Oracle climbs on blockchain bandwagon with new cloud service

 Oracle is working hard to be a SaaS vendor that matters, whether with its new autonomous database service or getting involved with blockchain. Today, the database giant announced a new blockchain service at Oracle OpenWorld that aims to give enterprise customers who want to get involved with the blockchain, a fully managed approach. “There are not a lot of production-ready… Read More

Oracle adds AI development service to platform offerings

 Oracle came late to the cloud and it’s been playing catch-up in recent years trying to add a wide range of services that customers are going to be demanding from a cloud vendor. To that end, the company added artificial intelligence as a service to its dance card today at Oracle OpenWorld. The company has been busy today with a flurry of announcements including a new autonomous database as… Read More

ServiceNow just bought a design firm because even enterprise apps have to look pretty

 ServiceNow is best known for helping large organizations organize field service and help desk activity. Today it bought design firm Telepathy because it knows that offering enterprise-class functionality isn’t enough anymore. Your applications have to look good too.
The company did not reveal the acquisition price
Telepathy is a design firm that was founded in 2001 in San Diego and… Read More

AWS fires back at Larry Ellison’s claims, saying it’s just Larry being Larry

 When Oracle chairman Larry Ellison announced his company’s new autonomous database product at the Oracle OpenWorld conference keynote, he took several minutes to disparage AWS, one of his chief rivals in the cloud market. As market leader, Amazon stands firmly in Ellison’s crosshairs, but AWS took exception to his comments, and decided to issue a public rebuke. Read More

Truphone raises $339M to retire debt and step up in connecting IoT devices

 Truphone, a mobile company based out of London that made a name for itself through low-cost international mobile voice and data plans, is taking a very big step forward in a strategy to catapult itself into the future of communications: the company has picked up a massive £255 million ($339 million), funding that it will use to retire its debt and double down on providing data connectivity… Read More

Investors place $25M on AtScale to get the big picture of big data

 AtScale, a four-year old startup that helps companies get a big-picture view of their big data inside their BI tools, announced a $25 million Series C investment today. The round was led by Atlantic Bridge with participation from new investors Wells Fargo and Industry Ventures along with returning investors Storm Ventures, UMC, Comcast and XSeed Capital. With today’s investment, the… Read More

Car Tracking Device Company Had Its Passwords Leaked

We’ve seen a lot of hacking attacks so far this year, but the successful breach of SVR Tracking may take the prize as the most invasive attack of 2017.

If you’re not familiar with the company, SVR Tracking provides a vehicle tracking service. This is accomplished by mounting a small, unobtrusive device on your car in an area where an unauthorized driver is unlikely to notice or look.

Once the device is attached, it reports the vehicle’s location back to the app database in two-minute intervals when the vehicle is in motion, and in four-hour intervals when the vehicle is stationary. One-hundred and twenty days of vehicle location information is available to anyone with the proper login credentials.

On September 18, researchers from Kromtech Security Center discovered files in an unsecured Amazon S3 bucket containing login credentials for more than half a million SVR Tracking accounts. Note that the total number of vehicles this could impact is likely far higher than half a million, because the app is frequently used by companies that manage entire fleets of vehicles, so one account may have dozens (or more) vehicles associated with it.

The exposed files contained account names, passwords, vehicle maintenance reports, dealer contracts and more.

There are two primary ways that a hacker could profit from this information. First and most obvious is that if you know exactly where a vehicle is, and when it’s likely to be sitting idle for hours at a time, then it’s incredibly easy to steal it.

Second, and less obvious, is that knowing where a vehicle goes allows hackers to build a detailed profile about the person driving the car, which can be used to provide better email targeting for attacks down the road.

In any case, the offending files have now been removed and the server locked down, but there’s no way of knowing how many unauthorized people accessed those files while they were publicly visible. If you use the SVR Tracking app, just to be safe, you should change your password immediately.

Used with permission from Article Aggregator