SAP patches login flaw in ASE database

SAP patched a flaw on Thursday that could allow an attacker to take complete control over a database, according to security vendor Trustwave.The flaw (CVE-2014-6284) affects SAP’s Adaptive Server Enterprise (ASE), a relational database for Unix, Linux and Windows systems, designed for high volumes of data-rich transactions. Vulnerable versions are 12.5, 15, 15.5, 15.7 and 16.TrustWave’s Martin Rakhmanov, a senior security researcher, found an error in the challenge and response mechanism used to access ASE. The account access gained is not a privileged account, but TrustWave said other flaws allow the privileges to be escalated to that of a database administrator.To read this article in full or to leave a comment, please click here

Hackers exploit Magento e-commerce vulnerability

Those using Magento’s e-commerce platform should ensure they’re using its latest software, as attackers are increasingly exploiting a flaw patched two months ago, security companies warned.The vulnerability can allow an attacker to gain complete control over a store with administrator access, potentially allowing credit card theft, wrote Netanel Rubin of Check Point’s Malware and Vulnerability Research Group. As many as 200,000 websites use Magento, which is owned by eBay.Check Point, which found the flaw, reported it to Magento, which issued a patch (SUPEE-5344) on Feb. 9. Since Check Point revealed the flaw earlier this week, it appears attackers have picked up on it and are trying to find unpatched applications.To read this article in full or to leave a comment, please click here

Of Phishing Attacks and WordPress 0days

Proxying around 5% of the Internet’s requests gives us an interesting vantage point from which to observe malicious behavior. It also make us a target. Aside from the many, varied denial of service attacks that break against our defenses we also see huge number of phishing campaigns. In this blog post I will dissect a recent phishing attack that we detected and neutralized with the help of our friends at Bluehost.

An attack that is particularly interesting as it appears to be using a brand new WordPress 0day.

A Day Out Phishing

The first sign we typically see that shows a new phishing campaign is underway are the phishing emails themselves. There's general a constant background noise of a few of these emails targeting individual customers every day. However when a larger campaign starts up, typically that trickle turns into a flood of very similar messages.

Messages like this one:
Example Phish Note — We will never send you an email like this. If you see one, its fake and should be reported to our abuse team by forwarding it to [email protected].

In terms of the phishing campaign timeline, these emails aren’t the first event. Much like a spider looking to Continue reading

Acer Aspire Switch 10 saved by the dock

Acer’s new Aspire Switch 10 seems like just another low-cost Windows tablet, but its detachable keyboard dock turns the device into a shape-shifter that can stand in multiple angles.The Switch 10 is first a tablet, and it can become a laptop when attached to a keyboard dock. Acer announced two Switch 10 models at a lavish press event in New York, with the entry-level Switch 10 E SW3-013 starting at US$279 and the higher-resolution Switch 10 SW5-015 starting at $399.A brief hands-on with the Switch 10 revealed what’s most interesting about the device. Its biggest attraction is the detachable keyboard dock, which comes alongside the tablet. The tablet can be securely snapped on the dock, which has a 360-degree hinge that allows the device to be placed in multiple positions.To read this article in full or to leave a comment, please click here

Microsoft results get a lift from Office 365 and Azure

Microsoft has reported better-than-expected financial results for the quarter just ended, helped by strong sales of cloud services like Office 365 and Azure.Commercial cloud revenue more than doubled from a year earlier, the company announced Thursday, and online services like Bing and Xbox Live performed well.The results were hurt by the weak PC market, however, with sales of Microsoft’s Windows and Office software both declining. That meant that while sales were strong, profits declined from last year.In a statement, CEO Satya Nadella talked of “incredible growth across our cloud services.”To read this article in full or to leave a comment, please click here

Google sales hit a speed bump in Q1

Google’s sales rose 12 percent during the first quarter, the slowest rate of revenue growth since 2013, while the amount it charges for ad clicks continued to drop.Total sales for the period ending March 31 came in at US$17.3 billion, missing consensus expectations of $17.5 billion from analysts polled by Thomson Financial Network.After subtracting traffic acquisition costs, the portion of revenue paid to partners that distribute its ads, Google’s sales were $13.9 billion, the company reported Thursday.To read this article in full or to leave a comment, please click here

Amazon says its cloud is ‘a $5 billion business’

Amazon has finally shared some numbers about its cloud business, and not surprisingly they show that it’s thriving and profitable.Amazon Web Services brought in US$1.566 billion in net sales for Amazon’s first quarter, it said Thursday, up 49 percent from $1.05 billion AWS generated the same time a year ago. For this quarter, AWS netted a profit of $265 million, up from $245 million a year ago.AWS is a $5 billion business “and still growing fast—in fact it’s accelerating,” Amazon CEO Jeff Bezos was quoted as saying in a press release. He also called the group an “example of how we approach ideas and risk-taking at Amazon.”AWS now generates nearly 7 percent of Amazon’s total revenue. Overall, Amazon’s net sales for the quarter, which ended March 31, totaled $22.7 billion, up 15 percent from the $19.7 billion collected in the same period a year earlier. The company posted a net loss of $57 million in this first quarter, down from the $108 million it lost in last year’s first quarter.To read this article in full or to leave a comment, please click here

Google Fi: From disruptive to meh

This week's unveiling of Google's Project Fi, the search-messaging-phone-collaboration-broadband company's effort to shake up the wireless market in order to encourage people to use more of its services, has generated widespread reaction even though relatively few people will be eligible to use the service out of the gate.The general consensus seems to be that Google's latest experiment isn't revolutionary (for example, "Meh: Google launches disappointing Project Fi MVNO"). No, it isn't the first mobile virtual network operator (MVNO) to let you pay only for the data you use or bop between WiFi and cellular.  But it still has the potential to mess with the biggest wireless service providers' status quo.To read this article in full or to leave a comment, please click here

Credit card terminals have used same password since 1990s, claim researchers

While retailers battle breaches that have resulted in tens of millions of credit card numbers stolen, word comes from the RSA Conference in San Francisco that a major vendor of payment terminals has been shipping devices for over two decades with the same default password.The vendor wasn’t named by the researchers, David Byrne and Charles Henderson, but they did disclose the password: 166816.A Google search reveals that’s the default password for several models of credit card terminal sold by Verifone, a Silicon Valley-based vendor that says it connects 27 million payment devices and has operations in 150 countries.Verifone didn’t immediately comment on the claim.To read this article in full or to leave a comment, please click here

DOD wants to rebuild trust with the technology industry

The U.S. Department of Defense must rebuild trust with Silicon Valley because it needs new technology partners to fight against cyberattacks, Secretary of Defense Ashton Carter said Thursday.The DOD is looking to build its defensive cybersecurity capabilities with help from technology vendors, but the military also will deploy offensive measures when its warranted, Carter said in a speech at Stanford University.The department sees its cybersecurity role as largely focused on defense, but “adversaries should know that our preference for deterrence and our defensive posture don’t diminish our willingness to use cyber options if necessary,” he said.To read this article in full or to leave a comment, please click here

Enterprise software vendors ready Apple Watch apps

Enterprise software vendors are betting the Apple Watch will find a use in the business world and this week announced apps for the smartwatch, which will become available to consumers on Friday.While many of the initial Apple Watch business apps carry out the same functions of their iPhone counterparts, companies emphasized that glancing at your wrist to obtain information is easier than reaching for a smartphone.Blue Jean Networks created an app that reminds people about upcoming meetings and shows them their meeting schedule. The app, which works in conjunction with the company’s cloud-based video conferencing service, also has features that are designed specifically for the watch, like a function that counts down the time until a person’s next meeting and the ability to access a meeting by pressing the watch’s face. Like all Apple Watch apps, Blue Jeans’ app, which was announced today, must be paired with an iPhone to work.To read this article in full or to leave a comment, please click here

Cisco VIRL NXOSv NXAPI Update

Cisco officially announced the April release of VIRL the announcement and upgrade instructions can be found here. Some of the highlights from the upgrade are: ISOv is now up to version 15.2(2)T ...

[[ Summary content only, you can read everything now, just visit the site for full story ]]

Comcast said to abandon Time Warner merger plan

Comcast has abandoned plans to merge with Time Warner Cable, according to a Bloomberg News report on Thursday.The report quoted “people with knowledge of the matter” and said a formal announcement could be made as soon as Friday.The decision, which was not immediately confirmed by the companies, came a day after the Federal Communications Commission referred the proposed deal to a hearing in front of a judge—a move that had been viewed as a “death sentence” for the plan because of the time and effort it would have taken.The U.S. Department of Justice was also reported to be leaning towards blocking the merger on antitrust grounds should it have received FCC clearance.To read this article in full or to leave a comment, please click here

Comcast abandons $45B Time Warner merger plan

Comcast has abandoned plans to merge with Time Warner Cable.Comcast Chairman and CEO Brian Roberts said in a statement: "Today, we move on. Of course, we would have liked to bring our great products to new cities, but we structured this deal so that if the government didn’t agree, we could walk away.Comcast NBCUniversal is a unique company with strong momentum. Throughout this entire process, our employees have kept their eye on the ball and we have had fantastic operating results. I want to thank them and the employees of Time Warner Cable for their tireless efforts.I couldn’t be more proud of this company and I am truly excited for what’s next."To read this article in full or to leave a comment, please click here

Open Networking: Worth the Learning Curve

When’s the last time you had the opportunity to learn about a new area of technology? Not just the latest API but something big. With the emergence of open networking, now may be the time to do just that.

Open networking is becoming more wide spread in data centers, partly because of CapEx savings and customer choice from disaggregation of hardware and software. From an operational standpoint, the efficiencies of automating and managing switches like servers may be even more compelling. Those efficiencies – and resulting OpEx savings – are from using a real Linux OS for the network.

As a Linux operating system running network switches, Cumulus Linux presents a learning opportunity for two specific groups of users: network administrators who are new to Linux, and Linux administrators who are new to networking. Open networking represents a radical improvement in network management, but as with most major changes, there’s a learning curve.

Learning a new language (but still saying the same things).

Leaving IOS, NX-OS, or JunOS for Cumulus Linux means rediscovering how to perform tasks that network administrators have been doing the same way for years. This often means tweaking existing knowledge to understand where familiar commands Continue reading

1 3,523 3,524 3,525 3,526 3,527 3,841