Computer Emergency Response Team (US-CERT) has warned that industrial control systems (ICS) in the US have been compromised by the BlackEnergy malware for at least two years.
The BlackEnergy family of malware is believed to be the same used in the cyber attack against Georgia in 2008.
It uses a malicious decoy document to hide its activities, making it easier for the hackers to mount follow-up attacks.
US-CERT said the malware campaign is sophisticated and “ongoing”, and attackers taking advantage of it have compromised unnamed ICS operators, planting it on internet-facing human machine interfaces (HMI) including those from GE Cimplicity, Advantech/Broadwin WebAccess, and Siemens WinCC.
It is currently unknown whether other vendors’ products have also been targeted, according to US-CERT.
“At this time, Industrial Control Systems-CERT has not identified any attempts to damage, modify or otherwise disrupt the victim systems’ control processes,” said the team in an alert.
“ICS-CERT has not been able to verify if the intruders expanded access beyond the compromised HMI into the remainder of the underlying control system.
“However, typical malware deployments have included modules that search out any network-connected file shares and removable media for additional lateral movement within the affected environment.”
US-CERT describes the malware as “highly modular”, and said that not all functionality is deployed to all victims.
An analysis run by the team identified the probable initial infection vector for systems running GE’s Cimplicity HMI with a direct connection to the internet.
“Analysis of victim system artefacts has determined that the actors have been exploiting a vulnerability (CVE-2014-0751) in GE’s Cimplicity HMI product since at least January 2012,” the alert read.
On Monday, US-CERT also warned of attacks spreading the Dyre banking malware, which steals victims’ credentials.
The department said that, since mid-October, a phishing campaign had targeted “a wide variety of recipients”, but elements, such as the exploits, email themes, and claimed senders of the campaign, “vary from target to target”.
“A system infected with Dyre banking malware will attempt to harvest credentials for online services, including banking services,” the alert warned.
Apple Pay, which debuted in September, is a mobile payment app that allows consumers to buy things by simply holding their iPhone6 and 6 Plus devices up to readers installed by store merchants.
A Rite Aid spokeswoman told the New York Times that the company does not currently accept Apple Pay. The company is “still in the process of evaluating our mobile payment options.”
Rite Aid and CVS are not part of the group of retailers that had teamed up with Apple on its payment system. However, Apple Pay technology was working in Rite Aid and CVS stores over the week, the newspaper said.
The reason for the disabling was not immediately clear, the newspaper said.
According to analysts, disabling the acceptance of Apple Pay is a way to support a rival system that is being developed by Merchants Customer Exchange (MCX), a consortium of merchants that includes Rite Aid and CVS, the NYT reported.
MCX is developing CurrentC, an app that scans the bar code of the product and initiates the payment transfer by connecting to the customer’s debit card, according to MCX’s website. CurrentC will not be available until 2015.
Apple, Rite Aid and CVS could not be immediately reached for comment.
Amazon, which had been in discussions with Simon & Schuster since July over pricing, confirmed the deal first reported by the Business Insider news blog that the two had reached an agreement.
Amazon had been locked in a months-long standoff with publisher Hachette Book Group, the fourth-largest U.S. book publisher owned by France’s Lagardere, over digital book pricing. That has led to numerous issues for authors.
Industry experts had expected other publishers eventually to be drawn into negotiations as well, as the Internet retailer tries to set new benchmarks for the e-book market.
Negotiations with Simon & Schuster took about three weeks and closed two months before Amazon’s contract expired, according to Business Insider.
Simon & Schuster made its original offer and an agreement was reached after a few changes by Amazon, the source told Business Insider.
Adobe has been accused of snooping on e-document readers and using spyware to feedback on user libraries.
The accusation comes from the Digital Reader website and Nate Hoffelder, its editor. Hoffelder said that he was tipped to the issue by a ‘hacker’ associate and has tested and confirmed its authenticity.
At the nut of the issue is Digital Editions 4, which has more features than its users expected.
“My source told me, and I can confirm, that Adobe is tracking users in the app and uploading the data to their servers,” he said.
“Adobe is gathering data on the e-books that have been opened, which pages were read, and in what order. All of this data, including the title, publisher and other metadata for the book, is being sent to Adobe’s server in clear text. I am not joking.”
Hoffelder said that the data is sent from hardware to server in plain text, and that it takes other information with it, including metadata from e-books stored on the user’s hard drive. He added that he is shocked, and has put the issue to Adobe but failed to get a response.
We have followed suit and asked Adobe for comment or explanation as to what the system is and why it is happening.
Hoffelder has uploaded documents with information from tracking software Wireshark that shows material leaving his computer and going to an Adobe IP address.
“This is a privacy and security breach so big that I am still trying to wrap my head around the technical aspects, much less the legal aspects,” he said.
“I would highly recommend that users avoid running Adobe’s apps for the near future – ever again, for that matter. Luckily for us there are alternatives.”
Mobile metrics firms Mixpanel and Fiksu, which monitor the activity of iPhone owners via the analytics embedded in clients’ apps, have both noted an improvement in the ratio of the iPhone 6 Plus to iPhone 6 smartphones.
As of Sunday, for example, Mixpanel pegged the iPhone 6 at 6.02% of all iPhones, with the iPhone 6 Plus representing 1.34%. The ratio — 4.5:1, or 4.5 iPhone 6 handsets for every one iPhone 6 Plus — was an improvement for the iPhone 6 Plus from the 6.8:1 of two weeks prior.
Fiksu, another mobile app metrics provider, recorded a similar trend.
On Sunday, Fiksu’s ratio was 3.9:1 in favor of the iPhone 6, a stronger showing for the iPhone 6 Plus than two weeks before, when the ratio was 6.5:1.
In other words, about 18% to 20% of all iPhone 6 smartphones monitored by Mixpanel and Fiksu were iPhone 6 Pluses.
Apple still shows a delay between ordering and shipping for both models, but the lag for the iPhone 6 Plus — at “3-4 weeks” on its e-store — remained substantially longer than the iPhone 6 (“7-10 business days”) by a large margin.
But the increasing share of the iPhone 6 Plus in the usage data indicates that, even though it is harder to find than its smaller sibling, customers are acquiring it in larger numbers. That, in turn, hints that sales — or at least usage — of the iPhone 6 Plus are increasing faster than for the iPhone 6.
Most analysts expect the iPhone 6 Plus’s share to jump even more once the 5.5-in. smartphone goes on sale in the People’s Republic of China (PRC) on Oct. 17. Customers in mainland China can pre-order the iPhone 6 and 6 Plus from Apple’s online store starting Friday, Oct. 10.
While the iPhone 6 Plus is out of stock on Apple’s online market, some of the Cupertino, Calif. company’s brick-and-mortar stores have devices to sell, according to iStockNow.com, a website that tracks iPhone retail availability.
Database management firm Oracle has said that its new cloud service will match the price being offered by Amazon Web Services (AWS). Oracle confirmed the new competitive pricing strategy for its cloud offering at its OpenWorld conference.
Chairman Larry Ellison said Oracle’s cloud platform will “have the same pricing as Amazon or any other infrastructure provider.” He said the company’s new platform would include analytics, mobile, identity and social features.
Oracle’s switch to cloud services could also see the business improve efficiencies by running everything itself. Oracle’s cloud move has damaged the outfit’s bottom line, but Ellison’s successor as CEO, Safra Catz, believes the company is now in a good position to benefit from the migration.
“As the movement to the cloud grows, we expect this transition will affect our revenue to the positive,” she said. “These customers will essentially replace their software-support payments with a cloud subscription, which will mean substantially more revenue to Oracle.”
Oracle also introduced flash storage and data recovery products and its M7 microprocessor to speed up database software.
An intruder stole log-in credentials from the company’s vendor and used the credentials to remotely access the point-of-sale systems at some corporate and franchised locations between June 16 and Sept. 5, the company said.
The chain is the latest victim in a series of security breaches among retailers such as Target Corp, Michaels Stores Inc and Neiman Marcus.
Home Depot Inc said last week some 56 million payment cards were likely compromised in a cyberattack at its stores, suggesting the hacking attack at the home improvement chain was larger than the breach at Target Corp.
More than 12 of the affected Jimmy John’s stores are in Chicago area, according to a list disclosed by the company.
The breach has been contained and customers can use their cards at its stores, the privately held company said.
Jimmy John’s said it has hired forensic experts to assist with its investigation.
“Cards impacted by this event appear to be those swiped at the stores, and did not include those cards entered manually or online,” Jimmy John’s said.
The Champaign, Illinois-based company said stolen information may include the card number and in some cases the cardholder’s name, verification code, and/or the card’s expiration date.
The price for a standalone PlayStation TV (PS TV) is $99.99, the company wrote in a blog. For $139.99, customers can get a wireless controller, an 8 GB memory card and “The Lego Movie” videogame along with the PS TV.
Around 700 games will be available to PS TV users, including “Metal Gear Solid” and the franchise “Killzone: Mercenary”.
PS TV was released in Japan and other Asian countries under the name “PlayStation Vita TV” last fall. Sony is trying to expand its entertainment network services to compete against players like Amazon.com Inc.
Sony did not say when it will launch its online TV service.
The company signed a deal earlier this month to carry 22 Viacom Inc channels, including Comedy Central and MTV, on its planned online TV.
PlayStation boss Shaun Layden told tech blog Re/code in June the company was “on track” to unveil its product some time this year.
Sony’s web TV service will join the ranks of an already crowded market with devices from Apple Inc, Amazon.com Inc and Roku.
State and local officials in Ohio are attempting to woo Amazon.com Inc with tax breaks and other perks to convince the No. 1 U.S. online retailer to build a $1.1 billion data center in central Ohio and create 120 jobs, according to public records.
The records offer a rare look at the typically tight-lipped company’s growth plans for its popular cloud computing division, Amazon Web Services, founded in 2006. There are 10 AWS data centers, called regions within the company, around the world, including four in the United States, AWS said.
“We are constantly evaluating a long list of additional target countries and U.S. locations,” AWS said in a statement.
In late August, the Ohio Tax Credit Authority extended an estimated $81 million in tax breaks to an Amazon subsidiary called Vadata Inc, according to state filings.
In exchange for the tax deal, Amazon has committed to invest at least $1.1 billion over the next three years to build a data center. It will also create 120 jobs with an average salary of $80,208 by the end of 2018, according to the filing.
Separately, city officials in Dublin, Ohio, are also looking to transfer 68.7 acres of city-owned land to the company from 2015 until 2024 – worth $6.75 million – among other perks, according to city documents posted online.
The Columbus Dispatch newspaper reported that Dublin city officials are expected to vote on whether to proceed with the Amazon offer on Sept. 22.
The company has asked the Federal Communications Commission for permission to use two blocks of frequencies for the tests, which are scheduled to last about six months and begin in October. They will be conducted above an area of more than 1,400 square kilometers in the center of New Mexico to the east of Albuquerque.
“Google recently acquired Titan Aerospace, a firm that specializes in developing solar and electric unmanned aerial systems for high altitude, long endurance flights,” Google said in its application. “These systems may eventually be used to provide Internet connections in remote areas or help monitor environmental damage, such as oil spills or deforestation.”
Google said its application for temporary permission to make the transmissions was needed “for demonstration and testing of [REDACTED] in a carefully controlled environment.”
The FCC allows companies to redact certain portions of their applications when they might provide too much information to competitors.
In the application, Google said it wants to use two blocks of frequencies, one between 910MHz and 927MHz and one between 2.4GHz and 2.414GHz. Both are so-called “industrial, scientific and medical” (ISM) bands typically used for unlicensed operations.
The application has not yet been approved.
It’s the latest in a series of moves by the company to trial Internet delivery from the skies.
The company unveiled its ambitious Project Loon last year, which uses a series of high-altitude balloons that float in winds at about 20 kilometers (65,000 feet) above the Earth. The first experiments with Loon involved using a transmission system based on WiFi, but earlier this year the company began experimenting with LTE cellular transmissions in a test site in Nevada.
Google acquired Titan Aerospace in April this year for an undisclosed price.
The company said demand had outstripped supply of the new iPhone 6 and iPhone 6 Plus, which feature larger screens and longer battery life. Deliveries of pre-orders will begin on Friday and will continue through October.
Bumper first-day pre-orders point to first-weekend sales of up to 10 million units, analysts estimated.
“Assuming preorders are similar to the 40 percent of first weekend sales for the iPhone 5, this would imply iPhone 6/6Plus first weekend sales could be around 10 million,” Wells Fargo Securities analysts wrote in a note.
About 2 million pre-orders were received for the iPhone 5 in the first 24 hours after it went on sale in September 2012. Apple sold 5 million of these phones in the first weekend.
Apple sold 9 million iPhone 5Ss and 5Cs, which were launched last year, in the first three days in stores. The company did not reveal pre-order numbers for these phones.
Raymond James analysts said they expect sales of iPhone 6 and iPhone 6 Plus to top 9 million in the first weekend.
“Apple will be selling every iPhone it can make, at least through October. Because of this, the first weekend sales are typically more indicative of supply than demand,” they said.
The company routinely grapples with iPhone supply constraints, particularly in years that involve a smartphone re-design.
Apple’s website showed last week that the larger 5.5-inch “Plus” models displayed a wait time of up to a month. The 4.7-inch version was available for delivery on Sept. 19.
Janney Capital Markets analysts said the large number of pre-orders was due to “pent-up demand” for bigger iPhone screens.
The brokerage raised its sales estimate for the latest iPhones to 37.4 million units for the current quarter and 60 million for the quarter ended December.
The company said it was also exploring other options, including a sale or an investment, and liquidation as the last resort.
RadioShack, whose sales have been in free-fall since 2010 as it struggles to compete with internet retailers, said in a regulatory filing it was working with its lenders and landlords to restructure its debt and cut costs.
“It would surprise me if we got to Nov. 1 without a bankruptcy,” Wedbush Securities Inc analyst Michael Pachter told Reuters.
RadioShack shares, which are in danger of being delisted from the New York Stock Exchange, were up 2 percent at 95 cents in volatile early trading.
The company said same-store sales declined 20 percent in the latest quarter, while total sales plunged to their lowest in more than 20 years.
The company is being advised by a restructuring attorney at law firm Jones Day as it tries to strike a deal with creditors to close stores, two people close to the matter told Reuters on Wednesday.
RadioShack tried to close 1,100 stores this year, but reduced that number to 200 a year when lenders did not agree to the plans.
RadioShack’s landlords, however, may be open to mass store closures if they believe it will allow them to find new tenants more quickly than in a bankruptcy, a source close to the matter told Reuters.
David Tawil, president of hedge fund Maglan Capital that focuses on companies approaching bankruptcy, said he saw “major execution risks” to RadioShack’s recapitalization and turnaround efforts.
“I don’t think that the chances are great that RadioShack survives,” Tawil said, adding that the company’s credit default swaps were trading higher, pointing to market expectations of a near-term debt default.
The company ended the second quarter with $30.5 million in cash and $658.0 million in debt, which matures between 2018 and 2019.
The Fire Phone, which originally sold for $649 minus a contract commitment and for $199 with a two-year deal with AT&T, was marked down to $449 without a contract and 99 cents with one.
Amazon spun the dramatic price cut in the best possible light. “Fire is another example of the value Amazon delivers to customers,” said Ian Freed, vice president of Amazon Devices, in a statement Monday.
In fact, by all accounts, the Fire has done poorly. According to data mining done a month ago by ad network Chitika, Fire Phone usage grew only “incrementally” in the device’s first two months. By Aug. 14, Amazon’s phone accounted for just 0.02% of all smartphone-based ad impressions.
Chitika’s number was not a measurement of the number of devices in use, but of the online activity of Fire Phone users: The calculation was best described as “usage share.”
StatCounter, another metrics vendor that also tracks usage share, did not even list Fire Phone in its operating system data for the month of August.
In June, when Amazon CEO Jeff Bezos introduced the Fire Phone, most analysts slammed the pricing, saying that the online retailer needed to do more than simply mimic the competition.
“If the $199 on 2yr contract is all there is to Fire Phone pricing it will be a tough sell,” Carolina Milanesi, chief of research and head of U.S. business for Kantar WorldPanel Comtech, said on Twitter that day.
“Does the 99-cent price matter? Sure it does. But in the scheme of things, does it help? No, because you still have to have a contract,” Milanesi said in an interview today.
She pointed out that Apple, for example, gives away the iPhone 4S to customers who sign up for a two-year contract with a mobile carrier. The Fire Phone’s “unlocked” price of $449 is also identical to that of an off-contract iPhone 4S.
Amazon missed its chance to make a splash months ago, Milanesi argued. “This price then would have sent a different message,” she said. “It would have made a difference because at the time [mid-June] there was not a lot going on. But to do this the day before Apple announces its new iPhones, and right after Samsung showed off its Galaxy Note 4 and Note Edge?”
With transactions increasingly taking place on computers and mobile devices, retailers and banks are pouring resources into finding ways to make that experience as simple and easy as possible.
“It’s a digital tsunami,” said Eran Vanounou, chief executive of LivePerson Israel. “The big brands understand this big time. They understand they have to create a meaningful connection with consumers, not just a transaction.”
LivePerson, whose 8,000 plus clients include Bank of America and Home Depot, is headquartered in New York, though most operations are handled in Israel.
Its product, among other things, allows businesses to chat with customers and put together online campaigns. It also helps businesses “learn the behavior of online surfers”, Vanounou said, allowing them to better cater to their needs.
The company just finished four years of consecutive quarterly growth, he said. It posted second quarter revenue of $51.1 million, up from $43.2 million a year earlier. It also increased its 2014 outlook to $204-$207 million, from a previous $199-$204 million.
It had a $1.2 million quarterly net loss, compared to $1.8 million in 2013, which Vanounou said stemmed from a $50 million investment in an upgraded, browser-based platform the company is now launching.
“What you saw over the past year and a half, when our stock was up, down and again up now, although the company grew, it took and invested the money in building this platform. A huge investment,” he said.
Bitcoin is gaing greater acceptance at U.S. online merchants including Overstock.com and Expedia, as customers use a digital currency that just a few years ago was virtually unknown but is now showing some staying power.
Though sales paid for in bitcoin so far at vendors interviewed for this article have been a fraction of one percent, they expect that as acceptance grows, the online currency will one day be as ubiquitous as the internet.
“Bitcoin isn’t going anywhere; it’s here to stay,” said Michael Gulmann, vice president of global products at Expedia Inc. in Seattle, the largest online travel agent. “We want to be there from the beginning.” Expedia started accepting bitcoin payments for hotel bookings on July 11.
Until recently a niche alternative currency touted by a fervent group of followers, bitcoin has evolved into a software-based payment online system. Bitcoins are stored in a wallet with a unique identification number and companies like Coinbase and Blockchain can hold the currency for the user.
When buying an item from a merchant’s website, a customer simply clicks on the bitcoin option and a pop-in window appears where he can type in his wallet ID number.
Still, broad-based adoption of bitcoin is at least five years away because most consumers still prefer to use credit cards, analysts said.
“Bitcoin is a new way of making payments, but it’s not solving a problem that’s broken,” said George Peabody, payments consultant at Glenbrook Partners in Menlo Park, California. “Retail payments aren’t broken.”
There are also worries about bitcoin’s volatility: its price in U.S. dollars changes every day.
That risk is borne by the consumer and the bitcoin payment processor, such as Coinbase or Bitpay, not the retailer. The vendor doesn’t hold the bitcoin and is paid in U.S. dollars. As soon as a customer pays in bitcoin, the digital currency goes to the payment processor and the processor immediately pays the merchant, for a fee of less than 1 percent.
“We don’t have to deal with the actual holding of the bitcoin: it’s the payment processor that takes the currency risk for us,” said Bernie Han, chief operating officer at Dish Network Corp, in Englewood, Colorado. “That’s what makes it appealing for us and I guess for other merchants as well.”