Biz Builder Mike

You can't sail Today's boat on Yesterdays wind - Michael Noel

healthcare

Southeast Asia’s Funding Societies, an Online Capital Formation Platform, Reports S$2 Billion in Business Financing Disbursals

Southeast Asia-based Funding Societies, a digital financing platform, has revealed that it has made S$2 billion (appr. $1.5 billion) in disbursals of business financing to SMEs across the region as the company enters its sixth year of offering loans.

Funding Societies’ management noted that the amount is partly crowdfunded by more than 200,000 retail investors on its platform and has been disbursed through 3.7 million+ different loans.

Funding Societies reported S$ 850 million (appr. $640 million) in disbursals last year, meanwhile, its platform default rate managed to stay below 2% during the COVID-19 pandemic.

In an effort to reduce its portfolio risk during 2020, Funding Societies had tightened up its credit underwriting criteria so that only quality notes would get crowdfunded. The platform also focused on companies that were likely to do well during the pandemic.

These high-performing industries include healthcare, medical supplies, transportation, among several others. Funding Societies reported an 18% growth in platform investors since January 2020.

Big Four auditing firm Ernst & Young’s 2020 ASEAN SME Transformation Survey has revealed that 68% of the surveyed 1,200 SMEs across the six major ASEAN nations (Singapore, Indonesia, Malaysia, Thailand, the Philippines, and Vietnam) are open to doing business with non-traditional lending platforms.

Non-traditional lenders may be appealing because of their greater speed and convenience. Small and medium-sized enterprises may prefer the faster and more flexible loan approval process and the digital know-your-customer (KYC) processes, which usually don’t require asset security or visiting physical bank locations.

At present, there’s an annual trade financing gap of approximately $150 billion in Asia, according to estimates provided by the Asian Development Bank. Around 60% of firms have had their applications rejected when applying for trade financing, the bank noted, while pointing out that these businesses did not proceed with the trade due to the lack of funding.

Kelvin Teo, Co-founder and Group CEO of Funding Societies, stated:

“We’re thrilled to reach this major milestone before we even realised it. It is a momentous occasion and encouragement for us. There is much more to do, as we continue to serve the needs of SMEs and Investors in the region. We’re grateful to raise Series C funding last year, enabling us to further help SMEs even amidst uncertain times.”

As reported earlier this month, Singapore based Funding Societies had announced the expansion of operations into Thailand. The online capital formation platform will operate under a crowdfunding license authorized by the Thai Securities and Exchange Commission.

According to a note from Funding Societies, the company worked for more than a year with regulators to set up operations in the country.

Funding Societies currently operates in Singapore, Indonesia, and Malaysia. Thailand will be the fourth country where the marketplace will operate in its six years of activity. Funding Societies notes that it is the only SME digital financing platform in Southeast Asia to be licensed in four countries.

Source

Automate Mobile Application Security Testing from Jenkins

Automate Mobile Application Security Testing from JenkinsAutomate Mobile Application Security Testing from JenkinsAutomate Mobile Application Security Testing from JenkinsAutomate Mobile Application Security Testing from Jenkins

Mobile apps require continuous testing throughout the development process to ensure proper compliance and security measures are in place. If you are using Jenkins continuous integration server in your pipeline, continually testing your mobile app builds is simple with Zimperium’s mobile application security testing platform, zScan.

Here we will describe how you can automate mobile application security testing from your Jenkins implementation and increase your testing cadence to produce better apps while reducing your time to market and the associated manual effort. Every time new code is submitted to Jenkins, zScan will test the compiled app and provide specific details about improving any security gaps in your mobile apps. 

In this blog, we provide details on:

  1. Why mobile application security testing remains difficult;
  2. How to automate and configure testing from Jenkins;
  3. Available outputs and optional Jira integrations;
  4. Test Data categorizations; and
  5. How to install in your existing processes

Successful Continuous Mobile App Testing

Today, successful mobile application development organizations utilize a combination of native and cross-platform frameworks. Cross-platform frameworks allow for a single code base without compromising a great user experience. This means features and fixes are rolled out much more frequently than ever before. 

Keeping pace requires testing solutions to not only assess these frameworks accurately, but also allow for complete automation. You need mobile specific tools since it’s not just Android and iOS operating systems that are changing; the hybrid frameworks are evolving as well. 

“With zScan, we are detecting security vulnerabilities before release – in hours rather than weeks – and then automatically provide our third party developer with a list of fixes.” – Application Security Manager, Global Banking Company

Failing to identify errors in mobile apps correctly can lead to disastrous results. Governing bodies can fine your company for failing to comply with a compliance mandate or, worse, your company could suffer severe brand damage if a mobile app breach became public. 

There are several public mobile app breach examples from this year. Some of the more notable breaches from this year include the Walgreens mobile app, BHIM data leak, and several coronavirus contact tracing apps that leaked private user data.

Automated App Testing Using CI/CD Platforms

Automating mobile application security testing in your DevOps toolchain provides your teams the opportunity to test early and test often. Developers continue to commit code in the same fashion when developing new features, bug fixes, and modifications. However, by integrating continuous testing to Jenkins during the development cycle, you identify compliance, security, and privacy risks early when they are less expensive to fix. 

If you reduce the number of bugs by testing more often, your overall delivery costs decrease, and throughput increases. Integrating security tools into existing DevOps frameworks allows for more productivity and better quality without forcing developers to unlearn and relearn new processes. Sounds good, right?

zScan Automates Mobile Application Security Testing

Zimperium’s zScan mobile application security testing platform provides security and development teams with privacy, data leakage, compliance violations, and security findings on any iOS or Android application. Zimperium’s proprietary processing engine dissects each mobile application binary directly from Jenkins and provides data on your apps’ resident risks. 

Each finding provides developers specific descriptions and remediation instructions. The detailed instructions can integrate into existing ticketing systems like Jira. The platform can be further customized to focus on categories that align with your enterprise or industry. 

Incorporating the scan results into your ticketing system allows for further downstream efficiencies. These integrations mean developers can work faster and reduce cycle times for bug fixes and enhancements. Teams can customize and filter findings as tracked, mitigated, confirmed, or fixed to prioritize workflows and deadlines.

How to Configure Your Jenkins Server and zScan

Integrating Zimperium’s mobile application security testing to Jenkins is simple.

  1. Download Jenkins plugin from zScan administration console;
  2. Open Jenkins and navigate to “Manage Plugins;”
  3. Upload zScan plugin to zScan; and 
  4. Configure Jenkins

Download the Jenkins plugin provided in your zConsole administration panel.

Navigate to Manage Jenkins and select Manage Plugins.

Click the Advanced tab and in the Upload Plugin section, choose and upload the file zScan-jenkins-plugin.hpi. 


Then restart Jenkins.

Jenkins Configuration

In the Configure section of your project, select Add Post-Build Action, and click “Upload Build Artifacts to zScan.”

Available fields in your configuration include:

  • Zimperium Server URL Endpoint
    • This is your root URL to your Zimperium console.
  • Client ID
    • This value is from your Zimperium Console Authorizations. Your Client ID is created after you generate your API Key.
  • Client Secret
    • This client secret is only displayed when you initially generate your API key along with the client identifier value.
  • Source Files
    • This allows you to specify patterns using ANT script. Zimperium provides several possible ANT statement examples that can help you get started.
  • Excluded Files
    • This field provides the ability to specify patterns to exclude files. This field is the opposite of the Source Files field. Similarly, multiple patterns are comma-separated.

Findings, Instances, and Compliance Categories

After you configure Zimperium’s mobile application security testing platform with Jenkins and begin testing, zScan will provide you with security findings and instances. Findings are potential issues discovered in the app analysis. Each of the findings describing each issue is categorized by affecting security, data leakage, and compliance (OWASP, NIAP, NIST, CCPA, GDPR) mandates and recommendations. 

Instances are specific locations where the finding is present in your app’s code. A hypothetical finding example in a physical penetration test could be that the doors in your house remain unlocked. If both the front door and back door are unlocked, there are two instances of the finding. Both of the findings may or may not need to be fixed. You can choose to accept one instance, allowing the back door to remain unlocked for a given house (app). Customizable policies can filter findings in future assessments for unlocked doors so you can focus on new findings.

[embedded content]

zScan Helps Reduce Mobile App Risk

To reduce risk and limit fraud, organizations worldwide are testing native and hybrid mobile apps with zScan to identify potential data leakage and security vulnerabilities. Mobile application development teams from the banking, financial services, healthcare, and public sector depend on Zimperium to secure, harden and detect real-time attacks to their apps, no matter the health of their users’ device. 

“With zScan, we are detecting security vulnerabilities before release – in hours rather than weeks – and then automatically provide our third-party developer with a list of fixes.” – Application Security Manager, Global Banking Company

Contact us today for more information on zScan and how you can automate your mobile application security testing.

Previous Zimperium Mobile Security Blog PostPrevious Zimperium Mobile Security Blog Post Millions Stolen from US and EU Banks Could’ve Been Prevented

Automate Mobile Application Security Testing from Jenkins

Source

European Commission Agrees on €7.5 Billion Budget for Digital Europe: Goal is to improve Europe’s Competitiveness in the Global Digital Economy

The European Commission (EC) has come to an agreement on the €7.5 billion budget for the Digital Europe program. The goal is to “improve Europe’s competitiveness in the global digital economy and achieve technological sovereignty.” The EC said it seeks to support the digital transformation that will “guarantee high-quality public services benefiting citizens and businesses.”

The political agreement was reached today (December 14, 2020) with formal approval by the European Parliament and Council anticipated to take place soon with the program starting in January 2021. The budget will span a time period from 2021 to 2o27.

The plan is wide-ranging touching many different sectors of the European economy. A draft “Orientation” for 2021-2022 was previously published outlining potential goals:

  • Making Europe a top supercomputing region globally through the acquisition of at least one exascale supercomputer by the end of 2021, upgrading existing supercomputers and extending the use of advanced computing to industry, including SMEs;
  • Setting up and making accessible Europe-wide data spaces and testing and experimentation facilities for artificial intelligence in the areas of health, environment/climate, mobility, manufacturing and energy;
  • Enhancing cybersecurity by deploying a pan-European quantum communication infrastructure and supporting the set-up of a certification scheme for cybersecurity products;
  • Addressing the shortages of digital experts in the EU through dedicated Master’s programmes for artificial intelligence, advanced computing and cybersecurity;
  • Providing SMEs and public administrations access to the latest digital technologies by setting up a network of Digital Innovation Hubs;
  • Ensuring a successful digital transformation of health and care services with the EU-wide deployment of innovative and cost-effective data-driven tools and services based on technologies like AI and data analytics;
  • Making ICT products and services sustainable, by prioritising their energy efficiency as well as climate neutrality, reparability, lifespan and recycling;
  • Deploying open, interoperable, trustworthy urban digital platforms tailored to communities’ needs, offering easy standardised access to new datasets, and the large scale roll-out of AI- driven services in Smart Energy, Smart Mobility, waste and secondary resource management, industry and (re)manufacturing, healthcare and e-government.

Artificial Intelligence (AI) impacts most sectors of industry including financial services. Other areas of focus overlap with the Fintech realm.

Blockchain is frequently mentioned in the draft. For example:

“Blockchain and distributed ledger technologies (DLT) should be seen as a crosscutting enabling technology that can support the validation of transactions, the development of data spaces and empowerment of citizens, public services and businesses to control and share access to data in a trusted, distributed, secure, transparent and verifiable way.”

The allocation of the budget has been segregated as follows:

  • €2.2 billion – Super computing
  • €2.1 billion – Artificial Intelligence (AI)
  • €1.7 billion – Cybersecurity
  • €580 million – Advanced Digital Skills
  • €1.1 billion – Ensuring wide use of digital tech.

The info sheet may be downloaded or viewed below.

Digital Europe Program factsheet 2020 12 14

Source

Vouched Announces $3M Funding Round to Accelerate AI-Based Identity Verification Platform

Vouched, a developer of proprietary artificial intelligence and computer vision for end-to-end identity verification and real-time fraud detection, announced on Thursday it has raised  $3 million through its latest funding round, which was led by Flying Fish Partners.

Founded in 2018, Vouched describes itself as a proprietary AI/CV/ML that powers real-time visual ID verification to onboard customers and drive revenue for customers across town or around the world. The company noted it accelerates revenue growth and provides a “seamless” user experience by rapidly and securely verifying and onboarding end users through a sophisticated, end-to-end visual ID verification and fraud detection solution.

“Vouched serves disruptive startups, fast-growing unicorns, and the Fortune 1000 enterprise. Focused on regulated and security sensitive industries, more than 50 companies in banking and financial services; healthcare and telemedicine; and gig and sharing economy companies rely on Vouched for identity verification.”

While sharing more details about the company, Vouched Co-founder and CEO, John Baird, stated:

“The ability to see a person and verify their identity online is required for complex regulated activities such as Know Your Customer (KYC) in banking and the rise of Know Your Patient (KYP) in healthcare and telemedicine. Increasingly, security-sensitive transactions such as peer-to-peer sharing of expensive goods like motorcycles, cars and RVs also depend on identity verification. We are helping to meet those growing needs.”

Vouched went on to add that it’ll use the investment round’s funds will further accelerate the growth of its identity proofing platform across the banking, fintech, and healthcare verticals.

Source

Zimperium Names Proven Finance and Operations Leader, Brian Szeto, Chief Financial Officer

Zimperium Names Proven Finance and Operations Leader, Brian Szeto, Chief Financial OfficerZimperium Names Proven Finance and Operations Leader, Brian Szeto, Chief Financial Officer

Brian Szeto has joined Zimperium as our Chief Financial Officer, where he will play a strategic role in accelerating our industry-leading growth and expansion by leading all finance, accounting, real estate, human resources, and information technology efforts.

“Brian adds so much to the Zimperium team,” said Shridhar Mittal, our chief executive officer. “He has more than 20 years leading finance and operations for several start-ups and multi-billion dollar SaaS, software and hardware companies, including Workday, Juniper Networks, TIBCO and ThoughtSpot. Brian brings operational excellence as we rapidly scale and accelerate growth.”

Prior to joining Zimperium, Brian was the VP of Finance for ThoughtSpot, a hyper-growth startup. While at ThoughtSpot, he established investor relations and financial planning and analysis (FP&A) functions and defined KPIs for long range planning. At Workday, Brian built the product and marketing finance functions before leading corporate finance activities including quarterly, annual, and multi-year strategic planning and associated key business analytics. 

“I was first exposed to mobile security while at Juniper Networks,” Brian said. “Since then, I’ve had an eye on the mobile security space and I’ve seen how Zimperium – the global leader in mobile device and app security – has gained a tremendous amount of market traction in various sectors including financial, government, automotive and healthcare.” 

Brian continued, “The U.S. Department of Defense (DoD) announcement – in which we will be delivering comprehensive Mobile Endpoint Protection to the unclassified government furnished devices of servicemen and women around the world – is just one such example of how the market is beginning to come to us. I can’t think of a better time to join this team and mission.”

Previous Zimperium Mobile Security Blog PostPrevious Zimperium Mobile Security Blog Post P for Privacy – The Background Story of CVE-2020-9773

Zimperium Names Proven Finance and Operations Leader, Brian Szeto, Chief Financial Officer

Source