Last year, when advertisers and marketers expressed their concerns regarding the safety of their brand, social media site Twitter claimed to have placed their interests as its top priority. Caitlin Rush, the Head of Global Brand Safety Strategy at Twitter stated, “Brand safety is not only about brands, but it is about people.” She further added, “When we focus on the safety of people, we also protect brands from the reputational damage of supporting things like hate, abuse, and misinformation with their ad dollars.” This has been viewed as Twitter’s response to safeguarding its ad revenue from brands, accounting for 4.5 billion USD. However, Elon Musk's decision to take over Twitter, and his outright plans with the platform, may worry many brands. Ad income accounts for roughly 90 percent of Twitter's total revenue. It still is nowhere close to its competitors and other social media platforms. Moreover, Twitter's user reach is also substantially smaller than its competitors, with around 200 million users seeing advertising compared to 800 million on LinkedIn and almost 2 billion on Facebook. It is understandable, given that Twitter has a niche audience, and marketers prefer platforms with a large user base and engagements. Nonetheless, Twitter has been hell-bent to make its platform as much accessible for brands as possible. This has been evident in their various policies, including content moderation, manual human review assisted with machine learning, and brand safety policies. In addition, Birdwatch and Conversation settings are two other recent Twitter applications for safe conversations. It allows users to recognize potentially misleading information in Tweets and then report or add notes that provide context. More than 11 million individuals have used the conversation settings that allow everyone to determine who can reply to their Tweets. And there have been further efforts by the company to make it more accessible for brands. Until now. The discussion around an edit button and its impact on Brand Safety Earlier this year, Elon Musk conducted a poll, surprisingly on Twitter itself, expressing his desire to have an edit button on Twitter. This feature has been long missing from the platform and would allow users to edit and make changes to their posts. Surprisingly, over three-fourths of over 4 million voters agreed that an edit button is needed. Meanwhile, Twitter also announced that they are working on an edit feature to be implemented on their platform. This is likely to be good news for users and brands, who can always have an option to modify their earlier tweets. Brands are always mindful of their status, and any objectionable posts on a platform with 300 million monthly active users can always result in backlash. On the other hand, Twitter has always been viewed as a platform where real conversations take place. Your viewpoint or stance is constantly in the public domain since you can't alter your tweets or statements. And that is what makes Twitter unique. The addition of an edit feature may detract from the distinctiveness of Twitter posts, as a result, lowering their relevance. For Marketers, it is important to identify and select the right medium to market their product, while ensuring brand safety. An edit option can have a significant impact on how marketers approach campaign plans, and it will undoubtedly affect Twitter's forthcoming businesses. Brands have always welcomed any initiative that allows them to be associated with posts or tweets, that won't do them any reputational damage. Twitter has always shown efforts to make its platform a safe haven for brands of all sizes. All of that could change if Elon Musk takes over the social media platform later this year. Elon Musk and his plans with Twitter Just days after his post about the edit button, news surfaced that Elon Musk will now acquire Twitter. The CEO of Tesla and SpaceX has agreed to buy Twitter for $44 billion, and if it goes through, it'll be one of the largest leveraged buyouts ever. Now that it is evident that Elon Musk will be the owner of the platform, we are not yet certain how the platform is going to function in the future. And one of the concerns for marketers is the billionaire’s repeated admiration for free speech. This will have a direct impact on the principles that the platform has been building over the years. And now, with limited content moderation and the freedom to express oneself freely, the platform may introduce new complications. Giving a free speech platform, for example, has the potential to spread hate speech and other forms of misinformation. As a result, no brand wants to be associated with such content and may opt for a different medium. Some advertisers are worried that Elon Musk's potential takeover of Twitter will push the app away from the brand safety path that Twitter has established through standards and relationships with the advertising industry over the years. Furthermore, several advertising executives have stated that if Elon Musk removes the features that allowed Twitter to remove objectionable content, they are willing to allocate their ad spending elsewhere. In Conclusion Elon Musk has made it clear that advertising is not a priority. He said that he wants to loosen the service's content moderation policies, which marketers say have helped keep ads from appearing alongside hate speech and misinformation. Additionally, he has mentioned making money from Twitter in other ways, such as charging some users to use the service. It will be interesting to see how the world's richest person manages to strike a balance between his vision for Twitter and the prior business partnerships that the platform has built through its security measures.

It was last year when the Government of India reported that they were working on a measure to prohibit the use of all types of VPNs (Virtual Private Networks) in the country. Regarding the same, the Indian Government has now mandated all the VPN providers to collect and store data of their users for five years. Although they stated that this is being done amid security concerns, the impact it can have on all parties involved is alarming, to say the least. As per a new directive issued by CERT-IN (Indian Computer Emergency Response Team), companies will now be required to store user data, including their IP addresses, emails, names, contact numbers, and addresses, for up to five years even after a user has terminated their service. Furthermore, the ministry can request this information at any moment, and VPN providers will be required to cooperate under the new regulation. As a result, there are growing tensions among the service providers as well as users. The ministry said the move was an effort to “coordinate response activities as well as emergency measures with respect to cyber security incidents” and help it fill “certain gaps” that cause hindrance in handling cyber threats. What are VPN services? Simply put, Virtual Private Network (VPN) allows the users to establish a secure network connection. This way, the service protects a user's identity by hiding their device's IP address, encrypting their data, and routing it through secure networks.There are more than 270 million Indians who use virtual private networks (VPNs). People use VPNs to get access to websites that might have been restricted by the government and browse the internet safely, without being monitored at all. Additionally, it can also be used to browse internet content accessible in other states or countries or utilise it for privacy on the internet, which is rife with marketing tracking. Another common use for VPN is to protect oneself when connecting to a public network. When connected to a public Wi-Fi, users often expose themselves to the risk of security breaches and data theft. VPN enables the user to establish a secure network connection. It encrypts internet traffic and conceals a user's identity, making it difficult for third parties to track and steal user data. However, these regulations will simply contradict the established intent of using VPNs. If there is no data privacy and user data are not protected, users will be hesitant to use VPN services, affecting the businesses of these service providers. The use of VPNs in corporations Additionally, VPNs are also used by organisations for data protection. Many companies and enterprises instruct their employees to use an internal VPN to access the office network. However, their use of VPN differs significantly from that of the general public. A business VPN, as it is called, is uninterested in surfing restricted content, but rather it is used to track its employee’s digital footprint. In some ways, this is what the government intends to achieve with the country's new VPN mandate. The new regulation will most likely not affect enterprises or private VPNs since they already collect user data and information for so-called “data and user safety”. However, it will be interesting to see the impact of this regulation on major public VPN service providers. Overall Impact According to several reports, as soon as the new regulation surfaced, major VPN service providers in India, like Nord and Surfshark have stated that they will relocate their servers from India instead of complying with the new rules. This was expected since most of these services prioritise data privacy and user safety. More importantly, these service providers offer a no-log policy, which means they don't keep track of what users do with their VPN. As a result, they won't be able to assist the ministry with any data they might request, and thus, it seems difficult if they will be able to comply with these regulations. Only if these VPN services adjust their practices in a way that makes them less secure can they comply with Indian regulations. However, this will simply go against their promise of securing the user data and providing data privacy. As a result, other VPN providers are likely to dismiss their operations in the country. VPNs that do not comply with Indian regulations will be temporarily blocked. In Conclusion VPNs indeed allow users to cloak themselves, allowing them to engage in malicious activities which could be a concern. However, many experts consider these measures to be excessive. These rules are likely intended for state-sponsored surveillance and defeat the purpose of user privacy. They have been designed such that, to drive all VPN services that provide privacy and anti-censorship out of the nation. By the looks of it, it appears that the government has taken the first step in achieving its initial goal of outright banning VPN services. Whether VPNs comply with the new rule or not, it is the user's privacy that will be put at risk. The new VPN rules in India will take effect in June. For the time being, this will be strictly enforced. Interesting fact: Many countries that either ban or regulate VPNs include China, Russia, Iraq, North Korea, Belarus, the United Arab Emirates, and Oman.

“Never doubt that a small group of thoughtful, committed people can change the world. Indeed, it is the only thing that ever has.” – Margaret Mead I was the first employee at Com Olho. And I believe that the best analogy for what it’s like to be the first employee is that it's extremely similar to the experience and feelings of being a cofounder. I was a part of every conversation and every decision. The open culture and transparency between senior management and other employees is one of the best aspects of Com Olho. I joined Com Olho with no expertise in marketing, but with a strong belief in the company’s mission - “To assist Enterprises and the Government to create Digital Safe India.” However, as I reflect on my journey, the opportunities that have been provided to me have allowed me to grow both personally and professionally. I'm getting goosebumps today thinking about how far we've come. In the last one year, I have gained significant insight into where my true strengths lie by wearing many hats. Nothing makes me happier than taking on new tasks and overcoming unexpected problems, or, to put it another way, stepping outside of my comfort zone. As the company grew and pivoted, I adapted and moved from one set of responsibilities to another. Com Olho has provided me with a diverse range of experience that has helped me advance in my career. It takes commitment to build a successful business. Working hard entails more than just putting in long hours. It's all about commitment to one's belief and aiming for greatness. And the beauty of working here at Com Olho is that everyone works hard towards the same goal to get it done. Working here has been an exciting journey and an amazing learning experience. I'm grateful to our Co-founder, Abhinav Bangia for believing in me from the start, giving me responsibility and the freedom to do whatever I wanted. It has equipped me with invaluable hands-on experience, allowing me to grow my skills, and knowledge. I believe I still have a lot to learn and grow in, and I'm looking forward to doing so with Com Olho. Connect with me on LinkedIn: Link

The growing pace of data is exponential in today's society, where every business and institution is transforming itself into a data-savvy entity. As a result, dealing with large amounts of data has become necessary. The CSV (Comma-Separated Values) format is one of the most frequent ways to store data efficiently. Importing a large CSV file directly into a Python script can cause an 'Out of memory' error or a system crash owing to a lack of RAM. The internet has plenty of tips and strategies for reading large CSV files at once, such as defining the chunksize of the data in the pd.read csv() command or utilising Dask dataframes or Datatables. After extensive testing and hours spent developing the best code to read massive quantities of data, I personally believe that all of these solutions have some form of barrier at some point of time. For example, defining chunksize and breaking the data into chunks necessitates an extra step of concatenating the data into one dataset, which takes almost as long as simply reading the data. And the first obstacle with Dask dataframes is specifying the dtype for all of the columns (even when there are 200+ columns); second, dealing with Dask dataframes is not as straightforward as working with Pandas dataframes. Following extensive research, one feasible and efficient method for reading large dataframes is to not read them all at once. This leads us to the concept of 'Structurization.' Most datasets can be divided into subsets based on the year, quarter, month, day, or any other criterion. Creating subsets while saving the data according to the datetime column makes it very simple to read and concatenate the required data. Amongst the various ways to create subsets of a dataset, one very efficient way is described below: 1. From the timestamp column in dataframe, create a new column of just the Year (or Month, or Date): df['year'] = df['timestamp'].dt.year df['month'] = df['timestamp'].dt.month df['date'] = df['timestamp'].dt.date 2. Use groupby function on one of the columns that you created above: grouped_df = df.groupby('year') 3. Using for-loop, you can print all of the data-frame groups created and their shape: for name, group in grouped_df: print(str(name)) print(group.shape) 4. To save the subsetted groups as CSV in a folder, use the same for-loop as above and specify the folder path: output_folder_path = "C:\\Users\\ABC\\year_wise_files\\" for name, group in grouped_df: output_file = str(name) + '.csv' output_dir = Path(output_folder_path) output_dir.mkdir(exist_ok=True) group.to_csv(output_dir/output_file)

What is GDPR? The European Union (EU), 20 years ago through the Data Protection Directive 95/46/EC introduced its data protection standard. Since the European Union needs each member state to implement a directive into national law, Europe ended up with a patchwork of different privacy laws across different countries. Additionally, increasing security breaches, rapid technological developments, and globalisation over the last 20 years saw new challenges for the protection of personal information come to the forefront. In order to address this situation, the EU developed the GDPR, which is directly applicable as law across all member states. What is India’s PDPB? India's Personal Data Protection Bill (PDPB) is one of the most comprehensive data privacy laws in the world. The Personal Data Protection Bill (PDPB) will impose obligations on practically all businesses operating in India. PDPB requires businesses to reassess all of the company's data processing practices, policies, and safeguards. Why does GDPR and India’s PDPB matter? With the increase in user-generated data and the exponential industrial value of data, it’s becoming vital that necessary steps are being taken to protect the data rights of the citizens. Data protection regulations ensure the security of individuals’ personal information and regulate the collection, usage, transfer, and disclosure of the said data. They also provide access to data of the individuals and place accountability measures for organisations processing personal data information and supplements it by providing remedies for unauthorised and harmful processing. Privacy laws like the EU’s General Data Protection Regulation (GDPR), and India’s PDPB have changed two things: They acknowledge that devices like smartphones are an intrinsic part of a person’s identity, and hence, any data and information that can be used to profile an individual comes under the ambit of laws; and These laws articulate what is consent and that it should be free, informed, specific, clear, and capable of being withdrawn. How is Com Olho GDPR and India's PDPB compliant? Privacy, security and protection of the customer data are shared responsibilities between the clients and Com Olho. This shared responsibility in the context of the General Data Protection Regulation (GDPR) is defined by two key actors: Data Controller: Determines how personal data information is processed and the purposes for which it's processed. Data Processor: An entity that maintains and processes personal data records only at the controller’s command. India's Personal Data Protection Bill (PDPB) scope is broader than General Data Protection Regulation (GDPR). PDPB regulates the processing of personal data by the state, any citizen of India, or any individual or body incorporated or created under Indian law. Com Olho ensures that the data rights access fulfilment — and automate processes for client’s individual requests. Under India's PDPB, data principles receive certain rights similar to those covered by GDPR. These data rights include: – the right to access data – the right to correction – the right to data portability – the right to erasure – the right to be forgotten Accelerate your path to GDPR and India's PDPB compliance with Com Olho Com Olho is committed to help businesses develop a strategy to achieve GDPR security and India’s PDPB compliance. We give our clients a SaaS advantage by offering service that is designed to be secure at every layer—for their entire business. Managing your business’s data is easier when there is one centralised location you can trust for storing it, instead of it being spread across a range of different storage media and what better source you can trust than your own server. Com Olho stores and maintains the clients data by deploying AI agents on the clients server itself. This reduces the risk of data theft/manipulation and offers simplicity, with a single set of policies and standards for your business processes. Our intelligent and secure service- lightens the load for administrators and users alike, allowing you to focus more on your business. In a constantly changing regulatory landscape, Com Olho can help your organisation address regulatory compliance more efficiently and easily. Businesses all over the world are focusing on ensuring their systems, processes, and policies support GDPR and India’s PDPB guidelines. All their teams continue to be tasked with implementing changes in the way they manage processes, people, and technical controls in order to comply with the legislation. Com Olho welcomes the positive changes the GDPR and India’s PDPB has brought to our services and we remain committed to helping our clients address GDPR and India’s PDPB requirements that are relevant to our services.

As of March 2021, one in three websites on the internet runs on Nginx, according to a web survey by Netcraft. Nginx web server powers high performance applications in a responsive, efficient manner and is useful for load balancing, HTTP caching, mail proxying, and reverse proxying. With the ability to handle 40,000 inactive HTTP connections with just 10Mb of memory, it is the go-to choice for high-traffic sites. This blog will cover the hardening tips to improve your cybersecurity posture. Step 1. Disable Any Unwanted nginx Modules When you install nginx, it automatically includes many modules. Currently, you cannot choose modules at runtime. To disable certain modules, you need to recompile nginx. It’s recommend to disable any modules that are not required as this will minimize the risk of potential attacks by limiting allowed operations. To do this, use the configure option during installation. In the example below, we disable the autoindex module, which generates automatic directory listings, and then recompile nginx. # ./configure --without-http_autoindex_module # make # make install Step 2. Disable nginx server_tokens By default, the server_tokens directive in nginx displays the nginx version number. It is directly visible in all automatically generated error pages but also present in all HTTP responses in the server header. This could lead to information disclosure – an unauthorized user could gain knowledge about the version of nginx that you use. You should disable the server_tokens directivr in the nginx configuration file by setting server_tokens off. Step 3. Control Resources and Limits To prevent potential DoS attacks on nginx, you can set buffer size limitations for all clients. You can do this in the nginx configuration file using the following directives: • client_body_buffer_size – use this directive to specify the client request body buffer size. The default value is 8k or 16k but it is recommended to set this as low as 1k: client_body_buffer_size 1k. • client_header_buffer_size – use this directive to specify the header buffer size for the client request header. A buffer size of 1k is adequate for most requests. • client_max_body_size – use this directive to specify the maximum accepted body size for a client request. A 1k directive should be sufficient but you need to increase it if you are receiving file uploads via the POST method. • large_client_header_buffers – use this directive to specify the maximum number and size of buffers to be used to read large client request headers. A large_client_header_buffers 2 1k directive sets the maximum number of buffers to 2, each with a maximum size of 1k. This directive will accept 2 kB data URI. Step 4. Disable Any Unwanted HTTP methods We suggest that you disable any HTTP methods, which are not going to be utilized and which are not required to be implemented on the web server. If you add the following condition in the location block of the nginx virtual host configuration file, the server will only allow GET, HEAD, and POST methods and will filter out methods such as DELETE and TRACE. location / { limit_except GET HEAD POST { deny all; } } Another approach is to add the following condition to the server section (or server block). It can be regarded as more universal but you should be careful with if statements in the location context. if ($request_method !~ ^(GET|HEAD|POST)$ ) { return 444; } Step 5. Install ModSecurity for Your nginx Web Server ModSecurity is an open-source module that works as a web application firewall. Its functionalities include filtering, server identity masking, and null-byte attack prevention. The module also lets you perform real-time traffic monitoring. We recommend that you follow the ModSecurity manual to install the mod_security module in order to strengthen your security options. Step 6. Set Up and Configure nginx Access and Error Logs The nginx access and error logs are enabled by default and are located in logs/error.log and logs/access.log respectively. If you want to change the location, you can use the error_log directive in the nginx configuration file. You can also use this directive to specify the logs that will be recorded according to their severity level. For example, a crit severity level will cause nginx to log critical issues and all issues that have a higher severity level than crit. To set the severity level to crit, set the error_log directive as follows: error_log logs/error.log crit; Step 7. Monitor nginx Access and Error Logs If you continuously monitor and manage nginx log files you can better understand requests made to your web server and also notice any encountered errors. This will help you discover any attack attempts as well as identify what can you do to optimize the server performance. You can use log management tools, such as logrotate, to rotate and compress old logs and free up disk space. Also, the ngx_http_stub_status_module module provides access to basic status information. You can also invest in nginx Plus, the commercial version of nginx, which provides real-time activity monitoring of traffic, load, and other performance metrics. Step 8. Configure Nginx to Include Security Headers To additionally harden your nginx web server, you can add several different HTTP headers. Here are some of the options that we recommend. X-Frame-Options You use the X-Frame-Options HTTP response header to indicate if a browser should be allowed to render a page in a or an

As of March 2021, one in three websites on the internet runs on Nginx, according to a web survey by Netcraft. Nginx web server powers high-performance applications in a responsive, efficient manner and is useful for load balancing, HTTP caching, mail proxying, and reverse proxying. With the ability to handle 40,000 inactive HTTP connections with just 10Mb of memory, it is the go-to choice for high-traffic sites. This blog will cover the Common Nginx misconfigurations that leave your web server open to attack. Common Nginx Misconfigurations 1. Passing Uncontrolled Requests to PHP Most Nginx example configs for PHP advocate for passing every URI ending in .php to the PHP interpreter which could result in arbitrary code execution by third parties on most PHP setups. In this example, all requests that the .php file extension will be passed to the FastCGI backend. A default PHP configuration is set so that it attempts to guess the file you want to execute in cases where the full path specified does not lead to a file that exists on the system. Let's say you request for /cyber/security/nginx.php, which does not exist while /cyber / security /nginx.gif actually does exist; the PHP interpreter will process /cyber / security /nginx.gif. If nginx.gif contains embedded PHP code, it will execute. 2. Alias LFI Misconfiguration Inside the Nginx configuration look the "location" statements, if someone looks like: There is a LFI vulnerability because: Transforms to: The correct configuration will be: So, if you find some Nginx server you should check for this vulnerability. Also, you can discover it if you find that the files/directories brute force is behaving weird. 3. Missing Root Location The root directive is positioning in your configuration matters. One of the Nginx configuration pitfalls that administrators are strongly warned against is putting the root directive inside location blocks. If you add root to every location block individually, then an unmatched location block will lack root, which would cause errors. Conversely, failure to put the root directive in a location block would give access to the root folder of the server block. In the above example, the root folder is /etc/nginx/app meaning that files in this folder are available to us. However there is no location for / i.e location / { } but only for /cybersecurity.jpeg. As such, a request like GET ../nginx.conf would show the content of the config file etc/nginx/nginx.conf As such, requests to / will take you to the path specified in the root directive which is globally set. The most common root paths were the following: 4. Using non-standard document root locations Deviating from the standard root document locations laid out in the Filesystem Hierarchy Standard might seem like a fun idea sometimes. That is of course until someone requests for a file they should not be able to access and you end up getting compromised. In the above example, a request for /etc/passwd would reveal your etc/passwd file meaning attackers would have your user list and password hashes and if your Nginx workers run as root, how your passwords have been hashed as well. 5. Unsafe variable use Some frameworks, scripts and Nginx configurations unsafely use the variables stored by Nginx. This can lead to issues such as XSS, bypassing HttpOnly-protection, information disclosure and in some cases even RCE. SCRIPT_NAME With a configuration such as the following: The main issue will be that Nginx will send any URL to the PHP interpreter ending in .php even if the file doesn’t exist on disc. This is a common mistake in many Nginx configurations, as outlined in the “Pitfalls and Common Mistakes” document created by Nginx. An XSS will occur if the PHP-script tries to define a base URL based on SCRIPT_NAME USAGE OF $URI CAN LEAD TO CRLF INJECTION Another misconfiguration related to Nginx variables is to use $uri or $document_uri instead of $request_uri. $uri and $document_uri contain the normalized URI whereas the normalization in Nginx includes URL decoding the URI. Volema found that $uri is commonly used when creating redirects in the Nginx configuration which results in a CRLF injection. An example of a vulnerable Nginx configuration is: The new line characters for HTTP requests are \r (Carriage Return) and \n (Line Feed). URL-encoding the new line characters results in the following representation of the characters %0d%0a. When these characters are included in a request like http://localhost/%0d%0aDetectify:%20clrf to a server with the misconfiguration, the server will respond with a new header named Detectify since the $uri variable contains the URL-decoded new line characters. 6. Raw backend response reading With Nginx’s proxy_pass, there’s the possibility to intercept errors and HTTP headers created by the backend. This is very useful if you want to hide internal error messages and headers so they are instead handled by Nginx. Nginx will automatically serve a custom error page if the backend answers with one. But what if Nginx does not understand that it’s an HTTP response? If a client sends an invalid HTTP request to Nginx, that request will be forwarded as-is to the backend, and the backend will answer with its raw content. Then, Nginx won’t understand the invalid HTTP response and just forward it to the client. Imagine a uWSGI application like this: And with the following directives in Nginx: proxy_intercept_errors will serve a custom response if the backend has a response status greater than 300. In our uWSGI application above, we will send a 500 Error which would be intercepted by Nginx. proxy_hide_header is pretty much self explanatory; it will hide any specified HTTP header from the client. If we send a normal GET request, Nginx will return: But if we send an invalid HTTP request, such as: We will get the following response:

In Python, traditionally the functions are declared with the def keyword, while anonymous functions are defined without a name using the lambda keyword. The syntax of a Lambda function is - lambda arguments: expression Lambda functions can take any number of parameters but can only execute one expression. We use lambda functions when we require a nameless function. At first, Lambda functions seem difficult to grasp. They are brief in length yet can be a challenge for a beginner. So, in this blog, you'll discover the potential of lambda functions in Python and how to apply them to fundamental list and data frame operations. Let us first load the pandas library and a sample dataset to work on: >>> import pandas as pd >>> from vega_datasets import data >>> df = data.barley() >>> df Output: List Operations >>> site_names = df['site'].unique().tolist() Traditionally, we use for loops to iterate through a list of elements and apply simple functions. But these for loops can be inconvenient, making the Python code big and untidy. Let us see an example of a for loop and how we can efficiently obtain similar results through Lambda. >>> for i in site_names: >>> i = ''.join(i.split()) >>> i = i.lower() >>> print(i) Output: 1. Example using Map() The map() method uses a lambda function and a List and performs the lambda function to all the elements and returns a new List. >>> a = site_names >>> b = list(map(lambda x: ''.join(x.split()).lower(), a)) >>> print(b) Output: 2. Example using Filter() The filter() method uses a lambda function and a List and performs the lambda function to all the elements while filtering the data. >>> yield_list = df['yield'].tolist() >>> sub_list = list(filter(lambda x: x > 50, yield_list)) >>> sub_list Output: 3. Example using Reduce() Using the Reduce() function, the function described by lambda is applied to the first two elements and the result is stored. Thereafter, the function is next applied to the result and third element, and so on. Finally, the list is reduced to a single value at the end. >>> from functools import reduce >>> reduce(lambda a,b: a if (a > b) else b, sub_list) Output: Dataframe Operations 1. Add a new column by applying function on an existing column using Dataframe.assign() >>> df = df.assign(yield_Percentage = lambda x: (x['yield']/df['yield'].sum()) * 100) >>> df Output: Here, we created a new column ‘yield_Percentage’, and populated it by converting the yield values to percentages. 2. Add a new column using if-else on an existing column using Dataframe.apply() >>> df['yield_category'] = df['yield'].apply(lambda x: 'Low' if x < 40 else 'High') >>> df Output: Here, we created a new column ‘yield_category’ and using an if-else condition on the column ‘yield, assigned ‘Low’ if the yield is less than 40 units or else ‘High’. 3. Iterating over dataframe using Dataframe.apply() Similar to the Map() function, the Apply() method takes a function as input and applies it to the entire dataframe. First, we define a function: >>> def filtering(site, yield_Percentage): >>> if(site in ['University Farm', 'Waseca', 'Morris']) and yield_Percentage > 1: >>> return 1 >>> else: >>> return 0 Secondly, the lambda function is used to iterate across the rows of the dataframe. For every row, we feed the ‘year’, ‘site’, and the ‘yield_Percentage’ column to the filtering function. Finally, axis=0 or axis=1 is mentioned to specify whether the operation is to be applied to the columns or rows, respectively. >>> df["invest"] = df.apply(lambda row: filtering(row["site"], row["yield_Percentage"]), axis=1) >>> df Output: Here, we created a new column ‘invest’ based on the function ‘filtering’ where value 1 is assigned to the rows where yield percentage in the sites 'University Farm', 'Waseca', 'Morris' is more than 1, and otherwise 0.

With the NSO group’s Pegasus in the global news, there is a buzz around people wanting to know what it exactly is and how it functions so that necessary preventive measures can be taken. From what can be gathered, Pegasus has been identified as a zero click attack, to understand this form of attack some fundamental questions have to be raised. One must as themselves if you can be under threat even when you are just surfing the internet and being careful about not clicking on suspicious links? Is the big brother watching you and who is this big brother? Should one be bothered by hacks being reported or is it just the high-profiled people being targeted? We will try to find the answers to some of these questions in this piece. By the end, it will mainly enable a reader to know what a zero-click attack is and how it functions, along with important methods to save oneself from these sneak attacks being perpetrated in today’s world. What is a Zero-Click-Attack? As one might guess from the name, a zero-click-attack requires zero clicks, which means that this type of cyber threat does not require any voluntary action from the targeted user. This implies that even a very careful and conscious internet user can fall prey to such spyware. When compared to other cyber-attacks and breaches, a phishing network is generally used which means that at some point while using the device, the targeted user must have performed some action (as little as a click on a malicious link) to trigger the spyware in question. But, a zero-click attack, on the other hand, exploits the flaws of the targeted device which means any and all types of devices including macOS, Windows, iOS, and even Android. These attacks use data verification loopholes to work their way up in one’s device. Even though the softwares are continually upgraded and patches are covered by minor updates some loopholes remain and lead to theft of data and privacy. Why should you be worried about a Zero-Click-Attack? Common people like you and me should be careful. These zero-click attacks can be a cause of worry because they are now happening in real life, they are not just a part of sci-fi movies which have unrealistic plots. Science is moving forward and so are the ways hackers trying to steal data. And data as we all know is very important in today’s world, it will be tomorrow’s hottest currency. Mass cyber-attacks are common but zero-click attacks are highly targeted and use sophisticated technology. These attacks can have egregious consequences, which could result in one risking and ultimately losing one’s entire life without even one’s knowledge since they work in the background. Another reason one should be worried is that these malicious softwares install themselves in the background and steal the already existing data on the device along with using the camera, microphone, and location coordinates, so basically real-time data theft also. How does a Zero-Click-Attack work? A zero-click attack primarily looks for loopholes in data verification. So something like an Application Push Notification (APNs) feature could aid a spyware like Pegasus to enter and treat data like its own. Un-updated or not up-to-date softwares are the breeding ground for such attacks since they have not been upgraded with the latest security features to protect themselves from such breaches. A step-by-step guide on how zero-click attacks work: The spyware handler or the threat actor will study and look for any loopholes or vulnerabilities that can be taken advantage of. In other words, it looks for areas that can be exploited in applications that are already on the phone (WhatsApp video-missed call feature, 2019) The second step involves planning on how to inject the spyware into the targeted user’s device. Generally, special data is crafted which might include hidden text messages or images which trigger the spyware and it starts functioning on the victim’s device. The final step involves exploiting the data and privacy of the targeted user. The spyware is made in a way that it does not let the victim know that it is running in the background and keeps sending sensitive data to the person exploiting it. In addition to this, it does not leave any traces behind. Usually, it has a self-destruct mechanism and just vanishes from the targeted user’s device. Are there any other Zero-Click-Attacks apart from Pegasus? As of now not a lot of zero-click attack Spy wares are known to the common people. Pegasus has become widely known because of the allegations that the Indian Government had been spying on several people. And even Pegasus has not always been a zero-click attack spyware. The earliest attack that can be identified which was perpetrated by Pegasus dates back to 2016 which used a spear-phishing technique. It was only in 2019 that the NSO developed Pegasus was identified as a zero-click attack spyware. However, there are other communities where these softwares can be easily found and deployed or even customized, like GitHub, which serves as an open online community of coders. Can you prevent yourself from a Zero-Click-Attack? As we already learned that any patch left untreated can become a data hazard, it seems practically impossible to prevent oneself from such an attack. If we look at how the infamous data breach happened in 2019 via WhatsApp, it was triggered by missed calls and how can one protect themselves from not getting missed calls. The most difficult solution would be to use an archaic handset and discard all smartphones but does not seem feasible in today’s fast pacing world. The only preventive measure that can be taken at large is keeping our devices updated and install all and any minor patches that are fixed by the software providers. Upgrading your phone periodically is also a good idea but it might come off as an expensive one and not as eco-friendly considering how less than 20% of the e-waste is recycled sustainably (according to a report by the United Nations, 2019).

We have all been seeing Pegasus in the news, it is the hottest spyware right now out in the world. But are we paying attention to the right details? Do we know if it will affect us and if it does to what extent, is there a cause of worry? And most importantly, is there a way we can stop it or at the very least, protect ourselves. Politicians and Allies have started accusing each other of spying and saying that their fundamental rights are being violated. We will try to find the answer to most of these questions in this article. What is Pegasus? Pegasus is a malware or a malicious software developed by an Israeli firm NSO Group, it has been in existence since 2010. Pegasus is classified as a spyware because of its ability to be able to gain access to devices, even without the knowledge of the user and then it starts gathering personal information on the user’s device which is sent back to the server or whoever is using this malicious software to spy. It must also be noted, that Pegasus not only transmits the information and data stored on the targeted mobile phone device, it can also turn on the camera and microphone to transmit real-time photos, videos and, audio of the targeted user along with exact location co-ordinates, without the targeted user being aware of any of it. It runs, in the background and also comes with a self-destruct mechanism, if caught or a built-in self-destruct feature after the job is done i.e. the required information is extracted or even a time based self-destruct feature, which means that after a specified period of time, the malware vanishes from the mobile phone. How does it work? From what can be gathered in the news is that the spyware in question does not require any interaction from the target but it was not always like that. According to the brochure provided by Pegasus, it was described as an Enhanced Social Engineering Message (ESEM), up until early 2018. In simpler words, it means that only when a malicious link packaged as ESEM is interacted with or clicked will it start its dirty job of spying and delivering the suitable remote exploit. Also, until early 2018, it had been known that the clients primarily relied upon WhatsApp messages and Short Message Service (SMS) to ploy the target user into opening the malicious links, which further infect the mobile phone device. But now, the times have changed and the technology has become more sophisticated, Pegasus can now be deployed in newer ways. This means prying on people’s privacy is now easier and the chances of getting caught have also reduced manifolds. Pegasus now uses a zero-click method of attacking and also comes with a self-destruct mechanism in-built upon being caught. Now, for Pegasus to be installed and working on a target user’s mobile phone as much as a WhatsApp video missed call is enough. The user does not even have to answer the call for the malware to be installed and up and running. What is a ‘zero-click’ attack? A zero-click attack is an attack that is performed remotely without the knowledge of the user or the target’s engagement. It works by the way of network injections. This gives Pegasus an edge over the other spyware available in the market. As mentioned above, just a missed video call is enough to infect the target user’s device. Another way is an Over-the-air (OTA) option, in this method, a push message is sent covertly which compels the target user’s device to install the software even when the user is unaware and particularly has no control over this. Is your device at risk? It does not matter which operating system you are using whether an Android or an iOS device. Your mobile phone device might still be at risk of getting infected by this spyware called Pegasus. Initially, it was observed that iPhones in particular were targeted through Apple’s default Push Notification Services (APN) protocol and the iMessage app. The spyware will mimic and impersonate as a downloaded application to an iPhone and start transmitting itself via Apple’s servers through push notifications. In 2016, a report about the existence of Pegasus was made to the Cybersecurity firm, Lookout, by the Citizen Lab (an interdisciplinary laboratory based in the University of Toronto). These organisations flagged the threat to Apple and in addition, Google and Lookout made public the details of an Android version of Pegasus. How does Pegasus infect a device? According to the Pegasus brochure, all that is needed to infect a device is a phone number. The phone number of the targeted user is fed to the system for a network injection and the rest of the job is done automatically by the spyware. It might not work sometimes though, in cases when the targeted device’s operating system is upgraded with new security protections or is not supported by the NSO system. The brochure also mentions that the malware can be “manually injected and installed in less than five minutes” and this is possible if physical access is provided to the target device. Is there a way to prevent ourselves? Mobile phone makers and software developers try that the newer versions of the phone are always bug-free and also roll out updates as and when a need is felt. This patching is done to fix minor bugs and make the system stronger and less vulnerable to attacks. Also, as the Pegasus brochure clearly mentions that “installation from browsers other than the device default (and also chrome for android based devices) is not supported by the system”, which means that one can protect themselves by changing their default browsers. One might believe that the best way to protect themselves against such attacks is by switching phones and going back to the archaic handset which allows only basic calls and messages but in this fast-moving world, it will be hard to keep up. Hence, the best way to be less vulnerable to these attacks is by keeping your device’s operating system updated at all times and if your budget allows, change your handset every couple of years, this is perhaps the most expensive yet most effective remedy.

Was the call you received from your boss asking you to do something unusual, really your boss? Is the person in the questionable picture/video of an acquaintance being circulated really them? It is fun to use an app to sound like a famous artist and see your favourite actor do stunts that do not seem physically possible. But the former situations can put one in a risky position. The internet and Artificial Intelligence have made our lives easier but they also bring with them the risks, which include fraud and deception. Spreading misinformation is as far as a click away. The infamous Public Service Announcement by Barack Obama in 2018, which was created using Deep Fake tools took the internet by storm and created a buzz around the concept. The reason this buzz should be created again is because we as a community are spending more time on the internet, more than ever. With the pandemic in full swing and most organisations planning to shift to a permanent work from home structure for most positions opens up opportunities for people to work remotely and breaks down geographical barriers. But it also increases the risk of fraud, especially with technology advancing at such a fast pace and false information getting harder to verify. The scope of AI-generated deep Fakes has also expanded in various aspects which now include not only sophisticated visuals/ videos but also audios. Deep Fake phishing differs from email phishing and looks more authentic and is harder to catch. To understand and defeat the purpose of a deep Fake it is important to learn how it works. Basically, a programmer uses an AI tool which understands and solves complex problems of datasets. It is trained to study the behaviour of a photo/person and learns to paste it on existing content by carefully learning the angels and reactions which eventually produces synthetic media. Although there are many ways off creating fake media the most common way includes using auto encoders on the deep neural networks. Let’s understand this step-wise: Finding the content which has to be over-written. Gathering enough media of the person to be duped. Using an auto-encoder which employs a face-swapping technology. The auto-encoder will learn and study the person from various angles and environments which will eventually map the features and paste the video/ over-write the content. After this, a Generative Adversarial Network (GAN) is added to the mix, this is a machine learning tool. It improves the quality of the media by detecting any flaws, within multiple rounds. Apart from these sophisticated technologies, there is a wide presence of apps which make it easier for a common man to create such synthetic media. Most common apps include FaceApp, Zao, DeepFace App. Also, as the software development community is becoming more open day –by-day, Github which is an open source community provides deep fakes. Increased accessibility to such tools can prove to be dangerous to teenagers and their mental health with increased cyber crimes. Talking of audio Deep fakes, they can be used to make fake calls and transfer money. There is a threat of stolen identity in which the user can either create new accounts and commit fraud or can access an already existing account and transfer funds and steal. How to save yourself? As of now, India does not have any regulations explicitly for deep fakes, so the most plausible way to save yourself from such a threat is to be aware and keep an eye out for anything that looks suspicious. Some synthetic media can easily be detected because of its poor quality, like automated calls, which could sound computerised and mechanical. Similarly, biometrics can be used in combination with a two-factor authentication which includes One Time Passwords, etc.. Also, for videos, one can look out for movements like facial expressions, hair movement, the smoothness of skin, the sync of audio and video and most importantly teeth. A mediocre deep fake might not focus on such aspects and this is where attentiveness can fill the gap. But with more sophisticated and smarter technology being deployed, these things can easily be corrected and a so-called flawless impersonation might not be that difficult to achieve. The need of the hour will be to cross-check unusual things until an anti-deep fake or a detection technology is widely available.

The coming together of three big factors—the pandemic, growing privacy concerns among users and governments, and changes initiated by Big Tech giants—will change the way the marketing and advertising industry functions in the coming decade. The covid pandemic has accelerated the adoption of digital technologies and this sudden change promises to disrupt marketing as a lever of business as we know it today. Given the direct impact this has on revenues and revenue growth, this issue warrants the attention of business leaders. Consumer concerns on privacy have grown over the years. The rampant use of user data for behaviour manipulation, including for elections, has raised hackles worldwide among businesses, governments and people at large. Consumers are getting increasingly conscious of how their data is being used. A recent update of WhatsApp’s privacy policy, allowing the service to share user data with its parent Facebook, created a furore. Together, these issues have led governments to enact privacy laws across the world. These laws have mandated businesses to collect data in a manner that is compliant with norms, and which protects the right to privacy of consumers. In India, the Personal Data Protection Bill (PDPB) is in its final stages of passage through Parliament. While laws related to information technology have been in existence since the early 2000s, these were focused on cybercrime and activity such as hacking, spam and offensive personal messaging. Privacy laws such as the EU’s General Data Protection Regulation (GDPR), and India’s PDPB have changed two things: 1) they acknowledge that devices such as smartphones are an intrinsic part of a person’s identity, and hence, any information that can be used to profile an individual comes under the ambit of laws; and 2) these laws articulate what is consent—that it should be free, informed, specific, clear, and capable of being withdrawn. This evolving landscape around privacy is what has forced tech giants Google and Apple to toughen their stance on privacy. Last year, Google had announced the blocking of third-party cookies effective January 2022. As we approach this deadline, Google has signalled that it shall not allow any form of alternative identifiers across its suite of products. Apple had taken an aggressive privacy-first stance even earlier, and upped the ante on trust. With the release of iOS 14, it has mandated privacy ‘nutrition labelling’ on its App Store and mandated consumer consent for tracking purposes. These Big Tech companies are also increasingly subject to more regulation by governments, given their ability to create monopolistic or oligopolistic markets and control the playing field. The recent Information Technology (Guidelines for Intermediaries and Digital Media Ethics Code) Rules in India and the landmark News Media Bargaining Code in Australia are a few examples of anti-trust laws that are coming up across the world. The faster adoption of digital media driven by the pandemic means that business processes need to be digitized and delivered seamlessly as customer experiences across the internet. The onus of delivering these experiences calls for collaboration among experts of marketing, technology, design, cybersecurity and law. The emergence of privacy laws requires businesses to collect and use data in ways that are both ethical and compliant. So, while designing and delivering customer experiences, business leaders need to be on top of data protection and consent management, even as they ensure that processes are set up for ethical and sensitive use of data. A data breach has multiple costs and entails various risks, including financial risk, legal risk, compliance risk and the biggest of all, reputational risk. Privacy is being weaponized and any laxity on behalf of a business could have serious consequences. Any inadvertent data breach results in loss of reputation and the possibility of legal action. On the positive side, the evolving privacy landscape presents brands and advertisers an opportunity to educate and strengthen their relationship with customers and get to know them better. Businesses will need to invest in harnessing their own customers data across platforms, as every company now needs to behave like a tech company. Consequently, customer relationship management (CRM) modules will go mainstream and be fully integrated into marketing efforts.. Harvesting market research and aggregated anonymized data is also critical to enriching this first-party data. These strategies will help businesses bridge the gap between consumer insights and marketing implementation, which will soon be constrained by the death of third-party cookies. The end of browser-based third-party cookies also means that campaign planning, targeting, optimization and measurement are affected. The move signifies the death of re-targeting and lookalike marketing as practised today. Cost-per- impression-based buying will transition to cost-per-click/engagement-based buying. Walled gardens such as Google will only provide attribution within their publishing domain. Businesses need to evolve mechanisms to measure their marketing campaigns to be able to determine omni-channel effectiveness. With less than eight months left for the purge of third-party cookies and a rapidly evolving regulatory framework, businesses need to be ready to implement privacy-by-design in their marketing efforts. A sharp focus on first-party data and on contextual advertising is imminent. Time is running out and many businesses have yet to wake up to this reality. Co-Authored by Lloyd Mathias, Co-Founder & Angel Invester at Com Olho As published on Livemint