Tag Archives: sf pr

10Fold – Big Data Business Insights – 26

Your daily digest of “All Things Big Data” gathered, collected and researched by your very own 10Fold Big Data Practice team.

Big Data

10 FOLD ICON 15x15 The Computer Technology Industry Association (CompTIA)’s recent survey, Big Data Insights, is examined by CIO Magazine. Of the 402 respondents, 51 percent reported having a big data project in place today, yet another 36 percent reported they were still in the project-planning stage. While many U.S.-based companies now have some form of big data initiative in place (31 percent surveyed said they were exactly where they wanted to be in managing and using data), yet few have managed to reach their data-related goals (only six percent felt their organization was where it needed to be in regard to data usage). Currently, some individual pieces of holistic data solutions are improving, but they are not yet integrated in a way that drives ideal results. While some businesses may have made progress in select areas of data management, many have not fully connected the dots between developing and implementing a data strategy in order to have a positive effect on other business objectives, such as improving staff productivity or developing more effective ways to engage with customers. CompTIA encourages companies to improve their data management by taking the measured steps of the three stages of data usage: collection and storage, processing and organization analysis and visualization.

10 FOLD ICON 15x15 When it comes to capturing data for cloud-based analytics, “big” does not even come close to being an adequate characterization. Big data keeps getting bigger, yet the percentage of data accessed by cloud-based analytics remains very low.IDC predicts the amount of data created annually is expected to grow from 4.4 zettabytes (2013) to 44 zettabytes in 2018 worldwide. It would seem logical that in the world of cloud-based analytics more data is better, but that is not always the case. IBM’s vice president of business analytics, Mike O’Rourke, said some kinds of data get more valuable over time, especially in specific industries such as wine vineyards or retail. While cloud data-storage providers work to expand storage capabilities, the problem is the small percentage of collected data that is used for analytics purposes.

Big Data Projects on the rise (but data use could be better) – CIO

Is Big Data too big for cloud-based analytics? – Tech Target

IoT

10 FOLD ICON 15x15 Cisco Systems Inc. acquired Jasper Technologies Inc. for $1.4 billion, strengthening its offerings in the growing market for technology that lets people manage technologies like jet engines and vending machines over the Internet.. This ambitious partnership will likely put Cisco in competition with Ericsson’s Device Connection Platform, a product that does many of the same things as Jasper’s platform.

Cisco-Jasper deal should make enterprise IoT safer – Computer World

Cisco to Buy Jasper for $1.4 Billion, Adding IoT Management – Bloomberg

Self-Service and Enterprise

10 FOLD ICON 15x15 IBM launched a suite of new tools designed to help companies make the most of the data they have. They’ve introduced four new tools.

  • IBM Graph – a fully managed database service built on the open-source Apache TinkerPop graph-computing framework. Graph can help make real-time recommendations, including fraud detection.
  • IBM Compose Enterprise – a platform designed to speed the development of Web-scale apps by enabling teams to deploy open-source databases on their own dedicated cloud servers.
  • IBM Predictive Analytics – a new service that allows developers to make machine-learning models for built-in predictive capabilities.
  • IBM Analytics Exchange – a self-service marketplace that includes more than 150 publicly available data sets that can be used for analysis or be integrated into applications.

IBM doubles down on data with four new cloud tools – CIO

NFV/ SDN

10 FOLD ICON 15x15 Software-defined networking and other network virtualization technologies have driven conversation for years, yet the tech world is still in the early stages of SDN and NFV. Analysts and Markets expect the market to quickly grow to an estimated $11.5 billion between now and 2020. Quinstreet, the publisher of eWEEK, found that the market is moving beyond the hype with real and expected deployments growing vendor options. The publication presented a slideshow with examples of growth.

SDN is no longer just about the Hype, Quinstreet Survey Finds – eWeek

10Fold – Security Never Sleeps – 41

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to considerTop lawmakers are concerned that the IRS outage might have been caused by a hacker. 20 million accounts on Alibaba’s site have been exposed to potential attackers. According to a new survey, the riskiest mobile users are actually businessmen. University of Central Florida has been hacked and 63,000 student and employee social security numbers have been leaked.

Oversight chairman: IRS outage ‘may be a hack’ – Publication: The Hill – Reporter name: Cory Bennett

A top House lawmaker on Thursday suggested hackers had caused the Internal Revenue Service’s hardware failure. Late Wednesday night, a number of the IRS’s tax processing systems went down because of technical problems, the agency said. “My initial gut reaction is that may be a hack,” said House Oversight Committee Chairman Jason Chaffetz (R-Utah) on Fox Business Network’s “Mornings With Maria.”

“You just don’t have systems collapse and people can’t use the systems online,” he added. “It’s not like they run out of batteries or something. It really does smell like a hack.” The hardware failure rendered several services available, including the IRS’s modernized e-filing system, several taxpayer and practitioner tools and portions of the IRS website.


Hackers attack 20 mln accounts on Alibaba’s Taobao shopping site – Publication: Reuters – Reporter name: Staff

Feb 4 Hackers in China attempted to access over 20 million active accounts on Alibaba Group Holding Ltd’s Taobao e-commerce website using Alibaba’s own cloud computing service, according to a state media report posted on the Internet regulator’s website. Analysts said the report from The Paper led to the price of Alibaba’s U.S.-listed shares falling as much as 3.7 percent in late Wednesday trade. An Alibaba spokesman on Thursday said the company detected the attack in “the first instance”, reminded users to change passwords, and worked closely with the police investigation.


The #1 Riskiest Mobile Users Wear Suits – Publication: Dark Reading – Reporter name: Erick Chickowski

As mobile malware continues to grow into a legitimate threat, some users are proving more prone than others to being subject to attack. According to a new survey out this week, the demographic most likely to routinely engage in risky mobile behavior isn’t youngsters on Snapchat or ‘digitally hooked’ users who consume vast quantities of mobile video and entertainment. Instead, the most risky users are businesspeople.


UCF hack: 63,000 Social Security numbers stolen from students, staff – Publication: Orlando Sentinel – Reporter name: Gabrielle Russon

In an unprecedented data breach at UCF, about 63,000 Social Security numbers and names of former and current students and UCF employees were hacked, officials revealed Thursday. The people whose information has been compromised have not been notified yet. The university will alert them by letters that are expected to be sent Friday, officials said. The school has set up a call-in phone center and a website that went live this morning with details of what happened and what people should do to as a precaution. People who are affected will also receive one year of free credit monitoring and identity-protection services.

10Fold – Security Never Sleeps – 40

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: An EU watchdog said on Wednesday it needed time to study a new EU-U.S. agreement on data transfers to determine whether the United States was committed to limiting intelligence surveillance of Europeans. Charles Harvey Eccleston, a former employee of the U.S. Department of Energy and the U.S. Nuclear Regulatory Commission (NRC), pled guilty Tuesday to charges of attempting to extract sensitive, nuclear weapon-related information by hacking into his former colleagues’ computers. Developers of the Socat networking tool have fixed a cryptographic flaw that left communications open to eavesdropping for over a year. Hacking group AnonSec claims to have breached NASA’s network and to have temporarily gained partial control of a NASA Global Hawk drone. 

EU watchdog says needs time to study data deal with United States – Publication: Reuters – Reporter name: Philip Blenkinsop

An EU watchdog said on Wednesday it needed time to study a new EU-U.S. agreement on data transfers to determine whether the United States was committed to limiting intelligence surveillance of Europeans. Negotiators from the European Union and the United States agreed the data pact on Tuesday. It will replace the Safe Harbor framework, which a top EU court ruled illegal last year amid concerns over mass U.S. government snooping. Under the new Privacy Shield, the Commission said U.S. companies would face stronger obligations to protect Europeans’ personal data, including limitations to U.S. surveillance programs. There are concerns on the transfer regarding the scope of surveillance and particularly the remedies. The question is whether the new arrangement answers these concerns or not.


Former US Energy Department Employee Accused of Trying To Steal and Sell Nuclear Secrets Pleads Guilty – Publication: International Business Times – Reporter name: Avaneesh Pandey

Charles Harvey Eccleston, a former employee of the U.S. Department of Energy and the U.S. Nuclear Regulatory Commission (NRC), pled guilty Tuesday to charges of attempting to extract sensitive, nuclear weapon-related information by hacking into his former colleagues’ computers. The 62-year-old tried to information from computers at the Department of Energy through “spear-phishing” emails with the intent of selling this information to an unnamed foreign government. Thanks to the work of the FBI, this former federal employee was arrested before he could do any damage and he now is being held accountable for actions that could have threatened our national security.


Socat vulnerability shows that crypto backdoors can be hard to spot – Publication: PC World – Reporter name: Lucian Constantin

Developers of the Socat networking tool have fixed a cryptographic flaw that left communications open to eavesdropping for over a year. The error is so serious that members of the security community believe it could be an intentional backdoor. Socat can create encrypted connections using the Diffie-Hellman (DH) key exchange mechanism, which fundamentally relies on a prime number to derive the shared secrets for key exchanges. It turns out that the 1024-bit DH parameter used by Socat was not actually a prime number. Whether the flaw was intentional or not, its existence does highlight the ease with which cryptographic backdoors can be introduced into projects without maintainers noticing.


NASA Denies Hackers Hijacked Its Drone – Publication: InformationWeek – Reporter name: Thomas Claburn

Hacking group AnonSec claims to have breached NASA’s network and to have temporarily gained partial control of a NASA Global Hawk drone. To support its claim, AnonSec says it has posted 250GB of data exfiltrated from NASA servers. Allard Beutel, acting director of NASA’s news and multimedia division, in an email denied the group’s assertions about the drone, and said the alleged breach is being investigated. AnonSec acknowledges that at least some of the data posted is public, but the group claims it “wanted access to the raw data, straight from the backend servers, to see if they [NASA] were not publishing some of the data or possibly tampering with the data.” NASA does offer an online directory but only to authorized NASA personnel. While it’s plausible that AnonSec could have scraped websites for email addresses and phone numbers in order to present them as purloined data, a hack seems more likely, particularly in light of other details provided, like the use of weak passwords.

10Fold – Big Data Business Insights – 25

Your daily digest of “All Things Big Data” gathered, collected and researched by your very own 10Fold Big Data Practice team.

Big Data

10 FOLD ICON 15x15 With the Super Bowl just around the corner, it has been a hot topic in the news. The integration of big data into the game has started to make drastic differences when it comes to technique and safety improvements. For example, NFL players will now find sensors on their pads and helmets that collect real-time position data and indicate if a player might have suffered a damaging hit to the head. Besides helping the players be safer and the coaches analyze plays in a more timely manner, big data is also helping sports analyst keep track of the statistics of the game. They can now track distance traveled on the field, position held on the field, how the weather effected the plays, and predicting individual player matchup.  Lastly, big data is also changing how people advertise during/around the game. Research shows that most online chatter that occurred about the Super Bowl XLIX occurred after the super bowl took place, proving that post-game was a prime time for advertisers to take advantage of. Research also showed that the hot topic on social media was about the commercials, brands and halftime shows, not about the actual game. So for the financially well-off brands that do advertise during the game, this is a good opportunity to take advantage of.

10 FOLD ICON 15x15 Big data is no longer just a buzzword word but a requirement for businesses to have in order to grow and thrive. The struggle today, though, is not acquiring a large amount of data but making sense of it. Companies need to understand how to implement the correct data management plan for their business so they can store the data properly and leverage as much information as possible. Memeburn discusses four steps on how to properly leverage the power of big data: first, processing one’s data at the point of collection in a local setting; second, interconnecting data from all sources, such as sales, marketing, manufacturing, production, and so on; third, encouraging employees to give real-time feedback; and fourth, making sure all new initiatives are tested before they are fully deployed across the business.

How the Super Bowl uses Big Data to Change the Game – Forbes

Big Data: the reality for smart businesses – Memburn  

Hadoop

10 FOLD ICON 15x15 As a continuation of recognition of Hadoop’s 10th birthday, Information Week created a slideshow that covers the top 10 events that have driven the growth of this technology. The slideshow higlighted Cloudera, which is one of the three companies that provided the main commercial distributions of open source Hadoop. The slideshow also noted that Cloudera, Hortonworks and MapR all released their own distribution of Hadoop, yet Apache Software Foundation didn’t released their version 1.0 until much later, during January 2012. Lastly, InformationWeek reflected on the first year of Strata+Hadoop World conference in 2012, noting that it has now become a series of events hosted around the world.

Hadoop at 10: Milestones and momentum – Information Week

IoT

10 FOLD ICON 15x15 IoT Evolution announced USA Technologies, a mobile payment platform provider, as winner of their 2015 Smart Machine Innovation Award. USA Technologies is responsible for a cutting-edge, end-to-end mobile system called EPort Connect. Eport Connect is “smart technology infrastructure that enables owners and operators to use analytics to gain insight into consumer purchasing behavior and their business, while simultaneously building loyalty with consumers in real time.” The company believes that with these advancements, they will drive improvements in the self-serve retail market.

10 FOLD ICON 15x15 IoT is more than just metrics and data, it being seen to help improve human welfare. The United Nations’ International Telecommunication Union and Cisco recently released a report titled, “Harnessing the Internet of Things from Global Development.” It covers a range of solutions that could occur with the help of IoT technologies for developing economies spanning energy, healthcare, and agriculture and natural disaster relief. For example, a networked temperature sensor on refrigerator containing vaccines or medicines can maximize the safety and efficacy of medicine, or a smart hand-pump that improves access to waters in villages and monitors the purity of the water. Small smart devices like these are helping to ensure the quality of life in developing countries.

10 FOLD ICON 15x15 In a new edition to its 2016 predictions series from leading industry analysts and executives, RSR Wireless News notes a major trend in IoT with the ability to deploy solutions internationally, meaning that any smart, connected device will be designed and developed as a global product and will be able to work anywhere and everywhere a customer wants to do business.

USA Technologies’’ payments Platform Wins IoT Evolution Award – PYMNTS

The Internet of Things for developing economies – CIO

2016 Predictions: Global connectivity will power the IoT in 2016 – RCRWireless

Cognitive Computing

10 FOLD ICON 15x15 Cognitive computing and machine learning are making huge waves in the retail industry. A recent IBM survey shows that 91% of retail industry executives are familiar with cognitive computing and believe it will play a disruptive role in the industry, and 94% of respondents will invest in the technology in the near future. Cognitive computing is opening a new door in the retail industry, helping retailers gain a deeper understanding of their customers, which then allows them to build a closer relationship with their brands and buyers.

Retail’s cognitive future– The Point of Sale news

OpenStack

10 FOLD ICON 15x15 Today PLUMgrid announced its reseller partnership with Rackspace. Rackspace will resell PLUMgrid’s full SDN product line which includes its Open Networking Suite for OpenStack, CloudApex, and support and trading services. PLUMgrid’s products have also been validated to run with Rackspace’s Private Cloud powered by OpenStack service.

RackSpace to resell PLUMgrid OpenStack SDN – Network World

10Fold – Big Data Business Insights – 23

Your daily digest of “All Things Big Data” gathered, collected and researched by your very own 10Fold Big Data Practice team.

Big Data

10 FOLD ICON 15x15 Businesses that use software to collect data are vulnerable to cyber risks. According to a new report by the European Network and Information Security Agency (ENISA), companies are urged to follow the ‘security-by-default principle.’ ENISA warned that the potential for data to be breached, leaked, or degraded is a result of the replication of big data storage, and frequency of outsourcing big data. Companies can avoid these by implementing big data tools, such as the use of cryptography, access controls, or pseudonymisation techniques.

EU Agency warns of cyber risk from using big data tools – The Register

IoT

10 FOLD ICON 15x15 The U.S. Insurance Industry is currently the largest insurance market, employing 2.5 million people. The industry is expected to experience rapid change with the addition of the Internet of Things. In an interview from Forbes contributor Robert Reiss with Vik Renjen of SVP Sutherland Global Services,   Renjen says he sees the industry transforming in a couple ways – with geospacial applications, environmental sensors, connected biometrics, diagnostics, and lastly, with carrier process transformation. These new opportunities for finer product segmentation will help improve loss control and accelerate premium growth.

5 Ways IoT will Transform the Insurance Industry – Forbes

Hadoop

10 FOLD ICON 15x15 MapR is expanding its free training on Hadoop and Spark since the advanced analytics market is growing very quickly. MapR is considered one of the three biggest Apache Hadoop distribution companies. Many developers, administrators, and data analysts will benefit from the skills offered by MapR’s free on-demand Hadoop training, including hands-on labs, exercises and quizzes. Additionally, students can complete certification exams that lead to Hadoop and HBase professional designations.

Free Hadoop, Spark Training; Advanced Analytics Market Grows: Big Data Roundup – Informationweek

Personalization

10 FOLD ICON 15x15 We’re used to hearing about the IoT… but have you heard of the Internet of Emotions? Companies largely rely on personalization methods, including pop-up ads, to provide value for customers. But in the near future, with devices equipped with facial, vocal, and biometric sensors that will be able to analyze and influence our feelings, personalization will be influenced by this “Internet of Emotions, With the combination of the IoT and “IoE”, humans could be forced to become more emotionally aware, as machines are already doing the same.

The Internet of Emotions: Putting the person back into personalization – Mashable

10Fold – Security Never Sleeps – 38

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: HSBC blames the banking outage on a DDoS attack and claims that everything is fine, contrary to what the customers believe. OpenSSL cryptographic code library suffered a high-severity vulnerability that allowed attackers to obtain the key’s to decrypts secured communication. NYC has launched an investigation into four baby monitor companies that have been lacking in security for their devices. A report released by a security researcher revealed that UK businesses are 25% more likely to suffer from constant threats.

HSBC online banking suffers major outage, blames DDoS attack Publication: Ars Technica Reporter name: Kelly Fiveash

HSBC has been battling an apparent Distributed Denial of Service (DDoS) attack on its online banking system for the past few hours. HSBC blamed the outage on a DDoS attack, and attempted to spin the whole thing as a success story to mainstream news outlets. By way of example, witness this headline over at ITV News. The bank’s customers may see things a little differently, however, given the major disruption to the service on what will be one of the busiest days of the year for many people. Not only is the final Friday of the month payday for many folk in the UK, it’s also the end of January—which is a big deal for any freelance bods currently filing their annual tax returns.


High-severity bug in OpenSSL allows attackers to decrypt HTTPS traffic Publication: Ars Technica Reporter name: Dan Goodin

Maintainers of the OpenSSL cryptographic code library have fixed a high-severity vulnerability that made it possible for attackers to obtain the key that decrypts communications secured in HTTPS and other transport layer security channels. While the potential impact is high, the vulnerability can be exploited only when a variety of conditions are met. First, it’s present only in OpenSSL version 1.0.2. Applications that rely on it must use groups based on the digital signature algorithm to generate ephemeral keys based on the Diffie Hellman key exchange. By default, servers that do this will reuse the same private Diffie-Hellman exponent for the life of the server process, and that makes them vulnerable to the key-recovery attack.


NYC Launches Investigation Into Hackable Baby Monitors Publication: Wired Reporter name: Andy Greenberg

On Wednesday the New York City Department of Consumer Affairs launched an investigation into the baby monitor industry’s hackable vulnerabilities, sending subpoenas to four companies—which the agency has declined to name for now—demanding information about their security practices. The subpoenas, according to the agency, demand to see evidence to back up claims that the companies make about the security of their devices, complaints they’ve received about unauthorized access to the cameras, their use of encryption on the devices, and their history of handling vulnerabilities discovered in the devices, including alerting customers, releasing patches, and whether those patches were actually implemented by the devices’ owners.


UK businesses under constant and increasing malware threat Publication: ITProPortal Reporter name: Sead Fadilpasic

UK’s businesses have had a bigger chance of being attacked by a malware than those in the US or the Republic of Ireland in December 2015, a new report by security researchers suggest. The risk of malware infection in the UK thus increased 17 percent, the company concludes, with the number of active malware families increasing by 25 percent. The company says more than 1,500 different active malware families were identified in December, up from 1,200 in November same year.

10Fold – Security Never Sleeps – 39

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: Twelve Chicago area restaurants have been comprised by a malicious program installed on their payment processing devices. The security firm responsible for finding the ‘cesspit’ vulnerability on eBay’s global sales platform has released a statement saying eBay has yet to fix this vulnerability and makes no plan to in the near future. Melbourn Health Center is still struggling with the QBot that infiltrated the pathology department and drown the system forcing staff to do all processes manually. Lastly, a Forbes insider interview takes a look a what is happening to cybersecurity firm Norse.

12 Chicago Area Restaurants Affected by Massive Credit Card Data Breach – Publication: NBC – Reporter name: Staff

Secure credit card information was compromised at a dozen Chicago area restaurant locations during a massive data breach at Landry’s restaurants and Golden Nugget Casinos nationwide. Findings showed that hackers were able to install a program on payment card processing devices at certain restaurants, food and beverage outlets, spas, entertainment destinations, and managed properties.


Update: eBay ‘cesspit’ has ‘no plans’ to fix severe vulnerability – Publication: SC Magazine – Reporter name: Max Metzger

eBay will apparently not be fixing a ‘severe vulnerability’ on the company’s global sales platform. Check Point Software’s research team apparently disclosed details of just such a vulnerability in mid-December last year.  This ‘severe vulnerability’ allows the bypass of the global bidding platform’s code validation, from which point, any wilful attacker can manipulate the vulnerable code remotely and release malicious javascript code on users. If the vulnerability is left unpatched, Check Point told press in a statement “eBay’s customers will continue to be exposed to potential phishing attacks and data theft.”


Melbourne Health still grappling with Qbot malware – Publication: IT News – Reporter name: Allie Coyne

Melbourne Health is still working to contain a dangerous strain of malware that attacked its systems more than two weeks ago due to the virus’ ability to mutate and hide itself from discovery. On January 18 the health network revealed malicious software had infected Windows XP computers through Royal Melbourne Hospital’s pathology department. The malware downed the hospital’s pathology systems and forced staff into manual workarounds.


Norse Founder Doesn’t Know Whether His Cybersecurity Business Is Still Alive – Publication: Forbes – Reporter name: Thomas Fox-Brewster

The company website is down and a report claiming the firm is imploding might well have hammered down the final nail in the coffin for an information security startup that appeared to be on the up with more than $40 million in VC investment to date. Such is the chaos at Norse, even co-founder and current CTO Tommy Stiansen is in the dark, telling FORBES today he didn’t know whether the firm he set up in 2011 would continue to operate. When asked if the company was still alive, Stiansen responded: “I currently don’t have any view over what’s going on… I haven’t heard anything.”

10Fold – Security Never Sleeps – 37

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: HSBC has been hit by a cyber attack causing its personal banking website and mobile application to shut down, only weeks after a systems failure that left thousands of its customers without access to digital services. Researchers at Kaspersky Lab spotted attackers using malicious Microsoft Word documents distributed via spearphishing emails to spread the Black Energy Trojan in Ukraine. Last year was a record year for malware, according to a new report from Panda Security, with more than 84 million new malware samples collected over the course of the year. A bug exposed an Uber driver’s tax information including her name and social security number to all drivers who logged onto their dashboard in what the company calls, a ‘bug.’

HSBC cyber attack brings Internet banking to its knees – Publication: Financial Times – Reporter name: Emma Dunkley

HSBC has been hit by a cyber attack causing its personal banking website and mobile application to shut down, only weeks after a systems failure that left thousands of its customers without access to digital services. The bank said in a statement that it had “successfully defended against the attack, and customer transactions were not affected.” However by early afternoon on Friday its online banking services were still unavailable to some customers. Alex Kwiatkowski, a senior strategist at software group Misys, said the attack was “very concerning” and “shines a bright spotlight” upon HSBC’s systems weaknesses.


BlackEnergy malware deployed using malicious Word docs – Publication: SC Magazine – Reporter name: Robert Abel

Researchers at Kaspersky Lab spotted attackers using malicious Microsoft Word documents distributed via spearphishing emails to spread the Black Energy Trojan in Ukraine. Russian-speaking threat actors in the BlackEnergy APT group have been using malicious Excel and PowerPoint files to spread the group’s malware since last year but Kaspersky’s Global Research and Analysis Team Director Costin Raiu claimed this was the first time Word documents have been used. The BlackEnergy APT group has been actively targeting energy, government and media in Ukraine, and industrial controls systems supervisory control and data acquisition (ICS/SCADA) and energy companies worldwide.


 27% of all malware variants in history were created in 2015 – Publication: CSO Online – Reporter name: Maria Korolov

Last year was a record year for malware, according to a new report from Panda Security, with more than 84 million new malware samples collected over the course of the year. Trojans continued to account for the main bulk of malware, at 51.45 percent, followed by viruses at 22.79 percent, worms at 13.22 percent, potentially unwanted programs such as adware at 10.71 percent and cases of spyware at 1.83 percent.


‘Bug’ Exposes Uber Driver’s Tax Information, Including Name and Social Security Number – Publication: Forbes – Reporter name: Kelly Phillips

It was an über bad day for one driver who had her personal tax information, including her Social Security number, exposed due to what the drive on demand company is calling a “bug.” When Uber drivers logged on to the Uber partner dashboard to check their own 1099 information for 2015, they instead received information relating to someone else: a Florida woman who also drives for the company. The form in question was a federal form 1099-K, Merchant Card and Third Party Network Payments. Technically, drivers for Uber are not employees which is why they fill out the 1099-MISC. The driver’s 1099-K information remained on the Uber dashboard for a short time and it’s not known how many other drivers might have viewed it during that time. When made aware of the error, the company removed the tax tab on the dashboard altogether while the mistake was corrected.

10Fold – Big Data Business Insights – 22

Your daily digest of “All Things Big Data” gathered, collected and researched by your very own 10Fold Big Data Practice team.

Big Data

10 FOLD ICON 15x15 Within the last couple of years, every industry is starting to look to big data to help add business value. Colleges and universities, have begun to link disparate information from across campus. However, big questions still remain: how will schools use big data for existing privacy and security policies? and how will big data help with a more diverse student population?

Big Data’s Coming Of Age In Higher Education – Forbes

IoT

10 FOLD ICON 15x15 The next wave of automation is here and it involves making the Internet invisible and ubiquitous. One of the more famous applications for IoT whas been innovation in home appliances like the thermostat, which can now be turned on remotely. Surprisingly, retail IoT products like ovens, door locks and baby monitors have yet to find a firm ground among consumers perhaps due to security concerns. At hospitals, IoT will allow a patient’s vital signs to be monitored via a sensor in her hospital bed, and trigger medication and outreach to doctors and nurses at programmed intervals, as well as provide updates to family members. The floodgates to the machine-to-machine (M2M) market have opened up and will only be accelerated going forward.

IoT Ushers In A New Wave Of Automation – PYMNTS

eCommerce

10 FOLD ICON 15x15 eCommerce around the world is growing quickly- in France especially. eCommerce in France was worth 64.9 billion euros last year and could reach the 70 billion euro milestone this year. For 2016, Fevad expects consumers to make nearly 1 billion transactions this year. It is also believed that there will be more than 200,000 eCommerce platforms for the French to choose from by the end of 2016.

10 FOLD ICON 15x15 The Chinese eCommerce powerhouse, Alibaba, is hoping its good third-quarter report will help reassure investors worried about the state of the Chinese economy. Alibaba is benefiting from a shift to mobile spending and a growth in users. Mobile spending accounted for 65 per cent of total China retail revenue, up from 30 per cent last year. Annual active buyers rose 22 per cent to 407 million.

Ecommerce in France was worth €65 billion in 2015 – eCommerce News

Alibaba’s profit jumps on strong eCommerce sales – The Star Business

NFV/ SDN

10 FOLD ICON 15x15 Telecom operators are expected to increase their reliance on software technologies based on NFV and SDN to reduce costs and compete with well established providers. The TBR report claims telecom operators over the next year will look to focus on consolidation and cost-cutting initiatives “to improve the profitability of their enterprise business,” citing recent moves by CenturyLink and Verizon Communications in looking to divest their data centers. Another influences was IBM’s recent acquisition of AT&T’s managed application and hosting service business. TBR also noted carriers were adopting NFV and SDN to reduce costs and gain agility in service offerings.

NFV and SDN core to telecom operators service positioning – RCR Wireless

10Fold – Security Never Sleeps – 36

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: Israel’s Electricity Authority experienced a serious hack attack that officials are still working to repel- though they have identified the virus and the software to neutralize it. A security breach discovered at software Juniper Networks has U.S. Officials worried that foreign hackers have been reading the encrypted communications of U.S. Government agencies for the past three years. Independent security researcher Michael Stepankin has reported a since-patched remote code execution hole in Paypal that could have allowed attackers to hijack production systems. The FBI discussed one if its top attacks based in the UK which offered a terse defense of those sometimes-controversial tactics and described how innocents on the Tor anonymizing network were protected from digital exploits with a human “wall” that sifted hacked data before it landed in the hands of investigators.

Israel’s electric authority hit by “severe” hack attack Publication: ARS Technica Reporter name: Dan Goodin

Israel’s Electricity Authority experienced a serious hack attack that officials are still working to repel, the country’s energy minister said Tuesday. The virus was already identified and the right software was already prepared to neutralize it according to the Israeli Energy Minister, Yuval Steinitz- but the computer systems of the Israeli Electricity Authority are still not working as they should. There’s no indication Israel’s power grid was attacked, though the attack followed five weeks after Ukraine’s power grid was disrupted in what is believed to be the world’s first known hacker power outage.


The Data Breach You Haven’t Heard About Publication: The Wall Street Journal Reporter name: Will Hurd

A security breach recently discovered at software Juniper Networks has U.S. Officials worried that foreign hackers have been reading the encrypted communications of U.S.government agencies for the past three years. On Dec. 17 the California-based Juniper Networks announced that an unauthorized backdoor had been placed in its ScreenOS software, and a breach was possible since 2013. This allowed an outside actor to monitor network traffic, potentially decrypt information, and even take control of firewalls. Days later the company provided its clients—which include various U.S. intelligence entities—with an “emergency security patch” to close the backdoor. The federal government has yet to determine which agencies are using the affected software or if any agencies have used the patch to close the backdoor.


PayPal is the latest victim of Java deserialization bugs in the Web apps Publication: PC World Reporter name: Lucian Constantin

PayPal has fixed a serious vulnerability in its back-end management system that could have allowed attackers to execute arbitrary commands on the server and potentially install a backdoor. Independent security researcher Michael Stepankin has reported a since-patched remote code execution hole in Paypal that could have allowed attackers to hijack production systems. The critical vulnerability affecting manager.paypal.com revealed overnight was reported December 13th and patched soon after disclosure. After determining that the PayPal site was vulnerable to Java deserialization, Stepankin was able to exploit the flaw in order to execute arbitrary commands on its underlying Web server. After he reported the issue to PayPal and it got fixed, the company gave him a reward through its bug bounty program, even though his report was marked as a duplicate.


FBI: A ‘Human Wall’ Protects Innocents From Our Hacking Exploits Publication: Forbes Reporter name: Thomas Fox-Brewster

The FBI doesn’t often publicly discuss its use of Network Investigative Techniques, a catch-all term for digital attacks on suspect computers. But one of its top attaches based in the UK offered FORBES a terse defense of those sometimes-controversial tactics and described how innocents were protected from digital exploits with a human “wall” that sifted hacked data before it landed in the hands of investigators. TorMail was compromised by law enforcement back in 2013 and used to hack customers suspected of involvement in child abuse, according to a Washington Post report. Investigator Michael Driscoll explained to FORBES that, the “wall” was predominantly human, one consisting of people trained to determine what data could be used in an investigation. As the FBI continues to test the waters with fresh hacking techniques, it can expect more of those questions about its activities.