Subscribe to:

Subscribe to :: TheGuruReview.net ::

Did Kaspersky Hack NSA Staff

November 22, 2017 by  
Filed under Around The Net

Kaspersky has denied it played a role in hacking into the personal computer of a US National Security Agency (NSA) worker.

Kaspersky Lab has published a report detailing an internal investigation it launched examining allegations that its software was used to compromise an NSA employee’s home computer.

In early October, a report published in the Wall Street Journal claimed that the firm’s software was used to download confidential data from an American agent’s home computer.

However, later reports circulated accusing the firm of deliberately taking files from the PC. Following the incident, Kaspersky conducted a full investigation to gain additional evidence of the incident and explore how it happened.

Researchers at the company confirmed that Russian cybercrooks installed software on an NSA contractor’s computer to access and steal sensitive data.

The user, according to the company, was able to download and install pirated software on the machine. The researchers identified a compromised Microsoft Office ISO file, as well as an illegal Microsoft Office 2013 activation tool.

They were able to install the pirate copy of Office 2013 after disabling the Kaspersky security product. If the latter had been left on the PC, it would have identified the illegal activator tool.

This illegal tool was infected with malware, and this was left on the PC while the Kaspersky software was inactive. The malware meant other third-parties could access the user’s machine, causing major security concerns.

However, when the company’s antivirus software was re-enabled, it detected the software with the verdict Backdoor.Win32.Mokes.hvl and stopped it from contacting a dodgy command and control software.

This backdoor approach was first identified in October 2014, but it’s still being used by cybercriminals looking to steal important data. Kaspersky researchers said the antivirus software detected other variants of the Equation APT malware too.

Various variants of the malware, including a 7zip archive, was sent to the Kaspersky Virus Lab for analysis. Researchers found that it contained a number of source codes and classified documents.

At the request of the firm’s CEO, these files were removed from its servers.

“The reason Kaspersky Lab deleted those files and will delete similar ones in the future is two-fold: first, it needs only malware binaries to improve protection and, secondly, it has concerns regarding the handling of potentially classified material,” the firm wrote.   

“Because of this incident, a new policy was created for all malware analysts: they are now required to delete any potentially classified material that has been accidentally collected during anti-malware research.”

“To further support the objectivity of the internal investigation we ran it using multiple analysts including those of non-Russian origin and working outside of Russia to avoid even potential accusations of influence.”

Speaking about other findings, the firm said: “One of the major early discoveries of the investigation was that the PC in question was infected with the Mokes backdoor – a malware allowing malicious users remote access to a computer.

“As part of the investigation, Kaspersky Lab researchers took a deeper look at this backdoor and other non-Equation threat-related telemetry sent from the computer.

Courtesy-TheInq

OnePlus Phones Have Dangerous Hacking Backdoor

November 17, 2017 by  
Filed under Mobile

Hackers who obtained OnePlus phones can obtain virtually unlimited access to files and software through use of a testing tool called EngineerMode that the company evidently left on the devices.

Robert Baptiste, a freelance security researcher who goes by the name Elliot Alderson on Twitter after the “Mr. Robot” TV show character, found the tool on a OnePlus phone and tweeted his findings Monday. Researchers at security firm SecureNow helped figure out the tool’s password, a step that means hackers can get unrestricted privileges on the phone as long as they have the device in their possession.

The EngineeerMode software functions as a backdoor, granting access to someone other than an authorized user. Escalating those privileges to full do-anything “root” access required a few lines of code, Baptiste said.

“It’s quite severe,” Baptiste said via a Twitter direct message.

OnePlus disagreed, though it said it’s decided to modify EngineerTool.

“EngineerMode is a diagnostic tool mainly used for factory production line functionality testing and after sales support,” the company said in a statement. Root access “is only accessible if USB debugging, which is off by default, is turned on, and any sort of root access would still require physical access to your device. While we don’t see this as a major security issue, we understand that users may still have concerns and therefore we will remove the adb [Android Debug Bridge command-line tool] root function from EngineerMode in an upcoming OTA.”

SecureNow found the tool on the OnePlus 3 and OnePlus 5. Android Police reported it’s also on the OnePlus 3T. And Baptiste said it’s also on the new OnePlus 5T.

Baptiste had spotted evidence that EngineerMode was written by mobile chipmaker Qualcomm. But Qualcomm said Wednesday that’s not the case.

“After an in-depth investigation, we have determined that the EngineerMode app in question was not authored by Qualcomm,” the company said in a statement. “Although remnants of some Qualcomm source code is evident, we believe that others built upon a past, similarly named Qualcomm testing app that was limited to displaying device information. EngineerMode no longer resembles the original code we provided.”

Were The Russians Responsible For The Yahoo Data Breach

November 14, 2017 by  
Filed under Around The Net

At least one of the attacks carried out on Yahoo was the work of Russian spooks, according to former Yahoo Chief Executive Marissa Mayer.

Mayer apologised for two massive data breaches at the internet company, blaming Russian agents for at least one of them.

Speaking at a Senate hearing on the growing number of cyber attacks on major US companies, Mayer said sorry for the hacks which were committed on her watch.

“Unfortunately, while all our measures helped Yahoo successfully defend against the barrage of attacks by both private and state-sponsored hackers, Russian agents intruded on our systems and stole our users’ data”, she said.

Verizon, the largest US wireless operator, acquired most of Yahoo Inc’s assets in June, the same month Mayer stepped down. Verizon disclosed last month that a 2013 Yahoo data breach affected all three billion of its accounts, compared with an estimate of more than one billion disclosed in December.

In March, federal prosecutors charged two Russian intelligence agents and two hackers with masterminding a 2014 theft of 500 million Yahoo accounts, the first time the US government has criminally charged Russian spies for cyber crimes.

Those charges came amid controversy relating to alleged Kremlin-backed gaming of the 2016 US presidential election and possible links between Russian figures and associates of President Donald Trump.

Special Agent Jack Bennett of the FBI’s San Francisco Division said in March the 2013 breach was unrelated and that an investigation of the larger incident was continuing. Mayer later said under questioning that she did not know if Russians were responsible for the 2013 breach, but earlier spoke of state-sponsored attacks.

Senator John Thune, a Republican who chairs the Commerce Committee, asked Mayer on Wednesday why it took three years to identify the data breach or properly gauge its size.

Mayer said Yahoo could not identify how the 2013 intrusion occurred and that the company did not learn of the incident until the US government presented data to Yahoo in November 2016.

She said even “robust” defences are not enough to defend against state-sponsored attacks and compared the fight with hackers to an “arms race”.

“We now know that Russian intelligence officers and state-sponsored hackers were responsible for highly complex and sophisticated attacks on Yahoo’s systems”, Mayer said. She said “really aggressive” pursuit of hackers was needed to discourage the efforts, and that even the most well-defended companies “could fall victim to these crimes”.

Courtesy-Fud

Kaspersky Issues New DDoS Warning

November 14, 2017 by  
Filed under Around The Net

Kaspersky has returned to its map of malware and reported that DDoS attacks are forever increasing and becoming more inventive.

The firm published its latest quarterly report into such attacks explaining that they are keeping it busy. It says that threats are maturing and spreading.

“In addition to the development of trends observed in previous reporting periods, such as botnets shifting from computers to other form factors, the preference for complex DDoS attacks instead of large-scale onslaughts, the increasing role of Linux botnets and so on, Q3 also saw an increase in the number of countries where resources are targeted, as well as a growing number of attacks on gaming and new financial services (such as ICOs),” explained the firm.

Kaspersky found that 98 countries were targeted by DDoS attacks in the last three months, an increase of 12 against the previous period. The UK proved to be a popular spot in which to keep a command server, as does Italy, while the UK is also the 5th most attacked geography.

What has really taken Kaspersky’s eye, however, is attacks on the entertainment business and gaming services.

“Entertainment and financial services – businesses that are critically dependent on their continuous availability to users – have always been a favorite target for DDoS attacks,” said Kirill Ilganaev, head of Kaspersky DDoS Protection at Kaspersky Lab.

“For them, the downtime caused by an attack can result not only in significant financial losses but also reputational risks that could result in an exodus of customers to competitors. It’s not surprising that gaming services with multi-million turnovers attract the attention of criminals and that new types of financial sites have come under attack.

“What is surprising, however, is that many companies still don’t pay enough attention to professional protection against DDoS attacks. The recommended approach for these companies is to delegate protection from DDoS attacks to a reliable supplier with deep knowledge of cyberthreats and the methods of combating them, and to reassign the IT resources that are freed up to the development of the business.”

Victims in the last quarter include The UK National Lottery and games out of Blizzard Entertainment. 

Courtesy-TheInq

Did NotPetya Cost Maersk 300 Million

November 13, 2017 by  
Filed under Around The Net

Maersk has claimed that the NotPetya ransomware that ripped through a number of its operations in the summer has cost the company as much as $300m.

The company admitted this week that the ransomware caused a 2.5 per cent decrease in shipping volumes as the company struggled to process freight with systems that had been taken down by the outbreak.

“The effect on profitability from the June cyber-attack was $250m-$300m, with the vast majority of the impact related to Maersk Line in the third quarter. No further impact is expected in the fourth quarter,” the company advised stockholders in its latest financial report.

“The cyber-attack primarily impacted July and August, while contingencies related to recovery from the cyber-attack resulted in a negative development on volumes, utilisation and unit cost performance throughout the quarter.”

The $250m-$300m costs associated with dealing with NotPetya compare with an “underlying profit” of $372m generated on revenues of $8bn, according to the company, and came against the backdrop of rising container freight rates, which will have cushioned the blow.

In addition to the hit on Maersk Line, part of the company’s Transport & Logistics division, the report also indicated that its APM Terminals business had also been affected by “additional costs related to the cyber attack”.

However, despite the company’s claim that no further impact is expected from the cyber attack in the current quarter, it admitted that recovering IT services and reliability following NotPetya would lead to continuing higher costs.

The report confirms a profit warning related to the ransomware issued by the company in August. It is not the only major organisation to have suffered heavy losses as a result of the destructive malware, with parcel delivery firm TNT Express particularly hard hit.

Courtesy-Fud

Marissa Mayer Blames Russians For Yahoo Hacking

November 10, 2017 by  
Filed under Around The Net

Former Yahoo Chief Executive Marissa Mayer offered up apologies for two massive data breaches at the internet company, blaming Russian agents for at least one of them, at a hearing on the growing number of cyber attacks on major U.S. companies.

”As CEO, these thefts occurred during my tenure, and I want to sincerely apologize to each and every one of our users,” she told the Senate Commerce Committee, testifying alongside the interim and former CEOs of Equifax Inc and a senior Verizon Communications Inc executive.

“Unfortunately, while all our measures helped Yahoo successfully defend against the barrage of attacks by both private and state-sponsored hackers, Russian agents intruded on our systems and stole our users’ data.”

 Verizon, the largest U.S. wireless operator, acquired most of Yahoo Inc’s assets in June, the same month Mayer stepped down. Verizon disclosed last month that a 2013 Yahoo data breach affected all 3 billion of its accounts, compared with an estimate of more than 1 billion disclosed in December.

In March, federal prosecutors charged two Russian intelligence agents and two hackers with masterminding a 2014 theft of 500 million Yahoo accounts, the first time the U.S. government has criminally charged Russian spies for cyber crimes.

Those charges came amid controversy relating to alleged Kremlin-backed hacking of the 2016 U.S. presidential election and possible links between Russian figures and associates of President Donald Trump. Russia has denied trying to influence the U.S. election in any way.

Special Agent Jack Bennett of the FBI’s San Francisco Division said in March the 2013 breach was unrelated and that an investigation of the larger incident was continuing. Mayer later said under questioning that she did not know if Russians were responsible for the 2013 breach, but earlier spoke of state-sponsored attacks.

Senator John Thune, a Republican who chairs the Commerce Committee, asked Mayer on Wednesday why it took three years to identify the data breach or properly gauge its size.

Mayer said Yahoo has not been able to identify how the 2013 intrusion occurred and that the company did not learn of the incident until the U.S. government presented data to Yahoo in November 2016. She said even “robust” defenses are not enough to defend against state-sponsored attacks and compared the fight with hackers to an “arms race.”

Yahoo required users to change passwords and took new steps to make data more secure, Mayer said.

 

Will Ransomware Reach Epidemic Levels In 2018

November 9, 2017 by  
Filed under Computing

Sophos expects that ransomware will become a fully fledged epidemic in 2018.

While 2017 has already seen some major outbreaks, Sophos believes that ransomware will continue to grow in 2018, affecting more companies and platforms. Cybercrooks, it said, are becoming more sophisticated.

Throughout 2017, there have been a string of global IT security crises, from WannaCry to NotPetya. According to Sophos, attackers have been able to perfect their ransomware delivery techniques to cause such outbreaks.

While most ransomware hits Windows users, the report found that other platforms aren’t immune. Attackers have also been targeting mobile devices, particularly Android.

Ransomware, the firm says, is a “vexing problem” for businesses. Generated in May 2017, WannaCry was the biggest ransomware to affect customers – beating previous leader Cerber, which appeared in early 2016.

WannaCry made up 45.3 per cent of the ransomware tracked by Sophas, with Cerber accounting for 44.2 per cent.

Dorka Palotay, a researcher at the firm, said cybercriminals will likely launch more complex ransomware attacks in the future.

“For the first time, we saw ransomware with worm-like characteristics, which contributed to the rapid expansion of WannaCry,” he said.

“This ransomware took advantage of an old Windows vulnerability to infect and spread to computers, making it hard to control,” he added.

“Even though WannaCry has tapered off and Sophos has defenses for it, we still see the threat because of its inherent nature to keep scanning and attacking computers.

“We’re expecting cyber criminals to build upon WannaCry and NotPetya and their ability to replicate, and this is already evident with Bad Rabbit ransomware, which shows many similarities to NotPetya.”

The report also explored the rise and fall of NotPetya, which made headlines in June 2017. Sophos said this attack was far less damaging than WannaCry, and it suspects cybercriminals were merely “experimenting”.

“NotPetya spiked fast and furiously before taking a nose dive, but did ultimately hurt businesses. This is because NotPetya permanently destroyed data on the computers it hit. Luckily, NotPetya stopped almost as fast as it started,” said Palotay. “

“We suspect the cybercriminals were experimenting or their goal was not ransomware, but something more destructive like a data wiper.

“Regardless of intention, Sophos strongly advises against paying for ransomware and recommends best practices instead, including backing up data.

Android ransomware is also on the rise, according to the research. The report has revealed that the number of attacks on users using Google’s mobile platform grew month-on-month during 2017.

The firm said that by the end of the year, its systems will have identified an estimated 10 million suspicious Android apps. In comparison, 8.5 million were processed in 2016.

Rowland Yu, a SophosLabs security researcher focusing on mobile malware, said: “In September alone, 30.37 per cent of malicious Android malware processed by SophosLabs was ransomware.

“One reason we believe ransomware on Android is taking off is because it’s an easy way for cybercriminals to make money instead of stealing contacts and SMS, popping ups ads or even bank phishing which requires sophisticated hacking techniques.

It’s important to note that Android ransomware is mainly discovered in non-Google Play markets – another reason for users to be very cautious about where and what kinds of apps they download.” 

Courtesy-TheInq

US Government Agencies Start To Give Kaspersky The Boot

November 2, 2017 by  
Filed under Computing

US federal government agencies have met the first three deadlines of the September directive calling for the removal of Kaspersky Lab security products from all government systems and networks. 

In September, the US government ordered the removal of all Kaspersky software from federal agencies due to fears of influence from Russian president Vladimir Putin. Agencies were given 90 days to do this.

Following this directive, an official working at the Department of Homeland Security (DHS) has confirmed that the “vast majority” agencies have removed all Kaspersky software.

Michael Duffy, who leads cybersecurity and communications at the DHS, explained that fewer than half of their agencies were using Kaspersky’s anti-virus software.

He didn’t give a specific percentage about how many agencies have actually met the DHS deadline or how many have been using Kaspersky software but said they’re moving in the right direction.

Kaspersky has faced a lot of pressure from the US government over the past few months amid claims the Kremlin is using its software to conduct cyber espionage.

Of course, Kaspersky has flatly denied these claims, but that hasn’t stopped US officials from making new ones. Duffy spoke to reporters at the 27 October meeting of the National Institute of Standards and Technology’s Information Security and Privacy Advisory Board.

He said the agency won’t comment on any individual cases, but each agency was given an ample timeframe to remove the software. This task is lengthy due to the complex nature of Kaspersky’s products.

There are many other systems that are based on Kaspersky anti-virus and its application programming interface, cautioned Duffy.

While US government agencies work to banish the software, some traces of it will still be left behind, a former DHS official told FCW.

John Norton, who worked at the agency when George W. Bush set it up, said: “Probably the best example is anybody who has a home computer and has tried to remove some kind of app they didn’t want anymore. It’s still in there in some form. It’s difficult to clean that up.”

Responding to the directive in September, a spokesperson for Kaspersky said: “Given that Kaspersky Lab doesn’t have inappropriate ties with any government, the company is disappointed with the decision by the U.S. Department of Homeland Security (DHS).

“No credible evidence has been presented publicly by anyone or any organization as the accusations are based on false allegations and inaccurate assumptions, including claims about the impact of Russian regulations and policies on the company.

“Kaspersky Lab has always acknowledged that it provides appropriate products and services to governments around the world to protect those organizations from cyberthreats, but it does not have unethical ties or affiliations with any government, including Russia.”

Courtesy-TheInq

Does Apple’s iOS Have a Loophole

October 30, 2017 by  
Filed under Around The Net

Felix Krause has uncovered a worrying setting in iOS that enables apps with camera permissions to secretly record photos and videos without them knowing. 

To demonstrate the issue, the Austrian developer created an app called ‘watch.user’ that can take pictures of its user every second and upload them without notifying them in any way.

The iOS feature, which Krause described as a “privacy loophole that can be abused by iOS apps”, also allows developers to run real-time face recognition to detect facial features or expressions, to pinpoint where the user is located based on image data and to livestream a users’ camera straight onto the web.

“iOS users often grant camera access to an app soon after they download it (e.g., to add an avatar or send a photo). These apps, like a messaging app or any news-feed-based app, can easily track the users face, take pictures, or live stream the front and back camera, without the user’s consent,” Krause warned.

Krause has disclosed the loophole to Apple and has even suggested how the firm should go about fixing it. Apple could, for example,  make camera permissions temporary, or at least add MacBook-style indicators to notify when the device is recording.

Until Apple does something about it, the Googler recommends that iPhone users use camera covers and revoke camera access for all apps, although this means that some app functionality would be sacrificed. 

“If you’re using a messaging service, like Messenger, WhatsApp, Telegram or anything else, chances are high you already granted permission to access both your image library and your camera,” he said.

“You can check which apps have access to your cameras and photo library by going to Settings > Privacy.”

Courtesy-Fud

Can Kaspersky’s Western Business Be Saved

October 27, 2017 by  
Filed under Around The Net

Eugene Kaspersky, the co-founder of Kaspersky Lab, which is at the center of US government security claims, has revealed further details about plans to have its software examined and audited in an independent code review.

However, the former deputy director of the US National Security Agency (NSA), Rick Ledgett, claims that this is not enough.

Kaspersky Lab said on Monday that it will ask independent parties to review its products in a process starting in the new year. The initiative is part a bid to distance itself from allegations that it allows the Russian government to use its popular anti-virus software to conduct cyber espionage.

The company is planning to provide software regulation and review bodies with the source code of current and future products, working with “the broader information-security community and other stakeholders”, Kaspersky said in a statement.

In addition, the company will also give outside organizations access to other aspects of its business, including software development. These reviews will begin in the first quarter of next year.

It said the aim of this is to “verify the integrity” of its solutions and processes. The company’s products are used on around 400 million computers worldwide.

Kaspersky is calling this a “global transparency initiative”, although it hasn’t yet named the outside reviewers that it will employ. Instead, it said that it is working with parties that sport “strong credentials in software security and assurance testing for cyber-security products”.

Distancing itself from Russia, the company will open specialist centers throughout Asia, Europe and United States. Here, customers, governments and other organizations will be able to access the results of the reviews.

And it’ll expand its independent security research program, paying specialists as much as $100,000 if they find security vulnerabilities in its products.

However, writing today, Ledgett claimed that the initiative won’t address the core problem.

“On the face of it this sounds like a good move, but in reality it doesn’t address the alleged activity,” Ledgett claimed.

He continued: “When you download any anti-virus software and click on the very long end-user license agreement, somewhere in there you agree to give that software access to all the files on your computer and all the files that will be sent to and from your computer…

“This all makes perfect sense for legitimate anti-virus companies, but it’s also a potential gold mine if misused. Instead of looking for signatures of malware, the software can be instructed to look for things like ‘secret’ or ‘confidential’ or ‘proprietary’ – literally anything the vendor desires. Any files of interest can be pulled back to headquarters under the pretext of analyzing potential malware.”

He concluded: “Eugene Kaspersky’s proposal to have experts analyze Kaspersky anti-virus code is irrelevant in this case, because the code is doing exactly what it has been designed to do, but in a way that is inconsistent with what customers expect and are paying for. It’s not the code itself, it’s the use of the code…

“If Eugene Kaspersky really wanted to assuage the fears of customers and potential customers, he would instead have all communications between the company’s servers and the 400 million or so installations on client machines go through an independent monitoring center.

“That way evaluators could see what commands and software updates were going from Kaspersky headquarters to those clients and what was being sent back in response.”

Just last month, the use of Kaspersky products was banned throughout US government agencies amid fears that the company has been working with the Kremlin.

Despite this, the company has denied any involvement with the Russian government, adding that it doesn’t work with any governments in order to engage in espionage.

Co-founder Eugene Kaspersky said: “Internet balkanization benefits no one except cybercriminals. Reduced cooperation among countries helps the bad guys in their operations, and public-private partnerships don’t work like they should.

“We need to re-establish trust in relationships between companies, governments and citizens. That’s why we’re launching this Global Transparency Initiative: we want to show how we’re completely open and transparent.

He added that the company is ethical in its practices. “We’ve nothing to hide. And I believe that with these actions we’ll be able to overcome mistrust and support our commitment to protecting people in any country on our planet.” 

Courtesy-TheInq

Bitcoin Breaks Another Record, Hits $6000

October 23, 2017 by  
Filed under Around The Net

Bitcoin surged to a record high of more than $6,000 on Friday, breaking past its market capitalization to $100 billion at one point, as investors continued to bet on an asset that has a limited supply and has paved the way for a whole slew of crypto-currencies.

The original virtual currency has gained over 500 percent this year, more than any other tradable asset class. Bitcoin though is very volatile – posting gains and losses as high as 26 percent and 16 percent respectively on any given day.

 On Friday, bitcoin hit a record peak $6,000.10 on the BitStamp platform, and was last at $5,964.24, up 4.7 percent on the day.

Bitcoin is a digital currency that can either be held as an investment, or used as a foundation for future applications through the blockchain, its underlying technology. The blockchain is a digital ledger of transactions.

It is more scarce though than most people realize. The number of bitcoins in existence is not expected to exceed 21 million.

Analysts said it was a combination of factors that drove Friday’s surge in price.

Charles Hayter, co-founder of data analysis website Cryptocompare in London said hopes that China will soften its regulatory stance on crypto-currencies helped bitcoin’s cause.

“As China … fears fade, the price is unlocked and driven by demand and buyers entering the markets,” said Hayter.

Over the summer, China has banned the practice of raising capital through the sale of tokens to the public in what is known as initial coin offerings. It has also ordered the shutdown of digital currency exchanges.

But many in the market believe the Chinese ban is temporary.

“China would not want to be left out of the digital currency market nor the development of blockchain applications in general,” said Jason English, vice president of Protocol Marketing, at Sweetbridge, a global alliance in Zug, Switzerland that aims to use blockchain to create a liquid supply chain.

 “As much as 60 percent of the world’s bitcoin mining is happening in China, and therefore, many of the large … investments in ICO projects have also been coming from crypto-currency holders in China, whether directly or indirectly,” English added.

Sean Walsh, a partner at venture capital firm Redwood City, Ventures in Redwood City, California, also believes investors have been going back into bitcoin given the still uncertain global regulatory environment on crypto-currencies.

A big part of bitcoin’s recent surge was the ICO craze, which exploded this year. Bitcoins and ether, another digital currency, are used to purchase tokens for ICOs.

Is SAP Losing Steam

October 23, 2017 by  
Filed under Around The Net

The maker of expensive management software, which no-one really knows what it does, SAP has seen its profits take a dip.

The outfit missed market expectations for third quarter profit as it invested heavily to shift business customers into cloud computing.

SAP said it is in the middle of a transition to offering cloud-based services to its business customers and management had flagged that 2017 would see a trough in profit margins as it invested in datacenters and redeployed staff.

The outfit said it should see a recovery next year and had a “very good shot” at stabilizing margins in the fourth quarter. Chief Financial Officer Luka Mucic told a conference call:  “Going into 2018 we see a margin turnaround.”

Revenue for the German business planning software provider grew eight percent to 5.59 billion euro from a year earlier, falling short of the mean forecast of 5.71 billion euro from 16 analysts surveyed by Reuters.

Core profit excluding special items rose by four percent to 1.64 billion euro at constant currency rates, SAP said, below the 1.69 billion euro expected by analysts.

The euro’s strength sliced four percentage points off core profits, which was flat after taking currency moves into account. Analysts at Baader Helvea said they expected currency headwinds to continue for the next three quarters.

The company nudged up guidance for the full year core operating profits to 6.85-7.0 billion euro and said 2017 total revenue would range from 23.4-23.8 billion euro, marking year-to-year growth of around six to eight percent, excluding currency effects.

Cloud subscriptions and support revenue rose 27 percent in the third quarter to 938 million euro, excluding currency effects, compared with the 29 percent analysts had expected, on average.

This was offset by its classic software license and support business revenue, which rose four percent to 3.72 billion euro, slightly above the 2.2 percent growth rate expected by analysts.

Chief Executive Bill McDermott was bullish for the fourth quarter: “We are gaining share against our competitors. SAP is growing faster in the cloud – and we are doing it organically.” During a conference call, he contrasted his company with the the acquisition-fueled growth of its rivals.

Courtesy-Fud

Did The Hyatt Hotel Chain Suffer Another Data Breach

October 19, 2017 by  
Filed under Around The Net

The Hyatt hotel chain is warning customers that it has been breached for the second time and that they should probably do something about it.

Krebs on Security, or Brian to his friends, is the first with the bad news, and reports on the letter that Hyatt is sending out to potential towel and dressing gown thieves. Hyatt is reporting that its internal people clocked onto some card payment shenanigans between 18 March and 2 July 2017.

The problem started at the front desk, reportedly, so is likely to be a point of sale problem.

“Upon discovery, we launched a comprehensive investigation to understand what happened and how this occurred, which included engaging leading third-party experts, payment card networks and authorities,” says the firm on its FAQ page.

“The incident affected payment card information – cardholder name, card number, expiration date and internal verification code – from cards manually entered or swiped at the front desk of certain Hyatt-managed locations. There is no indication that any other information was involved.”

That is enough though, yeah? Hyatt says that only a small proportion of punters are affected, but that they are still important regardless.

“While this incident affects a small percentage of guests, it’s important to Hyatt that we notify guests and provide helpful information about steps they can take. We have directly contacted all guests for whom we have appropriate and reliable contact information that used payment cards at affected hotels during the at-risk dates. We do not have appropriate contact information for all guests, so we have also posted this notice with a list of affected hotels and respective at-risk dates,” it explained.

The firm has recommended that people check their transaction history on their bank statements to see if they are in trouble. It added that it has cleared things up at its end if anyone wants to book another stay.

Courtesy-TheInq

Microsoft’s Edge Browsers Appears To Be The Best At Thwarting Malware

October 19, 2017 by  
Filed under Around The Net

Microsoft’s Edge easily beat rival browsers from Google and Mozilla in third party tests of the behind the scenes services which power anti-malware warnings and malicious website-blocking.

NSS Labs said Windows 10’s default browser is better at blocking phishing and socially-engineered malware attacks than Google Chrome or Mozilla Firefox.

The outfit said Edge automatically blocked 92 percent of all in-browser credential phishing attempts and stymied all socially-engineered malware (SEM) attacks.

The latter encompassed a wide range of attacks, but their common characteristic was that they tried to trick users into downloading malicious code.

The tactics that SEM attackers deploy include links from social media, such as Facebook and Twitter, and bogus in-browser notifications of computer infections or other problems.

Edge decisively bested Chrome and Firefox by decisive margins. Chrome blocked 74 percent of all phishing attacks, and 88 percent of SEM attacks.

Meanwhile, Firefox came in third in both tests, stopping just 61 percent of the phishing attacks and 70 percent of all SEM attempts.

Chrome and Mozilla’s Firefox rely on the Safe Browsing API, but historically Mozilla’s implementation has performed poorly compared to Google’s.

Edge also took top prize in blocking attacks from the get-go. In NSS’s SEM attack testing the Voleware stopped every attempt from the first moments a new attack was detected. Chrome halted 75 percent and Firefox halted 54 percent of the brand new attacks

The researchers spent three weeks continuously monitoring the browsers on Windows 10 computers.

Courtesy-Fud

Google Rolls Out Advanced Protection Program For Gmail

October 18, 2017 by  
Filed under Around The Net

Alphabet’s Google Inc confirmed that it would introduce an advanced protection program in order to provide stronger security for some users such as government officials and journalists who are at a higher risk of being targeted by hackers.

The internet giant said that users of the program would have their account security continuously updated to deal with emerging threats.

The company said it would initially provide three defenses against security threats, which include blocking fraudulent account access and protection against phishing.

The program would include additional reviews and requests in the account recovery process to prevent fraudulent access by hackers who try to gain access by pretending they have been locked out.

The rollout of a suite of new email security services by Google follows a U.S. presidential election last year that was shaped in part by the disclosure of emails by anti-secrecy group WikiLeaks belonging to associates of Democratic candidate Hillary Clinton that were obtained through phishing schemes.

U.S. intelligence agencies have concluded that those hacks, which included a breach of Clinton campaign manager John Podesta’s personal Gmail account, were carried out by Russia as part of a broader cyber campaign to help President Donald Trump, a Republican, win the White House.

“If John Podesta had Advanced Protection last year, the world might be a very different place,” said Joseph Lorenzo Hall, chief technologist at the Center for Democracy and Technology, who was briefed on the new features by Google.

Hall said the new features would grow the amount of high-risk consumers with strong protections against phishing campaigns, but that they would potentially create compatibility issues among some who already integrate custom security tools with their Gmail account.

Next Page »