Tag Archives: Microsoft

Security Never Sleeps- Internet Explorer Bug, Sonic Breaches

Internet Explorer Bug Leaks What Users Type in the URL Address Bar

“Privacy risks with new bug”

Microsoft’s Internet Explorer browser is affected by a serious bug that allows rogue sites to detect what the user is typing in his URL address bar. This includes new URLs where the user might be navigating to, but also search terms that IE automatically handles via a Bing search. Users copy-pasting URLs for Intranet pages inside IE would likely see this bug as a big issue. The bug was spotted by security researcher Manuel Caballero, poses a privacy risk.

Fast-Food Chain Sonic Confirms Data Breach

“Yet another firm dealing with insufficient security systems”

The operator of drive-in burger joints said the attack left some customer credit and debit card numbers at risk. Fast-food chain Sonic Corp. is the latest company contending with a breach of customer data.

 

Calls for crackdown on rogue rental appliance firms after data breach

“Thousands of customers at risk”

A rental appliance company has suffered a massive data breach that has leaked tens of thousands of Australian private customers’ records online, including identification documents, Centrelink records and financial information.

Amazing Rentals – a company leasing televisions, fridges and other household goods – was last week revealed to have published 26,000 personal documents involving 4,000 customers on the internet.

Enjoy your read? Check out our other content here.

Big Data Horizons- Anthem, JD.com and AI

Microsoft Azure to Feature New Big Data Analytics Platform

“Wipro and Microsoft have collaborated on parts of the solution”

Wipro announced that its big data analytics platform will be offered on Microsoft Azure. The company released the following statement:

“Together, Microsoft and Wipro have built an industry sector-specific apps ecosystem on the Data Discovery Platform,” said Pallab Deb, vice president and global head of analytics at Wipro. “Today, the platform is a significant enabler of analytics-led digital transformation delivering Analytics-as-a-Service to organizations. We believe that this is a reflection of the Wipro Data Discovery Platform’s maturity and Microsoft’s confidence in the prowess of this platform.”

More U.S. companies push back on foreign must-store-data-here rule

“JD.com launch partnership with Baidu”

Ecommerce giant JD.com has recently launched a strategic partnership with search powerhouse Baidu in a bid to help brands target consumers more effectively. The partnership will utilize the big data, AI and large user base both companies can leverage to create a better ecommerce experience for both consumers and advertisers.

The partnership comes at a significant time for both companies. Baidu is investing heavily in AI technology and applications as it looks to strengthen its position as an AI-first company, while JD.com is looking to increase its market share in the ecommerce market as it gains ground on rival Alibaba.

Anthem taps retail industry for data analytics expertise

“Retail adept at creating personalized experience for consumers”

Anthem is taking steps to emulate seamless customer service like the retail sector as the sector moves more towards a service-oriented industry, allowing a more consumer friendly service moving forward. Patrick McIntyre, Anthem’s senior vice president of healthcare analytics, spoke with HealthITAnalytics about the move “I would say about 70% or 80% of our data science department was actually brought in from the retail industry.”

 

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 191

Hack on Italy’s largest bank affects 400,000 customers

“400,000 customers put at risk”

Two security breaches have put hundreds of thousands of sensitive consumer data in jeopardy. Unicredit has stated that personal data and account numbers may have been leaked, also adding that passwords were not leaked, indicating that no unauthorized transactions took place.

Using AI to spot malware patterns

“Protecting organizations has never been more difficult and necessary”

The number of entry points and connected endpoints has only increased, showing that the bad guys are only getting smarter. A new security startup, Cylance, is using artifical intelligence to change the game and counter these criminals.

Majority of Consumers Believe IoT Needs Security Built In

“Global survey say IoT is a ‘shared responsibility'”

Many respondents to a global survey believe that consumers and manufacturers share responsibility to secure networks. Irdeto’s report shows that 90% of respondents think that security should be built in to IoT devices, but are more divided on who is responsible for implementing the systems.

Cloud-Based Email Security Systems From Microsoft And Symantec Miss Thousands Of Unsafe Emails

“Risk assessment on more than 45 million emails”

Email and data security company Mimecast has run an extensive experiment on corporate email vulnerabilities over more than a year. About 24% of the emails were marked as unsafe, with most being spam while some contained dangerous malware. That may seem like a relatively small amount, but given that all of the emails were originally classified as ‘safe’ we see a bigger problem emerge.

Shoddy data-stripping exposes firms to hack attacks

“Research suggests much vulnerability”

Many large firms have made themselves open to attacks because of inadequate data stripping on their websites. Researchers have found that as employees create documents, images, and other files, the data is uploaded to the companies website and not properly maintained.

Enjoy your read? Check out our other content here.

 

PR Intern’s Guide to the Galaxy: Making Relevant Media Lists

Media lists can be considered the secret weapon of the PR pro. While they’re a relatively simple tool, they’re arguably the most important to PR success. Without an updated, accurate and beat-tailored media list — sucess is hard to come by. Your reputation as a PR practitioner can also be tarnished if you constantly are pitching the wrong media contacts (you might also find your misguided email screenshotted on Twitter under #PRFails).

Media lists are used to:

  1. Secure media coverage for your client
  2. Reach a target audience
  3. Keep a history of dialogue between your client and a reporter to ensure pitches/conversations are more useful for both parties

Audience – The first thing to consider when building a media list is your client’s target audience, this will help you determine the types of publications that need to be included based on their readership. It’s also important to identify the coverage of your clients competitors. It is likely that media covering your client’s competitors will be interested in covering your client as well. A well rounded media list will include trade reporters, reporters from vertical outlets (government, healthcare, retail, etc.) and bloggers.

Keywords – When searching for the right media to include, it is crucial that you search the right keywords. In some cases, it is easy to only include the phrases categorizing your clients technology, but only if it is unique enough that your search results will bring back specific, relevant coverage. It is rarely that easy. More likely, there are instances where your client’s keywords are very generic and search results for the technology classification alone will bring back irrelevant results. Other keywords include the name of your clients competitors.

Tools – The tools most commonly used when searching for media are Google, Cision, Meltwater, IT Database. You will want to use these tools to search multiple combinations of your clients keywords as well as your clients previous coverage, and competitors previous coverage. Once you find the coverage, you will need to organize the information and create your media list using Excel.

Organize – Media lists can sometimes get very long but no matter the size, keep them organized! This ensures that you will be able to find the right contact, the first time, every time. Begin by opening an excel sheet and in the first row, place a filter on publication, first name, last name, title, email, phone number, twitter handle and a link to the reporters most relevant/timely story. Under each column, you will either fill in the information by hand or copy and paste it in from an Excel sheet generated by one of your previously used tools. Once you have all of the information filled in, check for duplicates and fill in anything that might be missing. Finding this missing information consists of research and can sometimes be time consuming.

Update – Keeping an updated media list is important, because there are many reporters who move from one publication to another and sometimes, a media contact will even change the topic that they report on, known as their beat. When you have a media list that is up to date and accurate, you avoid situations where reporters get frustrated with you because you mistakenly pitch them a story that they aren’t covering. Reporters are easier to work with if they know that you are paying attention to their current beat and reading their most current stories. Pitching the wrong media is a waste of their time, yours and the client’s.  

By Kory Buckley

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 174

Microsoft claims Fireball malware enterprise security threat ‘overblown’

“Actions taken to quell threat perception”

Microsoft has public doubts about the Fireball, which has been touted as a serious concern for consumers and enterprises. Windows Defense researcher Hamish O’Dea has stated in recent reports that the cybercriminal campaign is “overblown.”

Japanese Honda factory hit with WannaCry ransomware

“Honda plant forced to halt production”

After the Sayama, Japan Honda plant was hit with WannaCry it was forced to halt vehicle production systems on Monday. After the discovery of the attack Sunday the Sayama plant stopped while other plants continued to maintain scheduled construction.

Improving The Customer Journey With IoT

“IoT is strongest tool for coherence with omni-tool CX strategies”

IoT has the power to track customer preferences, and 24/7 customer engagement. The present has never been more powerful and consistent for IoT systems, providing a bright future for the future of the technology.

Two Britons arrested over Microsoft hack

“Alleged plans to access Microsoft”

Two men, aged 22 and 25, were detained by police on Thursday in regards to their plan to infiltrate Microsoft networks. There is evidence that the two men had attempted repeatedly to access the systems between January and March this year.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 166

Qatar Begins Probe After State News Agency Hacked

“Unprecedented security breach”

 On wednesday the government of Qatar began an investigation into a recent breach in which hackers posted fake news stories on controversial political issues in the country. The government sponsored news agency and official Twitter account in which the posts were published caused backlash throughout the Middle East.

Another Ransomware Nightmare Could Be Brewing in Ukraine

“New strains could hurt more than WannaCry”

XData, a new ransomware developing in the Ukraine, has renewed concerns of cyberattacks as the WannaCry outbreak has died down. The fact that the malware has attacked the Ukraine singularly has fostered questions oover motive, but the fears that spillover globally could develop frightens security researchers everywhere.

Hackers can use malicious subtitles to remotely take control of your device

“Take care in using subtitles on specific programs”

Use Kodi, Popcorn Time, VLC or Stremio? If you activate subtitles on these programs make sure to update the softare. Check Point researchers have shown that hackers can remotely activate certain sysytems on vulnerable devices, using this vector to gain access to about 200 million video players.

Microsoft to buy cyber security firm Hexadite for $100 million: report

“Firms provides automated responses to attacks”

Microsoft is set to acquire security firm Hexadite for a cool $100 million Calcalist reported on Wednesday. Headquartered in Boston, Massachusettes, Hexadite conducts its research and development operations in Israel.

 

10Fold- Security Never Sleeps- 164

WannaCry attack is good business for cyber security firms

“Sophos value jump and better financial forecast amidst global crisis”

Sophos Group Plc, a UK-based cyber security firm had a boost in the price of its stock by 7% since the WannaCry ransomware began torturing its victims. Among the systems affected was the British National Health Service, a Sophos client. However instead of an embarrassing reputational catastrophe such an event would usually bring it became a boon to the firm, netting a record high stock price and a record financial forecast.

Yes, you still need endpoint malware protection

“Antivirus ineffeciencies are just rumors, stay protected”

Recent reports from Gizmodo and other tech sites have claimed that antivirus applications will soon be a thing of the past, arguing that Windows 10 and many browsers have adequate protections for users surfing the web. While these points do carry some merit, many security experts still believe that the additional protection still far outweighs the potential risk without it.

How to maintain data oversight to avoid ‘shadow data’

“Bipartisan legislation group introduce anti-hacking measures”

In the wake of the global WannaCry attacks that have plagued users in over 150 countries worldwide, prominent figures have emerged to call for substantive reform to prevent a future incident of the same caliber. Microsoft’s Chief Legal Officer has called for the stockpiling of zero-day by governments, an appealing idea that becomes politically difficult to implement.

Disney Blackmailed Over Apparent Movie Hack: Reports

“Ransom demanded, Bob Iger claims”

U.S. media has reported on the apparent hacking of Disney archives, claiming to have access to an unreleased film with the capabilities to release it on the web. The cybercriminals are demanding a “huge” ransom, although the title of the film in jeopardy has not been disclosed.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 163

“Patched” WannaCry Ransomware Has No Kill-Switch

“New variant proves tough to stop”

The recent WannaCry ransomware outbreak was stopped by registering domains that act as kill-switches, ending a particularly malicious software that attacked government organizations, hospitals, ISP’s, carmakers, and more in a matter of days. A new variant that is not affected by the previous kill-switch is now available, however, making researchers concerned over a new potentially serious outbreak of the same malware. Organizations in Europe are the most critically affected thus far, prompting Europel to organize a task force specifically to assist in the investigation.

‘WannaCry’ Malware Attack Could Just Be Getting Started: Experts

“200,000 computers estimated to be affected”

Computers worldwide have been affected by a massive ransomware attack last week. Researchers believe this attack could just be the beggining of a storm of new malware, with two fresh variants detected since the end of last week.

The 22-year-old who saved the world from a malware virus has been named

“WaanaCry was no match for this young researcher”

Marcus Hutchins has been credited with the stop of the notorious WannaCry ransomware attack last week. From a small bedroom in his parents home on the Devon coast, cyber security researcher Hutchins was able to impede the spread of the malware from causing any further damage.

Microsoft Warns Governments Against Exploit Stockpiling

“Should serve as a ‘wake up call'”

Microsoft President and Chief Legal Officer Brad Smith has reiterated a call for a ‘Digital Geneva Convention’ after news of the WannaCry outbreak broke last week. Smith claimed that the recent scare should remind all governments that the internet security realm is still vulnerable, and coordination internationally is a worthy and necessary cause.

NHS Hack Could Be About to Become Far Worse As People Switch on Computers After Weekend

“Experts believe a re-infection possible”

NHS specialists are concerned that equipment and comouters may be re-infected after they were shut off over the weekend to stop the spread of last weeks malware attack. Over 200,000 devices in 150 countries were infected, originating in the UK Friday before making it to all parts of the globe in mere hours.

10Fold- Security Never Sleeps- 154

Dridex gang uses unpatched Microsoft Word exploit to target millions

“Attacks beginning in January”

The group associated with the Dridex trojan software has begun using an unpatched Microsoft Word vulnerability that allows it to potentially affect millions of users. The capability of harm was revealed Friday by McAfee antivirus researchers, and security researchers firm FireEye have confirmed more instances of issues over the past several weeks as well.

US dismantles Kelihos botnet after Russian hacker’s arrest

“Unrelated to potential tampering in U.S. election”

The recent arrest of a Russian cybercriminal in Spain has led to the destruction of a large scale botnet. Kelihos, a botnet that is directly responsible for the remote control and ‘enslavement’ of hundreds of thousands of IoT devices, has been used to distribute malware globally in the past. On Monday the U.S. Justice Department released a statement claiming it had taken actions to officially dismantle the project.

Hackers Steal Customer Card Data From GameStop

“Popular gaming retailer apparently breached”

GameStop, a popular retailer among the gaming community, allegedly has been compromised with the possibility of customer payment card information stolen. Included are the name, address, and verification numbers of credit cards.

Cisco Finds Many Flaws in Moxa Industrial Aps

“More than a dozen issues identified”

Talos Intelligence, a Cisco research group, has finished a two-week observation of a wireless AP from Moxa, concluding that many vulnerabilities are apparent from their tests. Over a dozen were officially verified, including remote exploitation that would effectively give a cybercriminal full access to operating functions of a device. Moxa has apatched all but on of these vulnerabilities, the details of which will be disclosed after it has been dealt with.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 136

Virulent Android malware returns

“Over 2 million downloads on Google Play”

A strain of malware that had infected over 10 million Android devices in 2016 has been making the rounds again, embedding itself in Google Play applications that may have affected nearly 12 million users. Professionally developed, HummingWhale is a variant of a researcher documented strain hitting the Google store last July.

Court denies U.S. government appeal in Microsoft case

“Appeals court not reconsidering DOJ request for email handover”

An appeals court has refused the Department of Justice’s request to force Microsoft to release thousands of customer emails held outside of the United States. A 4-4 decision by the Second Circuit court refused to rehear a July decision that denied access to a suspected drug dealers account stored on a server based in Ireland. DOJ requests are not new to Microsoft, having been in consistent battles for email requests since early 2013.

Cisco’s web meeting plugin for Chrome has a whopping flaw

“Extension may need security patch”

Users of the Cisco WebEx extension would be keen on ensuring they have installed the 1.03 patch, as security experts have been claiming earlier versions leave considerable vulnerabilities in a users device. Filippo Valsorda (@FiloSottile) has recently tweeted on the matter “…any website could just install malware on your machine silently.”

Enjoy your read? Check out our other content here.