Faulkner Flash

Faulkner Flash is an enterprise IT news digest covering major events and product announcements from the past week.

Docid: 00024835

Publication Date: 11/18/2016

Publication Type: FLASH

Preview

Faulkner Flash is a weekly news summary covering computer systems
and software, networking, convergence, and communications. This Faulkner Flash covers
the period 11/14/2016 to 11/18/2016.

The Faulkner office will be
closed Thursday, November 24th and Friday November 25th for the Thanksgiving
holiday, but our information services are always available. Faulkner Flash will
return on Friday, December 2nd. Thank you!

Report Contents:

Top Stories of The Week
Acquisitions & Divestitures
Alliances & Joint Ventures
Cloud Computing
CyberCrime
Data Breaches
Desktops
Enterprise Application Software
Financial
Industry Groups
Legal
Malware Watch
Personnel and Organization
Security Flaws & Fixes
Security Products & Companies
Smartphones
Social Media
Storage
Supercomputers
Web Commerce

Acquisitions & Divestitures

[return to top of this report]

Accenture Closes DayNine Acquisition (11/14/2016)

Accenture completed its previously announced acquisition of DayNine Consulting, a global Workday consulting and deployment services provider. This transaction is expected to extend Accenture’s position in Workday services in
addition to providing new value for clients. The acquisition includes approximately 400 employees and more than 1,250 Workday certifications. As part of this acquisition, approximately 400 DayNine professionals with more than 1,250 Workday certifications
will join the existing Accenture Workday group, which operates within the Accenture Cloud First Applications team. The new Accenture DayNine group will be led by the company’s CEO and co-founder Tim Ramos.

IBM Completes Sanovi Acquisition (11/15/2016)

IBM completed its acquisition of Sanovi Technologies, a privately-held company that provides hybrid cloud-based recovery, migration, and business continuity software for enterprise data centers and cloud-based infrastructure.
This transaction is expected to allow IBM to bolster its “Software-Defined Resiliency” strategy, helping it better deliver business continuity and disaster recovery services for clients migrating to digital or hybrid cloud-based environments. IBM plans to
integrate Sanovi’s capabilities within the IBM Global Technology Services unit.

Siemens to Purchase Mentor Graphics (11/14/2016)

Siemens announced plans to acquire Mentor Graphics – a company that offers design-automation and industrial software – for $4.5 billion. This $37.25 per-share transaction is expected to allow Siemens to extend its Digital
Enterprise Software portfolio by adding Mentor electronics IC and systems design, simulation, and manufacturing technology. Mentor’s Board of Directors, Siemens noted, has already approved and declared advisable the merger agreement for adoption by company
shareholders.

Alliances & Joint Ventures

[return to top of this report]

Accenture, RichRelevance Expand Partnership Deal (11/15/2016)

Accenture extended an existing strategic alliance with RichRelevance, an “omnichannel personalization” company. This agreement is expected to strengthen the capabilities of Accenture Interactive by allowing it to boost the personalization services that it delivers worldwide. The expanded partnership will also see Accenture Ventures make a minority investment in the company, in addition to
positioning Accenture Interactive as a “preferred implementation partner” for RichRelevance’s global personalization platform.

Accenture, SAP Announce Joint Digital Customer Engagement Platform (11/16/2016)

Accenture and SAP revealed plans to collaborate to develop new technology for companies to engage with customers through virtually any channel. This joint digital customer engagement platform is designed to help streamline customer service and
operations in addition to allowing utilities to offer “non-commodity” products and services, including solar panels, batteries, connected-home products, and related installation and maintenance services. The new platform will combine the SAP S/4HANA
Utilities solution, SAP Hybris Cloud for Customer, and SAP Multichannel Foundation, among other offerings.

AMD to Provide Radeon GPU Technology for Google Cloud Platform (11/15/2016)

AMD reported that its Radeon GPU technology will be made available via the Google Cloud Platform. In particular, Google plans to use AMD single-precision dual GPU compute accelerators to boost acceleration for its Google Compute Engine and Google Cloud
Machine Learning services.

Cisco, Inspur Inaugurate Joint Venture Company (11/14/2016)

Cisco Systems and the Inspur Group announced the official inauguration of their joint-venture company: Inspur – Cisco Networking Technology. This JV – which is supported by the Chinese government – will be headquartered in
Jinan, Shandong, and will be 49% Cisco owned.

Cisco, Reliance Establish Joint Venture (11/15/2016)

Cisco Systems announced a strategic alliance with India’s Reliance Group to introduce a new joint venture: UNLIMIT. This company will provide IoT (Internet of Things) services for enterprise customers. It
will be led by CEO Juergen Hase, who oversees Reliance’s IoT business unit.

Fujitsu, SUSE Extend Technology Development Partnership (11/16/2016)

Fujitsu and SUSE strengthened their existing alliance to commit resources to developing hybrid cloud-based products, mission-critical support, and future container technology within the open-source community. These offerings are expected to allow
customers to gain access to open source-based technology for transferring workloads between public and private cloud-based deployments. The companies will also offer mission-critical support, and focus on future container technology development to increase
the availability and stability of customer environments.

IBM, NVIDIA Announce Collaboration Agreement (11/14/2016)

IBM and NVIDIA are collaborating to develop a deep-learning tool that is optimized for both companies’ technology. Specifically, the PowerAI software toolkit runs on the IBM server for AI (artificial intelligence), and features NVIDIA’s NVLink
interconnect technology, which is optimized for IBM’s POWER architecture. It also utilizes the Caffe deep-learning framework, which was developed by the Berkeley Vision and Learning Center. The Caffe framework utilizes NVIDIA GPUDL libraries such as cuDNN,
cuBLAS, and NCCL as part of NVIDIA SDKs to deliver multi-GPU acceleration on IBM servers.

Microsoft, OpenAI Establish Partnership (11/15/2016)

Microsoft forged a partnership with OpenAI, a nonprofit AI (artificial intelligence) research organization co-founded by Elon Musk, Sam Altman, Greg Brockman, and Ilya Sutskever. This partnership is focused on “making
significant contributions to advance the field of AI” in addition to “using AI to tackle some of the world’s most challenging problems.” Microsoft also noted that OpenAI – which is an early adopter of Azure N-Series Virtual Machines – will employ Azure as
its “primary cloud platform.”

SAP, GE Digital to Explore IoT Collaboration (11/16/2016)

SAP and GE Digital reported plans to explore collaboration on IoT (Internet of Things) technology. Together, the companies plan to share research on cloud-to-cloud interoperability in addition to strengthening the
integration between GE’s Predix operating system and the SAP HANA Cloud Platform. Other areas of collaboration will include asset management, including SAP’s Asset Intelligence Network, as well as the exploration and design of use cases to enable “Things
to Outcomes.”

SAP, Stratasys to Create Network of 3D Printing Co-Innovation Labs (11/17/2016)

SAP and Stratasys announced that they are establishing a global network of 3D printing co-innovation labs. These facilities will focus on educating and enabling customers, employees and partners on the adoption of
“additive manufacturing” as an “integral part of the manufacturing production line.” Digital manufacturing and co-innovation sites are currently being rolled out in the US , France, Germany, and South Africa.

Siemens, Atos to Strengthen Their Strategic Partnership (11/17/2016)

Siemens and Atos reached an agreement to strengthen their existing strategic alliance, extending it to 2020. With this renewal, the companies plan to increase funding of their joint innovation investment program to EUR230 million (US$245 million), up
from EUR150 million (US$160 million), and will focus on exploring potential joint collaboration in the fields of industrial security, industrial data analytics, machine intelligence, service enhancing technology, and Web of systems. Siemens and Atos have
been strategic partners since 2011.

Cloud Computing

[return to top of this report]

AWS Cuts Prices on Three EC2 Instance Types (11/14/2016)

Amazon Web Services (AWS) has announced a new round of price reductions for its Elastic Cloud Compute C4, M4, and T2 instances. According to the company, this is the 53rd price cut offered to its customers.
On-Demand, Reserved Instance (standard and convertible), and Dedicated Host prices will be cut by up to 25 percent depending on the region and platform. C4 instances will see reductions of up to five percent in US East (Northern Virginia) and EU (Ireland)
and 20 percent in Asia Pacific (Mumbai) and Asia Pacific (Singapore). The M4 reduction will be up to 10 percent in US East (Northern Virginia), EU (Ireland), and EU (Frankfurt) and 25 percent in Asia Pacific (Singapore). T2 instance pricing will be slashed
up to 10 percent in US East (Northern Virginia) and 25 percent in Asia Pacific (Singapore). The new pricing will take place automatically beginning on December 1.

Dell EMC Unveils HPC Cloud-Based Products (11/15/2016)

Dell EMC introduced new HPC (high performance computing) cloud-based offerings, software, and systems. The releases include the HPC System for Life Sciences, for identifying bioinformatics treatments while protecting confidential data. Other releases
include new cloud bursting services, from Cycle Computing, for providing cloud orchestration, management, and connections to public cloud-based services such as Azure and AWS; the Intel HPC Orchestrator for streamlining the installation, management, and
maintenance of HPC systems; and PowerEdge C4130 and R730 servers for boosting throughput for HPC and hyperscale data centers.

Fujitsu Develops Virtual Network Analysis Technology (11/16/2016)

Fujitsu Laboratories announced the development of an automatic analysis technology to improve a virtual network’s communications performance and quality. This technology can capture communications packets
passing through virtual infrastructure, in addition to using this information to identify communication bottlenecks and automatically recommend configurations to improve communications speed, reduce packet loss, and raise virtual network quality.

HPE to Roll Out Enterprise Solutions on Demand for SAP Service (11/16/2016)

Hewlett-Packard Enterprise (HPE) announced its new Enterprise Solutions on Demand for SAP offering. This managed cloud-based service is designed to allow customers to directly manage SAP resources “on demand” by offering features
for automated, real-time control. The service includes a Web-based Service Catalog for ramping services up or down based on business demand; support for “just-in-time provisioning”; and a “detect-to-correct” feature for enabling business continuity. The
service will be available starting in the first quarter of 2017.

HPE Debuts Managed Services for Azure (11/15/2016)

Hewlett Packard Enterprise (HPE) announced new Managed Services for Microsoft Azure. This portfolio includes design, deployment, delivery, and operational support for the public cloud-based platform. Specific capabilities
include management support for virtual servers, storage, and network infrastructure; provisioning, de-provisioning, and infrastructure configurations management; operations support, active directory management, and OS patching services; as well as backup,
recovery, and security services.

Microsoft Introduces Outlook Customer Manager Service (11/14/2016)

Microsoft introduced a new Office 365 service – dubbed Outlook Customer Manager – for providing a view of one’s interactions with customers, in addition to tracking tasks and deals in progress. The Outlook Customer Manager offering automatically
organizes customer information within a timeline next to the Outlook inbox, and automatically presents a list of “important” customers and deals. This cloud-based service is available at “no extra cost” as part of an Office 365 Business Premium plan.

Oracle Announces “Packaged Integration of Service Cloud, IoT Cloud (11/14/2016)

Oracle introduced a new “packaged integration” of its Service Cloud and IoT Cloud offers. This joint software is designed to help leverage insight from IoT (Internet of Things) to power smart and connected customer service elements. In particular, it
uses IoT data to predict customer needs and proactively address customer service issues.

Oracle Incorporates Marketing Automation, Content Marketing Support within Marketing Cloud (11/14/2016)

Oracle added new marketing automation and content marketing capabilities within the Oracle Marketing Cloud. These features are designed to help streamline digital marketing to help deliver “personalized cross-channel” management. New enhancements include
a Content Portal for locating content such as sales stage, buyer persona, content type, and custom fields; a Program Canvas for more easily setting up data transformation and normalization workflows; a Listener Framework to make data workflows faster and
more responsive; and a Responsive Content Editor for making content more “meaningful and responsive.”

Third-Party SaaS Subscriptions Now Available from AWS (11/16/2016)

Customers of Amazon Web Services (AWS) can now subscribe to third-party Software-as-a-Service (SaaS) applications directly through AWS Marketplace, the company announced. The new SaaS Subscriptions on AWS Marketplace gives users access to SaaS and application programming interface (API) products and lets them pay through their existing AWS bill. The move provides flexibility to
enterprises that employ different SaaS products across their organizations to manage procurement, subscriptions, and payments, for example. Going through AWS takes away the need to deal with separate bills from multiple vendors. Previously, SaaS providers
that wanted to deliver their applications to AWS customers needed to build their own metering and billing system. Twenty-one companies have initially signed up to provide SaaS products and APIs through AWS, including Pitney Bowes, NetApp, and Trend Micro.
AWS says additional vendors will be added regularly.

VMware Shows Off New Software Releases (11/16/2016)

VMware announced new releases of vSphere, vSAN, vRealize Log Insight, and vRealize Operations. The new releases are designed to advance the VMware Cross-Cloud Architecture for running, managing, connecting, and securing applications across clouds and
devices in a common operating environment. Further details are available via the VMware Web site.

CyberCrime

[return to top of this report]

Financial Phishing Expected to Increase During Holiday Shopping Period (11/15/2016)

Kaspersky Lab is warning that the number of financial phishing attacks is expected to rise during the holiday shopping season which unofficially starts on Black Friday. Retrospective research by the vendor shows
that, over the last few years, the holiday period was marked by an increase in phishing and other types of attacks, which suggests that the pattern will be repeated this year. During the holiday season in 2014 and 2015, Kaspersky Lab researchers witnessed
a significant (several percentage points) increase in phishing attacks against payment systems and online stores.

Data Breaches

[return to top of this report]

Adobe to Cough Up $1 Million for Lack of Security in 2013 Data Breach (11/15/2016)

Attorney generals in 15 states have reached a $1 million USD settlement with Adobe regarding the 2013 data breach that is thought to have affected more than 38 million people. Adobe had been accused of not properly
securing its systems or the personal information that was stored there, resulting in an unknown entity gaining unauthorized access to the data. According to the issued statement, “In the Attorney General’s view, the risk of unauthorized access through the public-facing server was reasonably foreseeable.”

Global Recruiter Michael Page Has Been Hacked (11/14/2016)

UK-based recruitment firm Michael Page has been hacked, and Troy Hunt, the security researcher who uncovered the breach, submitted the information to Capgemini, the IT provider for the affected recruiter. Hunt
received a backup file containing the data for more than 780,000 UK job hunters. However, millions of people worldwide could be affected by this breach.

More Than 412 Million Accounts Exposed in FriendFinder Breach (11/14/2016)

Over 400 million FriendFinder accounts were hacked in October and information pertaining to the breach was disclosed by LeakedSource. A total of 412,214,295 users are affected by this data leak, which occurred
after a local file inclusion bug was exploited among six of FriendFinder’s databases. FriendFinder is the parent organization for several adult-oriented Web sites. LeakedSource has said that for the time being, it will not enable the breached data to be
searchable by the general public.

Yahoo to SEC: We Were Aware of Data Breach Two Years Ago (11/14/2016)

A quarterly report to the Securities and Exchange Commission (SEC) shows that Yahoo was
aware of a data breach in late 2014 although the company didn’t go public with this information until nearly two years later in September 2016. Yahoo said in its quarterly filing, “The company had identified that a state-sponsored actor had access to the
company’s network in late 2014.” It is unclear why it took so long for Yahoo to come forward with this information.

Desktops

[return to top of this report]

HP Inc Previews Z2 Mini Workstation (11/15/2016)

HP Inc introduced the Z2 Mini Workstation, which is designed for users in CAD (computer-aided design) and other compute-intensive industries. This system stands at just 2.3″ but is “twice as powerful as any commercial mini PC” on the market. The Z2
supports up to six displays, runs Microsoft Windows 10 Pro or Linux, and features Intel Xeon processing. The HP Inc Mini Workstation will be available worldwide starting in December 2016, and will retail for $699. Further details and specifications are available via the HP Inc Web site.

Enterprise Application Software

[return to top of this report]

SAP Rolls Out Connection Discovery for Public Services Application (11/15/2016)

SAP released its Connection Discovery for Public Services application, a network-exploration tool that runs on the HANA platform. This plug-and-play software was designed to sense and predict emergencies, support intuitive decision making, and help
understand complex events for appropriate protective measures. SAP’s Connection Discovery software is designed to provide a single comprehensive view of business data from multiple systems and data sources.

Financial

[return to top of this report]

Accenture to Invest in Partech Ventures Funds (11/16/2016)

Accenture entered into a strategic relationship with venture capitalist firm Partech Ventures to invest in two Partech funds, in addition to joining its Advisory Committee. This collaboration will allow Accenture’s
enterprise clients to tap into a pool of startups to find new ideas and access new technology, in addition to providing Accenture with “privileged access” to emerging digital technology vendors. The financial details were not disclosed.

Acer Investing in IMAX VR Content Fund (11/14/2016)

Acer International pledged an investment of $10 million in the IMAX VR Content Fund, which was established to support the development of high-quality and immersive VR (virtual reality) content.

Agilent Reports Modest Y2Y Revenue Growth, Declining Profits (11/15/2016)

Agilent Technologies reported that it experienced modest year-to-year revenue growth, amidst a decline in company profits, for the fiscal 2016 fourth quarter ended October 31, 2016. The company’s sales totaled $1.1 billion, which was up 7% from fiscal
2015 fourth quarter revenues of $1.04 billion. In particular, Life Sciences and Applied Markets revenue increased 6% year to year to $548 million; Diagnostics and Genomics sales were up 8% to $193 million; and Agilent CrossLabs revenue grew 8% to $370
million. Agilent’s profits, meanwhile, were $124 million, or $0.38 per share, which is down 11% from fiscal 2015 fourth quarter earnings of $140 million, or $0.42 per share. For the full year, revenues were $4.2 billion, which was up 4% from fiscal 2015
fourth quarter sales of $4.04 billion. Profits, meanwhile, were $460 million, or $1.40 per share, marking a 15% increase over a fiscal 2015 fourth quarter net income of $401 million, or $1.20 per share.

Intel to Invest $250 Million in Autonomous Driving Developments (11/15/2016)

Intel revealed that it will make a $250 million investment toward the development of autonomous driving technology. This amount comprises a series of “additional new investments” that are designed to help “drive the development of technologies that push
the boundaries on next-generation connectivity, communication, context awareness, deep learning, security, safety, and more.” Despite failing to provide additional details, the company did note that the plan is part of Intel’s ongoing collaboration with
automobile manufacturers and system suppliers to further integrate advanced technology into cars.

Industry Groups

[return to top of this report]

Polycom Joins the Electronic Industry Citizenship Coalition (11/15/2016)

Polycom officially joined the Electronic Industry Citizenship Coalition (EICC), an alliance of technology companies that advocate for “ethical and sustainable value for workers, the environment, and businesses.” The
EICC includes more than 110 electronics vendors. Polycom, which will serve as an “Affiliate Member,” will focus on aligning its operations with those of first-tier suppliers to meet the EICC’s recommended standards. The company will also gain access to
existing resources, assessments, and audits – which are conducted by EICC – to help better manage partner practices and supply chain risks.

Legal

[return to top of this report]

Amazon Initiates First Lawsuit Against Vendors Dealing in Counterfeit Products (11/14/2016)

Amazon is cracking down on vendors who sell counterfeit items through its Web site. For the first time, the company has filed lawsuits against two companies who have been allegedly distributing fake brand name products
through the online retailer. Geekwire reports that the actions were taken against companies offering fitness products using the TRX trade name
and heavy lifting equipment branded with the Forearm Forklift logo. The suits were filed against ToysNet, which is charged with promoting counterfeit reproductions of the Forearm Forklift strap for moving furniture and against Joana Ferreira, who is said
to have posted fake TRX equipment on the company site. According to the report, Fitness Anywhere, the parent company for TRX, has joined in the suit. Although this is the first time Amazon has sued producers of fake products, its court filings indicate
that when it “finds counterfeit products from whatever source, it removes those products immediately. Amazon regularly suspends or blocks sellers suspected of engaging in illegal behavior or infringing others’ intellectual property rights.”

HPE Comments on Criminal Indictment of Former Autonomy CFO (11/14/2016)

Hewlett-Packard Enterprise (HPE) issued a statement
on the federal grand jury-issued criminal indictment against former Autonomy CFO Sushovan Hussain. This ruling was announced by the United States Attorney’s Office for the Northern
District of California. HP – which acquired Autonomy for $11 billion in 2011 – noted that it was determined that Hussain conspired to engage in a fraudulent scheme to deceive purchasers and sellers of Autonomy securities, as well as HP, about the true
performance of Autonomy’s business, financial condition, and prospects for growth. The indictment also determined that Hussain and others made false and misleading statements to regulators and analysts, and that HP relied on the accuracy and truthfulness
of the statements and disclosures. “HPE is pleased with the news that a federal Grand Jury has returned an indictment in this matter, alleging that Sushovan Hussain and others acted with fraudulent intent,” noted HPE EVP, General Counsel John Schultz.
“This is a significant step toward holding Mr. Hussain accountable for his outright fraud and deliberate misrepresentation.”

Malware Watch

[return to top of this report]

CryptoLuck Ransomware Delivered Courtesy of the RIG-Empire Exploit Kit (11/17/2016)

A new ransomware family called CryptoLuck is being served up by the RIG-Empire exploit kit, uses malicious advertising to spread, and takes aim at those who visit adult-themed Web sites, researcher Kafeine
wrote in a blog post. The malware has also been analyzed by Bleeping Computer. CryptoLuck infects users through the GoogleUpdate.exe
executable and DLL hijacking, and upon infection, the victim is directed to pay 2.1 bitcoins within 72 hours.

Locky Ransomware Has New Trick, Poses as Emails from OPM (11/16/2016)

The research team at PhishMe has spotted a malicious campaign circulating emails that claim to come from the Office of Personnel Management (OPM) and contain information about “suspicious
movements” in the victim’s bank account. The messages, however, arrive with a .zip file that is laced with the Locky ransomware. PhishMe has warned that because the messages appear to come from the OPM, people affected by the massive 2015 OPM data breach
may be inclined to open the emails which leads to infection.

Ransomware Hidden Behind Fake Fax Message (11/16/2016)

The security researchers at Microsoft discovered a threat that uses email messages masquerading as fax messages, but actually delivers a ransomware downloader. The attachment, used in a campaign called “Criminal Case
against_You-O00_Canon_DR-C240IUP-4VF.rar,” is password-protected RAR archive file that, when extracted, is a Trojan. The archive file contains Crimace, a malicious Windows Script File developed in JScript.

Sophisticated Ransoc Ransomware Blackmails Windows Users (11/17/2016)

Proofpoint researchers discovered a new ransomware variant that scrapes Skype and social media profiles for personal information while it scans files and torrents for potentially sensitive information. Instead of
encrypting files, it threatens victims with fake legal proceedings if they fail to pay the ransom. The file has been dubbed “Ransoc” as it uses a combination of browser locking and ransomware, is a form of malicious advertising, and only targets those who
use Windows.

Personnel and Organization

[return to top of this report]

IBM’s The Weather Company to Move Headquarters, Hire 400 (11/16/2016)

IBM‘s The Weather Company announced plans to relocate its headquarters in Atlanta, amidst news that it would also hire 400 new staff members. The company noted that it is preparing to grow its services, which
already include personalized and actionable weather data and insights. Further details are available via an IBM press release.

Security Flaws & Fixes

[return to top of this report]

CA Technologies Fixes Unified Infrastructure Management App Vulnerability (11/14/2016)

The ICS-CERT issued an advisory after a directory traversal vulnerability was discovered in CA
Technologies‘ Unified Infrastructure Management application. The vendor has produced an update to mitigate this vulnerability, which could be remotely exploited.

Critical Cryptsetup Vulnerability Leaves Linux Widely Exposed (11/16/2016)

A critical Linux bug that can enable attackers to obtain root shell can be exploited on Debian, Ubuntu, and Fedora, according to an advisory from researchers at the Polytechnic University of Valencia.
They say that the vulnerability was found in the default configuration of Cryptsetup, which is used to create cryptographic volumes.

Google Chrome Receives Security Update (11/14/2016)

Google has updated Chrome to version 54.0.2840.99 for Windows, 54.0.2840.98 for Mac, and 54.0.2840.100 on Linux. This update includes
four security fixes including patches for a heap corruption in FFmpeg and an out of bounds memory access in V8.

Imagely Updates NextGen Gallery WordPress Plugin (11/16/2016)

A vulnerability note provides information regarding the Imagely NextGen Gallery plugin for WordPress prior to version 2.1.57, which has been found to be insecure. Imagely has released the NextGen Gallery
plugin version 2.1.57 to address this issue.

Lynxspring Says JENEsys BAS Bridge Users Should Upgrade to Onyxx Bridge (11/16/2016)

Lynxspring recommends replacing existing JENEsys BAS Bridge installations, which has been discontinued, with the Onyxx Bridge product. JENEsys BAS Bridge contains multiple vulnerabilities and reached the end of its lifecycle in 2014, when Onyxx Bridge
replaced it. The ICS-CERT has posted an advisory with more information.

OpenSSL Issues New Release (11/14/2016)

OpenSSL has advised users to upgrade to version 1.1.0c. This is due to three vulnerabilities in earlier versions.

Security Firm Claims iCloud Stores User Call History without Consent (11/17/2016)

A digital forensics firm says it has discovered that Apple‘s iPhones synched to iCloud automatically store their user’s call history to the company’s servers for months at a time, keeping track of activity on the device
even if the owner has not given consent. According to a report in The Intercept, the Russian company Elcomsoft says that when iCloud is
enabled on a device a list of all calls made and received complete with phone numbers, dates and times, and duration gets uploaded without the user’s choice or notification. Collecting regular calls and FaceTime call logs goes back to at least iOS 8.2,
according to Elcomsoft, with iOS 10 adding missed incoming calls made through third-party VoIP applications like Skype or WhatsApp. Apple is said to retain the data in a user’s iCloud account for up to four months. For its part, Apple acknowledged that the
call history is being synced to iCloud, saying it is “a convenience to our customers so that they can return calls from any of their devices.” Civil liberty advocates, however, believe the information could conceivably be accessed by law enforcement
agencies that cannot obtain the data from the user’s carrier.

Symantec Responds to DLL Vulnerability in Enterprise Products (11/16/2016)

Symantec has released updates to address a highly critical DLL
loading issue in the IT Management Suite, the Ghost Solution Suite, and Endpoint Virtualization. An authorized but non-privileged user could potentially leverage this issue to execute arbitrary code with elevated privileges on the system.

VMware Workstation Pro and Fusion Have Critical Vulnerability (11/15/2016)

VMware Workstation and Fusion updates address a critical out-of-bounds memory access vulnerability. On Workstation Pro and Fusion, the issue
cannot be exploited if both the drag-and-drop function and the copy-and-paste function are disabled. The vendor recommends that users review the patch/release notes for the affected product and version and verify the checksum of the downloaded file.

Security Products & Companies

[return to top of this report]

Akamai Publishes Q3 2016 State of the Internet/Security Report (11/15/2016)

Compared to Q3 2015, total distributed denial-of-service (DDoS) attacks increased 71% in Q3 2016, as discussed in Akamai‘s latest State of the
Internet/Security report. The two largest DDoS attacks during Q3 2016, both leveraging the Mirai botnet, were the biggest observed by Akamai to date: recorded at 623 Gbps and 555 Gbps. Also noted in the publication is that UDP fragments and DNS
reflection attacks were the two most common threat vectors in Q3, accounting for 44% of all vectors, an increase of 4.5% from Q2.

Consumers Practice Risky Online Behavior Despite Knowing Threats Exist (11/15/2016)

Symantec‘s annual Norton Cyber Security Insights Report, an online survey of nearly 21,000 devices, reveals that 76% of consumers know they must actively protect their information online, but are still sharing
passwords and engaging in other risky behaviors, while 35% of people have at least one unprotected device which exposes their other devices. The report also shows that one in five connected home device users don’t have any protective measures in place for
their devices.

DHS Releases Principles for Securing the IoT (11/16/2016)

The Department of Homeland Security (DHS) issued a set of Strategic Principles for Securing the Internet of Things (IoT), Version 1.0. These principles highlight approaches
and suggested practices to fortify the security of the IoT and will equip stakeholders to make responsible and risk-based security decisions as they design, manufacture, and use Internet-connected devices and systems. DHS Secretary Jeh Johnson said,
“Securing the Internet of Things has become a matter of homeland security. The guidance we issued today is an important step in equipping companies with useful information so they can make informed security decisions.”

ENISA Promotes Cyber Security Strategy Development with Updated Guide (11/15/2016)

ENISA published its second National Cyber Security Strategy Good Practice Guide, providing an update to the 2012
guidebook on the design and implementation of a National Cyber Security Strategy (NCSS). This guide includes an update on the different steps, objectives, and good practices of the first edition, and analyzes the status of National Cyber Security
Strategies in the European Union (European Union) and European Free Trade Association countries. The key aim is to support EU member states in their efforts to develop and update their NCSS.

NIST Releases Security Publications for Engineering, Small Businesses (11/15/2016)

The NIST has released Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems, identified as SP
800-160, to help bring clarity to the problems associated with a systems-oriented viewpoint on realizing trustworthy secure systems. The NIST also published Small Business Information Security: The Fundamentals, identified as NISTIR 7621 Revision 1, which is intended to present the fundamentals of a small business information security program in non-technical language.

US Army Is Looking for a Few Good Hackers (11/15/2016)

The US Army has announced plans to launch its first ever bug bounty challenge in partnership with HackerOne. Through this partnership, eligible hackers will have a chance to earn competitive bounties for reporting
vulnerabilities to the Army in an effort to better improve overall security.

Smartphones

[return to top of this report]

Chinese Customers Say iPhones Shutting Down for No Reason (11/15/2016)

A Chinese government agency is investigating complaints of Apple‘s smartphones shutting off by themselves and users not able to turn them on again. The Chinese Consumers Association (CCA) says it has received “a
considerable number” of complaints regarding the problem, which is affecting iPhone 6 and iPhone 6s devices. Reuters says that, despite showing battery levels in the 50 percent to
60 percent range, the phones involuntarily power down. Users say that the devices are then unable to be powered on again, despite repeated efforts. The action is stated to take place when the phones are at room temperature or colder. Apple indicates that
only a small number of users are affected and says it is working with Chinese agencies – presumably the CCA – to remedy the problem.

Social Media

[return to top of this report]

Pew Study Finds Facebook Usage Increasing Among US Adults (11/14/2016)

A national survey conducted by the Pew Research Center finds that Facebook continues to be America’s
most popular social networking platform by a substantial margin. According to the poll, 79 percent of online adults now use the social networking site. This figure is more than double the share that uses Twitter (24 percent), Pinterest (31 percent),
Instagram (32 percent), or LinkedIn (29 percent). On a total population basis (accounting for Americans who do not use the Internet at all), 68 percent of all US adults are Facebook users, with 28 percent using Instagram, 26 percent on Pinterest, 25
percent on LinkedIn, and 21 percent using Twitter. The report also indicates that Facebook use appears to be on the rise with the site’s share of online adults increasing by seven percentage points since a similar Pew survey conducted in 2015. In addition,
the share of Facebook users who check in daily has increased slightly in the past year: 76 percent of Americans who use Facebook now report that they visit the site on a daily basis, up from 70 percent in 2015.

Storage

[return to top of this report]

Seagate Announces New Storage Options (11/15/2016)

Seagate Technology introduced a number of new storage devices. These releases include the new 10TB IronWolf Pro NAS drive; the 5TB Backup Plus Portable drive; and a new ClusterStor 300N storage system with Nytro Intelligent I/O Manager.

Supercomputers

[return to top of this report]

China Sits Atop Top500.org’s Supercomputer Rankings (11/14/2016)

Top500.org released its newest bi-annual listing of the highest-performing supercomputers worldwide . This list – which saw both the US and China each claim 171 systems – was led by
the 93-petaflop Sunway TaihuLight and 34-petaflop Tianhe-2, both Chinese supercomputers. The US’ top-ranked system – Cray‘s Titan – was third on the list, at 17 petaflops. In terms of Linpack performance, the US topped the list with 33.9%, compared to
China’s 33.3%. Of the system providers, Hewlett Packard Enterprise (HPE) led the way with 140 systems. The total performance of all 500 ranked supercomputers accounted for 672 petaflops in all, which Top500.org noted marks a 60%
increase over the performance of systems from the year-ago period.

HPE Details Solar-Powered Supercomputer (11/15/2016)

Hewlett-Packard Enterprise (HPE) announced that its solar-powered “Hikari” supercomputer is now fully operational. This system, which is located at the University of Texas’ Texas Advanced Computing Center, is being used to
calculate biology applications to help solve the Zika virus crisis. Hikari uses the Apollo 8000 warm water-cooling system and dry coolers to reduce the amount of cooling energy spent. It works by transmitting from a PV (photovoltaic) array high-voltage DC
source. During some daylight hours, the system operates at 100% from renewable sources.

Web Commerce

[return to top of this report]

Third-Party Items Now Comprise Half of Amazon Shipments (11/17/2016)

Amazon announced this week that it no longer directly owns at least half the items it ships to customers. In its early days, all items bought from the online store were purchased and warehoused by the company. Now, the
majority of products purchased from the online giant come from third party vendors. According to Fortune, the allure for third parties to use Amazon is access to the Prime
membership list in addition to the fact that Amazon is willing – for a fee – to pack, process, and ship their wares. This relieves smaller companies of the resources needed to handle the fulfillment operation. Another boost to third-party interest in
working through Amazon is the company’s Seller Fulfilled Prime program. Begun last year, the program allows larger merchants with their own packing and shipping operations to take advantage of Amazon’s online marketplace as well as the low shipping rates
that the company has negotiated with major delivery services like UPS and FedEx.

Faulkner Information Services
7905 Browning Road
Pennsauken, New Jersey 08109

[return to top of this report]

Faulkner Flash

Faulkner Flash

Preview

The Faulkner office will be
closed Thursday, November 24th and Friday November 25th for the Thanksgiving
holiday, but our information services are always available. Faulkner Flash will
return on Friday, December 2nd. Thank you!

Top Stories of the Week

Acquisitions & Divestitures

Alliances & Joint Ventures

Cloud Computing

CyberCrime

Data Breaches

Desktops

Enterprise Application Software

Financial

Industry Groups

Legal

Malware Watch

Personnel and Organization

Security Flaws & Fixes

Security Products & Companies

Smartphones

Social Media

Storage

Supercomputers

Web Commerce

Faulkner Flash

Faulkner Flash

Preview

The Faulkner office will be closed Thursday, November 24th and Friday November 25th for the Thanksgiving holiday, but our information services are always available. Faulkner Flash will return on Friday, December 2nd. Thank you!

Top Stories of the Week

Acquisitions & Divestitures

Alliances & Joint Ventures

Cloud Computing

CyberCrime

Data Breaches

Desktops

Enterprise Application Software

Financial

Industry Groups

Legal

Malware Watch

Personnel and Organization

Security Flaws & Fixes

Security Products & Companies

Smartphones

Social Media

Storage

Supercomputers

Web Commerce

The Faulkner office will be
closed Thursday, November 24th and Friday November 25th for the Thanksgiving
holiday, but our information services are always available. Faulkner Flash will
return on Friday, December 2nd. Thank you!