Tag Archives: feature

LinkedIn Sales Navigator refresh adds deals pipeline

A LinkedIn Sales Navigator refresh adds a deals management feature, smoother search experience and mobile deal pages to the social media giant’s social sales platform.

The revamp injects an array of new ways to search, manipulate and process LinkedIn’s vast troves of personal and consumer data and data from CRM systems and puts LinkedIn in a better position to monetize the information — coming off a hot quarter for LinkedIn, which reported June quarter earnings of $1.46 billion, up 37% from Q2 2017.

These upgraded features represent the next step in AI-assisted sales and marketing campaigns in which B2B companies mash up their own customer data with information on LinkedIn.

Microsoft banking on LinkedIn revenue

Microsoft bought LinkedIn in June 2016 for $26.2 billion. While Microsoft doesn’t always announce how AI is assisting automation of sales-centric search tools in Sales Navigator, a premium LinkedIn feature that also integrates LinkedIn data to CRM platforms such as Salesforce and Dynamics CRM, some experts have noted how AI subtly manifests itself in the search. 

The LinkedIn Sales Navigator refresh was unveiled in a blog post by Doug Camplejohn, vice president of products for LinkedIn Sales Solutions.

The new “Deals” web interface extracts and imports sales pipeline data from the user’s CRM system and enables users to update pipelines considerably faster, Camplejohn said in the post about the LinkedIn Sales Navigator refresh.

“Reps can now update their entire pipeline in minutes, not hours,” he wrote.

Adobe Sign connector added

Meanwhile, a new feature in Deals, “Buyer’s Circle,” pulls in and displays opportunity role information to streamline the B2B buying process. Users can see if any “key players” such as decision-maker, influencer or evaluator, are missing from deals, according to LinkedIn.

We all live in email.
Doug Camplejohnvice president of products, LinkedIn

The vendor called another new function in the LinkedIn Sales Navigator refresh — Office 365 integration — “Sales Navigator in your inbox.”

“We all live in email,” the blog post said. “Now you can take Sales Navigator actions and see key insights without ever leaving your Outlook for Web Inbox. “

LinkedIn also touted what it called a “new search experience” in the Sales Navigator update, saying it redesigned the search function to surface search results pages faster and easier.

Also as part of the LinkedIn Sales Navigator refresh, LinkedIn added mobile-optimized lead pages for sales people working on mobile devices. LinkedIn also named Adobe Sign the fourth partner to its Sales Navigator Application Platform (SNAP). Other SNAP partners include Salesforce, Microsoft Dynamics and SalesLoft.

TLBleed attack can extract signing keys, but exploit is difficult

An interesting, new side-channel attack abuses the Hyper-Threading feature of Intel chips and can extract signing keys with near-perfect accuracy. But both the researchers and Intel downplayed the danger of the exploit.

Ben Gras, Kaveh Razavi, Herbert Bos and Cristiano Giuffrida, researchers at Vrije Universiteit’s systems and network security group in Amsterdam, said their attack, called TLBleed, takes advantage of the translation lookaside buffer cache of Intel chips. If exploited, TLBleed can allow an attacker to extract the secret 256-bit key used to sign programs, with a success rate of 99.8% on Intel Skylake and Coffee Lake processors and 98.2% accuracy on Broadwell Xeon chips.

However, Gras tweeted that users shouldn’t be too scared of TLBleed, because while it is “a cool attack, TLBleed is not the new Spectre.”

“The OpenBSD [Hyper-Threading] disable has generated interest in TLBleed,” Gras wrote on Twitter. “TLBleed is a new side-channel in that it shows that (a) cache side-channel protection isn’t enough: TLB still leaks information; (b) side-channel safe code that is constant only in the control flow and time but not data flow is unsafe; (c) coarse-grained access patterns leak more than was previously thought.”

Justin Jett, director of audit and compliance for Plixer LLC, a network traffic analysis company based in Kennebunk, Maine, said TLBleed is “fairly dangerous, given that the flaw allows for applications to gain access to sensitive memory information from other applications.” But he noted that exploiting the issue would prove challenging.

“The execution is fairly difficult, because a malicious actor would need to infect a machine that has an application installed that they want to exploit. Once the machine is infected, the malware would need to know when the application was executing code to be able to know which memory block the sensitive information is being stored in. Only then will the malware be able to attempt to retrieve the data,” Jett wrote via email. “This is particularly concerning for applications that generate encryption keys, because the level of security that the application is trying to create could effectively be reduced to zero if an attacker is able to decipher the private key.”

Intel also downplayed the dangers associated with TLBleed; the company has not assigned a CVE number and will not patch it.

“TLBleed uses the translation lookaside buffer, a cache common to many high-performance microprocessors that stores recent address translations from virtual memory to physical memory. Software or software libraries such as Intel Integrated Performance Primitives Cryptography version U3.1 — written to ensure constant execution time and data independent cache traces should be immune to TLBleed,” Intel wrote in a statement via email. “Protecting our customers’ data and ensuring the security of our products is a top priority for Intel, and we will continue to work with customers, partners and researchers to understand and mitigate any vulnerabilities that are identified.”

Jett noted that even if Intel isn’t planning a patch, it should do more to alert customers to the dangers of TLBleed.

“Intel’s decision to not release a CVE number is odd at best. While Intel doesn’t plan to patch the vulnerability, a CVE number should have been requested so that organizations could be updated on the vulnerability and software developers would know to write their software in a way that may avoid exploitation,” Jett wrote. “Without a CVE number, many organizations will remain unaware of the flaw.”

The researchers plan to release the full paper this week. And, in August, Gras will present on the topic at Black Hat 2018 in Las Vegas.

Apple iOS 12 USB Restricted Mode to foil thieves, law enforcement

A security feature that had popped up in beta versions of Apple’s iOS software appears to be coming in earnest as part of iOS 12, and it will protect devices against anyone trying to unlock them via USB.

USB Restricted Mode is described in the iOS 12 settings as the option to enable or deny the ability to “unlock [an] iPhone to allow USB accessories to connect when it has been more than an hour since your iPhone was locked.” In practice, this means a device will require a passcode unlock in order to connect any Lightning-to-USB accessory after the one-hour time limit has passed.

Apple didn’t mention USB Restricted Mode during the keynote at its Worldwide Developers Conference on Monday, but developers saw it in the iOS 12 preview, which was released that same day. The setting is on by default and covers any type of security on an iOS device — Touch ID, Face ID and passcode.

Experts noted USB Restricted Mode will protect users’ data if a device is stolen, but it will also deny law enforcement from using unlocking services from companies like GrayKey and Cellebrite — the latter of which was rumored to have helped the FBI unlock the San Bernardino, Calif., shooter’s iPhone.

Earlier tests of USB Restricted Mode had allowed for a one-week time limit, spurring GrayKey to reportedly alert customers of this feature when it surfaced in the iOS 11.3 beta, according to internal email messages obtained by Motherboard. A one-hour time limit could effectively make it impossible for customers to get the device to a company like GrayKey in time to gain brute-force access.

Rusty Carter, vice president of product management at Arxan, based in San Francisco, said USB Restricted Mode “is really about increasing the security of the device.”

If the device is vulnerable to brute-force attacks via wired connection, other security features, like being able to wipe the device after 10 unsuccessful authentication attempts, are rendered useless.
Rusty Cartervice president of product management at Arxan

“If the device is vulnerable to brute-force attacks via wired connection, other security features, like being able to wipe the device after 10 unsuccessful authentication attempts, are rendered useless … they are effectively a false sense of security,” Carter wrote via email. “Effectively, any data is vulnerable, unless the individual app developer has done the right thing both to secure and encrypt user data and require more than stored credentials or identity to access the data with their app, which is rarely the case today.”

John Callahan, CTO of Veridium, based in Quincy, Mass., said, as a developer, his initial reaction to USB Restricted Mode was, “Great, now I’ll have to unlock the phone every time I go to debug a mobile app with Xcode.” But he later realized it could have protected a lot of stolen devices if it had been implemented in an earlier version of iOS.

“USB Restricted Mode in iOS 12 a big win for users, because we are keeping more personally identifiable information on our mobile devices, including healthcare, identification and biometric data. Our phones have become our digital wallets, and we expect a maximum level of privacy and convenience,” Callahan wrote via email. “Android devices, ironically seen as less secure, have long required unlocking when connected in USB Debug mode. In many ways, Apple is playing catch-up with respect to physical device security.”

Mixer comes to Minecraft

UPDATE: This feature is now out of beta and launches properly today with the 1.2.5 release! Weeee!

The 1.2.5 beta is BURSTING AT THE SEAMS with great new Minecraft features (though it really shouldn’t be bursting at all – that’s probably a bug). One of these new features is incorporating Mixer. Mixer is a livestreaming platform for sharing and broadcasting live video directly from in your games! It’s a great way to interact with other players – take a look at the video above for a better idea of how it works with Minecraft.

In the Beta, you’ll now be able to launch a Mixer broadcast from within Minecraft. Better yet, you can make certain parts of your game interactive via buttons on Mixer! So, for example, if you were doing a parkour run, you could use the /mixer command to let your viewers vote on what obstacles spawn in your path! Please don’t spawn a brick wall for me to run face-first into. Yes, I know it’ll be funny. Please don’t do it anyway.

UPDATE: The Mixer team have put together a map specifically for this purpose! You can get it here! Some streamers have already been testing these interactivity tools out during the beta, so check out TangoTek, Impulse5V, YourMCAdmin and Direwolf to see what’s possible or join in the fun!

Mixer is part of the 1.2.5 beta on Android, Windows 10 and Xbox One (later this week). When the update launches fully, later this year, we’ll be bringing these Mixer features to more Minecraft platforms. A separate mod for Java players will be coming later this year as well.

To see how you can use Mixer in Minecraft, and how to make your own interactive broadcast, head over to this page on the official Mixer site!

SD-WAN-only devices disappearing as market matures

SD-WAN is evolving from stand-alone technology to just another feature within WAN edge appliances that deliver multiple application-centric services to remote and branch offices.

The trend is due to an alignment between the interests of SD-WAN vendors and enterprises. The former sees revenue potential in SD-WAN’s rising popularity while the latter wants consolidation of network infrastructure for the branch.

In a survey scheduled for release next month, the Enterprise Strategy Group, based in Milford, Mass., found that 60% of IT organizations in medium to large companies preferred SD-WAN as a feature within a broader package of branch network services. Only 36% of the 300 respondents thought of the technology as a stand-alone product.

SD-WAN vendors that deliver the traffic-routing software the way customers want will have access to a fast-growing market. IDC estimates revenue from SD-WAN infrastructure and services will increase nearly 70% annually to more than $8 billion in 2021.

SD-WAN’s attraction

Enterprises are turning to SD-WAN-only appliances to lower the cost of connecting branch offices to cloud-based business applications. Rather than backhaul all traffic to the corporate data center, companies can separate packets marked for the cloud and send them directly to the internet — a faster and less expensive option.

Startups selling SD-WAN appliances that plug into an enterprise’s network infrastructure have dominated the market for the last few years. Today, companies are looking for more versatile hardware that incorporates SD-WAN, WAN optimization, firewalls and IP services such as voice over IP.

“With time, you’ll see SD-WAN products shift from dedicated single-function hardware to software loads on multifunction appliances,” said Andrew Lerner, an analyst at Gartner.

Suppliers on that path include Cisco, CloudGenix, Nokia-owned Nuage Networks, Riverbed, Silver Peak, VeloCloud Networks Inc. and Versa Networks. The vendors, however, are not equal.

“They might architect their solutions differently, use different nomenclature, have different approaches to building a partner ecosystem, and be further or lesser along the path to bringing the vision to fruition,” said Brad Casemore, an analyst at IDC.

Choosing the right SD-WAN vendor

More than 40 companies sell WAN edge infrastructure, including SD-WAN, so trying to separate those with products that match an organization’s needs will take work. In a recent market report, Gartner had recommendations for making the right choice:

  • Everything should begin with the applications served by the network. Technologies that meet their requirements are the best candidates for the shortlist.
  • Choose an SD-WAN vendor with products that are in line with the organization’s long-term WAN and application architecture. Purchases shouldn’t operate in a silo.
  • Companies ready for an edge router refresh or replacement should consider SD-WAN alternatives.
  • Do not assume that a single set of WAN edge functionality will fit the needs of every business unit and branch office. Create a list of requirements for each location.
  • Finally, because SD-WAN favors the use of broadband for internet connectivity, do not assume legacy MPLS connections for applications are dead. Gartner expects a mixture of internet and MPLS connections to provide enterprises with the needed performance, reliability and security for the next three years.

Undocumented Word feature could lead to system information theft

Researchers have found an undocumented Microsoft Word feature that can be abused by attackers in order to obtain the system information of a victim.

The undocumented Word feature was detailed by Alexander Liskin, heuristic detection group manager, Anton Ivanov, senior malware analyst, and Andrey Kryukov, security researcher at Kaspersky Lab. A hidden feature known only as was discovered by the Kaspersky team in malicious attachments contained in suspected phishing emails. The field contained links formatted in Unicode rather than the intended ASCII format, which are ignored by Word and are used by the attackers to send GET requests to malicious domains.

According to the researchers, targeted attacks using the undocumented Word feature can be very hard to detect because malicious documents “contained no macros, exploits or any other active content.”

“A close inspection revealed that [the malicious documents] contained several links to PHP scripts located on third-party web resources. When we attempted to open these files in Microsoft Word, we found that the application addressed one of the links. As a result, the attackers received information about the software installed on the computer,” the Kaspersky researchers wrote in their analysis. “This code effectively sent information about the software installed on the victim machine to the attackers, including info about which version of Microsoft Office was installed.”

The researchers noted that the undocumented Word feature was present in versions of Office for Windows, iOS and Android, but said other productivity suites like LibreOffice and OpenOffice did not call the malicious links. The research team also noted there is no official documentation for the field.

Avihai Ben-Yosef, CTO of Cymulate, said the system information theft could likely be just the first stage of an attack.

“[Knowing the] version of Office will allow hackers to identify whether or not the client that opened the Word document is vulnerable to known exploits that could be used to hack them. Imagine that hackers are building a database by simply sending thousands of emails to users and collecting information about those that opened the document,” Ben-Yosef told SearchSecurity. “Hackers will know if their Office version is vulnerable to a specific exploit and will be able to trigger an attack when they feel like it.”

Intelligence is king in cyberattacks as well as cyberdefense.
Marina Kidronhead of the Skybox Security Research Lab

Marina Kidron, head of the Skybox Security Research Lab, said spear phishing campaigns, like the ones abusing this undocumented Word feature, may not always present an imminent threat to an organization, this type of system information theft “could make or break a targeted attack.

“Intelligence is king in cyberattacks as well as cyberdefense. Targeted attacks are traditionally more complex than distributed attacks, such as ransomware, because they have — and need — more context on the environment they’re working in. With more context, attacks can be crafted to have better chances of evading detection,” Kidron told SearchSecurity. “This can render signature-based intrusion detection systems ineffective and raises the importance of good cyberhygiene stalwarts like network segmentation and vulnerability management. If an attack slips through the intrusion detection system, you need to be sure vulnerabilities with active or available exploits have been mitigated, access is limited and controls are in place to prevent the spread of the attack.”

Salesforce Einstein AI expands reach as Dreamforce approaches

Salesforce Einstein AI is getting a feature boost moving into its second year. Salesforce Sales Cloud users will be the first beneficiaries, as the company hopes email and lead-scoring tools will help sales managers sort information more quickly and give salespeople more efficiencies to execute on opportunities.

Separately, Salesforce Analytics will include features to examine and derive insights from data sources outside the Salesforce platform. The company built new hooks into Google BigQuery, as well as Amazon Redshift, but — perhaps more importantly — Salesforce opened up its data analytics to give developers the capability to hook CRM data to a customer’s employee compensation, orders, accounting, shipping or inventory data, to cite a few examples, and automate report generation and analysis of sales commissions, supply chains or a number of other business processes.

And development will continue, according to Salesforce. “This is an extensible framework,” said Ketan Karkhanis, general manager for Salesforce Analytics. “So, one can imagine we are going to keep driving more connectors into the pipeline.”

Salesforce Einstein AI bows new features

Salesforce added new Einstein AI features to its Sales Cloud, in pilots now and to be made generally available early next year. Einstein Forecasting, a tool for managers, dashboards insights for tracking overall sales and can pinpoint deals that might be in danger of not closing on time or need a push to get back on track in order to meet goals.

Einstein Opportunity Scoring applies artificial intelligence (AI) to CRM data to zero in on deals most likely to close. It then crosses that information with insights on executive engagement, deal size and other factors. The hope is these rankings will help sales agents prioritize which deals to focus on.

Perhaps the most useful of the new features, said Brent Leary, partner at consulting firm CRM Essentials, is Einstein Email Insights, which not only locates emails for sales agents to answer first through natural language processing, but also suggests verbiage with which to reply. Suggestions can include a number of tasks, such as scheduling a meeting or writing a quote.

It’s getting harder and harder for people to read their email. This increases the opportunity to actually convert sales.
Brent Learypartner, CRM Essentials

“It’s getting harder and harder for people to read their email,” Leary said, because volume for many workers is increasing, but the amount of time between meetings and other tasks isn’t. “This increases the opportunity to actually convert sales.”

Leary added that B2B companies with well-established workflows will be better equipped to use these new tools first. Furthermore, B2C companies with large data sets — perhaps generated by smartphone apps used by customers or internet-of-things tools generating data streams — will be in line to reap firstfruits of the new Salesforce AI capabilities.

“Data provides fuel for those insights,” Leary said.

More capabilities are likely to come in advance of the company’s November Dreamforce user conference, said Lynne Zaledonis, product marketing vice president for Salesforce Sales Cloud. The features announced today help automate manual processes and make for time for sales agents to focus on selling instead of data entry, she said. Some of the features were on Salesforce’s product roadmap; others came from meetings with customers testing new ideas.

“[Developing] artificial intelligence, we’ve learned a lot about things they were interested in, and we’ve reprioritized or tweaked them — and we continue to do that,” she said.

Salesforce Ventures puts $50 million focus on AI developers

To help foster development of apps and other tools utilizing new AI functions and data connectors, Salesforce Ventures will shovel $50 million into the Salesforce AI fund. Those monies will support developers working on AI projects.

First in line to receive support from the new fund, the company said, will be Highspot, which makes sales content tools for automating presentation and pitch production, among other things, and Squirro, whose “context intelligence” tools dredge unstructured and structured sales and service data.

Also in the initial round of fundees for the Salesforce AI fund is TalkIQ, launched late last year. The company makes speech-to-text transcription tools and, once calls are transcribed, applies AI to analyze the transcriptions and uncover patterns that can be used to improve a company’s operations.