Tag Archives: pr agency

10Fold – Security Never Sleeps – 38

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: HSBC blames the banking outage on a DDoS attack and claims that everything is fine, contrary to what the customers believe. OpenSSL cryptographic code library suffered a high-severity vulnerability that allowed attackers to obtain the key’s to decrypts secured communication. NYC has launched an investigation into four baby monitor companies that have been lacking in security for their devices. A report released by a security researcher revealed that UK businesses are 25% more likely to suffer from constant threats.

HSBC online banking suffers major outage, blames DDoS attack Publication: Ars Technica Reporter name: Kelly Fiveash

HSBC has been battling an apparent Distributed Denial of Service (DDoS) attack on its online banking system for the past few hours. HSBC blamed the outage on a DDoS attack, and attempted to spin the whole thing as a success story to mainstream news outlets. By way of example, witness this headline over at ITV News. The bank’s customers may see things a little differently, however, given the major disruption to the service on what will be one of the busiest days of the year for many people. Not only is the final Friday of the month payday for many folk in the UK, it’s also the end of January—which is a big deal for any freelance bods currently filing their annual tax returns.


High-severity bug in OpenSSL allows attackers to decrypt HTTPS traffic Publication: Ars Technica Reporter name: Dan Goodin

Maintainers of the OpenSSL cryptographic code library have fixed a high-severity vulnerability that made it possible for attackers to obtain the key that decrypts communications secured in HTTPS and other transport layer security channels. While the potential impact is high, the vulnerability can be exploited only when a variety of conditions are met. First, it’s present only in OpenSSL version 1.0.2. Applications that rely on it must use groups based on the digital signature algorithm to generate ephemeral keys based on the Diffie Hellman key exchange. By default, servers that do this will reuse the same private Diffie-Hellman exponent for the life of the server process, and that makes them vulnerable to the key-recovery attack.


NYC Launches Investigation Into Hackable Baby Monitors Publication: Wired Reporter name: Andy Greenberg

On Wednesday the New York City Department of Consumer Affairs launched an investigation into the baby monitor industry’s hackable vulnerabilities, sending subpoenas to four companies—which the agency has declined to name for now—demanding information about their security practices. The subpoenas, according to the agency, demand to see evidence to back up claims that the companies make about the security of their devices, complaints they’ve received about unauthorized access to the cameras, their use of encryption on the devices, and their history of handling vulnerabilities discovered in the devices, including alerting customers, releasing patches, and whether those patches were actually implemented by the devices’ owners.


UK businesses under constant and increasing malware threat Publication: ITProPortal Reporter name: Sead Fadilpasic

UK’s businesses have had a bigger chance of being attacked by a malware than those in the US or the Republic of Ireland in December 2015, a new report by security researchers suggest. The risk of malware infection in the UK thus increased 17 percent, the company concludes, with the number of active malware families increasing by 25 percent. The company says more than 1,500 different active malware families were identified in December, up from 1,200 in November same year.

10Fold – Security Never Sleeps – 37

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: HSBC has been hit by a cyber attack causing its personal banking website and mobile application to shut down, only weeks after a systems failure that left thousands of its customers without access to digital services. Researchers at Kaspersky Lab spotted attackers using malicious Microsoft Word documents distributed via spearphishing emails to spread the Black Energy Trojan in Ukraine. Last year was a record year for malware, according to a new report from Panda Security, with more than 84 million new malware samples collected over the course of the year. A bug exposed an Uber driver’s tax information including her name and social security number to all drivers who logged onto their dashboard in what the company calls, a ‘bug.’

HSBC cyber attack brings Internet banking to its knees – Publication: Financial Times – Reporter name: Emma Dunkley

HSBC has been hit by a cyber attack causing its personal banking website and mobile application to shut down, only weeks after a systems failure that left thousands of its customers without access to digital services. The bank said in a statement that it had “successfully defended against the attack, and customer transactions were not affected.” However by early afternoon on Friday its online banking services were still unavailable to some customers. Alex Kwiatkowski, a senior strategist at software group Misys, said the attack was “very concerning” and “shines a bright spotlight” upon HSBC’s systems weaknesses.


BlackEnergy malware deployed using malicious Word docs – Publication: SC Magazine – Reporter name: Robert Abel

Researchers at Kaspersky Lab spotted attackers using malicious Microsoft Word documents distributed via spearphishing emails to spread the Black Energy Trojan in Ukraine. Russian-speaking threat actors in the BlackEnergy APT group have been using malicious Excel and PowerPoint files to spread the group’s malware since last year but Kaspersky’s Global Research and Analysis Team Director Costin Raiu claimed this was the first time Word documents have been used. The BlackEnergy APT group has been actively targeting energy, government and media in Ukraine, and industrial controls systems supervisory control and data acquisition (ICS/SCADA) and energy companies worldwide.


 27% of all malware variants in history were created in 2015 – Publication: CSO Online – Reporter name: Maria Korolov

Last year was a record year for malware, according to a new report from Panda Security, with more than 84 million new malware samples collected over the course of the year. Trojans continued to account for the main bulk of malware, at 51.45 percent, followed by viruses at 22.79 percent, worms at 13.22 percent, potentially unwanted programs such as adware at 10.71 percent and cases of spyware at 1.83 percent.


‘Bug’ Exposes Uber Driver’s Tax Information, Including Name and Social Security Number – Publication: Forbes – Reporter name: Kelly Phillips

It was an über bad day for one driver who had her personal tax information, including her Social Security number, exposed due to what the drive on demand company is calling a “bug.” When Uber drivers logged on to the Uber partner dashboard to check their own 1099 information for 2015, they instead received information relating to someone else: a Florida woman who also drives for the company. The form in question was a federal form 1099-K, Merchant Card and Third Party Network Payments. Technically, drivers for Uber are not employees which is why they fill out the 1099-MISC. The driver’s 1099-K information remained on the Uber dashboard for a short time and it’s not known how many other drivers might have viewed it during that time. When made aware of the error, the company removed the tax tab on the dashboard altogether while the mistake was corrected.

10Fold – Big Data Business Insights – 18

Your daily digest of “All Things Big Data” gathered, collected and researched by your very own 10Fold Big Data Practice team.

Big Data

10 FOLD ICON 15x15 InfoWorld highlights big-data vendor, Talend, which is following in the footsteps of two of the hottest  open-source technologies in big data — Hadoop and Apache Spark. Talend provides integration technologies for big data, cloud and applications based on the open-source software model. Because of this, the company  has placed a significant bet of its own on Hadoop, Spark, and open source in general.

10 FOLD ICON 15x15 With modern humanity continuing to generate large sets of data, machine learning has become a relevant tool to help researchers interpret all of this information.. These machines have been helpful in analyzing complex networks, yet some supercomputers still present problems. Now, a new approach that would use quantum computers to streamline these problems has been developed by researchers at MIT, the University of Waterloo, and the University of Southern California. They believe this approach, which uses algebraic topology, will help reduce the impact of distortions that arise.

Why open source is the ‘new normal’ for big data – InfoWorld

A new quantum approach to big data – MIT News

Cybercom: OPM Hack Highlights China Big Data Spying – The Washington Free Beacon

Hadoop

10 FOLD ICON 15x15 Splice Machine has secured $9m in C-round funding to continue its efforts in connecting Hadoop and relational database management systems (RDBMS) technologies together. Splice Machine aims to have an RDBMS running on top of Hadoop and Spark and aims to increase performance over traditional RDBMS, such as Oracle and MySQL, at a lower cost.

10 FOLD ICON 15x15 Cloud-scale data processing software, Qubole, raised $30 million to aid its mission in simplifying Hadoop by allowing users to manipulate information in their cloud-based analytics clusters without writing any code. The additions aim to make Qubole’s Hadoop distribution more viable for sensitive workloads, such as healthcare information and financial records.

Splice Machine bags $9m to fund RDBMS on Hadoop and Spark – The Register

What you missed in Big Data: Hadoop is the star of the show – SiliconAngle

IoT

10 FOLD ICON 15x15 Because IoT is all about connectivity, there have been many alternatives rising for getting data from “here to there.” A new breed of low-power, long-range wireless networks have arisen and are now being used by several companies. But there is also a new option: LPWANs. These networks are designed to work at distances measured in kilometers and have power consumption figures that allow for years of battery power. Another option is LTE-M, which is designed to work with existing equipment installed in LTE networks. Although neither technology is a fool-proof solution for IoT devices, they still provide newer options for carriers and companies to chose from.

10 FOLD ICON 15x15 As most organizations now embrace the IoT, they still need to process and analyze the subsequent, large quantities of data in real-time, which can increase security, capacity and analytics challenges.One way to address these would be to put automated, intelligent analytics at the edge — near where the data is generated to reduce the amount of data and networking communications overhead. The questions of what data can be collected, what data should be collected, and how long the data should be retained still apply. The difference is the physical point at which the data should be analyzed and acted upon, which depends on the use-case and on what an organization is trying to achieve.

Does The Internet Of Things Really Need Dedicated Low-Power WANs? – Forbes

Edge Analytics An Antidote To IoT Data Deluge  – Informationweek

eCommerce

10 FOLD ICON 15x15 Salesforce saw growth like never before in 2015 with an estimated 1 million jobs projected by 2018 that will be directly enabled by the Salesforce ecosystem. That being said, CloudCraze, Salesforce’s only enterprise-class eCommerce partner, is poised to lead the forefront of cloud innovation for 2016. CEO Chris Dalton provides insight for how he believes eCommerce will be effected in the future with the use of CloudCraze.

CloudCraze Has Changed The Face of eCommerce For Salesforce: An Interview With CEO Chris Dalton – Forbes

NFV

10 FOLD ICON 15x15  According to a recent  report from the OpenStack Foundation, Accelerating NFV Delivery with OpenStack, NFV is changing the game for telcos because it helps them quickly develop and deploy new applications while reducing their reliance on proprietary hardware from traditional network suppliers, and eases the strain on their data centers. Although adoption of NFV remains in its infancy, it is already projected to grow rapidly by the end of the decade.

More telcos turning to NFV to cut costs and provision services – Computer Weekly