The UK Government isn’t doing enough to warn about the risks of cybercrime on a mass level, security firm Kaspersky has claimed.
Speaking at a company roundtable event at the firm’s European hub in London on Thursday, Kaspersky security researcher David Emm said isn’t doing as much as it could be to educate people about cyber security.
“I’d like to see the government doing more to get the message out to mainstream citizens and individuals because that’s the bone in which the industry is growing; the individuals with ideas,” Emm said
“If you look at it, the recent Cyber Street Wise campaign aside, I don’t think the government is doing very much in terms of mainstream messaging and I would certainly like to see it do more.”
Emm used the example of major UK marketing campaigns promoting the dangers of drink driving as an ideal model because they have been drilled into us over the years.
“As parents, we’ve this body of common sense, such as drinks driving, and it’s drip, drip, drip, over the years that has achieved that and I think we need to get to a point where we have some body of online common sense in which business people can draw upon; there’s definitely a role for education.”
Barclay’s bank, which was also present at the roundtable, agreed with Emm.
“The government really needs to recognise this is a serious issue – if you’re bright enough to set up your own business, you’re bright enough to protect yourself,” added the firm’s MD of fraud prevention Alex Grant.
Emm concluded by saying that the government’s Cyber Street Wise campaign that was launched in January was good enough to make people aware of the risks of cybercrime in the metropolitan areas. However, he said he’d like to see the government focus more on regional areas as people in sparsely populated areas weren’t as aware of it.
Kaspersky’s roundtable took place as part of the firm’s launch of a report that found small businesses in the UK are “woefully unprepared” for an IT security breach, despite relying increasingly on mobile devices and storing critical information on computers.
The study found that nearly a third, or 31 percent, of small businesses would not know what to do if they had an IT security breach tomorrow, with four in ten saying that they would struggle to recover all data lost and a quarter admitting they would be unable to recover any.
Quantum Break is said to feature television segments that will be part of the main game with players unlocking new segments at the end of some gameplay segments. The live action television segments can we watched right away or they can be viewed later on mobile devices such as a smart phone or tablet.
The run here is that originally we assumed that these live action segments to be integrated with the game were being produced by Remedy, but word is now that this may not actually be the case and that the Microsoft Xbox Entertainment Studios division might actually be responsible for delivering this content.
So far, no one at Microsoft or Remedy will confirm what if any the impact of closing Xbox Entertainment Studios may have on the Quantum Break project if any. Sources we have spoken with seem to think that the recording of all of this live action segments is already done and finished. So there is nothing to worry about, but other think that it will be difficult to scrap Quantum Break this far into the development, but a redesign that does not use the television segments might be likely.
The company looked at the top 50 free apps in Google’s Play Store and then searched Google’s app store and others to see if fake versions existed. It found fake versions existed for 77 percent of the apps. The fake apps are often made to look like the real ones and have the same functions, but carry a dangerous extra payload.
“We’ve been tracking the activity of malicious or high-risk apps for nearly five years,” said JD Sherry, vice president of technology and solutions at Trend Micro. “The potential for people to slip things past the gate and appear legitimate is much easier.”
Tokyo-based Trend Micro, which makes antivirus and antimalware software that guard against such risks, said it cataloged 890,482 fake apps in a survey conducted in April this year. More than half were judged to be malicious of which 59,185 were aggressive adware and 394,263 were malware.
The most common type of fake app purports to be antivirus software — targeting users who think they are protecting themselves from such problems. In some cases, the apps ask users to approve administrator privileges, which allow the app wider access to the phone’s software and data and make it more difficult to remove.
While many of the fake apps exist on forums or third-party app stores where security is either weaker than Google’s Play Store or nonexistent, fake apps can also invade the official Google store.
“A more recent example of a rogue antivirus app known as “Virus Shield” received a 4.7-star rating after being downloaded more than 10,000 times, mostly with the aid of bots,” Trend Micro said in its report.
Cheekily, scammers charged $3.99 for the fake app, which promised to prevent harmful apps from being installed. It was removed by Google after a few days, but not before it fooled thousands of users and even became a “top new paid app” in the Play Store. Trend said it was “perplexing” how the app achieved “top” status.
Attackers sometimes play on hype for apps.
When the “Flappy Bird” game was taken off the Play Store, fake versions appeared, some of which sent premium text messages. And before BlackBerry released its BBM messenger app for Android, a number of fake versions appeared that were downloaded more than 100,000 times.
Trend Micro’s report was published on the same day Google said it had formed a security team to go after so-called “zero-day” exploits in software that allow attackers to target users before software companies issue patches.
Sherry said he thought Google’s announcement was “ironic” considering the large number of problems Trend Micro found in Google’s own backyard.
To hear the likes of Electronic Arts and Gameloft tell it, premium apps are all but a relic of the past, the obsolete progenitor to mobile’s free-to-play future. But some smaller developers have found that future isn’t all it’s made out to be, and have been finding more success back on the premium side of the fence.
Kitfox Games and Double Stallion, two Montreal studios from Jason Della Rocca’s Execution Labs incubator, launched Shattered Planet and Big Action Mega Fight, respectively, on mobile in the last year. However, both titles struggled to rake in revenue, and the studios have since released more successful premium versions of the two. Kitfox’s Tanya X. Short and Double Stallion’s Nicolas Barrière-Kucharski spoke with GamesIndustry International this week to discuss their forays into free-to-play, and why more traditional business models worked better for them.
In Double Stallion’s case, part of the problem was that Big Action Mega Fight proved an awkward fit for the free-to-play format.
“We picked a genre, fighting, that was very content-driven,” Barrière-Kucharski said. “It was really very arduous to keep up and engage the audience with new levels, new enemies, and new types of content. We couldn’t compete at our size and budget with other, more established free-to-play studios and games.”
Beyond that, the genre may have been a poor fit for the audience. Barrière-Kucharski said that the people who would appreciate Big Action Mega Fight’s skill-based gameplay and faithful take on the beat-’em-up genre simply weren’t the same people interested in free-to-play games.
“I think the overlap between audiences was just too small to sustain a thriving community around the game,” Barrière-Kucharski said.
With Shattered Planet, Short said genre wasn’t a problem. She thinks the games-as-a-service model is actually a perfect fit for roguelikes like Shattered Planet, where a few new items and systems can exponentially increase the potential content for players to experience. However, Shattered Planet still didn’t fit the free-to-play mold for a few reasons.
“Free-to-play is not always suitable to single-player games,” Short said. “I think it’s best suited to multiplayer games in which it being free is actually of value to players because they can have more people to play with. That’s one philosophy we’ve developed, that if we ever do free-to-play again, we would only do it for multiplayer.”
On top of that, Shattered Planet was designed to be a tough game for players. But Short said in the free-to-play business model, difficulty can be “a dangerous thing.”
“We made a difficult game, and the fact that it was free made people suspicious, and rightfully so,” Short said. “I think they had every right to be a little bit paranoid about why the game was difficult. And in a business model where difficulty generally does often make people spend more, I think a designer’s hands are tied as to how and when a game can be difficult and when it’s ethical. So we felt a lot more comfortable about making a premium game, and me as the designer, I was happier because we could say sincerely that it’s exactly as difficult as we wanted it to be and you can’t say it was greedy or whatever.
Both games have found more success since they were released as premium versions. Big Action Mega Fight was re-launched last month as a $3 app ($2 during a first-week sale); those who downloaded the free-to-play version received the upgrade to the premium version as a free title update. Even though the free version of the game was downloaded about 400,000 times, Barrière-Kucharski said the revenues from Big Action Mega Fight’s first week as a paid app topped the total lifetime income from the free-to-play version since its November debut. To date the company has sold about 3,600 copies of Big Action Mega Fight on iOS, Android, Amazon Fire, and Ouya.
Kitfox took a different approach to premium the switch, continuing to run the free-to-play Shattered Planet mobile app alone, but also releasing a premium PC version on Steam with a $15 price tag and no monetization beyond that. The results were similarly positive, as Short said the studio made as much on Steam in one day as it had on mobile in two months. In its first week, Shattered Planet sold 2,500 copies on Steam. Short is happy to see the game bringing in more money, but she confessed to being a little bit torn on the trade-off it required.
“It really was great seeing that we had 300,000 downloads on mobile,” Short said. “We had 300,000 people play Shattered Planet on iOS and Android, and that’s amazing. Sure, it looks like we’re going to make two to five to 10 times more money on Steam, but it’s only going to be 1 percent of the amount of people that could see it if we tried to release it free, in theory… It’s a little bit sad that you monetize better with fewer people. When you’re trying to get your brand and your name out there, it is sad we couldn’t have another few hundred thousand people.”
Beyond the trade-off of settling for a smaller but more supportive audience, Kitfox has encountered some negative effects of releasing Shattered Planet as a free-to-play mobile title and then as a PC premium game.
“For us, a lot of people remained skeptical of the quality of the game if they knew the mobile version existed,” Short said. “I don’t think that really has that much to do with free-to-play and more to do with platform snobbery. It’s just kind of a general feeling of console and PC gamers that if a game was ever on mobile, it couldn’t possibly be as feature-rich or as deep, as strategic or anything like that.”
On top of that, there was some customer confusion over the game and its business model. Short said the game’s forums on Steam had some angry users saying they wouldn’t buy the game because it had in-app purchases (which it didn’t). Although the developers were able to post in the threads and clear things up, that sort of inconsistency has convinced them that if they ever do return to mobile platforms, they will stick to a free demo or companion app rather than something monetized.
“It’s just so dominated by giant players,” Short said of the mobile scene. “It’s such a completely different market that I think you really have to focus on it, and that’s not my team’s expertise. For us, we’re definitely going to be focus on PC and console; I think that’s where our talents are.”
Barrière-Kucharski agreed, saying that even if a niche audience is willing to pay for a certain experience, there just aren’t good ways for developers to connect to that audience.
“It’s really hard to be found or be discovered by players,” Barrière-Kucharski said. “I’m really looking forward to all the curation issues that are going to be tackled in the next year or so on iOS 8 and the Steam Greenlight update.”
But even if those initiatives follow through on their promises of improving discoverability, Barrière-Kucharski worries that the problem could still get worse as the gains made won’t be enough to offset the flood of new developers entering the field. Short also saw discoverability as a key problem facing developers right now, but stressed that finding a solution is in the best interests of the platform holders.
“Whatever platform figures out discoverability first will have a huge advantage because there are these thousands of developers that as soon as they hear there is any discoverability, that’s where they’re going to flood for sure,” Short said. “So it is almost a race at the moment between Steam and Apple and Google.”
Since its introduction, Google’s social network has required that people use their real names in Google+ profiles, as part of an effort to help other people find them through the service.
“You need to provide both your first and last name for your Google+ profile,” the guidelines said. One could be an initial, but not both.
While that may have been a good idea for some, Google conceded Tuesday that it has also excluded people who don’t want to use their real name.
Google’s policy of trying to tie YouTube users’ accounts to their Google+ accounts has also sparked criticism among people who want to leave YouTube comments, or otherwise use the service, more anonymously.
For those reasons and others, Google said Tuesday that on Google+ there were no longer restrictions on the names people could use.
“We know you’ve been calling for this change for a while,” the company said in a blog post. The names policy has led to “unnecessarily difficult experiences” for some users, Google said, adding, “for this we apologize.”
In online comments on the Google+ page, people applauded the change. Others said it was too little, too late, or questioned whether it would lead to more spamming or cyberbullying behind the cloak of a fake name.
“Translation: It’s safe to come out and play again comment trolls,” one person wrote.
To clean up YouTube comments, Google overhauled the commenting system last year, to push “better quality” comments higher up. But shortly after making the changes, Google reported an increase in spam.
The announcement, just days before IBM releases its second quarter earnings, comes as the company attempts to shift its focus to software and services as its hardware unit continues to slump, and follows a string of mobile software acquisitions. The company hopes software sales will contribute half of its total profit by 2015.
The company will release more than 100 apps targeting industry specific issues in retail, healthcare, banking, travel, transportation and telecommunications IBM said on Tuesday.
“We wanted to focus on creating an absolutely irresistible workflow and processes and a design of apps that can be used by every user in the organization,” Bridget van Kralingen, IBM’s senior vice president of global business services told Reuters from Apple headquarters in Cupertino, California.
“We wanted to remove some of the existing barriers of mobile in enterprise,” she said adding that chief information officers worry about security, utilizing cloud and installing apps in mobile devices.
The partnership, which was six months in the making, will offer services geared at security, mobile device management and big data and analytics. The company also plans to develop cloud services optimized for Apple’s mobile operating system, iOS. The devices will operate through wireless carriers chosen by the client, she said.
BlackBerry Ltd shares were down 3 percent following the announcement. The Canadian smartphone maker has increasingly targeted its secure software at businesses as part of an effort to turn the company around after losing ground to Apple’s iPhone and Samsung Electronics Co.
Apple and Samsung have steadily expanded their share of the mobile enterprise market in recent years, mostly at Blackberry’s expense, while Microsoft Windows phones have made little headway.
Increasingly, Apple’s expansion has been driven by employees bringing in their own devices and requesting corporate support, the so-called bring-your-own-IT trend.
Hooking up with IBM may help address lingering concerns about smartphone software security and data privacy, in the form of a veteran partner that’s led in enterprise IT for decades.
“This deal is a very targeted attempt by Apple with the help from IBM to focus on the enterprise, corporate market which has really been the main business of Blackberry,” said Tim Ghriskey, chief investment officer at Solaris Group in Bedford Hills, New York.
Started by a group of Google security researchers with the mission of ridding the world of security dangers such as zero-day attacks, Project Zero will hire “the best practically-minded security researchers”, Google said, promising to contribute all of their time “toward improving security across the internet”.
The group was put together after certain Googlers started spending “some of their time on research that makes the internet safer, leading to the discovery of bugs like Heartbleed,” said Google researcher Chris Evans in a blog post.
“We’re not placing any particular bounds on this project and will work to improve the security of any software depended upon by large numbers of people, paying careful attention to the techniques, targets and motivations of attackers,” Evans explained. “We’ll use standard approaches such as locating and reporting large numbers of vulnerabilities.”
Evans said that Project Zero will also conduct new research into mitigations, exploitation, program analysis, and anything else that the researchers decide is a worthwhile investment.
The Googlers at Project Zero will commit to doing their work transparently, with every bug discovered being filed in an external database. They will also report bugs only to the software’s vendor and no third parties.
“Once the bug report becomes public, typically once a patch is available, you’ll be able to monitor vendor time-to-fix performance, see any discussion about exploitability, and view historical exploits and crash traces,” Evans said. “We also commit to sending bug reports to vendors in as close to real-time as possible, and to working with them to get fixes to users in a reasonable time.”
Not to long before the announcement of Project Zero on Tuesday, Google came under fire from European Union courts, which have forced the firm to forget certain people’s irrelevant or outdated online histories. Within days of the court order going into effect, EU citizens were begging Google to have their pasts expunged, at the rate of 10,000 requests per day.
However, it has since emerged that the buried webpages haven’t been technically disabled, nor have they been erased, security Firm Sophos reports.
“Regardless of what the directive is being called, courts technically didn’t grant Europeans the right to be forgotten. Rather, it gave them the right to be relatively obscured, by having eligible pages flagged so they don’t show up in search results,” said Sophos in a blog post.
“The data is still out there. And now, a newly launched site is archiving the forcibly de-indexed pages, in the name of opening up to the internet as a whole the discussion regarding what should or should not be ‘forgotten’.”
Seagate has taken the the wraps off its first major foray into the NAS market.
The Seagate NAS and NAS Pro range will be marketed towards the growing number of small businesses, including SOHO, prosumer and startups. The basic Seagate NAS range has been designed for businesses of up to 25 people with the NAS Pro range targetting the up-to-50-staff market.
All aspects of the new products are created in-house including the new Linux based NAS OS 4, which Seagate’s Northern European Sales Director Edouard Doutriaux told The INQUIRER is aimed at giving customers “a premium experience without the need for the knowledge of a specialist IT department”.
The simple, flat interface minimises jargon but contains all the functionality of rival offerings including iSCiSi interfacing, RAID array and data encryption. In addition, a dedicated “SDrive” offers instant mapping of the NAS within a terminal’s Windows environment.
SDrive is also available for Windows, iOS and Blackberry from launch. Where drives are supplied, they will be dedicated Seagate NAS HDD drives, but Seagate’s SimplyRAID feature also supports mixed capacity drives without downtime.
NAS units are available in two and four bay editions, with a six bay edition added for Seagate NAS Pro. Capacities range from 2TB (2x1TB) for the basic NAS version up to 30TB (6x5GB) for NAS Pro, with diskless editions also offered. All editions share the same NAS OS 4 operating system.
Prices start a to $135 for a diskless standard edition and range up to $2000 for the 30TB pro version. All are available from Seagate now, with resellers coming online soon.
Earlier this year Seagate announced the “world’s fastest” 6TB hard drive, as well as a 2TB wireless portable hard drive.
TrapX says infected scanners made by an unnamed Chinese manufacturer located in Shandong province have been sold to eight unnamed firms including a large robotics company. The manufacturer denied knowledge that its scanners and website-hosted software were infected.
Sixteen of the 48 scanners deployed at one firm were infected, TrapX found. They all successfully sought out and compromised host names containing the word finance and siphoning off the logistical and financial data. The report Anatomy of the Attack: Zombie Zero said:
“Exfiltration of all financial data and ERP data was achieved, providing the attacker complete situational awareness and visibility into the logistic/shipping company’s worldwide operations,”.
TrapX suspected the attacks dubbed Zombie Zero were backed by the Chinese government and were a bid to gain intelligence on either logistics firms or their customers.
There’s a popular narrative about Japan’s game development industry: it’s an industry in trouble, lagging behind the West and running out of ideas. If any Japanese developer wants to get themselves splashed into the headlines, all they need do is trot out a soundbite disparaging their own industry; in a world of click bait headlines, the fall of Japanese development is a sure-fire winner. The apparent decline of Japan’s game developers is linked to a secondary narrative as well, namely the decline of Japan’s internal market for videogames. Once the undisputed gaming capital of the world, Japan seems to be falling out of love with the pastime – at least on consoles, and at least according to some rather unusual readings of the data.
There’s a nugget of truth to both of these stories; just enough to make them worth considering, yet certainly not enough to prevent the majority of reporting and discussion on them from being a torrent of absolute nonsense. Japanese game development is somewhat troubled, but it’s troubled by exactly the same factors that are giving sleepless nights to Western game developers – skyrocketing AAA budgets, new business models, a diversification of platforms and the globalisation of the audience. Japanese development studios remain perfectly capable of making superb games that delight their fans; their problem, just as everywhere else, is figuring out how to make money from those games in a new world where profitability escapes everything but the million-selling megahit.
That links back to the second narrative; Japan is falling out of love with games. On the surface, it’s hard to see this alleged decline. The country’s arcades may not be what they once were, but they’re still far more numerous and spacious, not to mention well-attended, than any such establishments in the west. Dedicated videogame stores remain a fixture of shopping districts, while every large electronics store (and there are plenty of those, dominating most city centre areas) has a large videogames section – a stark contrast with, for example, central London, where actually going out and buying a videogame in a shop is an increasingly difficult task. Food courts and fast-food joints still play host to groups of children and teenagers engaged in the likes of Pokemon and Monster Hunter, and a trip outside in an urban area with a 3DS in your pocket will bag a full complement of Street Pass hits in no time flat.
Where’s the decline, then? Well, as figures released earlier this week by Japanese magazine publisher and industry data agency Enterbrain confirm, it’s not actually a decline so much as a stagnation. Enterbrain’s report, widely reported online after being translated in part by Kantan Games’ boss Serkan Toto on the company’s blog, showed that combined hardware and software sales in the first half of 2014 were almost exactly the same as the first half of 2013 – showing growth of just 0.1%. Toto’s entirely reasonable point was that this is much, much lower growth than Japan’s booming smartphone game market, yet this seems to have been picked up by many outlets as further confirmation of a Japanese gaming decline and specifically of a failure to ignite interest in the PS4.
Let’s be clear – the Japanese smartphone game market is in extraordinarily rude health. Revenues from mobile games, by some measures, surpassed packaged game revenue about three years ago and haven’t looked back since. For every person you see playing a 3DS or a Vita (the latter, I note, becoming vastly more commonplace on trains in recent months), you see dozens engrossed in mobile games. Puzzle & Dragons remains the clear favourite, but a trip on a busy Tokyo commuter line will turn up any number of different games gracing the ubiquitous smartphones. The industry’s revenues are clear to see, too; the vast majority of expensive marketing campaigns for games here are for mobile games, not console titles. Only last week I walked onto a train carriage on the phenomenally busy Yamanote loop line in central Tokyo to find that every advertising space in the carriage was full of Clash of Clans marketing; the huge billboard near my apartment, meanwhile, alternates fortnightly between ads for hopeful Puzzle & Dragons clones and ads for new singles by terrible boybands. There’s a huge amount of cash flowing through mobile games in Japan right now, and from a business perspective, that makes it a more interesting (if vastly more challenging) space than the console market.
Yet that doesn’t change the slowdown of Japan’s console market into a “decline” or a “crisis”. We all know that Japan has been ahead of the curve in terms of the adoption of videogames since the 1980s. 30 years down the line, is it surprising that it has hit a plateau? Gaming as a whole – including mobile, browser and online gaming – continues to grow at a massive rate, but in Japan at least, the console space has reached a point where there simply isn’t much new market to conquer. That may change in future as new devices open up new audiences, but console games as they stand don’t seem to have much further to go in Japan. That doesn’t make them a bad business. It means that if you want to make huge bucks and impress shareholders with your growth figures, you probably want to place your investments elsewhere – but if you want to make great games and make money selling them, a mature, stable market is no worse a place to do that than a growing one.
Moreover, when you consider the underlying factors in Japan’s economy, maintaining a steady market size is actually quite impressive. Japan’s population peaked in 2008 and has slowly declined since then; the most rapid decline being the proportion of young people (the most avid consumers of videogames). So this is a market with less “core” consumers of videogames than before; moreover, a series of ill-targeted reforms and a few decades of economic slump have meant that a very large proportion of those young people are trapped in low-paying work with no job security. Furthermore, Japan’s prices have been in slow but steady decline since the early 1990s. Yes, unlike most western economies, Japanese prices aren’t slowly rising due to inflation – rather, they’re falling due to deflation. This has supposedly been reversed in the past 12 months or so, with tiny inflation figures finally showing up, but most of the change so far has been down to a sharp rise in energy costs (a consequence of expensive imported fuels replacing Japan’s still-offline nuclear power plants) and it generally hasn’t been reflected in consumer goods.
One other economic factor has been mentioned by a handful of writers this week. They pointed out that Japan’s consumption tax went up from 5 per cent to 8 per cent in April, in the middle of this reporting period; if that 3 per cent hike were included in Enterbrain’s figures, it would mean industry revenues actually fell. However, to my knowledge Enterbrain’s numbers are based on pre-tax figures, much as US market data is, and thus the consumption tax rise isn’t a factor – except in that it would have been expected to push videogame sales down, thus making the rise slightly more impressive.
In short – Japan has less consumers for games and it’s charging less for things than it used to. Under those circumstances, a market which was performing precisely as well this year as it did last year would be expected to show a modest decline. Just staying still would mean you’d actually grown by a few percent in relative to offset the underlying audience decline and price deflation. Growing by 0.1% in Japan is comparable to growing by a couple of percent in the USA or much of Europe, where population is still generally growing and prices are being inflated, not deflated.
These factors don’t combine to mean that Japan is magically showing strong growth in defiance of the figures, but they are important to understanding what the figures mean. Japan’s “decline” is more like stagnation, and in the past year, even that stagnation has showed a positive trend. The market for consoles and games remains big and pretty healthy even as the market for smartphone games shoots through the roof; both of them clearly have an important place in the future of the country’s games industry.
As for the supposedly “disappointing” impact of the PlayStation 4? There’s no doubt that the performance of the console has slowed down significantly since a very strong launch, but it’s worth noting that sales of hardware were actually up nearly 7% year-on-year, with the PS4 and the resurgent Vita picking up slack from slower sales of the 3DS. PS4′s software line-up in Japan is still largely composed of western titles with limited appeal to the local audience, and the console probably won’t pick up significantly until more local software is available later this year – it’s notable that the PS Vita’s success in the first half of 2014 is largely attributable to the sudden arrival of software titles that match local tastes, and not (as some commentators would have it) to an upsurge of interest in PS4 Remote Play functionality. Overall, PS4 in Japan continues to perform as you’d expect for a new console with limited software – a great launch, followed by slow but steady sales while it awaits new software to spark purchases from new audiences. It’s done well, but it hasn’t “rescued” the Japanese market; but then again, if you take the time to understand the figures, it should be pretty clear that the Japanese market doesn’t actually need rescuing.
Oracle announced plans to release 115 security patches for vulnerabilities affecting a vast number of its products, including its flagship database, Java SE, Fusion Middleware and business applications.
The update includes fixes for 20 weaknesses in Java SE, all of which can be exploited by an attacker remotely, without the need for login credentials, Oracle said in an announcement prior to Tuesday’s patch release.
Some 29 fixes are for Oracle’s Fusion Middleware suite, with 27 able to be exploited over a network without the need for authentication. Affected middleware components include BI Publisher, GlassFish Server, HTTP Server, JDeveloper, WebCenter Portal and WebLogic Server.
Six other patches are for Oracle’s database. Two of the vulnerabilities can be exploited remotely without login credentials.
Another seven patches target Hyperion, one of Oracle’s BI (business intelligence) products.
The update also includes fixes for security weaknesses in a range of Oracle applications, including E-Business Suite, Siebel CRM, PeopleSoft, Oracle Retail Applications and Primavera.
Oracle Virtualization will get 15 fixes, eight of which target vulnerabilities that can be exploited over the Internet without login credentials.
Finally, some 10 fixes will ship for MySQL. None of the related vulnerabilities can be attacked remotely without authentication.
Oracle releases patches on a quarterly basis. The last update, in April, delivered 104 fixes.
The Gameover Zeus malware, which recently was the focus of a high profile takedown operation, has returned in the form of an evolved campaign sending out malicious spam messages.
The evolved campaign was spotted by Malcovery Security, who reported its findings after noticing a number of malicious spam messages masquerading as legitimate emails from banks.
“Today Malcovery’s analysts identified a new trojan based heavily on the Gameover Zeus binary, the firm’s blog post read. “It was distributed as the attachment to three spam email templates, utilizing the simplest method of infection through which this trojan is deployed.”
Malcovery Security said that it saw spam messages from 9:06am to 9:55am claiming to be from Natwest, with the longest lasting of the spam campaigns imitating M&T Bank, with a subject of “E100 MTB ACH Monitor Event Notification”. This campaign is still ongoing, the firm said.
The end goals of the attacks reportedly are to steal financial information from the victim. However, Malcovery reported the new Gameover Zeus botnet has a more robust infrastructure that makes it even more difficult to combat than the previous iteration.
“The malware seems to have traded its Peer to Peer Infrastructure for a new Fast Flux hosted command and control (C&C) strategy,” the post said.
“This discovery indicates that the criminals responsible for Gameover’s distribution do not intend to give up on this botnet even after suffering one of the most expansive botnet takeovers/takedowns in history.”
The comeback of the botnet follows a global takedown operation to stop Gameover Zeus in its tracks. Law enforcement agencies across the globe, including the UK National Crime Agency (NCA), temporarily shut down the Gameover Zeus botnet, which was estimated to have enslaved between 500,000 to one million computers at its peak in June.
The NCA announced that an international operation had temporarily weakened the global network of infected computers, providing a particularly strong two-week opportunity for members of the public to rid themselves of the malware and help prevent future infections.
However, later in the same month, the UK National Crime Agency (NCA) warned users to lock down their systems to protect against Gameover Zeus as well as the Cryptolocker malware variants and said that UK computer users still had time to protect themselves from the malware threats, saying that although the number of infections had decreased, users were still vulnerable to infection.
In its forecast for the second quarter, Gartner said that revenue is expected to reach $336bn this year, up 6.7 percent from the same quarter last year. The growth has surpassed analysts’ earlier expectations, up from the previous quarter’s forecast of 5.4 percent growth.
The growing trend is particularly evident in companies such as foundry leader TSMC, Gartner explained, which is expecting a sequential growth in the second quarter of this year by over 20 percent.
But, according to Gartner, DRAM is responsible for the growth and in the chip market this year is expected to lead with a 18.8 percent annual growth. This is because DRAM pricing remains firm, and coupled with growth in key system markets, this is helping propel the DRAM market to an estimated $41bn in 2014.
“Other areas are also doing well, including analog, field programmable gate arrays (FPGAs), application-specific integrated circuit (ASICs), and non optical sensors,” said Gartner VP of research Bryan Lewis. “ASICs are driven by Apple, with strong sales of its iPhone expected in the second half of 2014. ASICs will also benefit from the strong ramp of the latest video game console generation, particularly the Sony PS4 and Microsoft Xbox One.”
However, the analyst outfit said memory is a “feast-and-famine” market due to big supply and demand cycles, and it predicted that the next big memory oversupply downturn to hit in 2016, weakening overall semiconductor growth.
However, Lewis claimed that overall semiconductor growth is widespread, with the non-memory segment growing 5.2 percent in 2014, compared with only 0.8 percent the year before. Smartphones and “ultramobile” devices, including tablets, are the growth areas from a system point of view, Gartner added.
On Monday, Gartner reported that the PC market – which it counts as desktops, notebooks and “premium ultramobile devices” – will surge by over five percent this year. However, it will still be in negative figures, increasing from minus 9.5 percent in 2013 to minus 2.9 percent in 2014.
However, Gartner said that the traditional PC market, which consists of desktop and notebooks only, will still be in decline and follow the same downward trend, on pace to contract 6.7 percent in 2014 and 5.3 percent in 2015.
As many as 50,000 Facebook accounts were affected, and as many as 250,000 computers worldwide, primarily in Greece, Poland, Norway, India, Portugal and the U.S., according to a blog post on Tuesday from Facebook’s Threat Infrastructure team.
The social networking site described the difficulties in shutting down the botnet, whose creators taunted Facebook through messages left on servers that were part of its network.
Those behind Lecpetex launched at least 20 spam campaigns between December 2013 and last month, affecting Facebook and other online services. Some of the victims received private messages containing a “.zip” attachment containing a Java JAR file or Visual Basic script.
Those files, if executed, would then retrieve other malware modules stored on remote sites. The modules were either DarkComet, a widely used remote access tool that can harvest login credentials, or variants of software that mines the virtual currency Litecoin, the team wrote.
By frequently refreshing and changing the malicious attachments, Lecpetex defeated Facebook’s filters designed to stop such malware from being distributed. The malware would also automatically update itself to evade antivirus products.
“The operators put significant effort into evading our attachment scanning services by creating many variations of the malformed zip files that would open properly in Windows, but would cause various scanning techniques to fail,” the team wrote.
Facebook said it reached out to other infrastructure providers and law enforcement when it realized security software wasn’t alone going to foil Lecpetex.
“Ultimately, remediating a threat like Lecpetex requires a combination of technical analysis capabilities, industry collaboration, agility in deploying new countermeasures and law enforcement cooperation,” it wrote.
The creators of Lecpetex eventually caught on to Facebook’s efforts. In May, they started leaving notes on command-and-control servers they knew Facebook was investigating, playfully saying they weren’t involved in fraud.
“These changes suggested to us that the authors were feeling the impact of our efforts,” Facebook wrote.
Another critical security flaw has been found for Adobe’s Flash plug-in. Google Engineer Michele Spagnuolo has written an exploit tool, called “Rosetta Flash” which allows hackers to steal your cookies and other data using malicious Flash .SWF files.
The flaw has been known about since Adam was a boy, had been left unfixed until now as nobody had found a way to harness it for evil. Twitter, Microsoft, Google and Instagram have already patched their sites, but beware of others that may still be vulnerable.
Adobe now has a fix, and if you use Chrome or Internet Explorer 10 or 11, your browser should automatically update soon with the latest versions of Flash, 188.8.131.52. However, if you have a browser like Firefox, you may want to grab the latest Flash version from Adobe directly. Just be careful, that Adobe does not stuff up your computer with its god awful McAfee plug-in.
Apps like Tweetdeck or Pandora will need to update Adobe AIR — that should happen automatically.