Google brings IBM Power Systems to its cloud

As Google Cloud looks to convince more enterprises to move to its platform, it needs to be able to give businesses an onramp for their existing legacy infrastructure and workloads that they can’t easily replace or move to the cloud. A lot of those workloads run on IBM Power Systems with their Power processors, and, until now, IBM was essentially the only vendor that offered cloud-based Power systems. Now, however, Google is also getting into this game by partnering with IBM to launch IBM Power Systems on Google Cloud.

“Enterprises looking to the cloud to modernize their existing infrastructure and streamline their business processes have many options,” writes Kevin Ichhpurani, Google Cloud’s corporate VP for its global ecosystem, in today’s announcement. “At one end of the spectrum, some organizations are re-platforming entire legacy systems to adopt the cloud. Many others, however, want to continue leveraging their existing infrastructure while still benefiting from the cloud’s flexible consumption model, scalability, and new advancements in areas like artificial intelligence, machine learning, and analytics.”

Power Systems support obviously fits in well here, given that many companies use them for mission-critical workloads based on SAP and Oracle applications and databases. With this, they can take those workloads and slowly move them to the cloud, without having to re-engineer their applications and infrastructure. Power Systems on Google Cloud is obviously integrated with Google’s services and billing tools.

This is very much an enterprise offering, without a published pricing sheet. Chances are, given the cost of a Power-based server, you’re not looking at a bargain, per-minute price here.

Because IBM has its own cloud offering, it’s a bit odd to see it work with Google to bring its servers to a competing cloud — though it surely wants to sell more Power servers. The move makes perfect sense for Google Cloud, though, which is on a mission to bring more enterprise workloads to its platform. Any roadblock the company can remove works in its favor, and, as enterprises get comfortable with its platform, they’ll likely bring other workloads to it over time.

Enterprise Security | What Precautions Should You Take Against the Threat of Iranian APTs?

Following the recent U.S. air strike on Iranian IRGC-Quds Force commander Qassem Soleiman and retaliatory missile strikes by the IRGC on two U.S. and coalition air bases in Iraq, there is widespread concern that organizations may face heightened cyber security threats at this time. 

Although there is no current information indicating a specific, credible threat to U.S. organizations in the wake of the recent hostilities, there is no doubt that Iran-backed APTs have the intent and capability to conduct operations in the United States. Iran maintains a robust cyber warfare program that can execute attacks capable, at the minimum, of temporary disruptive effects against U.S. businesses and critical U.S. infrastructure.

In light of the current situation, Sentinel Labs has published an Iran Cyber-Response Bulletin. Here’s a summary of the main things to be aware of to keep your business safe.

image of Iranian APTs

What Do We Know About Iran’s Cyber Capabilities?

Previous cyber attacks attributed to Iran range from elderly, commodity malware like DarkComet to highly-evasive and destructive wipers and tools such as Shamoon and the more recent ZeroCleare malware. Here’s a short chronology of attacks seen over the last six to seven years.

Iran and Distributed Denial of Service Attacks

Between 2011 and 2013, Distributed Denial of Service attacks were used against websites belonging to 46 U.S. banks, preventing customers from accessing or servicing their accounts online. The fallout from this attack cost these banks millions of dollars. The US Department of Justice indicted seven Iranian nationals in March 2016 for conducting the attacks on behalf of the IRGC.

An Attack on US Infrastructure

In late 2013, an individual accessed supervisory control and data acquisition (SCADA) systems at the Bowman Avenue Dam in Westchester County in the fall of 2013, obtaining sensitive information critical to the operation of the dam. The US DoJ indicted an Iranian national for illegally accessing the dam and the data. The attack was believed to be connected to the DDoS attacks conducted against US banks.

All Bets Are Off in Iranian Attack on Las Vegas Casino

In 2014, an attack on the Sands Las Vegas Corporation in 2014 first exfiltrated data, including credit card, drivers license numbers and Social Security numbers before wiping the corporations computer systems. The U.S. Director of National Intelligence attributed to the attack to Iran. 

Iranian Nationals Accused of IP and Credential Theft

Spanning a three year period from 2013 to 2017, hundreds of U.S. and foreign academic institutions, as well as a large number of private sector companies, were targeted over an extended period in thefts of email credentials and intellectual property. Nine Iranian nationals, believed to be part of an APT known as ‘Cobalt Dickens’ and ‘Secret Librarian, were indicted by the US DoJ in March 2018 for the attacks. 

Iranian APT Attacks in 2019

The Deadwood family of wiper malware was used against specific targets in Saudi Arabia during mid-2019. Microsoft analysts attributed the attack to Iran’s highly-active, APT33. In December 2019, the ZeroCleare wiper malware was found to have been used in multiple attacks against targets including Middle Eastern energy companies and firms in the industrial sector. IBM researchers attributed the attack to Iranian group APT34. The same group responsible for attacks on academic institutions in 2017 and earlier is also thought to be active in 2019.

What Extra Precautions Can You Take?

Current SentinelOne Endpoint Protection users are protected against TTPs associated with known Irainian-based threat actors. Full detection and prevention is available in the current agents for known malware and tools associated with the campaigns and groups noted above. Behavioral AI engines provide an additional layer of protection against “fileless”, living-off-the land (LOTL) and other behavior-based events.

In addition, given the current climate, it’s an apt time to fortify defenses, and organizations should consider the following supplementary recommendations:

Disable unnecessary ports and protocols. A review of your network security device logs should help you determine which ports and protocols are exposed but not needed. For those that are, monitor these for suspicious, ‘command & control’-like activity.

Log and limit the use of PowerShell. If a user or account does not need PowerShell, disable it via the Group Policy Editor. For those that do, enable code signing of PowerShell scripts, log all PowerShell commands and turn on ‘Script Block Logging’. Learn more from Microsoft.

Set policies to alert on new hosts joining the network. To reduce the possibility of ‘rogue’ devices on your network, increase visibility and have key security personnel notified when new hosts attempt to join the network.

Backup now, and test your recovery process for business continuity. It is easy to let backup policies slide, or fail to prove that you can restore in practice. Also, ensure you have redundant backups, ideally using a combination of hot, warm and/or cold sites.

Step up monitoring of network and email traffic. The most common vectors for intruders are unprotected devices on your network and targeted phishing emails. Follow best practices for restricting attachments via email and other mechanisms and review network signatures.

Patch externally facing equipment. Attackers actively scan for and will exploit vulnerabilities, particularly those that allow for remote code execution or denial of service attacks.

Conclusion

Cybersecurity plays a mission-critical role in your organization and society-at-large. High profile attacks believed to be orchestrated by Iran have in the past targeted the energy industry, financial services and government facilities. Defense, Communications, Healthcare and Manufacturing have also been targeted by threat actor groups with links to Iran, and this was all before the current increased tensions. Whether we will see a “proxy war” fought out in cyberspace as a result of the current political climate remains to be seen, but it makes good sense for organizations to adopt what preventative measures they can sooner rather than later.


Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

Atrium lays off lawyers, explains pivot to legal tech

Seventy-five-million-dollar-funded legal services startup Atrium doesn’t want to be the next company to implode as the tech industry tightens its belt and businesses chase margins instead of growth via unsustainable economics. That’s why Atrium is laying off most of its in-house lawyers.

Now, Atrium will focus on its software for startups navigating fundraising, hiring and collaborating with lawyers. Atrium plans to ramp up its startup advising services. And it’s also doubling down on its year-old network of professional service providers that help clients navigate day-to-day legal work. Atrium’s laid-off attorneys will be offered spots as preferred providers in that network if they start their own firm or join another.

“It’s a natural evolution for us to create a sustainable model,” Atrium co-founder and CEO Justin Kan tells TechCrunch. “We’ve made the tough decision to restructure the company to accommodate growth into new business services through our existing professional services network,” Kan wrote on Atrium’s blog. He wouldn’t give exact figures, but confirmed that more than 10 but less than 50 staffers are impacted by the change, with Atrium having a headcount of 150 as of June.

The change could make Atrium more efficient by keeping fewer expensive lawyers on staff. However, it could weaken its $500 per month Atrium membership that included some services from its in-house lawyers that might be more complicated for clients to get through its professional network. Atrium will also now have to prove the its client-lawyer collaboration software can survive in the market with firms paying for it rather than it being bundled with its in-house lawyers’ services.

“We’re making these changes to move Atrium to a sustainable model that provides high-quality services to our clients. We’re doing it proactively because we see the writing on the wall that it’s important to have a sustainable business,” Kan says. “That’s what we’re doing now. We don’t anticipate any disruption of services to clients. We’re still here.”

Justin Kan (Atrium) at TechCrunch Disrupt SF 2017

Founded in 2017, Atrium promised to merge software with human lawyers to provide quicker and cheaper legal services. Its technology can help automatically generate fundraising contracts, hiring offers and cap tables for startups while using machine learning to recommend procedures and clauses based on anonymized data from its clients. It also serves like a Dropbox for legal, organizing all of a startup’s documents to ensure everything’s properly signed and teams are working off the latest versions without digging through email.

The $500 per month Atrium membership offered this technology plus limited access to an in-house startup lawyer for consultation, plus access to guide books and events. Clients could pay extra if they needed special help such as with finalizing an acquisition deal, or access to its Fundraising Concierge service for aid with developing a pitch and lining up investor meetings.

Kan tells me Atrium still has some in-house lawyers on staff, which will help it honor all its existing membership contracts and power its new emphasis on advising services. He wouldn’t say if Atrium is paid any equity for advising, or just cash. The membership plan may change for future clients, so lawyer services are provided through its professional network instead.

“What we noticed was that Atrium has done a really good job of building a brand with startups. Often what they wanted from attorneys was…advice on ‘how to set my company up,’ ‘how to set my sales and marketing team up,’ ‘how to get great terms in my fundraising process,’ ” so Atrium is pursuing advising, Kan tells me. “As we sat down to look at what’s working and what’s not working, our focus has been to help founders with their super-hero story, connect them with the right providers and advisors, and then helping quarterback everything you need with our in-house specialists.”

LawSites first reported Saturday that Atrium was laying off in-house lawyers. A source tells TechCrunch that Atrium’s lawyers only found out a week ago about the changes, and they’ve been trying to pitch Atrium clients on working with them when they leave. One Atrium client said they weren’t surprised by the changes because they got so much legal advice for just $500 per month, which they suspected meant Atrium was losing money on the lawyers’ time as it was so much less expensive than competitors. They also said these cheap legal services rather than the software platform were the main draw of Atrium, and they’re unsure if the tech on its own is valuable enough.

One concern is Atrium might not learn as quickly about which services to translate into software if it doesn’t have as many lawyers in-house. But Kan believes third-party lawyers might be more clear and direct about what they need from legal technology. “I feel like having a true market for the software you’re building is better than having an internal market,” he says. “We get feedback from the outside firms we work with. I think in some ways that’s the most valuable feedback. I think there’s a lot of false signals that can happen when you’re the both the employer and the supplier.”

It was critical for Atrium to correct course before getting any bigger, given the fundraising problems hitting late-stage startups with poor economics in the wake of the WeWork debacle and SoftBank’s troubles. Atrium had raised a $10.5 million Series A in 2017 led by General Catalyst alongside Kleiner, Founders Fund, Initialized and Kindred Ventures. Then in September 2018, it scored a huge $65 million Series B led by Andreessen Horowitz.

Raising even bigger rounds might have been impossible if Atrium was offering consultations with lawyers at far below market rate. Now it might be in a better position to attract funding. But the question is whether clients will stick with Atrium if they get less access to a lawyer for the same price, and whether the collaboration platform is useful enough for outside law firms to pay for.

Kan had gone through tough pivots in the past. He had strapped a camera to his head to create content for his live-streaming startup Justin.tv, but wisely recentered on the 3% of users letting people watch them play video games. Justin.tv became Twitch and eventually sold to Amazon for $970 million. His on-demand personal assistant startup Exec had to switch to just cleaning in 2013 before shutting down due to rotten economics.

Rather than deny the inevitable and wait until the last minute, with Atrium Kan tried to make the hard decision early.

Equinix is acquiring bare metal cloud provider Packet

Equinix announced today that is acquiring bare metal cloud provider Packet. The New York City startup that had raised over $36 million on a $100 million valuation, according to Pitchbook data.

Equinix has a set of data centers and co-locations facilities around the world. Companies that may want to have more control over their hardware could use their services including space, power and cooling systems, instead of running their own data centers.

Equinix is getting a unique cloud infrastructure vendor in Packet, one that can provide more customized kinds of hardware configurations than you can get from the mainstream infrastructure vendors like AWS and Azure.

Interestingly, COO George Karidis came over from Equinix when he joined the company, so there is a connection there. Karidis described his company in a September, 2018 TechCrunch article:

“We offer the most diverse hardware options,” he said. That means they could get servers equipped with Intel, ARM, AMD or with specific nVidia GPUs in whatever configurations they want. By contrast public cloud providers tend to offer a more off-the-shelf approach. It’s cheap and abundant, but you have to take what they offer, and that doesn’t always work for every customer.”

In a blog post announcing the deal, company co-founder and CEO Zachary Smith had a message for his customers, who may be worried about the change in ownership, “When the transaction closes later this quarter, Packet will continue operating as before: same team, same platform, same vision,” he wrote.

He also offered the standard value story for a deal like this, saying the company could scale much faster under Equinix than it could on its own with access to its new company’s massive resources including 200+ data centers in 55 markets and 1,800 networks.

Sara Baack, chief product officer at Equinix says bringing the two companies together will provide a diverse set of bare metal options for customers moving forward. “Our combined strengths will further empower companies to be everywhere they need to be, to interconnect everyone and integrate everything that matters to their business,” she said in a statement.

While the companies did not share the purchase price, they did hint that they would have more details on the transaction after it closes, which is expected in the first quarter this year.

Phishing for Apples, Bobbing for Links

Anyone searching for a primer on how to spot clever phishing links need look no further than those targeting customers of Apple, whose brand by many measures remains among the most-targeted. Past stories here have examined how scammers working with organized gangs try to phish iCloud credentials from Apple customers who have a mobile device that is lost or stolen. Today’s piece looks at the well-crafted links used in some of these lures.

KrebsOnSecurity heard from a reader in South Africa who recently received a text message stating his lost iPhone X had been found. The message addressed him by name and said he could view the location of his wayward device by visiting the link https://maps-icloud[.]com — which is most definitely not a legitimate Apple or iCloud link and is one of countless spoofing Apple’s “Find My” service for locating lost Apple devices.

While maps-icloud[.]com is not a particularly convincing phishing domain, a review of the Russian server where that domain is hosted reveals a slew of far more persuasive links spoofing Apple’s brand. Almost all of these include encryption certificates (start with “https://) and begin with the subdomains “apple.” or “icloud.” followed by a domain name starting with “com-“.

Here are just a few examples (the phishing links in this post have been hobbled with brackets to keep them from being clickable):

apple.com-support[.]id
apple.com-findlocation[.]id
apple.com-sign[.]in
apple.com-isupport[.]in
icloud.com-site-log[.]in

Savvy readers here no doubt already know this, but to find the true domain referenced in a link, look to the right of “http(s)://” until you encounter the first forward slash (/). The domain directly to the left of that first slash is the true destination; anything that precedes the second dot to the left of that first slash is a subdomain and should be ignored for the purposes of determining the true domain name.

For instance, in the case of the imaginary link below, example.com is the true destination, not apple.com:

https://www.apple.com.example.com/findmyphone/

Of course, any domain can be used as a redirect to any other domain. Case in point: Targets of the phishing domains above who are undecided on whether the link refers to a legitimate Apple site might seek to load the base domain into a Web browser (minus the customization in the remainder of the link after the first forward slash). To assuage such concerns, the phishers in this case will forward anyone visiting those base domains to Apple’s legitimate iCloud login page (icloud.com).

The best advice to sidestep phishing scams is to avoid clicking on links that arrive unbidden in emails, text messages and other mediums. Most phishing scams invoke a temporal element that warns of dire consequences should you fail to respond or act quickly. If you’re unsure whether the message is legitimate, take a deep breath and visit the site or service in question manually — ideally, using a browser bookmark so as to avoid potential typosquatting sites.

Cryptic Rumblings Ahead of First 2020 Patch Tuesday

Sources tell KrebsOnSecurity that Microsoft Corp. is slated to release a software update on Tuesday to fix an extraordinarily serious security vulnerability in a core cryptographic component present in all versions of Windows. Those sources say Microsoft has quietly shipped a patch for the bug to branches of the U.S. military and to other high-value customers/targets that manage key Internet infrastructure, and that those organizations have been asked to sign agreements preventing them from disclosing details of the flaw prior to Jan. 14, the first Patch Tuesday of 2020.

According to sources, the vulnerability in question resides in a Windows component known as crypt32.dll, a Windows module that Microsoft says handles “certificate and cryptographic messaging functions in the CryptoAPI.” The Microsoft CryptoAPI provides services that enable developers to secure Windows-based applications using cryptography, and includes functionality for encrypting and decrypting data using digital certificates.

A critical vulnerability in this Windows component could have wide-ranging security implications for a number of important Windows functions, including authentication on Windows desktops and servers, the protection of sensitive data handled by Microsoft’s Internet Explorer/Edge browsers, as well as a number of third-party applications and tools.

Equally concerning, a flaw in crypt32.dll might also be abused to spoof the digital signature tied to a specific piece of software. Such a weakness could be exploited by attackers to make malware appear to be a benign program that was produced and signed by a legitimate software company.

This component was introduced into Windows more than 20 years ago — back in Windows NT 4.0. Consequently, all versions of Windows are likely affected (including Windows XP, which is no longer being supported with patches from Microsoft).

Microsoft has not yet responded to requests for comment. However, KrebsOnSecurity has heard rumblings from several sources over the past 48 hours that this Patch Tuesday (tomorrow) will include a doozy of an update that will need to be addressed immediately by all organizations running Windows.

Update 7:49 p.m. ET: Microsoft responded, saying that it does not discuss the details of reported vulnerabilities before an update is available. The company also said it does “not release production-ready updates ahead of regular Update Tuesday schedule. “Through our Security Update Validation Program (SUVP), we release advance versions of our updates for the purpose of validation and interoperability testing in lab environments,” Microsoft said in a written statement. “Participants in this program are contractually disallowed from applying the fix to any system outside of this purpose and may not apply it to production infrastructure.”

Original story:

Will Dormann, a security researcher who authors many of the vulnerability reports for the CERT Coordination Center (CERT-CC), tweeted today that “people should perhaps pay very close attention to installing tomorrow’s Microsoft Patch Tuesday updates in a timely manner. Even more so than others. I don’t know…just call it a hunch?” Dormann declined to elaborate on that teaser.

It could be that the timing and topic here (cryptography) is nothing more than a coincidence, but KrebsOnSecurity today received a heads up from the U.S. National Security Agency (NSA) stating that NSA’s Director of Cybersecurity Anne Neuberger is slated to host a call on Jan. 14 with the news media that “will provide advanced notification of a current NSA cybersecurity issue.”

The NSA’s public affairs folks did not respond to requests for more information on the nature or purpose of the discussion. The invitation from the agency said only that the call “reflects NSA’s efforts to enhance dialogue with industry partners regarding its work in the cybersecurity domain.”

Stay tuned for tomorrow’s coverage of Patch Tuesday and possibly more information on this particular vulnerability.

Update, Jan. 14, 9:20 a.m. ET: The NSA’s Neuberger said in a media call this morning that the agency did indeed report this vulnerability to Microsoft, and that this was the first time Microsoft will have credited NSA for reporting a security flaw. Neuberger said NSA researchers discovered the bug in their own research, and that Microsoft’s advisory later today will state that Microsoft has seen no active exploitation of it yet.

According to the NSA, the problem exists in Windows 10 and Windows Server 2016. Asked why the NSA was focusing on this particular vulnerability, Neuberger said the concern was that it “makes trust vulnerable.” The agency declined to say when it discovered the flaw, and that it would wait until Microsoft releases a patch for it later today before discussing further details of the vulnerability.

Salesforce announces new tools to boost developer experience on Commerce Cloud

Salesforce announced some new developer tools today, designed to make it easier for programmers to build applications on top of Commerce Cloud in what is known in industry parlance as a “headless” system.

What that means is that developers can separate the content from the design and management of the site, allowing companies to change either component independently.

To help with this goal, Salesforce announced some new and enhanced APIs that enable developers take advantage of features built into the Commerce Cloud platform without having to build them from scratch. For instance, they could take advantage of Einstein, Salesforce’s artificial intelligence platform, to add elements like next-best actions to the site, the kind of intelligent functionality that would typically be out of reach of most developers.

Developers also often need to connect to other enterprise systems from their eCommerce site to share data with these tools. To fill that need, Salesforce is taking advantage of Mulesoft, the company it purchased almost two years ago for $6.5 billion. Using Mulesoft’s integration technology, Salesforce can help connect to other systems like ERP financial systems or product management tools and exchange information between the two systems.

Brent Leary, founder at CRM Essentials, whose experience with Salesforce goes back to its earliest days, says this about helping give developers the tools that they need to create the same kind of integrated shopping experiences consumers have grown to expect from Amazon.

“These tools give developers real-time insights delivered at the “moment of truth” to optimize conversion opportunities, and automate processes to improve ordering and fulfillment efficiencies. This should give developers in the Salesforce ecosystem what they need to deliver Amazon-like experiences while having to compete with them.” he said.

To help get customers comfortable with these tools, the company also announced a new Commerce Cloud Development Center to access a community of developers who can discuss and share solutions with one another, an SDK with code samples and Trailhead education resources.

Salesforce made these announcement as part of the National Retail Foundation (NRF) Conference taking place in New York City this week.

Zebra’s SmartSight inventory robot keeps an eye on store shelves

How many times have you gone into a store and found the shelves need restocking of the very item you came in for? This is a frequent problem and it’s difficult, especially in larger retail establishments, to keep on top of stocking requirements. Zebra Technologies has a solution: a robot that scans the shelves and reports stock gaps to human associates.

The SmartSight robot is a hardware solution that roams the aisles of the store checking the shelves, using a combination of computer vision, machine learning, workflow automation and robotic capabilities. It can find inventory problems, pricing glitches and display issues. When it finds a problem, it sends a message to human associates via a Zebra mobile computer with the location and nature of the issue.

The robot takes advantage of Zebra’s EMA50 mobile automation technology and links to other store systems including inventory and online ordering systems. Zebra claims it increases available inventory by 95%, while reducing human time spent wandering the aisles to do inventory manually by an average of 65 hours.

While it will likely reduce the number of humans required to perform this type of task, Zebra’s Senior Vice President and General Manager of Enterprise Mobile Computing, Joe White, says it’s not always easy to find people to fill these types of positions.

“SmartSight and the EMA50 were developed to help retailers fully capitalize on the opportunities presented by the on-demand economy despite heightened competition and ongoing labor shortage concerns,” White said in a statement.

This is a solution that takes advantage of robotics to help humans keep store shelves stocked and find other issues. The SmartSight robot will be available on a subscription basis. That means retailers won’t have to worry about owning and maintaining the robot. If anything goes wrong, Zebra would be responsible for fixing it.

Smasung launches the rugged, enterprise-ready Galaxy XCover Pro

We got a bit of a surprise at the end of CES: some hands-on time with Samsung’s latest rugged phone for the enterprise, the Galaxy XCover Pro. The XCover Pro, which is officially launching today, is a mid-range $499 phone for first-line workers like flight attendants, construction workers or nurses.

It is meant to be very rugged but without the usual bulk that comes with that. With its IP68 rating, Military Standard 810 certification and the promise that it will survive a drop from 1.5 meters (4.9 feet) without a case, it should definitely be able to withstand quite a bit of abuse.

While Samsung is aiming this phone at the enterprise market, the company tells us that it will also sell it to individual customers.

As Samsung stressed during our briefing, the phone is meant for all-day use in the field, with a 4,050 mAh replaceable battery (yes, you read that right, you can replace the battery just like on phones from a few years ago). It’ll feature 4GB of RAM and 64GB of storage space, but you can extend that up to 512GB thanks to the built-in microSD slot. The 6.3-inch FHD+ screen won’t wow you, but it seemed perfectly adequate for most of the use cases. That screen, the company says, should work even in rain or snow and features a glove mode, too.

And while this is obviously not a flagship phone, Samsung still decided to give it a dual rear camera setup, with a standard 25MP sensor and a wide-angle 8MP sensor for those times where you might want to get the full view of a construction site, for example. On the front, there is a small cutout for a 13MP camera, too.

All of this is powered by a 2GHz octa-core Exynos 9611 processor, as one would expect from a Samsung mid-range phone, as well as Android 10.

Traditionally, rugged phones came with large rubber edges (or users decided to put even larger cases around them). The XCover Pro, on the other hand, feels slimmer than most regular phones with a rugged case on them.

By default, the phone features NFC support for contactless payments (the phone has been approved to be part of Visa’s Tap to Phone pilot program) and two programmable buttons so that companies can customize their phones for their specific use cases. One of the first partners here is Microsoft, which lets you map a button to its recently announced walkie talkie feature in Microsoft Teams.

“Microsoft and Samsung have a deep history of bringing together the best hardware and software to help solve our customers’ challenges,” said Microsoft CEO Satya Nadella in today’s announcement. “The powerful combination of Microsoft Teams and the new Galaxy XCover Pro builds on this partnership and will provide frontline workers everywhere with the technology they need to be more collaborative, productive and secure.”

With its Pogo pin charging support and compatibility with third-party tools from a variety of partners for adding scanners, credit card readers and other peripherals from partners like Infinite Peripherals, KOAMTAC, Scandit and Visa.

No enterprise device is complete without security features and the XCover Pro obviously supports all of Samsungs various Knox enterprise security tools and access to the phone itself is controlled by both a facial recognition system and a fingerprint reader that’s built into the power button.

With the Tab Active Pro, Samsung has long offered a rugged tablet for first-line workers. Not everybody needs a full-sized tablet, though, so the XCover Pro fills what Samsung clearly believes is a gap in the market that offers always-on connectivity in a smaller package and in the form of a phone that doesn’t look unlike a consumer device.

I could actually imagine that there are quite a few consumers who may opt for this device. For a while, the company made phones like the Galaxy S8 Active that traded weight and size for larger batteries and ruggedness. the XCover Pro isn’t officially a replacement of this program, but it may just find its fans among former Galaxy Active users.

The Good, the Bad and the Ugly in Cybersecurity – Week 2

Image of The Good, The Bad & The Ugly in CyberSecurity

The Good

With missiles flying in the Middle East and everyone on high alert for new Iranian cyberwarfare activity, good news would appear to be in short supply as we come to the end of our first full week of 2020. Greeted with a somewhat lukewarm response, Facebook have announced a new ban on deepfake videos. The company says it will remove content that has both been manipulated to mislead viewers into believing that a subject “said words they did not actually say” and that is the product of machine learning. While the policy is welcome insofar as it goes, it doesn’t cover videos that remove or rearrange the order of words, nor does it include editing that isn’t generated by machine learning algorithms, both far more common ways of manipulating media. Nonetheless, we’ll still give Facebook a something out of ten for this as good news, particularly as the company has partnered with the Reuters news agency to provide a free course to help journalists and others identify and tackle manipulated media.

Meanwhile, Cisco kicked off the New Year by plugging 14 vulns, including two high severity flaws involving remote code execution (RCE) and cross-site request forgery (CSRF), which is good news for customers who patch often and patch early. The RCE bug affects the web-based management interface of Cisco’s Webex Video Mesh product and is caused by improper validation of user input.

image of cisco flaws

The Bad

Patching vulns is good, but those being actively exploited in the wild is definitely bad news for victims and worrisome for everyone else. Mozilla this week announced a new version of their popular free Firefox browser, updating the latest stable release to 72.0 on January 7th. Hardly had users been given time to check out the list of new features when hard on its heels came a critical patch in 72.0.1 on January 8th. Mozilla gave few details, saying only that a bug designated as CVE-2019-17026 was a result of a type confusion in its JIT compiler. Not for the first time, an urgent update was required as the vuln was being actively exploited in targeted attacks in the wild. Adding to the worry is that the Chinese researchers credited with the discovery, Qihoo 360, posted and then shortly after deleted a tweet claiming to have found an associated Internet Explorer zero day also being actively exploited in the wild. More details on that as soon as they become available.

image of firefox flaw

According to a statement on Monday, what appears to be a targeted ransomware attack hit elite German cycle maker Canyon over the holiday period, encrypting both software and servers. While there is no information about the amount of the ransom demanded or whether the company chose to pay, the company did say that “experts from the field of IT, forensics and cyber security were able to quickly analyze and control the attack”. The attack is expected to cost the company at least in terms of lost production and missed delivery deadlines. 

image of canyon bicycles

The Ugly

Insider threats always top our list of cybersecurity ugly, so Amazon and their controversial IoT Ring products are first up this week in news that over a period of four years, a number of employees had been snooping on user videos. The company said that employees in the Ukraine and other non-US locations had access to Ring video feeds from other employees, contractors and friends and family of employees and contractors, as well as Ring videos that any user chooses to make public but which may contain information they did not intend to be viewed. The company noted four incidents of employees accessing user video data that was not necessary for their job functions. Amazon says in each case the employees were terminated.

We’ve all seen vendors load bloatware onto retail PCs and smartphones before, but a vendor pre-installing unremovable malware on a low-cost phone funded by the U.S. government is something else. According to research posted this week, the $35 government-funded Unimax U686CL comes pre-installed with known riskware, associated with a developer they say has been caught creating backdoors. It also carries its own “heavily obfuscated malware” within the phones Settings.app and drops malware the researchers dub “Android/Trojan.HiddenAds”. Removing the Settings.app effectively bricks the phone, so remediation is out of the question. 

image of u686cl smartphone
Source


Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security