Datasetgo

DataSetGo has renewed its Environmental Sustainability Certification through 2024

DataSetGo ( https://datasetgo.llc/ ), a Marco Island, Florida software company that creates customized solutions with enterprise-level features yet designed and priced to serve and scale with entry-level businesses, has renewed its Edenark Group ISO 14001 environmental sustainability certification though 2024.
The Edenark Group ISO 14001 is the world’s premier environmental sustainability certification program and allows SMEs (small to mid-sized enterprises) the ability to attain the world’s most popular environmental certification standard via a program designed and priced specifically for them.
The program, which allows companies to progressively improve at a pace that works for their needs, helps the organization define how it interacts internally, externally, and with the environment. It incorporates energy/waste/water, employee health and performance enhancement, community involvement, procurement and suppliers, compliance and regulations, emergency/security, and stakeholder engagement. Benefits include creating a culture of continual improvement, stakeholder engagement, lower costs, higher revenues and profits, improved employee performance, and...... doing the right thing for the environment and current and future generations.
“Serving people and protecting our community is at the core of the DataSetGo culture. We choose to walk the talk and be part of the solution,” said Jessica Anne Clarke, CEO of DataSetGo. “Our software model allows our product to scale and grow as our client grows. We like the fact that the Edenark Group ISO 14001 program follows the same philosophy of progressive improvement, allowing us to continue to grow and improve in our sustainability effort,” added Clarke.
“Given that we are part of a supply chain, with Wholesales Payroll and TruPayroll, we want to use 2024 as an advocacy year, helping other supply chains to become certified sustainable. Scope 3 mandates and government regulations are no longer things in the future; as global warming is no longer something in the future. We choose to be part of the solution and hope to help others do likewise,” said Clarke.

"When an organization pursues, and attains, the Edenark Group ISO 14001 sustainability certification, they are not just doing it to see their costs go down and revenues and profits go up. They are setting a higher bar for their organization and sending a signal to all those around them," says David Goodman, CEO of Edenark Group. "They are agreeing to adhere to the world’s Gold standard for sustainability certification; are choosing to be a leader and part of the solution, not the problem; and are joining an elite fraternity of over 300,000 organizations, in over 150 countries, that have committed to continually improving in every way."
DataSetGo (https://datasetgo.llc/ ) can be reached at +1.239.610.1096
Edenark Group (https://edenark.com ) can be reached at +1 561.512.2257

The Emily Hatfield Chronicles Join Emily Hatfield on an extraordinary journey from the mundane world of spreadsheets and calculators to becoming a beacon of hope and justice in the city of Metropolis. In 'Harmonies of Destiny: The Emily Hatfield Chronicles,' witness the transformation of a bookkeeper into a cosmic guardian, arme...

FOR IMMEDIATE RELEASE

Datasetgo Congratulates Jacob Wagner on Achieving the Certified Anti-Money Laundering Specialist (CAMS) Certification and new role with the company.

Marco Island, FL 08/01/2023– Datasetgo, a next generation software solution provider, is proud to announce that Jacob Wagner, one of its esteemed team members, has been officially certified as an Anti-Money Laundering Specialist (CAMS) and assumes the role of the company’s AML Specialist. The achievement marks an important milestone in Jacob's career and reinforces Datasetgo's commitment to maintaining the highest standards of expertise and professionalism in the fight against financial crimes.

The Certified Anti-Money Laundering Specialist (CAMS) credential, awarded by the Association of Certified Anti-Money Laundering Specialists (https://www.acams.org), is globally recognized as a benchmark of excellence in the field of anti-money laundering (AML) and counter-terrorism financing (CTF). Candidates seeking this prestigious certification undergo rigorous training and examination, demonstrating their in-depth knowledge of AML principles, regulations, and best practices.

Jacob Wagner's successful attainment of the CAMS certification is a testament to his dedication to professional growth and his unwavering commitment to ensuring compliance with anti-money laundering laws and regulations. As an integral part of the Datasetgo team delivery of its flagship product, https://www.WholesalePayroll.com, Jacob will utilize his new certification and position to ensuring both WholesalePayroll and Datasetgo’s compliance consistently evolves with the every changing financial crime landscape.

"We are thrilled to celebrate Jacob Wagner's accomplishment in becoming a Certified Anti-Money Laundering Specialist," said Jessica Anne Clarke, CEO of Datasetgo & WholesalePayroll. "This certification highlights our commitment to fostering a culture of expertise and knowledge within our organization. Jacob's expertise will undoubtedly enhance our ability to deliver cutting-edge solutions that address the complexities of financial compliance for our valued clients."

Datasetgo is most notably known for its innovative solution in payroll software, https://www.wholesalepayroll.com/ that empowers professional practitioners and employers alike with modern technology and process. Both Datasetgo and WholesalePayroll are committed to combat money laundering, fraud, and other financial crimes effectively. The company's collaborative approach, coupled with the expertise of its certified professionals like Jacob Wagner, enables Datasetgo and to stay at the forefront of the industry and provide clients with industry-leading AML and Payroll solutions.

Jacob Wagner's CAMS certification adds to Datasetgo's growing list of accomplishments and further solidifies the company's position as a trusted partner for accounting, tax and payroll practitioners seeking payroll solutions such as https://www.wholesalepayroll.com/

About Datasetgo:

Datasetgo is a next generation software solution provider with it’s flagship product, https://www.WholesalePayroll.com/. The company's mission is to champion small business enterprises by creating software solutions that empower entrepreneurs to compete in an ever changing landscape – . With a team of highly skilled professionals, Datasetgo continues to deliver top-notch solutions that enable clients to service their customers while protecting their assets and maintain regulatory compliance.

For media inquiries or more information about Datasetgo and/or WholesalePayroll, please contact:

Al Wagner
Chief Operating Officer
Email: [email protected]
Phone: 239-688-1996

# # #

Happy Friday Everyone! Another week in the books and a little bit of everything to bring us into the weekend! Starting off, we have a couple of security updates from Apple and AMD followed by exploration into tactics and techniques being developed and leveraged in the wild by researchers and threat actors alike including the latest implementation of ChatGPT for the bad guys. We’ll close out with a glimmer of hope regarding public disclosure of breaches that could potentially harm a consumer base. That’s not how it’s worded or the intent…. But that’s the implication for the security centric. Let's Begin!
The rest in comments!

Happy Friday Everyone! Another week in the books and a little bit of everything to bring us into the weekend! Starting off, we have a couple of security updates from Apple and AMD followed by exploration into tactics and techniques being developed and leveraged in the wild by researchers and threat actors alike including the latest implementation of ChatGPT for the bad guys. We’ll close out with a glimmer of hope regarding public disclosure of breaches that could potentially harm a consumer base. That’s not how it’s worded or the intent…. But that’s the implication for the security centric. Let's Begin!


Small Updates
Apple: The tech giant has released yet another security update to address a zero-day vulnerability exploited in the wild which marks the 11th to be actively exploited this year. This is a huge surge is activity targeting Apple’s walled gardens and delivers an proper metric to reports made all throughout the year that advanced threat actors are beginning to put greater and greater effort into developing methods for accessing Mac systems. This latest update, released Monday patches CVE-2023-38606, was a part of the zero-click exploit chain used to deploy Triangulation spyware on iPhones via iMessage vulnerabilities first discovered by security experts at Kaspersky and later publicly disclosed by representatives of the Russian government who broadcasted to the world during Apples WWDC that the tech giant was working with the CIA to spy on Russian diplomats despite lacking definitive evidence and ignoring the reality that America’s spies can develop their own malware just fine. Just ask the Iranians. While you may not be a Russian “diplomat”, knowledge for how to exploit these vulnerabilities has been released enabling lower tier hackers to utilize the loopholes in their own shoddy kill chains for use against lower profile targets like me and you so be sure to keep your devices as up-to-date as possible!
About the security content of macOS Ventura 13.5
This document describes the security content of macOS Ventura 13.5.
support.apple.com

AMD: If your computer is using an AMD processor, you will want to look up the latest security patch to a vulnerability discovered by a persistent researcher out of Google, Tavis Ormandy. This new vulnerability, tracked as CVE-2023-20593, impacts AMD Zen2 CPUs and could allow a malicious actor to steal sensitive data, such as passwords and encryption keys, at a rate of 30KB/sec from each CPU core. According to Ormandy, while this won’t be earning any speed records, “This is fast enough to monitor encryption keys and passwords as users login!" The flaw impacts all AMD CPUs built on the Zen 2 architecture, including the Ryzen 3000, Ryzen 4000U/H, Ryzen 5000U, Ryzen 7020, the ThreadRipper 3000 and Epyc "Rome" server processors but one thing to keep in mind is that this is only the start of a project within Google to discover vulnerabilities in CPUs, so this may only be the first of many to come out of Ormand’s lab. In the meantime, if your machine(s) runs on one of these CPUs, it is recommended that you apply AMD's new microcode update or wait for your computer vendor to incorporate the fix in a future BIOS upgrade.


Know Your Enemy
Ubuntu: Linux is not exactly known for vulnerabilities due to its audit friendly simplicity and self-selecting, technically inclined user base. However, two Linux vulnerabilities discovered recently in the Ubuntu kernel, the most popular of all Linux distros, create the potential for unprivileged local users to gain elevated privileges on roughly 40% of Ubuntu's user-base! tracked as CVE-2023-32629 and CVE-2023-2640, these two flaws seem to be the result of conflict between custom changes by Ubuntu to OverlayFS module, a union mount filesystem implementation made in 2018, and changes made by the Linux kernel project in 2019 and 2022. Put in simpler terms, the most widely used Linux distort has not one but two serious flaws in a critical piece often targeted by threat actors due to being plagued by easily exploitable bugs and allowing unprivileged access via user namespaces. What makes this a perfect storm is that as PoCs for the two flaws have been publicly available for a long time. It should be noted that the two highlighted flaws only impact Ubuntu, and any other Linux distribution, including Ubuntu forks, not using custom modifications of the OverlayFS module should be safe. Ubuntu has released a security bulletin about the issues and six more vulnerabilities addressed in the latest version of the Ubuntu Linux kernel and has made fixing updates available. Users are advised to update their OS at the earliest convenience!

FraudGPT: The age of easily discernible phishing emails fraught with grammatical errors and predictable predatory patterns may be coming to a close. Following the footsteps of WormGPT, also known as ChatGPT for hackers built on the open source GPT-J language model which was covered here last week, threat actors are advertising yet another cybercrime generative artificial intelligence tool dubbed FraudGPT on various dark web marketplaces and Telegram channels. The potential developer, CanadianKingpin, boldly announces “If you're looking for a Chat GPT alternative designed to provide a wide range of exclusive tools, features, and capabilities tailored to anyone's individuals with no boundaries then look no further!" on his Telegram page and for low price of $200 a month, $1,000 for six months, or $1,700 for a year, a novice hacker can use FraudGPT to write malicious code, create undetectable malware, find leaks and vulnerabilities, all without having to craft clever prompts to get passed controls designed to prevent nefarious requests from being answered. With more than 3,000 confirmed sales and other variants likely on the horizon, it has become vital, now more than ever to drill, phishing email recognition into the hearts and minds of every team member in an organization, not just the security focused among us. Phishing emails are responsible for the gross majority of breaches and that's without a super helpful chatbot to type out convincing messages. the emphasis will then be on strange domains and strange requests but not everyone has the correct instincts drilled. Be mindful, work with your teams, and report strange messages making it through the spam filter. We've some interesting times ahead.


You Have To The Count of Four

Gone are the days when large, publicly traded companies can deliberate and delay disclosure of a breach to their network for months at a time to decide how to word the press release! Well, maybe. The U.S. Securities and Exchange Commission (SEC) approved new rules on Wednesday that now require publicly traded companies to publicize details of a cyber attack within four days of identifying that it has a "material" impact on their finances with the only caveat that disclosure may be delayed by an additional period of up to 60 days should it be determined that giving out such specifics "would pose a substantial risk to national security or public safety." All of this may sound effective at making it more difficult for companies to hide their issues. permitting consumers to respond to threats effectively but CEO Sakit Modi of Safe Security points out one critical detail: "The key word here is 'material' and being able to determine what that actually means, Most organizations are not prepared to comply with the SEC guidelines as they cannot determine materiality, which is core to shareholder protection. They lack the systems to quantify risk at broad and granular levels." One also has to note that the regulation is coming down from the SEC which is more concerned with financial regulation than the quality of life for the average American but there is some hope that the unintended side effect of these regulations will receive some interest as well. Currently, only California has laws regarding the speedy disclosure of network breaches to all affected parties which is vital to individuals protecting themselves from threat actors. We will see if any regulators take up the cause.

Thank you Cuttler!

Official Apple Support Learn more about popular features and topics, and find resources that will help you with all of your Apple products.

Happy Friday everyone! In this week's update, we have insights abound as well as a couple updates on tactics currently being employed by the bad guys so you and those you keep close do not fall victim. Devil is in the details Sometimes one digit is the difference between a good day and a long and frustrating one. Developers can tell you that accidentally hitting the space bar at the beginning of a new line has brought many of them to the brink of tears. Case in point, the Top-Level Domain (TLD) for the US military is .mil, whereas, for the country of Mali, it is .ml. Can you see where this is going? It turns out about 117,000 emails have been misdirected, accidentally or otherwise, since the year’s beginning alone! Many of these emails have included sensitive information about the US military such as medical data, information about identification documents, names of military base employees, images of military bases, reports of naval inspections, lists of ship crews, and more! This is not some grand play by hackers either, but the steady influx of typos made by military staff, travel brokers dealing with the US military, US intelligence, private contractors, and others. Even the travel schedule for the chief of staff of the US Army General James McConville, was included in one of these emails for his visit to Indonesia! Fortunately, we can report this story in a joking manner as no major crimes or damage have been caused as a result of these typos, but it doesn’t take much imagination to see how a savvy hacker can take advantage of this. A smart person learns from their mistakes. A wise one learns from the mistakes of others. When handling sensitive information, take care to measure twice and cut once. It never hurts to take a second to double check everything is how it should be. New & Noteworthy Tactics “chatgpt5[.]zip - you may recall a few months back in very merry month of May, Google released a new fresh batch of top-level domains for “dads, grads, and techies” with two in particular raising quite the ire of cybersecurity specialists around the world - .zip and .mov. To refresh one's memory, the fear was that hackers would create general named domains such as “homevid[.]mov” or “memories[.]zip” which would inadvertently create unintentional hyperlinks on services that automatically generate them or trick users into interacting with well-placed links to cleverly crafted landing pages designed to look like file explorers. Fast forward to today and we have proactive security specialists taking advantage of the hype around ChatGPT with the creation and registration of “chatgpt5[.]zip” that they then use as a proof of concept, socially engineering victims into downloading the file and executing. Instead of VIP access to ChatGPT5 or malware, however, they see a funny note telling them they’ve been had. There have been several awareness campaigns such as this one such as “assignment[.]zip” unleashed on students at a community college as an exercise or “msnbc[.]zip” created with the same intent. Network admins can defend against these sorts of attacks by blocking the .zip and .mov domains using firewall rules in outlook. for the average personal user it would also be good practice to enable notifications that you've interacted with a link. while you may become desensitized it allows for an extra action of space for the little voice of reason to take control Adobe Cold Fusion - Users of Adobe Cold Fusion should double check that their software is fully up to date. As of July 11, 6 major vulnerabilities have been patched with the aid of several vendors and not a moment too soon. Researchers at Rapid7 detected Adobe ColdFusion exploitation on July 13, with threat actors leveraging CVE-2023-29298 and a related unpublished vulnerability tracked as CVE-2023-38203 to perform authentication bypasses, Remote code executions, and backdoor shell scripts onto victim computers. These vulnerabilities effect Adobe ColdFusion 2023 Update 1, Adobe ColdFusion 2021 Update 7 and below, and Adobe ColdFusion 2018 Update 17 and below so don’t delay, make sure your software has been updated! WormGPT - Endless ink has been spilled over the potential dangers of ChatGPT as a tool that can be used by cybercriminals to polish and create attacks ranging from social engineering emails to near-fully developed malware with nothing more than a carefully crafted prompt. The folks at OpenAI and at Google working on ChatGPT and bard, respectively, are doing everything they can to filter out these sorts of prompts, but threat actors are always finding new ways to get passed. Checkpoint Security has even discovered that threat actors are promoting "jailbreaks" for ChatGPT, engineering specialized prompts and inputs that are designed to manipulate the tool into generating outputs that could involve disclosing sensitive information, producing inappropriate content, and executing harmful code. But you know? That’s too frustrating. If only there was a ChatGPT for the bad guys. Well, now there is. Enter WormGPT. According to Security Researcher Daniel Kelley, “This tool presents itself as a Blackhat alternative to GPT models, designed specifically for malicious activities. Cybercriminals can use such technology to automate the creation of highly convincing fake emails, personalized to the recipient, thus increasing the chances of success for the attack." That’s right. ChatGPT without the ethical boundaries, limitations or Star Trek idealism. Maybe there is something to all the chatter about the dangers of AI if a random group of hackers can build their own evil genie. Time will tell  A.I. Poses ‘Risk of Extinction,’ Industry Leaders Warn Leaders from OpenAI, Google DeepMind, Anthropic and other A.I. labs warn that future systems could be as deadly as pandemics and nuclear weapons. www.nytimes.com  Hook Line and Sinker Have you ever wondered if social engineering attacks happen at random or if there is a method to the madness? Most scam emails are usually scattershot broadcasts hoping that something will catch, of course, but what about spear phishing, those scams with a focused set of targets? How do they pick out their prey? According to Peter Warmka, founder of the Counterintelligence Institute, the number one resource for the identification of potential targets is the LinkedIn platform. “Specific searches of individuals can be conducted by organization, title, geographic location, academic degrees, professional certifications, etc. While general searches may yield thousands of profiles, refined search parameters will identify a manageable pool of attractive candidates.” The hunter is looking for individuals with access to sensitive and critical assets or maybe someone new on the job, isolated and eager to please in order to fit in that doesnt have company practice and policy ingrained yet. From there, the hunter would turn to social media feeds. How revealing and active are their intended targets? Do they express passions that could be exploited in a well-crafted attachment containing email? Understanding how human hackers select and assess their targets can give you a better appreciation regarding the sensitivity of personal information that you may post on social media accounts. Human hackers can leverage such information. If you must be on social media, be mindful of the information you share, and what sudden "opportunities" appear seemingly from thin air.

We're super proud to share that not only did our co-founder's son participate as an athlete running in the 1500m, Joshua's team from Life University won the National Title!! How cool!!

We have a proud DSG family moment to share! Joshua Wagner, son to our co-founders, ran his final collegiate race. Where you might ask? In the National Championship 1500m race in the NAIA held today.
Here's the race

2023-05-26 NAIA 1500m National Championship with Joshua Wagner I am a proud dad right now to announce that my son, Joshua Wagner, qualified and ran in the National Association of Intercollegiate Athletics National Outdoo...

2023-04 CF Offer Video

Join us as we welcome our Diamond sponsor, Datasetgo , to !