Media placement and creative work hand in hand when it comes to effective advertising strategies. A new study by MAGNA Media Trials and Yahoo set out to understand the role that creative quality plays in ad effectiveness, and the elements that contribute to quality creative. Creative, the Performance Powerhouse found that while media placement helps marketers find consumers where they are, creative quality was responsible for 56% of purchase intent, illustrating the strong performance of both tactics as they work together. The study suggests that marketers can greatly benefit from making small improvements to their creative in order to optimize ad performance, while also driving brand quality and trust.
Meltwater empowers companies with a suite of solutions that spans media, social, consumer and sales intelligence by analyzing ~1 billion pieces of content each day and transforming them into vital insights. Now, the company announces new AI-powered product innovations across multiple solutions that allow customers to surface insights, boost efficiency, and generate content.
The Asia Video Industry Association’s (AVIA) Future of Video India conference opened to a full house with a keynote conversation with Shri Apurva Chandra, Secretary, Ministry of Information and Broadcasting (MIB). Secretary Chandra stated that with OTT (over-the-top), Indian content has become more accessible and more acceptable to a global audience. “Quality of content has always been very good in India, but now it is easier for Indian content to travel across the world. OTT has helped it in a big way,” said Chandra. He also reiterated the need for OTT to continue with a soft touch approach, as the three tier self-regulatory system has been working well. While there were concerns that light touch regulation has led to less desirable content, he remained of the view that the industry needed to be more self-aware so that the government need not step in. Chandra also shared that a National Broadcasting Policy has been in the works, as the industry was becoming more fragmented. However, this would take time in order to balance the conflicting interests of all the disparate parties.
The global technology intelligence firm ABI Research just announced the release of Research Spotlights, suites of research focused on key technologies and trends within the vast ABI Research Library.
Ogury, a global leader in personified advertising, commissioned IDC to conduct a global survey on 1,000 major brand and media agency executives to get their perspective and understanding of the future of digital advertising in a cookieless world.
A 2023 Emotional Intelligence Market study citing “heavy growth” of $49.93 billion USD by 2027 exemplifies the extent to which mastering “EQ” versus IQ is taking brands to exciting new levels of success … and why not embracing EQ can result in extreme opportunity loss or, far worse, be an outright brand buster. This as today’s highly discriminating and demanding marketplace is seemingly rife with substitutable solutions. Whether the B2B or B2C sector, more often than not today’s consumers have alternate options—and they know it.
Microsoft introduced Microsoft 365 Copilot earlier this year, which will bring powerful new generative AI capabilities to apps millions of people use every day like Microsoft Word, Excel, PowerPoint, Outlook, Microsoft Teams and more.
5G will account for over two-fifths (41%) of mobile connections in the Asia Pacific (APAC) region by 2030, up from 4% in 2022, according to the GSMA's Mobile Economy APAC 2023 Report.
Yahoo and purpose-led ad platform Good-Loop announced a global partnership offering carbon neutral private marketplace (PMP) media opportunities to advertisers to help them become more sustainable.
More than two-thirds (71%) of consumers think technology and digitalization are key in enabling them to live a more sustainable lifestyle, while over a third (33%) desire apps to provide clearer information on how to live sustainably across various aspects of life, according to an independent research report commissioned by Alibaba Group.
Dalet, a leading technology and service provider for media-rich organizations, announced the release of Dalet Cut, the cloud-native, real-time, lightning-fast multimedia and multiplatform editor fully integrated within the Dalet ecosystem.
Cryptocurrencies can be notoriously volatile. With prices fluctuating rapidly and without warning, a single tweet can shift a token price by 40%, only to see the price plummet in a matter of hours. While fluctuations are expected within crypto currency, you need to be able to spot the difference between what is a normal event, and what is a scam.
SenseTime hosted a Tech Day event, sharing their strategic plan for advancing AGI (Artificial General Intelligence) development through the combination of "foundation models + large-scale computing" systems. The leading AI software company is focused on creating a better AI-empowered future through innovation and committed to advancing the state of the art in AI research, developing scalable and affordable AI software platforms that benefit businesses, people and society as a whole.
LG Electronics (LG) unveiled a new brand direction and visual identity, which will shed more light on the value of Life's Good with a more dynamic and youthful look across all physical and digital customer touch points.
At its Experience ‘24 conference, Medallia, Inc. announced four ground-breaking innovations that will fundamentally alter the way organizations can personalize customer and employee experience
New research commissioned by IBM found that about 42% of enterprise-scale organizations (over 1,000 employees) surveyed have AI actively in use in their businesses. Early adopters are leading the way,
Zendesk, Inc. today released its annual Customer Experience(CX) Trends Report, the findings of which signal a rapid transition towards intelligent CX. In this era, the shift to AI-driven service will
Vigilance is urged during this 2023 Black Friday and Cyber Monday, as “AI generated scams enhance the threat to this year’s festive shoppers, as it’s revealed over 7 in 10 British
Cryptocurrencies can be notoriously volatile. With prices fluctuating rapidly and without warning, a single tweet can shift a token price by 40%, only to see the price plummet in a matter of hours. Wh
Yahoo Advertising announced a new integration with Twilio Segment Customer Data Platform (CDP) to drive greater advertising reach and relevance, without relying on third-party cookies.
IBM’s recently released X-Force Trend report reveals that Web applications remain the Achilles heel for the security industry. According to the study, more than half of vulnerabilities disclosed in 2008 were Web application based.
Companies are increasingly relying on their Web presence to serve as the face of their business, drive collaboration and community-building, and generate new opportunities in today's global economy. To remain competitive, organizations are using a new set of Web 2.0 capabilities, derived from technologies such as the Adobe Flash platform, or Ajax (Asynchronous JavaScript and XML), to create interactive and graphically rich Web sites. However, due to the dynamic and changing nature of these technologies, companies are facing new challenges for meeting the compliance and security needs of their online businesses. Hackers and other cyber criminals target Web 2.0 technologies because of their prevalence across the Web.
Certain types of corporate applications, namely custom-built software like Web applications remain a highly-profitable and inexpensive target for criminal attackers. The sheer number of new vulnerabilities, the majority of which have no available patch, coupled with the hundreds of thousands of custom Web applications that are also vulnerable (but never subject to a vulnerability disclosure, much less a patch), have become the chink in the armor of corporate security. Attackers continue to target Web application vulnerabilities, especially SQL injection, to plant malware on unsuspecting users that visit vulnerable Websites.
2008 has become the first year with over 7,000 total vulnerability disclosures (a 13.5 percent increase from 2007). From 2001 to 2006, the average annual vulnerability disclosure percentage growth was a robust 36.5 percent, largely due to the skyrocketing of Web application vulnerabilities, emergence of new Web technologies, and methods and tools of exploitation.
Although the introduction of new technologies or changes in vendor adoption of secure software practices might change this trend, for the moment at least, it appears as if vulnerability disclosures have reached a permanently high plateau.
Web Application Vulnerabilities
The most prevalent type of vulnerability affecting servers today is unquestionably vulnerabilities related to Web applications. In fact, the number of vulnerabilities affecting Web applications has grown at a staggering rate. In 2008, vulnerabilities affecting Web server applications accounted for 54 percent of all vulnerability disclosures and were one of the primary factors in the overall growth of vulnerability disclosures during the year.
Web Application Vulnerabilities by Attack Categories
The predominant types of vulnerabilities affecting Web applications are cross-site scripting (XSS), SQL injection, and file include vulnerabilities.
SQL Injection
In 2008, SQL injection replaced cross-site scripting as the predominant Web application vulnerability. In fact, the overall increase of 2008 Web application vulnerabilities can be attributed to a huge spike in SQL injection vulnerabilities, which was up a staggering 134 percent from 2007.
Although cross-site scripting issues are also easy to discover, they are not as valuable to an attacker. They usually result in cookie theft, which provides the attacker with access to a victim’s account on the vulnerable Website. SQL injection, on the other hand, is often used to redirect the visitors from the vulnerable Website to the attacker’s Website where remote code execution exploits can be launched against the victim’s browser. So, the financial profile for the average cross-site scripting vulnerability is different than for the average SQL injection vulnerability. The value of controlling a user’s account on a particular Website depends on what that Website is used for. On the other hand, having complete control of the user’s computer and potentially all of that user’s accounts on every Website they visit is always valuable, no matter how important the initial, vulnerable Website was.
SQL injection vulnerabilities are also related to improper validation of user input, and they occur when this input (from a form field, for example), is allowed to dynamically include SQL statements that are then executed by a database. Access to a back-end database may allow attackers to read, delete, and modify sensitive information, and in some cases execute arbitrary code. In addition to exposing confidential customer information (like credit card data), SQL injection vulnerabilities can also allow attackers to embed other attacks inside the database that can then be used against visitors to the Web site.
SQL injection vulnerabilities are plentiful and easily discovered. It also possible to use Web search engines such as Google to find sites running vulnerable applications, and there are many publicly available tools that can test for SQL injection, including some plug-ins for Firefox. It is not immediately clear whether SQL injection vulnerabilities increased because Web application vendors were releasing products with more vulnerabilities, or if there simply were more researchers testing for those vulnerabilities, although it is likely a combination of the two. What is clear is that major vendors took notice in 2008. For example, SQL injection attacks against Microsoft ASP and ASP.NET technologies prompted Microsoft to release a major security advisory on June 24 (Microsoft Security Advisory 954462).
Active Exploitation & Automated SQL Injection Attacks in 2008
In the past, most Web server compromises had been one-off, targeted exploitation attempts that steal information or manipulate an application in a way that is beneficial to the attacker. In the fist half of 2008, X-Force began tracking mass Web site exploitation using automated SQL injection attacks. Instead of leveraging SQL injection to steal data, this attack updated the application’s back-end data to include iFrames to redirect visitors to malicious Web pages. These attacks targeted many well-known and trusted Web sites and were also integrated into the ASPROX exploit toolkit. Soon after, the number of attacks and sources of attacks began to explode.
Cross-site scripting
Cross-site scripting vulnerabilities occur when Web applications do not properly validate user input from form fields, the syntax of URLs, etc. These vulnerabilities allow attackers to embed their own script into a page the user is visiting, manipulating the behavior or appearance of the page. These page changes can be used to steal sensitive information, manipulate the Web application in a malicious way, or embed more content on the page that exploits other vulnerabilities. The attacker first has to create a specially-crafted Web link, and then entice the victim into clicking it (through spam, user forums, etc.) The user is more likely to be tricked clicking the link, because the domain name of the URL is a trusted or familiar company. The attack attempt may appear to the user to come from the trusted organization itself, and not the attacker that compromised the organization’s vulnerability.
File Include Vulnerabilities
File Include vulnerabilities (typically found in PHP applications) occur when the application retrieves code from a remote source to be executed in the local application. Oftentimes, the remote source is not validated for authenticity, which allows an attacker to use the Web application to remotely execute malicious code.
Others
This category includes some denial-of-service attacks and miscellaneous techniques that allow attackers to view or obtain unauthorized information, change files, directories, user information or other components of Web applications.
Lack of Patches
According to the IBM report, an incredible number of vulnerabilities in Web applications have no vendor-supplied patch to fix the issue. Out of all the disclosures in 2008, 74 percent had no patch by the end of 2008. However, this figure does not take into account custom-developed Web applications that may not have had any vulnerability testing and may never see a public vulnerability disclosure to notify the developer of a Web site about vulnerability issues and potential exploitation.
Good Websites Using Bad ActiveX Controls
One common practice that is evident in a detailed analysis of Web browser attacks is that many non-malicious Websites are continuing to propagate the use of known, vulnerable ActiveX controls. This practice has several downsides.
First, from a customer and employee perspective, the user may be required to install the vulnerable ActiveX control. Although there are ways to redirect users to a fixed version of the control, the redirect will not work unless they are running an updated version of Internet Explorer or other ActiveX-enabled software that tracks and blocks these known vulnerable controls. If they do load the vulnerable control, and then browse to a malicious Website that uses an exploit for that control, they will be exploited without the normal prompt asking if they would like to install something new. If the control is already there, then they simply have no chance.
From a protection perspective, the use of these known vulnerable controls on non-malicious Websites creates a lot of “noise” that can mask real, malicious activity.
The good news when it comes to browser and plug-in vulnerabilities, IBM reports that Active-X disclosures declined for the first time in 2008, which was the predominant factor behind the overall decline in browser-related disclosures.
Unfortunately, the decline in ActiveX disclosures does not appear to be making an impact on exploitation. As with other browser-related vulnerabilities, attackers rely upon users who do not keep their browsers currently patched.
Although Microsoft has made great strides in preventing ActiveX exploitation through changes to Microsoft Internet Explorer, exploitation remains an issue along with the continued usage of known vulnerable ActiveX controls from non-malicious Websites.
Exploitation Targets: From the OS to the Browser and Beyond
Web Browser Exploitation Trends
During 2008, it became clear that lone Web browser exploits in the wild were dying out and being replaced by the organized use of Web exploit toolkits. These toolkits can deliver all of the exploits at once to Web site visitors, or the toolkit can select specific exploits based on data, such as:
Browser cookie set by the toolkit
Browser agent used by the victim
Geographic location derived from the victim’s IP address
Referrer URL (the URL that directed the victim to the Web site)
In many instances, these toolkits provide easy-to-use management interfaces. Deployments of exploit toolkits are in some cases financially supported by multiple attackers who are credited by an id number associated in their attack URLs, which is interesting because it allows attackers to get a piece of the action with a smaller initial investment. Nevertheless, it is not known how many toolkit installations are actually purchased versus leased or pirated.
Exploits from Malicious Websites
The number of malicious URLs hosting exploits in Q4 2008 alone was 50 percent more than the number seen over the entire year of 2007. This trend is partially due to a technique used by some attackers to set up the same Website using many different URL names.
In 2007, malicious Websites hosting client exploits primarily focused on exploiting Web browsers or their plug-ins. Less than 1% of these Websites included attacks related to documents or multimedia applications. In 2008, multimedia exploits and document-related exploits also took a much stronger presence.
In 2008, China took over took over the dubious honor from the US as the country hosting the most malicious Websites.
Web-Related Security Threats of 2008:
The number of new malicious Web sites in the fourth quarter of 2008 alone surpassed the number seen in the entirety of 2007 by 50 percent. Last year, China replaced the US as the most prolific host of malicious Web sites.
Even good Web sites are facing more issues. Web applications, in particular, are increasingly vulnerable and highly profitable targets for helping the criminal underground build botnet armies
Spammers are turning to the Web. URL spam (a spam email with little more than a link to a Web page that delivers the spam message) took the lead as the main type of Spam this year, and Spammers are increasingly using familiar domain names like news and blogging Web sites to host their content.
Web applications in general have become the Achilles heel of Corporate IT Security. Nearly 55% of all vulnerability disclosures in 2008 affect Web applications, and this number does not include custom-developed Web applications (only off-the-shelf packages). 74 percent of all Web application vulnerabilities disclosed in 2008 had no available patch to fix them by the end of 2008.
Last year, SQL injection jumped 134 percent and replaced cross-site scripting as the predominant type of Web application vulnerability.
Exploitation of Websites vulnerable to SQL injection has increased from an average of a few thousand per day, when they first took hold early in 2008, to several hundred thousand per day at the end of 2008.
In addition to these vulnerabilities, many Web sites request the use of known vulnerable ActiveX controls, which leave Web site visitors who do not have updated browsers in a compromised position.
Although the number of vulnerabilities affecting Web browsers went down in comparison to 2007, they continue to be the main target of exploitation. New categories of threats affecting clients are on the rise, specifically in the areas of malicious documents, multimedia applications, and potentially Java applications which are easy to host on the Web.
According to IBM, many of the web vulnerabilities listed above can be prevented or avoided by taking a preemptive approach to security. IBM Rational AppScan for example, enables companies to test Web 2.0-based applications to identify security vulnerabilities on a frequent basis, helping to make the Web experiences they provide to customers more secure from hackers. In addition, new features enhance customers’ abilities to address regulatory mandates and meet business policies.
Category: Apr–June 2023 - Artificial Intelligence (AI) in Marketing
The Asia Video Industry Association’s (AVIA) Future of Video India conference opened to a full house with a keynote conversation with Shri Apurva Chandra, Secretary, Ministry of Information and Broadcasting (MIB). Secretary Chandra stated that with OTT (over-the-top), Indian content has become more accessible and more acceptable to a global audience. “Quality of content has always been very good in India, but now it is easier for Indian content to travel across the world. OTT has helped it in a big way,” said Chandra. He also reiterated the need for OTT to continue with a soft touch approach, as the three tier self-regulatory system has been working well. While there were concerns that light touch regulation has led to less desirable content, he remained of the view that the industry needed to be more self-aware so that the government need not step in. Chandra also shared that a National Broadcasting Policy has been in the works, as the industry was becoming more fragmented. However, this would take time in order to balance the conflicting interests of all the disparate parties.
Category: Apr–June 2023 - Artificial Intelligence (AI) in Marketing
Meltwater, a global leader in media intelligence and data analytics, today announced the availability of Meltwater Enterprise Intelligence Suite, a comprehensive offering that promises vital insights and transformative impact to enterprise clients.
Category: Apr–June 2023 - Artificial Intelligence (AI) in Marketing
Appier announces that it has integrated Generative AI (GenAI) technology into three major marketing capabilities across its product lines. By connecting its advanced GenAI algorithms with OpenAI's ChatGPT language model, Appier can leverage the power of pioneering technology to help businesses increase productivity through advertising keywords and targeting parameters generation; intelligent conversational chatbot creation; and marketing copywriting and automatic content generation.
Category: Apr–June 2023 - Artificial Intelligence (AI) in Marketing
The Innovative Data Infrastructure Forum (IDI Forum) 2023, revolving around the theme of "New Apps ∙ New Data ∙ New Resilience," took place on May 23 in Munich, Germany. The Forum brings together global industry experts and partners to explore the future of digital infrastructure towards the yottabyte era (a yottabyte is equal to a quadrillion gigabytes).
MediaBUZZ is the first ‘pure’ digital publisher in the region, making an impact in Asia Pacific since 2004. Designed to empower marketers in the vibrant, ever-changing electronic marketing environment, its publication Asian eMarketing covers the digital age and zooms in on the most valuable and indispensable tools of today’s marketers. Circulated weekly to more than 60,000 top management and marketing decision-makers, the useful and informative articles support e-marketers in finding a sound marketing strategy, vital for their growing business success.