Business Management

Review of SolarWinds Impact and Brief Technical Summary

An image of the sun exploiding.

General Details SolarWinds is a publicly traded company worth $5.4B dollars that developing IT infrastructure management software products for small and medium-sized enterprises. Two separate pieces of malware known as SUPERNOVA and SUNBURST worked against vulnerabilities in SolarWind’s product Orion. The malware known as SUNBURST potentially allows an attacker to compromise the server on which the Orion products run. The manner in which SUNBURST malware was used against its victims resulted in it being labelled a “supply chain attack,” a technique in which an adversary uses malware to disrupt a companies ability to produce or deliver it’s products to customers. Although the term “supply chain attack” a broad term without a universally agreed upon definition, theoretically, the intended target of a supply chain attack is not necessarily the company whose network was breached and disrupted. For example, if an attacker wanted to disrupt operations of a large retail target such…

Read more

Cyber-Security ETFs and Individual Stocks

Image of stocks rising

In a previous article the impact of cyber-breach on stock prices and the value of cyber-insurance to corporations was reviewed. Ransomware and IT breaches are increasing, and the expectation is that more companies will turn to cyber-insurance, and also increase their IT security controls. Here is a list of cyber-security listed ETFs and a list of all the companies included in those ETFs with duplicates removed, along with a company description. CIBR – First Trust Nasdaq Cybersecurity ETF Includes 40 individual stocks comprising $3.58 billion in assets Includes other industries, such as aerospace and defense (FactSet) Concentrated with 10 largest making up 47% of market cap Two stars rating by Morningstar HACK – ETFMG Prime Cyber Security ETF Includes 59 individual stocks comprising $2.04 billion in assets Modified equal-weight scheme (not concentrated) with 10 largest making up 28.5% of the market cap HACK has “a unique, cybersecurity-focused take on the…

Read more

Cyber-Security’s Impact on Corporate America

IT Security and Stocks

Tale of the Tape Hackers have kicked some big time ass against major American companies in the past 10 years. JP Morgan Chase, Capital One, Equifax, Uber, LinkedIn, eBay are just a few of the large corporate victims. Just in 2021 many corporate IT hacks have made the headlines with the Colonial Pipeline hack being the most recent. Well, that was, until JBS a major American meat processing plant revealed it had also been breached just days ago. Colonial Pipeline CEO confirmed the company paid $4.4 million ransom.  CNA Financial, one of the largest insurance companies in the US, reportedly paid hackers $40 million after a ransomware attack. Information on whether Acer ended up paying the ransom for their breach in March 2021 seems hard to come by but, the initial ransom demand was $50 million and included a threat to increase the demand to $100 million. If Acer did…

Read more

Chinese Intellectual Property Strategy

Chinese Intellectual Property Administration

Patenting Innovation Is National Power As the Center for Strategic and International Studies notes, innovation in an important factor in a nation maintaining global power. Patents secure the rights for companies and national economies to generate GDP by producing products that other countries will buy and import. So, patents are critical to securing income from innovation. However, patenting strategy, whether on the national or corporate level is also critical to directing resources efficiently and effectively. You can’t have a patenting strategy if you don’t analyze the landscape. China’s activity in global patenting is booming. Although it does not necessarily represent a drastic increase in novel innovation, it does signal desire to compete. Some have been very critical of the value of China’s Patenting… Center for Strategic and International Studies (CSIS) CNIPA National Patent Development Strategy explicitly equates patent generation with innovation and calls for government incentives to bolster the number…

Read more

Building Your IT Security News Pipeline

If you are responsible for securing a network, you should know that monitoring reliable IT security news is now critical to mitigating threats on your precious goods. Prioritizing that news landscape and rolling out a timely response is also critical to a solid recipe for security. While it is not realistic to expect security architects to have that kind of response time, if you are ignoring IT security news, you  might need those backups you have been diligently maintaining or worse. Building a solid incoming information pipeline requires an analysis of the IT security news landscape.  The most fundamental elements of this landscape includes threat advisories & guidelines, updates to best-practices and standardization recommendations,  and changing legal requirements if they apply to your organizational assets. Threat analysis reports and newly released Common Vulnerability Exposure details (CVEs) are critical secondary elements that relay more detailed information about vulnerabilities affecting specific software. …

Read more

What is EPO OPS Open Patent Services?

EPO Logo

The European Patent Office OPS offers a RESTful API for its patent data designed to allow clients to access EPO data for use in their own products and applications.  Basic access to the API is free.  However, annual subscription fees are required if you need more than 4 GB of data per week.  Authentication is handled using OAuth to track your data usage, and documentation is available at the EPO Web-services page under the Further Information tab.  

Read more

What is USPTO Global Dossier?

The UPSTO Global Dossier is a portal to accessing application data from the “IP5” global patent patent offices. Global Dossier functions include: Streamlined applications to multiple international patent offices. Streamline application data access from multiple international offices. Global Dossier integrates with the “IP5” (USPTO, EPO, JPO, KIPO, SIPO) and WIPO The IP5 is comprised of the U.S. Department of Commerce’s United States Patent and Trademark Office (USPTO), the European Patent Office (EPO), the Japan Patent Office (JPO), the Korean Intellectual Property Office (KIPO), and the State Intellectual Property Office of the People’s Republic of China (SIPO). Allow applicants to file a patent application to global patent offices through a single portal. Reduce redundant processes associated with global cross-filing Monitor application process across all offices in a single portal Online access to documents and legal action history of applications Search global patent families Watch the demo below on how to access the…

Read more

Sources of Patent Data

USPTO and Reed Tech Public Dissemination of Data Contract Update After seven years of service, the Public Dissemination of Data (PDD) contract between the United States Patent and Trademark Office (USPTO) and Reed Tech will officially end on June 25, 2020. Sources of Patent Data 1. USPTO self-hosted bulk data The USPTO bulk data-sets for grants and applications come in several versions including: only PDF files, full-text (with and without TIFF images/drawings), and only bibliographic front-page data. The USPTO Gazette bulk files contain notices in each issue which provide important information and changes in rules concerning both patents and trademarks.  The USPTO Cancer Moon Shot data-set is a collection of consists of 269,353 selected patent documents with the purpose to reveal new insights into investments around cancer therapy research and treatments and increase the pace of cancer research. A USPTO bulk-data parser that will download and parse the data files…

Read more

If  you find it hard to believe that a company such as Apple, Microsoft, or Google might intentionally leave their users exposed to blatant security flaws such as allowing apps to steal the data on your mobile device clipboard, good luck in kindergarten this semester because you must be 5 years old.  Major corporations now have the art of turning their customer’s vulnerability into profits, and henceforth we shall constantly being abused by these tyrannical titans of tech. Those of us in the ultra-paranoid computing demographic of IT security freaks are constantly having to squeegee our brains off the wall from having our minds blown by news of egregious security flaws that seem to gaslight the corporation/client relationship.  For example, why would Apple feel the need to ask my permission to send analytics metrics from the phone to improve it’s function, but NOT ask me if they could share the…

Read more