Android malware hammers phones with unwanted ads

Android users in more than 20 countries have been infected with a particularly aggressive malware program that bombards devices with unwanted advertisements.Researchers from FireEye found that the malicious component, nicknamed Kemoge, has been seeded inside what appear to be legitimate apps offered on third-party application stores."This is another malicious adware family, possibly written by Chinese developers or controlled by Chinese hackers, spreading on a global scale that represents a significant threat," wrote Yulong Zhang, a staff research scientist with FireEye.To read this article in full or to leave a comment, please click here

Amazon makes it easier to lock down the cloud

If there's a common refrain in enterprise security these days, it's that nobody wants to become the next Sony, Experian, Scottrade, Target or Home Depot. Moving workloads to a public cloud service means that companies can leave some of the day-to-day work of securing their infrastructure to professionals who manage those services. To read this article in full or to leave a comment, please click here

Amazon makes it easier to lock down the cloud

If there's a common refrain in enterprise security these days, it's that nobody wants to become the next Sony, Experian, Scottrade, Target or Home Depot. Moving workloads to a public cloud service means that companies can leave some of the day-to-day work of securing their infrastructure to professionals who manage those services. To read this article in full or to leave a comment, please click here

Hackers who targeted Samsung Pay may be looking to track individuals

The security breach at Samsung subsidiary LoopPay was probably more about spying than about gathering consumer data for profit, and the worst could be yet to come, a security analyst said Wednesday. Samsung acknowledged the attack on LoopPay, which it acquired in February for technology that it uses in its Samsung Pay service. It said hackers only breached LoopPay's office network, not systems used by Samsung Pay. The affected servers have been isolated and no personal payment information was put at risk, according to Samsung.To read this article in full or to leave a comment, please click here

They’re baaaack! Verizon’s zombie cookies to track users across massive AOL ad network

Remember Verizon’s zombie cookies, hidden super-cookie identifiers that tracked users across the Internet? They’re baaaack! moviemaniacsDE Poltergeist screenshot Verizon was previously caught manipulating users’ traffic by inserting supercookies. “By attaching a Unique Identifier Header to all traffic that passes through their network, Verizon could effectively build profiles about users habits, the sites they visit, and deliver targeted advertisements based on this tracking,” explained EVDO. “This Unique Identifier Header was then popularly renamed the ‘Zombie Cookie’ since even after being deleted, the tracking cookie would be added back to the network and users would be tracked again.”To read this article in full or to leave a comment, please click here

Former NSA chief undercuts FBI’s desire for encryption backdoors

The former head of the NSA says the U.S. is better served by strong encryption than it would be by encryption schemes with backdoors that allow law enforcement to decrypt the content of communications, according to reports, and he should know.Under Michael Hayden’s watch as director of the NSA, the agency exploited back doors into phone switches in Greece in order to spy on calls including those made by the Greek prime minister and the mayor of Athens.The legal-intercept capabilities baked into the switches are supposed to be used only under strict legal supervision, but they can be abused. According to a story by James Bamford for The Intercept, documents stolen by Edward Snowden help show that the NSA took unauthorized advantage of legal-intercept backdoors in the Greek phone system to eavesdrop on what calling parties assumed would be private communications.To read this article in full or to leave a comment, please click here

Arista stock up on review of Cisco patent claims

The U.S. Patent and Trademark Office this week reportedly agreed to consider the validity of two Cisco patents at issue in litigation with data center switching rival Arista Networks.The development boosted Arista stock by over 5% on Tuesday, Oct. 6, according to Bloomberg. Cisco is suing Arista for copyright and patent infringement, and is seeking an injunction on the sale of Arista products that allegedly infringe on the Cisco patents.To read this article in full or to leave a comment, please click here

Non-technical manager’s guide to protecting energy ICS/SCADA

Sophisticated cyber-attacks known as Advanced Persistent Threats (APT) are a growing challenge to the energy sector of our nation’s critical infrastructure. These attacks can largely be attributed to well-funded, dedicated nation-state actors.APT attacks against Industrial Control Systems (ICS) and to Supervisory Control and Data Acquisition (SCADA) systems are increasing; the U.S. Department of Homeland Security (DHS) Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) cited ICS/SCADA and control system networks as one of the top two targets for hackers and viruses. These vulnerabilities begin with the human interface (13% of vulnerabilities required local access) and end with the actual Internet-facing ICS/SCADA hardware (87% of vulnerabilities are web-accessible).To read this article in full or to leave a comment, please click here

Attackers target OWA for domain credentials

A targeted attack against Outlook Web Application (OWA) illustrates how far adversaries will go to establish persistent control over the organization's entire network.As seen in recent breaches, attackers typically use stolen credentials or malware to get a foothold on the network, and then target the domain controller. Once attackers successfully compromise the domain controller, they can impersonate any user and move freely throughout the enterprise network. Since the OWA server, which provides companies with a Web interface for accessing Outlook and Microsoft Exchange, depends on the domain controller for authentication, whoever gains access to the OWA server automatically wins the domain credentials prize.To read this article in full or to leave a comment, please click here

Zappos’s Website Frozen for Two Years as it Integrates with Amazon

Here's an interesting nugget from a wonderfully written and deeply interesting article by Roger Hodge in the New Republic: A radical experiment at Zappos to end the office workplace as we know it:

Zappos's customer-facing web site has been basically frozen for the last few years while the company migrates its backend systems to Amazon's platforms, a multiyear project known as Supercloud.

It's a testament to Zappos that they still sell well with a frozen website while most of the rest of the world has adopted a model of continuous deployment and constant evolution across multiple platforms.

Amazon is requiring the move, otherwise a company like Zappos would probably be sensitive to the Conway's law implication of such a deep integration. Keep in mind Facebook is reportedly keeping WhatsApp and Instagram independent. This stop the world plan must mean something, unfortunately I don't have the strategic insight to understand why this might be. Any thoughts?

The article has more tantalizing details about what's going on with the move:

1 3,311 3,312 3,313 3,314 3,315 3,859