors to participate, and also offered an incredibly high interest rate of at least 1% per day, leading many to believe it was a scam.
Investors would “lend” funds in bitcoin to various projects and these funds were converted to the platform’s coin, BCC.
It is estimated that BitConnect had a market capitalisation of over $2.5 billion in December 2017.  
In January 2018, BitConnect closed its exchange platform, with all loans offered on the platform released. However, these loans were converted to BCC rather than reverted to the investors’ original bitcoin.
ASIC in September 2018 got serious about its financial scam ban, announcing at the time it had stopped several initial coin offerings, or token-generation events that targeted retail investors.

HERE’S MORE
Cryptocurrency exchange Byte Power cops AU$33k fine from ASIC
The corporate watchdog alleges that Byte Power failed to comply with its continuous disclosure obligations.
ASIC cracks online fraud syndicate allegedly shipping money via crypto
The ASIC-AFP joint ‘multi-layered cybercrime’ investigation has resulted in the arrest of a 21 year-old woman from Melbourne.
Aussie blockchain startup Power Ledger wants changes to ICO tax rules
Power Ledger reckons addressing the ‘anomalies’ in taxation rules would allow Australia to be competitive in the blockchain sector.
310 digital currency exchanges registered with Austrac
They occurred after the watchdog got the green light in December 2017 to extend anti-money laundering and counter-terrorism financing regulation to digital currency exchanges. More

Both Facebook and Google have told a House of Representatives Standing Committee that they have each respectively refused 20% of Australia’s law enforcement requests for data held on their platforms.
For the 2019 calendar year, Google received 4,363 requests from Australian law enforcement agencies to disclose account level data to assist them in their investigations and a further 23 requests under the search giant’s emergency disclosure policy, which is used in cases where life is deemed to be imminently at risk. The approval rate for these requests, Google government affairs and public policy manager Samantha Yorke said, sat at around 80%.
Facebook received 943 total requests and also disclosed data in 80% of the cases.
“In the 20% where we didn’t, it’s typically because there was not enough either legal authority demonstrated or the request was too vague or broad for us to be able to comply,” Facebook director of public policy in Australia, New Zealand, and the Pacific Islands Mia Garlick said.
Similarly, Yorke said requests were denied due to a lack of information from relevant parties or because the accountholder was not an Australian resident or citizen and therefore local law enforcement did not have appropriate jurisdiction to request such information.
See also: NZ Privacy Commissioner labels Facebook as ‘morally bankrupt pathological liars’
Yorke and Garlick were appearing before the Standing Committee on Social Policy and Legal Affairs, with Tuesday’s hearing focusing on family, domestic, and sexual violence. The committee took the opportunity to discuss Facebook’s move into end-to-end encryption across its Messenger platform.

“We did announce that we would be taking many years to make this transition because we do work globally with law enforcement in all parts of the world and with global security agencies,” Garlick said.
She said Facebook has been engaged in discussions with Australian law enforcement agencies, as well as the Department of Home Affairs, to talk through what law enforcement “looks like in the end-to-end encrypted world”.
“We’re aiming to be an industry leader in this space and work with them not just on how things can stay the same with respect to unencrypted services but also thanks to the investment that we’ve made for over a decade in artificial intelligence and machine learning, there can continue to be reliance on that to assist with identifying behavioural signals that can assist with law enforcement operations,” she continued.
Also appearing before the committee was Australian eSafety Commissioner Julie Inman-Grant, who has publicly taken issue with Facebook’s end-to-end encryption threat since August 2019, before law enforcement joined the debate.
“We are concerned about industry going down [this path] without actually openly talking about some of the technologies and techniques that are out there, including homomorphic encryption that can be used to scan for child sexual abuse images even in end-to-end encrypted situations,” she said.
Inman-Grant highlighted the reports made to the US National Center for Missing & Exploited Children by other tech companies.
“In 2019, there were almost 60 million from Facebook. Now that may change if they actually go to end-to-end encryption, but if you look at companies like Apple, there were something like 230 — now they have billions of users, lots of storage capacity in iCloud, they’ve got iMessage — you can’t tell me that there are only 230 child sexual abuse images on their platform,” she said.
“Amazon, look at AWS, that hosts most of the world’s data — they had eight. Even my former employer Microsoft who owns Skype — Skype for the past 10 years has been the most benevolent vector for child sexual livestreaming of abuse.”
Inman-Grant said she has personally sent three letters and had five conversations with Microsoft about how it could use technologies across Skype to catch predatory material.
“‘If you’re saying a Skype conversation is end-to-end encrypted, if you can insert a simultaneous translator in there, why can’t you eat your own dog food and use Photo DNA or an algorithm called Project Artemis that uses grooming technologies?’, and they say it’s because of the privacy of the customer,” she said.
“I think we need to stop giving all of these companies a free pass.
“Over time, if we don’t see the issues addressed and we think the harms to children and vulnerable users are too great, I think legislation is an option.”
RELATED COVERAGE More

Service NSW, the New South Wales government’s one-stop shop for service delivery, in April 2020 experienced a cyber attack that compromised the information of 186,000 customers.
Following a four-month investigation that began in April, Service NSW said it identified that 738GB of data, which comprised of 3.8 million documents, was stolen from 47 staff email accounts.
Service NSW assured, however, there was no evidence that individual MyService NSW account data or Service NSW databases were compromised during the attack.
“This rigorous first step surfaced about 500,000 documents which referenced personal information,” Service NSW CEO Damon Rees said in September. “The data is made up of documents such as handwritten notes and forms, scans, and records of transaction applications.”
In delivering its 2020-21 Budget on Tuesday, the government revealed the legal and investigative cost it is expected to incur from the attack.
“In April 2020, Service NSW alerted police and authorities to a cyber attack that has potentially compromised customer information,” the Budget documents [PDF] revealed. “Investigations into this matter are still ongoing however, Service NSW is expected to incur legal and investigation costs of approximately AU$7 million.”
Elsewhere in the state’s 2020-21 Budget, the government largely expanded on a handful of initiatives that have already launched and focused also on how to pull the state out of its AU$16 billion deficit.  

A big feature of its Budget was the Digital Restart Fund (DRF), which will be given AU$1.2 billion in capital and AU$400 million in recurrent funding.
“Key to delivering quality government services is ensuring that those services are fit-for-purpose and meet the needs of the community. In this Budget, the government is pursuing an ambitious transformation agenda driven by digitisation,” the Budget papers stated.
The DRF will underpin this transformation, the state government said, as it aims to promote a “whole-of-sector approach to digitisation and service transformation” and supports job creation by “driving productivity and efficiency across the sector”.
The DRF was already announced, with AU$100 million in seed funding provided at the 2019-20 Budget, but the 2020-21 Budget contains additional investments, including for school technology, digital courts, ePlanning, Revenue NSW, and cyber.
To recap, the government is hoping to close the “digital gap” between regional and metropolitan schools through better integration of digital technology into the school curriculum and infrastructure, with AU$366 million over two years to be given to the initiative.
Meanwhile, AU$54.5 million has been earmarked for a major digital courts and tribunals reform project to digitise services, improve productivity in the legal system, enhance processes, and improve customer experience.
AU$45.8 million will be used to implement the next phase of an end-to-end digital planning service through the ePlanning program and AU$17.5 million of the DRF has been allocated towards improving the online customer experience for key Revenue NSW online services.
Also reserved under the DRF is AU$240 million for cybersecurity initiatives, including AU$60 million over the next three years for Cyber Security NSW.
Cyber Security NSW is responsible for detecting, scanning, and managing online vulnerabilities and data across departments and agencies.
The Budget is also aiming to support the growth of the state’s advanced manufacturing sector, with a new industry strategy that it hopes can create more jobs across a range of industries, including defence and space, and drive the development of emerging industries such as cybersecurity, medtech, and other digital technologies.
Elsewhere, the state is also investing in digital health measures that “build on key successes during COVID-19” and further modernise its health system.
See also: Digital venue registrations for contact tracing will be mandatory across NSW
AU$50.4 million will be used to provide technology-enabled workforce support options, including remote video conferencing and expanding telehealth services and related infrastructure to enable more access to mental health support for people in immediate crisis.  
An integrated state-wide laboratory information management system will also be developed to provide seamless ordering, processing, and reporting of over 70 million tests per year across NSW Health; and a real-time prescription monitoring system will be implemented to track prescribed medicines associated with a high risk of causing harm, dependence, or misuse.
Hoping to lay the foundations of a strong economic recovery, the government has also introduced a number of productivity reforms that are designed to support individuals and businesses to rapidly adapt to the new environment, make it easier to do business by removing hurdles to investment and innovation, and leverage the opportunities from COVID-19 and adopt new technologies.
“Business investment will be critical to a sustainable recovery,” the papers said. “The NSW government is supporting businesses affected by COVID-19 to adapt, innovate, and invest in new activities.
“The NSW government’s targeted relaxation of trading hours and other regulations at the height of the pandemic has helped businesses pivot to alternative models and encouraged the uptake of new technology.
“The Treasurer will lead a whole-of-government evaluation of the costs and benefits of retaining some of these temporary changes to promote a stronger recovery.”
The state is also providing up to AU$500 million as part of its “Out and About” program to stimulate spending in the local economy, including restaurants, visitor sites, and cultural attractions. Every adult resident will be eligible to claim up to AU$100 in digital vouchers to spend on eating out and entertainment.
With AU$472 million, meanwhile, the state will give small and medium-sized businesses which do not pay payroll tax access to a AU$1,500 digital voucher that can be used towards the cost of any government fees and charges before 30 June 2022.
The vouchers are accessible through the MyService NSW portal and operate as a rebate, where a claim can be made after fees and charges have been paid.
Service NSW will use almost AU$103 million to add 1,000 staff to support projects and expand the capacity of Service NSW frontline services to respond to increased customer demand and changing customer needs during COVID-19.
MORE FROM THE FIRST STATE More

Screenshot: Asha Barbaschow/ZDNet
Google has announced a new setting that allows users to control whether data within Gmail, Meet, and Chat can be used to serve up suggestions across its suite of products.
It’s calling the function “Smart” features.
“Think: tabbed inbox, Smart Compose, and Smart Reply in Gmail; reminders when your bills are due in the Google Assistant; and restaurant reservations in Google Maps,” it wrote in a blog post penned by product manager Maalika Manoharan.
See also: Most consumers will trade their data for personalization
Although the ability to turn some of these options on isn’t new, Google is now bundling it up into a more user-friendly feature, saying it gives clearer choice over the data processing that makes them possible.
“This new setting is designed to reduce the work of understanding and managing that process, in view of what we’ve learned from user experience research and regulators’ emphasis on comprehensible, actionable user choices over data,” the search giant said.
Google reiterated the user remains in control of their data. It said the smart features served up are the result of automated algorithms, not manual review.

“And, Google ads are not based on your personal data in Gmail, no matter which choice you make,” it added.
“If you decide not to use smart features and personalization, you will still be able to use Gmail and our other products. And if you decide later on that these features are helpful and you’d like to turn them on, you can do so in your Gmail settings.”
MORE FROM GOOGLE
Google’s Recommendations AI now in public beta
The fully-managed service enables retailers to use AI to give customers personalized product recommendations.
Google unveils revamped Google Analytics with new ML models, more granular data controls
With the redesign, Google said it’s aiming to provide a more modern approach to data analytics and measurement.
Google launches Chrome extension for ad transparency, Trust Token API
Google has taken new steps towards its grand master plan to revamp the online advertising ecosystem. More

Video conferencing software maker Zoom has launched a new feature today that can alert conference organizers when their online meetings are at risk of getting disrupted via Zoombombing attacks.
Named “At-Risk Meeting Notifier,” this new feature is a service that runs on Zoom’s backend servers and works by continuously scanning public posts on social media and other public sites for Zoom meeting links.
When At-Risk Meeting Notifier finds a Zoom meeting URL, it automatically sends an email to the conference organizers with a warning that other people may be able to access their room and possibly disrupt their meeting.
These types of disruptions are known as Zoombombing or Zoom raids, and they have been a major issue for the company all year.
Zoombombing is when trolls connect to a Zoom room uninvited and disrupt the meeting by hurling insults, playing pornographic content, or making threats to other participants.
Zoombombing incidents usually take place after one of the participants shares a link to a Zoom meeting (and sometimes its password) on social media, Discord channels, or Reddit threads, asking others to disrupt the conference.
Image: ZDNet
Zoom raids became a widespread phenomenon in March this year, when, due to the COVID-19 pandemic, Zoom also became the de-facto online meeting tool for families, schools, businesses, and government agencies.

While the US Department of Justice threatened to prosecute Zoom bombers in April, Zoombombing never actually stopped.
Even if Zoom began enforcing meeting passwords and added a “Report Participant” button, Zoom bombings have continued to take place, primarily driven by meeting participants anonymously sharing links and passwords to private Zoom meetings online, urging trolls to connect and wreak havoc.
Through the new At-Risk Meeting Notifier feature, Zoom hopes to curtail some of the Zoom disruptions that are still taking place today, even before they happen.
The new feature is enabled by default and users don’t need to take any action for their accounts. More

What does the rise of intrusive tools such as employee surveillance software mean for workers at home?

A new study shows that the demand for employee surveillance software was up 55% in June 2020 compared to the pre-pandemic average. From webcam access to random screenshot monitoring, these surveillance software products can record almost everything an employee does on their computer.
VPN review website Top10VPN used its global monitoring data to analyze over 200 terms related to employee surveillance software.
It took into account both generic and brand-specific queries for its study which compared searches during March-May 2020 with internet searches in the preceding year.
Global demand for employee monitoring software increased by 108% in April, and 70% in May 2020 compared with searches carried out the preceding year.
Queries for “How to monitor employees working from home” increased by 1,705% in April and 652% in May 2020 compared with searches carried out the preceding year.
The surge in popularity of such an open-ended phrase like this reveals how unprepared many companies were for the abrupt shift to mass home-working.
Top10VPN

The most popular surveillance tools are Time Doctor, Hubstaff, and FlexiSPY. The tools with the biggest increase in demand include Teramind, DeskTime, Kickidler, and Time Doctor, with interest for the latter tripling compared to the pre-pandemic levels.
The top three tools account for almost 60% of global demand in surveillance software because of the range of features offered.
Of the most popular employee monitoring tools, 81% offer keystroke logging so that employers can see every click of the keyboard.
Over three in five (61%) provide Instant Messaging monitoring so that private instant messages can be viewed. Employers could also monitor how employees’ conversations are going at any point in time.
Two in three (65%) can be configured to send User Action Alerts such as noticing when the keyboard has been idle for a set amount of time, and 38% are capable of remote control takeovers such as blocking access to websites, or remote installation of software.
One package, NetVizor claims, operates “entirely in stealth; that is, it’s nearly invisible to the consumer.”
The radical shift away from office-working has clearly made employers nervous about a reduction in productivity and its potential impact on their business. Greater surveillance, however, may actually reduce long-term productivity.
Your boss watching your every move may make you less productive in the long run and could significantly impact your feelings about the company itself.

Coronavirus More