Faulkner Flash
Faulkner Flash is an enterprise IT news digest covering major events and product announcements from the past week.
Copyright 2016, Faulkner Information Services. All Rights Reserved.
Docid: 00024833
Publication Date: 11/04/2016
Publication Type: FLASH
Preview
Faulkner Flash is a weekly news summary covering computer systems
and software, networking, convergence, and communications. This Faulkner Flash covers
the period 10/31/2016 to 11/04/2016.
Report Contents:
- Top Stories of The Week
- Acquisitions & Divestitures
- Alliances & Joint Ventures
- Cloud Computing
- Data Breaches
- Development Software
- Enterprise Application Software
- Financial
- Government Contracts
- Healthcare Systems
- Malware Watch
- Mobile Apps
- Personnel and Organization
- Security Flaws & Fixes
- Security Products & Companies
- Servers
- Smartphones
- Standards
- Storage
- Web Commerce
Top Stories of the Week
[return to top of this report]
As Low-Cost Detachables Flood Market, Tablet Shipments Still Down (10/31/2016)
Preliminary data from the International Data Corporation’s (IDC) Worldwide Quarterly Tablet Tracker indicates the tablet market continued its slump in the third quarter of 2016 as
vendors shipped 43 million units. This represents a year-over-year decline of 14.7 percent. One bright spot in the findings is that total shipments were actually up 9.8 percent over the second quarter of this year. This is due to the bigger vendors such as
Apple, Samsung, and Amazon laying in stock for the holiday quarter. Low-cost (sub-$200) detachables reached an all-time high as vendors like RCA
flooded the market, according to IDC. “Unfortunately, many low-cost detachables also deliver a low-cost experience,” said Jitesh
Ubrani, senior research analyst with IDC’s Worldwide Quarterly Mobile Device Trackers. “The race to the bottom is something we
have already experienced with slates and it may prove detrimental to the market in the long run as detachables could easily be seen as disposable devices rather than potential PC replacements.”
Google Goes Public with Zero-Day Windows Kernel Bug Tied to Russians (10/31/2016)
Google disclosed a zero-day bug in Windows after Microsoft failed to release an
advisory or fix for the vulnerability within 10 days. The vulnerability is being actively exploited and is a local privilege escalation in the Windows kernel that can be used as a security sandbox escape. Microsoft said that the threat entity known as
Sofacy (aka APT28, Sednit, and Strontium), which is believed to have ties to Russia’s military, is behind the attacks that are exploiting this vulnerability. A statement from Microsoft read, “We believe in coordinated vulnerability disclosure, and today’s disclosure by Google puts customers at potential risk.” Google typically has a
60-day disclosure policy for vulnerabilities from vendor notification to information release, but will disclose vulnerability details in seven days if the bug is being actively exploited. Microsoft is coordinating with both Google and Adobe to create a patch, which is expected on November 8.
Amazon Eyeing Southeast Asia Operations in 2017 (11/01/2016)
Amazon is preparing its initial effort to provide local services in Southeast Asia, according to TechCrunch. Residents of Singapore may soon be able
to take advantage of Prime membership and its associated delivery perks, and thoughts of providing access to the AmazonFresh grocery service in the city-state are on the board as well. Sources tell TechCrunch that the company has invested in a fleet of
refrigerated trucks as part of the effort. While online retail in Southeast Asia amounts for just five percent of consumer spending, according to the article the digital economy of the region “is tipped to grow significantly over the next decade.” Sources
indicate that services could begin rolling out to the Singapore population in the first quarter of 2017.
Acquisitions & Divestitures
[return to top of this report]
Accenture Acquires Consulting Firm Redcore (11/02/2016)
Accenture acquired Redcore, a private consulting company that specializes in providing identity and access management services (IAM); security services for cloud-based infrastructure; and other services for network
management, public key infrastructure, cyber-defense, and the IoT (Internet of Things). This transaction is expected to enhance Accenture’s existing IAM services and security “as-a-service” capabilities, in addition to extending the company’s critical
cyber-defense services. The acquisition’s terms were not disclosed.
Accenture Closes Acquisition of Consulting Services Company Kurt Salmon (11/02/2016)
Accenture purchased Kurt Salmon, a Management Consulting Group subsidiary that offers global strategy consulting services for the retail industry. This transaction includes more than 260
employees, worldwide, who will join the Accenture Strategy retail industry practice. The acquisition terms were not announced.
Accenture Completes Acquisition of 2nd Road (10/31/2016)
Accenture bought 2nd Road, a strategic consultancy firm that specializes in design-thinking methodology for strategy creation. The transaction is expected to allow Accenture Strategy to combine its strategic analytical
thought process with support for crafting propositions and services through human-centered co-design. The acquisition terms were not released.
Accenture Purchases Realworld OO Systems (11/01/2016)
Accenture acquired Realworld OO Systems, a company that offers GIS (geographic information system) technology for helping digitize and optimize electricity, water, and natural gas networks. The transaction is expected to expand Accenture’s end-to-end
portfolio of smart grid services and accelerate its plans to grow digital consulting services in Europe. The terms of this acquisition were not disclosed.
HPE Completes Acquisition of SGI (11/01/2016)
Hewlett Packard Enterprise (HPE) completed the acquisition of SGI, a vendor that offers compute, data analytics, and data management technology. This $7.75 per-share transaction will allow HPE to better
compliment its mission-critical and high-performance computing server segment products, including in-memory, high-performance data analytics and HPC technology. SGI has 1,100 employees worldwide.
IBM Acquires Fluid’s Expert Personal Shopper Division (11/01/2016)
IBM closed the acquisition of Fluid‘s Expert Personal Shopper (XPS) division to bolster IBM iX (Interactive Experience) and its commerce capabilities. This unit provides digital customer experience technology such as the XPS solution, a dialogue-based
product-recommendation platform that applies Watson technology to improve product discovery. The terms of this transaction were not released.
Intel to Buy VR Technology Company VOKE (11/03/2016)
Intel revealed that it plans to acquire VR (virtual reality) technology developer VOKE. This transaction is expected to allow Intel to better innovate and scale its immersive sports business for a more “personalized, fully
immersive VR experience.” The terms of this acquisition were not disclosed.
Alliances & Joint Ventures
[return to top of this report]
Intel Security Innovation Alliance Adds Check Point, Huawei as Partners (11/03/2016)
Intel Security announced that Check Point Software Technologies and Huawei Technologies joined the Intel Security Innovation Alliance.
This partnership focuses on providing a “truly integrated, connected security ecosystem” for “cybersecurity infrastructure.”
Cloud Computing
[return to top of this report]
Adobe Unveils Sensei Framework, Intelligent Services (11/02/2016)
Adobe Systems announced its new Sensei framework and intelligent services set. Adobe’s Sensei is designed to help improve the design and delivery of digital “experiences” by offering features for image matching; understanding document meaning and
sentiment; and targeting audience segments by leveraging machine learning, AI (artificial intelligence), and deep-learning capabilities. It is specifically available for the Adobe Creative Cloud, Document Cloud, and Marketing Cloud.
AWS Debuts Plans for Second Ohio-Based Wind Farm (10/31/2016)
Amazon Web Services (AWS) announced the latest venture in its commitment to achieving 100 percent renewable energy usage with the Wind Farm US Central 2 project.
The 189 megawatt (MW) wind farm will be located in Hardin County, Ohio, and will generate 530,000 megawatt hours (MWh) of wind energy annually starting in December 2017. Amazon has partnered with EverPower, a company specializing in utility grade wind
projects, to construct, own, and operate the new wind farm. This is AWS’s fifth renewable energy project in the United States and its second wind farm in Ohio. The power generated will deliver energy onto the electric grid powering AWS data centers located
in the new AWS US East (Ohio) and the AWS US East (N. Virginia) Regions. When the new facility is brought online, Amazon says that AWS’s five renewable energy sites will generate a total of 2.2 million MWh of energy annually – enough to power almost
200,000 US homes.
Microsoft Adding “Microsoft Teams” to Office 365 (11/02/2016)
Microsoft is incorporating a new chat-based workspace – called “Microsoft Teams” – to its cloud-based Office 365 service. This function is designed to bring “together people, conversations and content” in addition to providing collaboration tools.
Microsoft Teams is now available for preview in 181 countries and 18 languages, with general availability expected to follow during the “first quarter of 2017.”
Microsoft Introduces Azure Relay, Hybrid Connections (11/02/2016)
Microsoft introduced its new Azure Relay service, which is available as either a standalone offer or as part of the Azure Portal, as well as a public preview version of its cross-platform, open-protocol version, Hybrid Connections. These services are
designed to help manage, monitor, and connect to resources and services that reside behind a firewall in one’s on-premise setup with cloud-based and other services.
Microsoft Releases BizTalk Server 2016 (10/31/2016)
Microsoft released its BizTalk Server 2016 software update for automating business processes. This application leverages support for third party platforms, and offers new features such as the unified BizTalk Administration console; reinforced on-premise
application integration; improved control for adopting cloud-based applications; and added flexibility for adopting a hybrid approach. In particular, the software extends support for connecting to SaaS (Software-as-a-Service) applications or running
BizTalk Server on Azure to support production environments.
Microsoft Rolls Out Azure Government Documentation (10/31/2016)
Microsoft released Azure Government Documentation software. The Azure Government Documentation offering was created to help government agencies and their partners to transition mission-critical workloads to a cloud-based infrastructure, in addition to
providing information about using services such as Marketplace, Portal, and PowerShell in Azure Government.
Microsoft to Offer Dynamics 365 App for Outlook (10/31/2016)
Microsoft announced that it will include a new Dynamics 365 App for Outlook as part of Dynamics 365. This app – which includes capabilities for helping users be “more productive and efficient” – provides access to Dynamics 365 data using Outlook. The app
also offers support for linking e-mails and Dynamics 365 records, as well as syncing Outlook contacts and Dynamics 365 accounts.
Microsoft Unveils PowerApps, Flow Services (10/31/2016)
Microsoft released new PowerApps and Flow services worldwide. The new services are designed to help “non-developers” build Web-based and mobile business applications without coding; and automate business processes through streamlined configuration,
respectively. The releases will be included as part of Dynamics 365, and will be included in Office 365 Enterprise, Business Premium, and Essentials subscriptions.
Microsoft, Fortinet Extend Partnership Agreement for Cloud-Based Government Security (10/31/2016)
Microsoft and Fortinet extended their partnership to focus on securing cloud-based environments for US government customers. This renewed agreement will see Fortinet’s Security
Fabric solutions included in the Azure Government Cloud platform to provide security, threat intelligence, and improved visibility to detect, isolate, and respond to threats in real time.
Data Breaches
[return to top of this report]
Australian Blood Donors Affected by Red Cross Data Breach (10/31/2016)
The biggest data breach to hit Australia came about after a database backup file containing more than 1.2 million donor records for about 550,000 different individuals for the Australian Red Cross Blood Service was left exposed. Troy Hunt, who runs the HaveIBeenPwned Web site, was given the file by an individual who had stumbled across it. Hunt checked the data and after removing duplicates noted that it contained the information for more than 550,000 Australians.
OCC Notifies Congress of Unauthorized Removal of Data (10/31/2016)
The Office of the Comptroller of the Currency (OCC) notified Congress and other federal agencies of a data breach that resulted after a former employee downloaded a large number
of files onto two removable thumb drives prior to his retirement and when contacted, was unable to locate or return the thumb drives to the agency. The downloads occurred in November 2015 and were first detected on September 1, 2016 during an OCC-initiated
retrospective review of employee downloads. The OCC did not reveal how many individuals had their information exposed, but it is expected that more than 10,000 records were accessed and that the devices containing the information are not recoverable.
Development Software
[return to top of this report]
Microsoft Releases Browser Preview Version of WebAssembly Standard (10/31/2016)
Microsoft released a “browser preview” version of the WebAssembly standard, a portable binary compiler target for offering near-native performance on the Web. Support is available in Microsoft Edge, and is being developed at the open-source ChakraCore
project repo. Microsoft’s developer community will continue to provide feedback on design.
Enterprise Application Software
[return to top of this report]
Dell EMC Publishes Documentum ECM Repository Beta (11/01/2016)
Dell EMC’s Enterprise Content Division (ECD) released a beta version of the Documentum Platform enterprise content management repository. This v7.3 update offers support for streamlining the delivery and deployment of new applications and enabling a
“cloud-first” strategy. The release includes database and OS enhancements; open-source server stack functionality; support for open-source software such as Linux OS and PostgreSQL database; and application container support for Docker. The Documentum 7.3
ECM repository is available through Dell’s beta program, and will be generally available “before December 31, 2016.”
Dell EMC Updates LEAP Platform (11/01/2016)
Dell EMC’s Enterprise Content Division (ECD) introduced an update to its LEAP Platform, as well as two LEAP content-management apps. The LEAP content-management platform is designed to offer “deep” enterprise-grade content services for creating apps,
extending off-the-shelf LEAP apps, and integrating them with third-party ISVs. The LEAP content platform includes the same set of micro-services used to build LEAP apps that are now available through a beta program. ECD also released two content-management
apps: LEAP Focus, for reading and reviewing content using a mobile device; and LEAP Express, for supporting digital approval workflows.
Microsoft Offers Dynamics NAV 2017 Update (10/31/2016)
Microsoft released its updated Dynamics NAV 2017 software for improving efficiency, streamlining business processes, and helping better react to changing business needs with intelligent insight. This version includes extended insight with embedded Power
BI reports and dashboards; real-time access to KPIs (key performance indicators); support for generating self-service reports from trusted data sources; and access to Power BI tools from within the role center.
Microsoft Releases SQL Server Migration Tools (10/31/2016)
Microsoft released Data Migration Assistant 2.0 and a public preview of Database Experimentation Assistant. The free software sets were created to help facilitate upgrading and migration from earlier versions of SQL Server. The Database Migration
Assistant tool is designed to detect compatibility issues that impact database functionality after upgrade; while the Database Experimentation Assistant can gather performance insight for upgrades by conducting experiments across two SQL Server versions
using production workloads. Further details are available via the SQL Server Blog.
Financial
[return to top of this report]
AmerisourceBergen Posts Positive Earnings for 12-Month Period (11/02/2016)
AmerisourceBergen rebounded from its year-ago net losses to post profits for the 2016 full fiscal year ended September 30, 2016. The company’s 12-month earnings totaled $1.4 billion, or $6.32 per share, compared to fiscal 2015 net losses of $138 million,
or $0.63 per share. Full-year revenues were $147 billion, which was up 8% from fiscal 2015 sales of $136 billion. For the fourth quarter, AmerisourceBergen posted earnings of $146 million, or $0.64 per share. This amount was down 60% from a fiscal 2015
fourth quarter net income of $363 million, or $1.56 per share. Q4 revenues totaled $37.6 billion, which was up 6% from fiscal 2015 fourth quarter sales of $35.5 billion.
Booz Allen Hamilton Sees Modest Quarterly Profit, Revenue Growth (11/02/2016)
Booz Allen Hamilton reported modest growth in its profits and revenues, year to year, for the fiscal 2017 second quarter ended September 30, 2016. The firm reported earnings of $63 million, or $0.41 per share, which was up 13% from a fiscal 2016 second
quarter net income of $56 million, or $0.37 per share. Revenues, meanwhile, were $1.4 billion, which was up 8% from fiscal 2016 second quarter sales of $1.3 billion.
Check Point Software Announces Q3 2016 Financials (10/31/2016)
Check Point Software has reported total revenues of $428 million USD for the third quarter of 2016, as compared to $404 million in the corresponding quarter one year ago. GAAP net income was $170 million, or $0.99 per diluted share for the third quarter
of 2016,
McKesson Reports 49% Decline in Quarterly Earnings Per Share (10/31/2016)
McKesson reported a 49% dropoff in per-share earnings for the fiscal 2017 second quarter ended September 27, 2016. EPS totaled $1.35 for this three-month period, compared to fiscal 2016 second quarter earnings per share of $2.65. Revenues, meanwhile,
were $50 billion, which was up 2% from fiscal 2016 second quarter sales of $48.8 billion.
Qualcomm Posts 51% Earnings Growth (11/03/2016)
Qualcomm revealed that it experienced 51% year-to-year earnings growth for the fiscal 2016 fourth quarter ended September 25, 2016. The chipmaker’s profits were $1.6 billion, or $1.07 per share, compared to a fiscal 2015 fourth quarter net income of $1.1
billion, or $0.67 per share. Revenues, meanwhile, were $6.2 billion, which was up 13% from fiscal 2015 fourth quarter sales of $5.5 billion. Full-year earnings, meanwhile, were $5.7 billion, or $3.81 per share, which is up 8% from fiscal 2015 profits of
$5.3 billion, or $3.22 per share. Qualcomm’s revenues were $23.6 billion, which is down 7% from fiscal 2015 full-year sales of $25.3 billion.
Government Contracts
[return to top of this report]
Accenture Federal Services Contracted by Health Resources and Services Administration (10/31/2016)
Accenture Federal Services) was selected to provide operations and maintenance support for the Health Resources and Services Administration’s (HRSA) electronic handbooks system. This one-year, $15.5
million contract also includes four single-year options for a total value of $81.3 million.
Healthcare Systems
[return to top of this report]
IBM Watson Health, Celgene to Offer Joint Service (11/01/2016)
IBM Watson Health and Celgene reached a collaboration agreement to develop a new Watson for Patient Safety service for helping collect, assess, monitor, and report adverse drug
reactions. This offering combines Watson cognitive computing and Celgene drug safety and risk management technology, and is available via the Watson Health Cloud.
Malware Watch
[return to top of this report]
A New DDoS Malware Capable of Hitting IoT Devices Makes Its Debut (10/31/2016)
MalwareMustDie has discovered a new IRC botnet ELF malware, that is used for performing distributed
denial-of-service (DDoS) attacks via IRC botnet. The malware is designed to aim Internet of Things (IoT) devices via telnet protocol, by using its originally coded telnet scanner function, which is brute-forcing the known vulnerable credential of the Linux
IoT boxes, via a command sent from a CNC malicious IRC server. The malware is called Linux/IRCTelnet and is written in C++.
Android Banking Trojan Pretends to Be Flash Player App (11/02/2016)
Mobile banking apps are being infected with an Android Trojan and affecting banks in the United States, Germany, France, Australia, Turkey, Poland, and Austria. The malware masquerades as a Flash Player app, according to Fortinet, and can steal login credentials from 94 different mobile banking apps. Due to its ability to intercept SMS communications, the malware is also able to bypass SMS-based two-factor authentication.
Kaspersky Lab Analyzes DDoS Attacks in Q3 (10/31/2016)
Resources in 67 countries (vs. 70 in Q2) were targeted by distributed denial-of-service (DDoS) attacks in Q3 2016 while SYN DDoS, TCP DDoS, and HTTP DDoS remain the most common DDoS attack scenarios. The longest DDoS attack in Q3 2016 lasted for 184 hours
(or 7.6 days). This information comes from Kaspersky Lab‘s DDoS Intelligence Report for
Q3.
Kaspersky Lab Pushes Ransomware Victims Not to Pay to Recover Files (11/01/2016)
Results from Kaspersky Lab‘s Consumer Security Risks Survey show that 20% of ransomware victims
in North America claimed they did not get their files back even when they paid the cybercriminals. The study also found that globally, 36% of victims choose to pay a ransom to release their files after a ransomware attack. Kaspersky Lab recommends users
stop paying ransoms to criminals and instead look for other ways to recover their data.
Mirai Botnet Can Be Exploited to Halt Attacks (10/31/2016)
Scott Tenaglia, a researcher at Invincea, has found vulnerabilities in the Mirai botnet that can be used to deflect attacks from it. A stack buffer overflow vulnerability in the HTTP flood attack code for Mirai can
be exploited to cause a segmentation fault to occur, crash the process, and terminate the attack from that bot. Tenaglia said that while the exploit cannot be used to remove the botnet from the infected device, it can halt attacks originating from the
device.
New Nymaim Variant Delivers Sophisticated Delivery, Blacklisting (10/31/2016)
Verint has discovered an unknown variant of the Nymaim malware family, a group of threats that is also capable of downloading various malicious payloads onto the affected device, ranging from ransomware to banking
Trojans. Nymaim first appeared in 2013 and was delivered via drive-by downloads, but the new variant is distributed by spear phishing campaigns. The new version of Nymaim offers obfuscation techniques, PowerShell usage, and a type of blacklisting.
RAT Provided by Pastebin Page (10/31/2016)
A malicious dropper that downloads its payload, which turns out to be a remote access Trojan (RAT) with keylogger capabilities, has been uncovered on Pastebin by Malwarebytes. The dropper is called “VMWare.exe”
and when it runs, it connects to a specific Pastebin page.
Rex Botnet May Be Small But Still Packs a Punch (10/31/2016)
A researcher at Stormshield Security has analyzed the Rex Linux malware which controls a botnet of about 150
devices. Rex is a hybrid between a malware and a tool and tries to infect servers through Web-based exploits. Rex looks more like an “experimental botnet,” the researcher said.
Sundown Ramps Up as Other Exploit Kits Die Off (11/02/2016)
While the Angler, Nuclear, and Neutrino exploit kits (EKs) have shuttered to stop their spread of malware, Cisco‘s Talos researchers say that the Sundown EK has ramped up with 80,000 malicious subdomains associated with
more than 500 domains leveraging various registrant accounts. Sundown can evade blacklisting and the subdomains it uses are recycled to help avoid being detected.
Mobile Apps
[return to top of this report]
Amazon’s Rapids Provides Chat-Style Stories for Young Readers (11/02/2016)
The latest development in Amazon‘s efforts to improve childhood learning and literacy comes in the form of Amazon Rapids, a
new app that helps kids learn to read by presenting engaging material in the form of text messages. The illustrated stories on Rapids are told through the lens of characters chatting with each other, from an alien texting about invading Earth to two
chickens debating if they should cross the street. Story types aimed at readers aged 7 to 12 include adventure, fantasy, humor, mystery, science fiction, and sports. Age-appropriate content and key features like the built-in glossary and “read to me” mode
are designed to help build confident, independent readers. The app is available for iOS, Android, and Amazon Fire devices and offers hundreds of original stories with dozens of new ones added monthly. Parents who sign
up now can subscribe at a special introductory rate of $2.99 per month to give their kids unlimited access to the material.
Personnel and Organization
[return to top of this report]
Accenture Appoints Former Adidas CEO as Director (11/02/2016)
Accenture appointed Herbert Hainer to its Board of Directors, effective immediately. Hainer is the former CEO and chairman of adidas, a position from which he retired in September. This executive – who will serve on the Compensation and Finance
Committees – will be subject to re-appointment at the next Accenture annual general meeting of shareholders.
Cisco Extends Cisco ONE Software Program Coverage to Advanced Security (11/01/2016)
Cisco Systems extended its software licensing program – Cisco ONE Software – into advanced security. This program is designed to give customers a “simple and flexible way to consume Cisco’s software capabilities for infrastructure.” Cisco ONE Advanced
Security, in particular, will focus on streamlining the purchase of installing infrastructure security within the Data Center, WAN, and Access domains. The program will offer Cisco’s new Threat Defense for Data Center; Threat Defense for WAN and Edge; and
Policy and Threat Defense for Access software suites.
Siemens Names next47 Leader (11/02/2016)
Siemens appointed Lakshmikanth Ananth to lead its newly established next47 startup unit, effective November 15, 2016. The next47 group will focus specifically on five fields of innovation: AI (artificial intelligence),
autonomous machines, distributed electrification, connected mobility, and blockchain applications. Ananth joins Siemens from HPE and, prior to that, was an executive with Cisco Systems.
VMware Chooses New SVP, GM, Americas Region (11/01/2016)
VMware appointed Brett Shirk as SVP and GM of the Americas region, effective immediately. Shirk is responsible for strategic planning, business operations, go-to-market strategy, and the management of VMware’s business in the US, Latin America, and
Canada, and will report directly to EVP, Worldwide Sales, Maurizio Carli. Shirk is a former exec with Veritas Software, Symantec, and BMC Software.
Security Flaws & Fixes
[return to top of this report]
Apple’s iOS Gets an Update (11/01/2016)
Apple has released iOS 10.1.1. This update fixes vulnerabilities in earlier versions.
Belkin Patches Firmware Bugs in WeMo Products (11/02/2016)
A vulnerability in Belkin‘s WeMo home automation firmware could give an attacker local network access to various Internet of Things (IoT) devices like security cameras and lighting, the research team at Invincea has noted. Another bug related to the WeMo app could enable an attacker to inject and execute malicious JavaScript to take control of IoT devices. Belkin was notified of the vulnerabilities in August and
released updated firmware in September.
BIND Receives Updates for Critical Bug (11/01/2016)
The Internet Systems Consortium (ISC) has posted updates due to a defect in BIND’s handling of responses containing a DNAME answer which can cause a resolver to exit
after encountering an assertion failure in db.c or resolver.c. Users should immediately apply the updates.
Chrome Updated by Google (11/03/2016)
Google has released Chrome 54.0.2840.87 for Windows, Mac, and 54.0.2840.90 for Linux. The update fixes an
out-of-bounds memory access vulnerability in earlier versions.
Cisco Advisories Address Vulnerabilities Across Multiple Products (11/03/2016)
Nine advisories were released on November 2 to address vulnerabilities ranging from medium level to severe in several of Cisco‘s product lines.
The most critical vulnerabilities include a buffer overflow in the ASR 900 Series Aggregation Services Routers and an authentication bypass in the graphical user interface for Cisco’s Prime Home.
Honewell’s PKS Platform Vulnerable to DoS Condition (10/31/2016)
Honeywell recommends that users of its Process Knowledge System (PKS) platform download and apply the appropriate patch to protect themselves from an improper input validation vulnerability, which if exploited,
could lead to a denial-of-service condition. Experion PKS is a client tool used to configure firmware in Series-C devices. Further details are available from an ICS-CERT advisory.
Hosting Provider Wix.com Has XSS Bug, Millions of Sites Possibly Affected (11/02/2016)
Contrast Security has advised that Wix.com, a hosting provider which claims to host millions of Web sites, contains an
unpatched cross-site scripting vulnerability that leads to administrator account takeover and could be used to create a Wix Web site worm. By adding a single parameter to any site created on Wix, the attacker can cause a malicious JavaScript to be loaded
and run as part of the target Web site.
IBHsoftec Produces Update for S7-SoftPLC CPX43 (11/01/2016)
According to an ICS-CERT advisory, a buffer overflow vulnerability has been uncovered in IBHsoftec’s S7-SoftPLC. IBHsoftec
has produced a new version to mitigate this vulnerability.
Microsoft Issues Fix for Zero-Day Flash Hole in Windows (10/31/2016)
Microsoft issued an emergency patch for Adobe‘s Flash Player that is installed on specific versions of Windows
after Adobe pushed out a Flash fix of its own on October 26. These patches plug a zero-day vulnerability that is being used in targeted attacks.
Report: 65% of Windows Devices Are Running Vulnerable Windows 7 (11/02/2016)
Sixty-five percent of all Windows devices are running Windows 7, which was released in 2009, and approximately 600 security vulnerabilities affect Windows 7. Tens of thousand of devices are still running Windows XP 15 years after its release. This
represents more than 700 vulnerabilities, 200 of which are rated as high-to-critical. These details come from Duo Security‘s Trusted Access Report: Microsoft Edition. The publication also reveals that 20% of devices using Internet Explorer are running unsupported versions 8, 9 and
10.
Researcher Warns of Critical MySQL Bugs (11/02/2016)
Researcher Dawid Golunski of Legal Hackers published details about two critical vulnerabilities in MySQL, including a severe privilege escalation bug. The second vulnerability is a root privilege escalation issue. The vulnerabilities affect MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier, along with
MySQL database forks such as Percona Server and MariaDB.
Schneider Electric’s ConneXium Firewall, Unity PRO Have Vulnerabilities (11/01/2016)
An ICS-CERT advisory details a buffer overflow vulnerability in Schneider
Electric‘s ConneXium firewall product. Schneider Electric is developing a firmware update to mitigate this vulnerability. A separate advisory offers information regarding a
vulnerability in Schneider Electric’s Unity PRO, all versions prior to V11.1. A security notification provides detailed mitigation instructions.
Security Products & Companies
[return to top of this report]
Google Refuses to Accept Cerfificates from Two Cas (11/02/2016)
Google‘s Chrome browser has stopped trusting digital certificates from two certificate authorities (CAs), WoSign and StartCom. “Google has determined that two CAs, WoSign and StartCom, have not maintained the high
standards expected of CAs and will no longer be trusted by Google Chrome, in accordance with our Root Certificate Policy,” a blog post read. Similar decisions were made by Mozilla and Apple regarding WoSign and Startcom.
Intel Security Outlines Unified Defense Architecture (11/02/2016)
Intel Security announced a unified defense architecture designed to empower organizations to more effectively protect today’s digital economy. The vendor’s unified defense architecture is enabled by four
protection systems – Dynamic Endpoint, Pervasive Data Protection, Data Center and Cloud Defense, and Intelligent Security Operations.
New Document Highlights Evolution of Malware (11/01/2016)
The ICS-CERT released an Advanced Analytical Laboratory Malware Trends White
Paper. This document explores the changes in malware throughout the past several years, with a focus on what the security industry is most likely to see today, how asset owners can harden existing networks against these attacks, and the expected
direction of developments and targets in the coming years.
NIST Issues NICE Cybersecurity Workforce Framewor (11/02/2016)
The NIST released the draft NICE Cybersecurity Workforce Framework – a reference resource that enables an organization to more effectively
identify, recruit, develop, and maintain its cybersecurity talent. The framework provides a common language to categorize and describe cybersecurity work that will help organizations build a strong labor staff to protect systems and data.
Survey Finds Parents Lack Control Over Kids’ Online Behavior (11/01/2016)
Kaspersky Lab‘s latest consumer survey reveals that 26% of participants use parental control
software to help restrict their kids’ activity online. Among those parents who have not installed parental control features, 21% believe that it is better for children to learn how to use the Internet safely themselves.Thirty-eight percent surveyed said
they regularly talk to their children about online dangers while 27% regularly check the Internet history on the browser.
Symantec Rolls Out Updated Endpoint Protection (11/01/2016)
Symantec has debuted Endpoint Protection 14, the latest version of its security offering for the endpoint. Endpoint Protection 14 culls threat intelligence from Symantec and Blue Coat’s telemetry.
UK Government Looks to Bolster Cybersecurity (11/02/2016)
The UK government has announced that it will spend œ1.9 billion GBP ($2.3 billion USD) over the next five years to protect the economy and privacy of British citizens from cyber attacks. The spending is part of the UK’s
new national cybersecurity strategy which will focus on, among other things, development of new cyber defense technologies.
Servers
[return to top of this report]
Cisco Unveils UCS S-Series Servers (11/01/2016)
Cisco Systems unveiled the UCS S-Series of storage-optimized servers. This component of the Unified Computing System portfolio is designed to manage data-intensive workloads such as Big Data; deploy software-defined storage, object storage, and data
protection solutions; and generally handle the growth of unstructured data created by IoT (Internet of Things), video, mobility, collaboration, and analytics technology.
Smartphones
[return to top of this report]
Apple Receives Patent for Folding Smartphone (11/01/2016)
Patently Apple has discovered that Apple has received a patent from the US Patent and Trademark Office for a foldable smartphone. According to illustrations accompanying the patent materials, the device would bend along
a flexible seam. Patently Apple reports, “Apple notes in their granted patent that one of the materials that could be used in this foldable/bendable iPhone form factor is ceramic.” The previously unknown application came to light only after the patent was
granted. The article speculates that Apple kept the filing secret by using an engineer’s name rather than the company moniker in order to avoid detection. “When filed like this, no one can do a search on Apple patents and find it. It stays ‘hidden’ on
purpose until it’s granted because at that point Apple has to take possession of it.” While this is Apple’s first US patent for the technology, it previously filed similar patent requests in Europe in 2013 and 2014. Rival Samsung has also been working on
the concept and holds patents for folding smartphones as well.
Standards
[return to top of this report]
W3C Releases HTML 5.1 Recommendation as New Standard (11/02/2016)
The World Wide Web Consortium’s (W3C) Web Platform Working Group has published a W3C Recommendation of HTML 5.1. This specification defines the fifth major
version, first minor revision of the core language of the World Wide Web: the Hypertext Markup Language (HTML). According to W3C, “In this version, new features continue to be introduced to help Web application authors, new elements continue to be
introduced based on research into prevailing authoring practices, and special attention continues to be given to defining clear conformance criteria for user agents in an effort to improve interoperability.” A rundown of the changes appearing in HTML 5.1 include new <picture>, <details>, <summary>, and <menuitem> tags and the removal of appCache. W3C
indicates it is on track to produce an HTML 5.2 Recommendation in late 2017.
Storage
[return to top of this report]
IBM Adds All-Flash Products to Spectrum Portfolio (11/02/2016)
IBM announced new hybrid cloud-based, all-Flash products for its Spectrum Storage Suite that are designed to help to modernize and transform storage deployments while also providing a strong bridge to the development of cognitive applications. The
releases include enhancements to Spectrum Virtualize, for bringing hybrid cloud-based capabilities for block storage to various IBM storage software options; support for Spectrum Scale to sync files and object data across on-premise and cloud-based
storage; new 7TB and 15TB Flash drives; the DeepFlash Elastic Storage Server for Big Data and analytics workloads; and added high-performance Flash capability for IBM’s DS8880 storage system.
Web Commerce
[return to top of this report]
Non-Prime Members Pay Full Price at Amazon Bookstore (11/01/2016)
Amid news that Amazon is expanding its brick-and-mortar operations to pop-up outlets and possibly grocery and convenience stores, Geekwire is reporting that book buyers at the company’s Seattle bookstore are facing a two-tiered pricing structure: A lower
price option if you’re an Amazon Prime member and higher prices for non-Prime consumers. The move comes amid speculation that Amazon is considering a “members-only” strategy for its impending retail grocery stores, similar to the Costco or BJ’s Warehouse
model. In the bookstore, Prime customers are offered the same discounted price as appears on Amazon.com, while those who have not paid their $99 annual fee are charged full list price. The report notes that the disparity in cost does not apply to
electronics available at the store such as the Echo speaker or Fire tablets. Naturally, customers will be given the option of signing up for Prime at the checkout counter in order to qualify for the discount.
Faulkner Information Services
7905 Browning Road
Pennsauken, New Jersey 08109
Copyright 2016, Faulkner Information Services, a division of Information
Today. All rights reserved.
[return to top of this report]