Faulkner Flash

Faulkner Flash

Faulkner Flash is an enterprise IT news digest covering major events and product announcements from the past week.

Docid: 00024834

Publication Date: 11/11/2016

Publication Type: FLASH


Faulkner Flash is a weekly news summary covering computer systems
and software, networking, convergence, and communications. This Faulkner Flash covers
the period 11/07/2016 to 11/11/2016.


Report Contents:

Top Stories of the Week

[return to top of this report]

Irish Government Appeals Tax Ruling Against Apple (11/08/2016)

The Irish government has officially filed an appeal of the European Commission’s $14.3 billion back tax bill against Apple. The finding came in August when the Commission determined that the iPhone maker had received
illegal state aid that enabled it to pay less European tax than it should have. Irish Finance Minister Michael Noonan told European politicians, “The [Irish] government fundamentally disagrees with the European Commission’s analysis and the decision left
no choice but to take an appeal,” according to Reuters. It is estimated that it may take as long as 18 months for the European Union’s General Court to come to a
decision. Most likely, that ruling would then be appealed to Europe’s highest court, the European Court of Justice.

China’s New Cyber Security Laws Could Have Major Impact on Foreign Companies (11/07/2016)

The Chinese parliament has passed a new cyber security law that is bound to have major impacts on foreign companies operating in the country. Among the controversial provisions in the bill are requirements that data be stored on servers in-country, that
require security “reviews” by the government, and that enhance restrictions on Internet service and content. In addition, foreign tech companies will be excluded from working in sectors the country believes are critical to its security. Foreign companies
fear that the new rules will require them to provide the government with key intellectual property information or “open back doors within products in order to operate in China’s market,” according to Reuters. The new regulations are scheduled to be implemented in June 2017.

Siemens Reports Q4 Earnings, Revenue Growth (11/10/2016)

Siemens reported that it experienced 18% year-to-year earnings growth for the fiscal 2016 fourth quarter ended September 30, 2016. Total profits were EUR1.2 billion (US$1.31 billion), or EUR1.40 (US$1.52) per share, compared to a fiscal 2015 fourth
quarter net income of EUR1 billion (US$1.09 billion), or EUR1.17 (US$1.27) per share. Revenues, meanwhile, were EUR22 billion (US$24 billion), which was up 3% from fiscal 2015 fourth quarter sales of EUR21.3 billion (US$23 billion). In terms of Siemens’
business segments, Power and Gas revenue was up 10% year to year to EUR4.5 billion (US$4.9 billion); Wind Power and Renewables revenue increased 6% to EUR1.6 billion (US$1.74 billion); and Energy Management sales grew 3% to EUR3.6 billion (US$3.9 billion).
Meanwhile, Building Technologies revenue increased 1% year to year to EUR1.7 billion (US$1.85 billion); Mobility revenue grew 4% to EUR2.1 billion (US$2.29 billion); Digital Factory sales were up 5% to EUR2.8 billion (US$3 billion); Process Industries and
Drives fell 7% to EUR2.4 billion (US$2.6 billion); and Healthineers revenue increased 2% to EUR3.7 billion (US$4 billion). For the full fiscal Siemens year, earnings were EUR6.7 billion (US$7.3 billion), or EUR6.65 (US$7.24) per share, which was down 24%
from fiscal 2015 profits of EUR8.8 billion (US$9.6 billion), or EUR8.74 (US$9.51) per share.

Acquisitions & Divestitures

[return to top of this report]

Accenture Acquires Nashco Consulting (11/09/2016)

Accenture acquired Nashco Consulting, a Canadian company that provides consulting, design, and implementation services. This transaction is expected to help strengthen Accenture’s position in the ServiceNow partner ecosystem, as well as its technology
capabilities and deep-industry experience for cloud-based strategy, implementation, integration, and management for tapping “as-a-Service.” Nashco will be added to Accenture’s global ServiceNow practice. The terms of this acquisition were not released.

Adobe Enters Into Agreement to Buy TubeMogul (11/10/2016)

Adobe Systems entered into a definitive agreement to acquire TubeMogul for $540 million. TubeMogul – a video advertising vendor – is expected to allow Adobe to create an end-to-end independent advertising and data
management solution that spans TV and digital formats. This plan includes the commencement of a cash tender offer to acquire all outstanding common shares for $14 per share. TubeMogul and its CEO Brett Wilson will continue to operate as part of Adobe’s
Digital Marketing business.

Intel Purchasing MAVinci (11/07/2016)

Intel announced the acquisition of MAVinci, a privately-held company that develops flight-planning software. This transaction is expected to allow Intel to extend its capabilities in the drone sector by adding MAVinci’s
expertise in flight planning software algorithms and fixed-wing drone design, allowing it to better provide technology for the agriculture, insurance, construction, and mining sector.

Oracle Completes NetSuite Tender Offer (11/07/2016)

Oracle announced that the majority of unaffiliated NetSuite shares were tendered – and that other conditions to its tender offer have been satisfied – thus paving the way for Oracle’s official acquisition of the company. Oracle noted that approximately
21.78 million (53.21%) of the total unaffiliated shares and 62.3 million (76%) of total shares have been tendered into and not properly withdrawn from the tender offer.

Alliances & Joint Ventures

[return to top of this report]

CSC, eBECS Forge Channel Delivery Partnership (11/07/2016)

Computer Sciences Corporation (CSC) reached an agreement for UK firm eBECS to serve as a CSC Channel Delivery Partner for Microsoft‘s Dynamics Business Solutions. This partnership will extend to the UK, Saudi Arabia, and
other areas of the EMEA and North America.

IBM, Topcoder Enter Into Partnership (11/09/2016)

IBM forged a partnership with software developer Topcoder to focus on advancing learning opportunities for cognitive developers who are looking to harness the power of Watson to create AI (artificial intelligence) apps,
APIs, and solutions. This partnership will also provide access to a pool of developers – with experience in cognitive computing and Watson – through the Topcoder Marketplace.

Intel Security Alliance Draws in Huawei, Check Point to Build Better Offerings (11/07/2016)

Check Point Software, Huawei, and other companies have joined the Intel Security Innovation Alliance to provide an integrated, connected security ecosystem to protect customers’ infrastructures. Through the alliance customers will have the capability
of user behavior analytics (UBA). Security professionals can deploy a new wave of UBA products to accelerate attack detection and incident response and pinpoint anomalies in real time.

Siemens, Bentley Establish Alliance (11/10/2016)

Siemens and Bentley Systems formalized a strategic alliance whereby they plan to focus on “accelerating digitalization to advance infrastructure project delivery and asset performance in complementary business areas.” In particular, the companies plan to
initially invest at least EUR50 million (US$54 million) to develop joint technology to enlarge their respective offerings for infrastructure and industry.

Cloud Computing

[return to top of this report]

Dell EMC Extends Software Support to Amazon Services (11/07/2016)

Dell EMC announced that its NetWorker with CloudBoost software now supports applications running on Amazon Web Services (AWS); while the Data Domain platform will support Amazon S3 (Simple Storage Service). These applications are designed to secure
and back up enterprise applications. NetWorker, in particular, supports the Amazon S3 Standard – IA (Standard – Infrequent Access) standard for utilizing “familiar” tools and interfaces that are available within their on-premise environment.

Microsoft Incorporates New Offerings in Azure Government Cloud (11/08/2016)

Microsoft announced that its Azure Government Cloud features expanded FedRAMP P-ATO (Provisional Authorization to Operate) support via five new software-based offerings. These releases – which are designed to help better “meet the US government’s
security requirements” – include Service Bus, Notification Hubs, Site Recovery, StorSimple, and Backup. Each offering – further details for which are available via the Microsoft Azure Blog – has received Joint Authorization Board approval. With their addition, this
portfolio now includes 18 FedRAMP high-baseline certified offerings.

Microsoft to Bring Bletchley Blockchain Software Update to Azure (11/07/2016)

Microsoft announced that it will bring its Bletchley v1 blockchain offering to the Azure Marketplace. This software allows users to deploy a “many-node” consortium blockchain network, and offers comparable functionality to the original release in the
Azure Quickstart templates, in addition to a more robust user experience.

Microsoft, Booz Allen Hamilton Introduce Virtual Cloud Defense Service (11/07/2016)

Microsoft and Booz Allen Hamilton released Virtual Cloud Defense for Azure Government, a service for helping to secure cloud-based workloads and protect data. The joint Virtual Cloud
Defense offering builds on Azure’s cloud-based security and compliance features, and can also integrate third-party commercial and government-targeted services that are also available via the Azure Government Marketplace.

Data Breaches

[return to top of this report]

Cisco Resets Passwords for Careers Portal Due to Data Exposure (11/07/2016)

Following notification from a security researcher about a vulnerability in Cisco‘s Professional Careers mobile Web site that exposed user data, the vendor confirmed the issue and then reset user passwords. Cisco said that after investigating the report, it discovered that incorrect
security settings had been initialized following system maintenance on a third party Web site. This issue occurred twice: once from August 2015 to September 2015 and again from July 2016 to August 2016.

Twenty Thousand Accounts Robbed in Tesco Bank Breach (11/07/2016)

Tesco Bank in the UK stopped all payments for account customers after 20,000 accounts were pilfered. About 40,000 account holders reported suspicious transactions over the weekend of November 5 and 6, while half of those had money stolen from their

Development Software

[return to top of this report]

IBM Introduces “Project Intu” Experimental Release (11/09/2016)

IBM unveiled its experimental release of “Project Intu,” a system-agnostic platform for enabling “embodied cognition.” This platform allows developers to embed Watson functions into various end-user devices, and is expected to provide a future
architecture for building cognitive-enabled functions. Project Intu, in its experimental form, is now accessible via the Watson Developer Cloud, the Intu Gateway, and GitHub.

Microsoft Announces Preview Release of Kubernetes 1.4 (11/07/2016)

Microsoft updated its Azure Container Service, which includes a preview release of the Kubernetes 1.4 repository for hosting container images for use on Azure. This software is designed to provide open-source support – including for DC/OS, Docker Swarm,
and Kubernetes – for Azure’s container orchestration engine.

Enterprise Application Software

[return to top of this report]

Microsoft Adds Feature Pack 1 for SharePoint Server 2016 (11/08/2016)

Microsoft introduced the new Feature Pack 1 for SharePoint Server 2016. This software is designed to improve administrative actions, and includes MinRole, OneDrive for business, custom tiles, and other features to extend support for hybrid scenarios and
other developer needs.


[return to top of this report]

Acer’s Profits Increase By 30% (11/10/2016)

Acer International posted a 30% year-to-year improvement in its profits for the 2016 third quarter ended September 30, 2016. The Taiwanese company reported earnings totaling NTD249 million (US$7.8 million), or NTD0.08 (US$0.00) per share, compared to
2015 third quarter profits of NTD191 million (US$6.01), or NTD0.60 (US$0.02) per share. At the same time, Acer’s revenues were NTD58.6 billion (US$1.84 billion), which was down 13% from 2015 third quarter sales of NTD67.2 billion (US$2.12).

Alcatel Reports 9% Slide in Third Quarter Revenues (11/08/2016)

Alcatel-Lucent, which is owned by Nokia, reported a 9% slide, year to year, in its third quarter revenues. The company posted sales of EUR3.13 billion (US$3.45 billion) for this three-month period ended September 30th, compared to 2015 third quarter
revenues of EUR3.4 billion (US$3.75 billion). Networks revenue fell 12%, year to year, to EUR2.8 billion (US$3.1 billion); Applications and Analytics sales were down 14% to EUR192 million (US$212 million); and Common Group and “Other” revenue was up 37% to
EUR321 million (US$354 million).

Allscripts’ Q3 Losses Extended by 94% (11/07/2016)

Allscripts Healthcare Solutions reported that it increased its net losses by 94%, year to year, for the 2016 third quarter ended September 30, 2016. In all, the company’s losses were $10.1 million, or $0.06 per share, compared to 2015 third quarter net
losses of $5.2 million, or $0.03 per share. Revenues, meanwhile, were $392 million, which was up 10% from 2015 third quarter sales of $355 million. By segment, revenue for both Software delivery, support and maintenance and Client Services each increased
10% year to year, respectively, to $253 million and $140 million.

Lenovo Posts Positive Earnings for Quarter (11/07/2016)

Lenovo announced that it rebounded from year-ago net losses to report profitable earnings for the fiscal 2016/17 second quarter ended September 30, 2016. The company’s profits totaled $157 million, or $1.42 per share, compared to fiscal 2015/16 net
losses of $714 million, or $6.43 per share. Revenues, meanwhile, were $11.2 billion, which was down 8% from fiscal 2015/16 second quarter sales of $12.2 billion.

Siemens Planning to Publicly List Healthineers Business (11/10/2016)

Siemens revealed plans to expand its Healthineers healthcare business by
publicly listing it. The company noted that it will provide “more precise details” regarding the “planned date and scope” in the near future. This listing is expected to be dependent on, among other factors, the stock market environment.

Trend Micro Announces Financial Data for Third Quarter (11/10/2016)

For the third quarter of 2016, Trend Micro posted consolidated net sales of 31,324 million yen ($306 million USD). The company reported operating income of 8,624 million yen ($84 million) and net income of 5,100 million yen ($49 million) for the quarter.
The third quarter ended on September 30.

Government Contracts

[return to top of this report]

Cisco to Extend Technology Research in China (11/09/2016)

Cisco Systems signed framework agreements with China’s Guangdong provincial government and the Huizhou municipal government. These partnership deals are expected to see Cisco enhance cooperation with the state to develop “more advanced technologies and
innovative industries,” as well as to “explore opportunities in areas including smart manufacturing and smart city.”

Healthcare Systems

[return to top of this report]

IBM Watson Health Enters Into Cancer Drug Research Agreement (11/10/2016)

IBM Watson Health and the Broad Institute of MIT and Harvard announced a research initiative aimed at discovering the basis of cancer drug resistance. The five year, $50 million project will study thousands of drug
resistant tumors and draw on Watson’s computational and machine-learning methods to help researchers understand how cancers become resistant to therapies.

Industry Groups

[return to top of this report]

ICANN Announces Open Data Pilot Project (11/06/2016)

The Internet Corporation for Assigned Names and Numbers (ICANN) has begun a pilot project to introduce an Open Data Initiative for ICANN-generated data. The aim is to bring selected data sets into the open, available
through Web pages and programming APIs, for the purposes of external party review and analysis. The project will have three components: Developing a catalog of existing data sets appropriate for publication, selecting the technology to manage the
publication of the data sets, and devising a process to prioritize the order in which data sets are made available. An initial October meeting concentrated on developing the catalog of data sets and a means to prioritize their availability. Selecting an
open data technology, whether as software as a service or built upon open technology, will largely depend on the catalog, according to the organization. The next steps include developing a data catalog and generating a living document before the ICANN58
meeting in Copenhagen in March 2017.

Malware Watch

[return to top of this report]

Apple Pulls Plug on Fake Apps Masquerading as Top Name Designers, Retailers (11/08/2016)

Fraudulent apps masquerading as legitimate ones have been pulled from Apple‘s App Store after they slipped by the vendor’s review process, The New York Times has reported. Fake apps
pretending to be Jimmy Choo, Christian Dior, Dillard’s, Nordstrom, Dollar Tree, and other companies were removed from the App Store on November 3, while other counterfeit apps were pulled earlier after The New York Post
warned of knockoff apps being available in Apple’s store. The rogue apps mostly have come from Chinese developers.

Cerber Ransomware Adds More Stealth as It Goes After Databases (11/07/2016)

The Cerber ransomware has been upgraded to target databases, which McAfee says gives the malware the capability to hit businesses as well as individuals. Cerber has recently undergone three major changes: the malware
alters the extensions of encrypted files to a random four characters; a new HTML executable file displays the ransom note and instructions in a window; and the malware attempts to stop database processes running on the target system so it can encrypt the

Emergence of New Exploit Has Ties to Sundown, Pushes Locky Infection (11/08/2016)

A new exploit kit (EK) is spreading the Locky ransomware through two campaigns known as Bizarro Sundown and Green Flash Sundown. Both versions were used exclusively by the ShadowGate/WordsJS campaign and are based upon the Sundown EK. Trend Micro worked with the security researcher known as Kafeine to analyze this new threat.

Exaspy Malware Used to Spy on Company Executives (11/07/2016)

Researchers at Skycure are warning that a commercial spyware known as Exaspy is potentially targeting high-level executives. The malware was originally discovered on an Android 6.0.1 device that was owned by a vice
presidents at one of Skycure’s customers. Exaspy requires the victim to manually install the malware, and when it is run, it gains administrative privileges to the device while hiding itself and rooting the device.

New Malware Exploits Telegram’s Communication Protocol (11/10/2016)

An encryption malware is using Telegram Messenger’s communication protocol to send a decryption key to the threat actor. The Telegram Trojan is written in Delphi and is over 3 MB in size. After launching, it generates a file encryption key and an infection
ID (infection_id). Then it contacts the threat actors using the publicly available Telegram Bot API and operates as a Telegram bot, using the public API to communicate with its creators. The malware was analyzed by Kaspersky Lab.

Svpeng Trojan Infects 318,000 Users Via Bug in Chrome for Android (11/07/2016)

Kaspersky Lab discovered a modification of the mobile banking Trojan Svpeng hiding in Google‘s advertising network AdSense. Since mid-July, Svpeng has been detected on the Android devices of around 318,000 users, with the rate of infection peaking at 37,000 victims in a day. The attackers, intent on
stealing bank card information and personal data such as contacts and call history, were exploiting a bug in Google Chrome for Android. Google has been notified about this issue and a patch will be released in the next Chrome for Android update.

Terrorist Warning Email Turns Out to Be a RAT (11/10/2016)

A remote access Trojan disguised as a message warning of a terrorist attack circulated on November 7, the research team at F-Secure discovered. The email was supposedly sent by the head of a US-based terrorist
monitoring group. The message contained a snippet from an article in USA Today, and was attached to a ZIP archive called “The Murtadd Vote.zip.” The malware, once unleashed, can run on any platform that has Java Run Environment installed.

TrickBot Trojan Hits Banks in the UK, Australia with New Levels of Sophistication (11/09/2016)

IBM‘s security researchers say that the TrickBot banking Trojan is deploying two advanced browser manipulation techniques: serverside injections and redirection attacks. The Trojan has been seen using redirection attacks
against four banks in the UK and serverside injections against entities in Australia. TrickBot resembles the Cutwail botnet’s malware and uses the same crypter as Vawtrak, Pushdo, and Cutwail.

Personnel and Organization

[return to top of this report]

Apple Asks India Government for Manufacturing Plant Incentives (11/06/2016)

Apple is hoping to open a manufacturing plant in India, but seems to be seeking financial incentives from the government to begin the project. According to a report in the Economic Times of India, the iPhone maker and its manufacturing partner(s) in the project could receive assistance
under the country’s Modified Special Incentive Package Scheme. Among the possibilities available are subsidies to companies that open factories in one of India’s “Special Economic Zones.” These are designated areas with lowered government regulations that
are designed to lure foreign firms. In May, government regulators turned down an Apple attempt to waive a requirement that at least 30 percent of manufacturing components be sourced from within the country and disallowed a plan to sell refurbished iPhones
in the country.

CA Announces Chief Financial Officer

CA Announces Chief Financial Officer (11/07/2016)

CA Technologies appointed Kieran McGrath as EVP and CFO, effective immediately. McGrath, who had been serving as CFO on an interim basis, will continue to report to CEO Mike Gregoire. He joined CA as Corporate Controller in 2014 after spending more than
30 years with IBM.

Cisco CEO Robbins to Serve as Chair for US-Japan Business Council (11/07/2016)

Cisco Systems announced that CEO Charles Robbins has been elected to serve as the Chairman of the US-Japan Business Council for a two -year term. Robbins, who has been the CEO of Cisco since 2015, replaces John Lechleiter, the President, Chairman, and
CEO of Eli Lilly and Company.

SAIC Introduces New CFO (11/07/2016)

SAIC named Charles Mathis as EVP and CFO, effective November 14, 2016, at which time interim CFO Maria Bishop will return to serving as Corporate Controller. Mathis – who joins SAIC from ScanSource – will report to CEO Tony Moraco.

Security Flaws & Fixes

[return to top of this report]

Adobe Bulletins Patch Issues in Flash Player, Connect (11/08/2016)

Adobe has released bulletins for Flash Player and Connect. The fix for Flash addresses nine remote code execution bugs.

Buffer Overflow Bug Found in B Labs’ Bopup Communications Server (11/08/2016)

Trustwave discovered an unpatched remotely exploitable issue in all current versions of B Labs’ Bopup
Communications Server. The issues were discovered and confirmed to exist in version Bopup Communications Server runs on ports 19809/tcp and 19810/tcp; the services listening on port 19809/tcp contains a remotely exploitable buffer overflow in
handling and parsing of packets prior to authentication. Through this, an attacker can execute arbitrary code on the remote host with the privileges of the Bopup Communication Server, namely SYSTEM.

Bug in OAuth2.0 Can Result in Account Takeover (11/09/2016)

Security researchers have warned that the OAuth2.0 protocol has a vulnerability that could enable attackers to remotely
sign into a victim’s mobile app account without any involvement/awareness from the victim and seize control of the account. The scientists tested 600 top-ranked US and Chinese Android Apps which use OAuth2.0-based authentication and found that 41.21% of
these apps are vulnerable to this type of attack.

Cylance Finds Voting Machines Can Be Hacked (11/07/2016)

Cylance researchers demonstrated how to compromise a Sequoia AVC Edge Mk1 voting machine by reflashing the firmware with a PCMCIA card and directly manipulating the voting
tallies in memory. This specific machine is only used in 13 US states, and Cylance reported the weaknesses it found to the vendor.

GitLab Fixes Directory Transversal Bug with Newly Released Updates (11/07/2016)

GitLab released versions 8.13.3, 8.12.8, 8.11.10, and 8.10.13 for GitLab Community Edition and Enterprise Edition. These versions contain an
important security fix for a critical directory traversal vulnerability,

Google Issues “Supplemental” Patch for Dirty Cow Bug in Monthly Security Update (11/09/2016)

The Android platform has received updates that remedy over 80 flaws across three levels in Google‘s batch of November security releases.
Although the vendor did not push out a complete fix for the Linux race bug known as Dirty Cow, it did provide a “supplemental” firmware update for Pixel and Nexus devices. Google will fully address the zero-day Dirty Cow vulnerability in its December
security update. The vendor did fix the Drammer vulnerability which is related to DRAM memory modules that could allow root-level access to devices.

Microsoft Boots Zero-Day Windows Kernel Bug in Patch Tuesday Release (11/08/2016)

Microsoft‘s monthly Patch Tuesday batch of security updates is comprised of 14 bulletins that resolve an array of vulnerabilities including a
zero-day hole that has been actively exploited by a group of hackers. That vulnerability affects the Windows kernel and was publicly disclosed by Google on October 31. Six of the 14 bulletins have been deemed “critical”
by Microsoft, meaning they should be immediately applied to alleviate risks. Microsoft has also added detections for BrowserModifier:Win32/Soctuseer, a malware with rootkit capabilities, to its Malicious Software Removal Tool (MSRT) update.

Multiple Vulnerabilities in Moxa’s OnCell Security Software Result in Advisory (11/07/2016)

Authorization bypass and operating system commanding vulnerabilities were uncovered in Moxa’s OnCell Security Software, according to an advisory from the ICS-CERT. Moxa recommends that users disable HTTP/HTTPS after completing the required configuration through the Web browser interface. The advisory offers further mitigation techniques.

OSIsoft Fixes Security Issues in PI System (11/09/2016)

OSIsoft has identified an incomplete model of endpoint features vulnerability in its PI System software and has produced new versions to mitigate this vulnerability. The affected products are PI AF Client, PI SDK, PI Buffer Subsystem, and PI Data Archive.
Further details have been made available in an advisory from the ICS-CERT.

Researcher Points Out Auto Dialer Flaw in iOS WebView (11/10/2016)

Security researcher Collin Mulliner reported that iOS WebViews can be used to automatically call an attacker-controlled phone number. The attack can block the
phone’s user interface for a short amount of time and prevent the victim from canceling the call. The easily exploitable bug is an application flaw that likely is due to bad OS/framework defaults.

Smartphone Identifiers Vulnerable to Rogue Access Points (11/08/2016)

Oxford University Researchers Piers O’Hanlon and Ravishankar Borgaonkar have discovered two significant privacy flaws in currently deployed mobile networks,
which would allow anyone to track a mobile phone. The flaws relate to the International Mobile Subscriber Identity (IMSI), which is a globally unique identifier stored on the SIM card that identifies and allows for authentication of a mobile subscriber on
the mobile network. The approach uses different techniques, operating in the WiFi bands, which do not need a license, enabling anyone to make an IMSI catcher using a laptop or any other WiFi device to create a rogue access point that masquerades as a
well-known auto WiFi network (such as the WiFi available in train stations) to lure in smartphones for connections. Once connected, the rogue access point extracts the device’s IMSI.

Some Siemens Industrial Products Vulnerable to Privilege Escalation Bug (11/09/2016)

The ICS-CERT has reported that Siemens has released an advisory to inform its users
how to mitigate a privilege escalation vulnerability that affects several of its industrial products. Siemens has produced updates for several products and a temporary fix for the remaining affected products to mitigate this vulnerability. A list of the
affected products can be found in the ICS-CERT advisory.

Stack-Based Overflow Found in D-Link DIR Routers (11/07/2016)

A vulnerability note provides information regarding a stack-based buffer overflow in the HNAP Login action of D-Link‘s DIR routers. A remote, unauthenticated attacker
may be able to execute arbitrary code with root privileges. No solution has been made available to remedy this situation.

Security Products & Companies

[return to top of this report]

F-Secure Protects Shared Data in the Cloud (11/07/2016)

F-Secure Cloud Protection is a new offering from the vendor that is designed to protect data shared in the cloud. The product checks links and files for malicious content to alleviate the dangers of malware.

India Tops the List of Countries that Produced Spam in Q3 (11/10/2016)

According to Kaspersky Lab‘s Spam and Phishing in Q3 report, the vendor’s products blocked 73,066,751 attempts
to attack users with malicious attachments. This is the largest amount of malicious spam since the beginning of 2014 and is a 37% increase compared to the previous quarter. The majority of the attachments were ransomware Trojan downloaders. India moved to
the top of the list of countries generating spam, with 14% of spam emails sent from that nation during the period.

NIST Report Educates Small Businesses on How to Tackle Cybersecurity Challenges (11/10/2016)

A new NIST publication walks small business owners through a simple risk assessment to understand their vulnerabilities. Small Business Information Security: The
is written for small business owners not experienced in cybersecurity and explains basic steps they can take to better protect their information systems from threats.

October Saw Increased Growth in New Malware Variants (11/10/2016)

The number of unique malware variants jumped to 96.1 million in October from 50.1 million in the month prior. Much of this increase can be attributed to the Kotver family of threats (Trojan.Kotver), which has seen increased growth in activity since early
August. The uptick in the click-fraud malware’s activity is being helped along by JS.Nemucod, a downloader spread via malicious email attachments, which is dropping Kotver onto infected computers. Exploit kits and spam are also used to push Kotver. This
information comes from Symantec‘s latest intelligence report.

Ransomware Attacks Soared Eight-Fold from Q3 2016 from Q3 2015 (11/09/2016)

According to new data from Kaspersky Lab , small businesses faced eight times more ransomware attacks in the third quarter of 2016 than the third quarter of 2015. The vendor reported that there were 27,471 attempts
to block access to corporate data detected and repelled by Kaspersky Small Office Security in Q3 2016, compared to 3,224 similar attacks during the same period of 2015.

Symantec Rolls Out New Version of Norton Mobile Security for Android (11/07/2016)

Symantec announced the latest version of Norton Mobile Security for Android, its flagship mobile offering. The App Adviser feature, which deploys proactive protections against malicious apps and other sophisticated
threats on Android devices has been redesigned to be easier to use. The update also includes a Report Card feature and integration with Norton Safe Search and Web Protection.

Users Victimized by Encrypting Ransomware Doubled in Q3 (11/07/2016)

More than 821,000 people were infected by encrypting ransomware during the third quarter of the year, nearly doubling from the prior three month period, as discussed in Kaspersky Lab‘s quarterly IT Threat Evolution report. In Q3, the top five countries with the highest percentage of users attacked with encrypting ransomware were:
Japan (4.83%), Croatia (3.71%), South Korea (3.36%), Tunisia (3.22%), and Bulgaria (3.2%). The main driver of growth in the number of attacked users was Trojan-Downloader.JS.Cryptoload.


[return to top of this report]

Noted Analyst Says Apple Plans to Cancel iPhone SE Upgrade (11/09/2016)

A new research note from KGI Securities analyst Ming-Chi Kuo says that Apple has decided not to proceed with a planned update to the successful iPhone SE for 2017. According to Forbes, Kuo indicates two reasons behind the decision: to increase margins thanks to cheaper pricing on components for the SE and to reduce the risk
of a new SE device taking sales away from the iPhone 7. Initially seen as a stopgap product to fill the space left by discontinuation of the iPhone 5s and the introduction of the higher end iPhone 6, iPhone 6s, and the phablet sized iPhone 6 Plus lines,
the SE has been a critical and commercial hit. The note to investors also forecasts that shipments of iPhones will drop in the second quarter of 2017, possibly by as much as ten percent from last year’s figure of 40.4 million units for the quarter to a
projected 35 million.

Web Commerce

[return to top of this report]

Refurbished iPhones Make Debut at Apple Online Store (11/08/2016)

For the first time, Apple has begun offering refurbished iPhones for sale through its online store. 9to5Mac notes that a 16GB iPhone 6s can be found through the site for $449, while the 16GB and 64GB iPhone 6s Plus are listed
for $529 and $589, respectively. The refurbished devices are typically selling for about 15 percent less than the full priced versions. Perhaps as good as the reduced price, each second-hand phone comes with Apple’s one-year warranty. The available iPhones
are unlocked and come SIM-free. Each phone also comes with a brand new battery and outer shell. In the past, Apple has sold refurbished iPads and Mac computers through its online store, but never iPhones. 9to5Mac speculates that the phones are available as
a result of the iPhone Upgrade Program the company put in place when the iPhone 7 was released.

Faulkner Information Services

7905 Browning Road
Pennsauken, New Jersey 08109

Copyright 2016, Faulkner Information Services, a division of Information
. All rights reserved.

[return to top of this report]