Lenovo settles FTC charges it harmed consumers with preinstalled software

Lenovo has agreed to settle charges by the Federal Trade Commission and 32 State Attorneys General that the company harmed consumers by pre-loading software on some laptops that compromised security protections in order to deliver ads to consumers. In its complaint, the FTC charged that beginning in August 2014 Lenovo began selling consumer laptops in the United States that came with a preinstalled “man-in-the-middle” software program called VisualDiscovery that interfered with how a user’s browser … More

The security status quo falls short with born-in-the-cloud software

Born-in-the-cloud software, pioneered by companies like Salesforce, are beginning to dominate the computing landscape. According to Gartner, by 2020, the cloud shift will affect more than $1 trillion in IT spending, and cloud computing will be one of the most disruptive forces since the early days of the digital age. We all realize the opportunities abound. Gartner’s Ed Anderson says, “the cloud shift is not just about cloud. As organizations pursue a new IT architecture … More

Advantech fixes serious vulns in WebAccess HMI/SCADA software

Advantech has plugged nine security holes in WebAccess and has urged users to upgrade the software as soon as possible. Advantech WebAccess is a web browser-based software package for human-machine interfaces (HMI) and supervisory control and data acquisition (SCADA). A variety of vulnerabilities The vulnerabilities, fixed in the latest version of the product, range from SQL injection flaws to buffer overflows, from incorrect privilege and permission assignment, to improper authentication vulnerabilities. If exploited, they could … More

Another Ukrainian software maker’s site compromised to spread malware

The web server of Crystal Finance Millennium, a Ukraine-based accounting software firm, has been compromised and made to host different types of malware. The discovery of the compromise was accompanied by fear that there could be a repeat of the destructive NotPetya attack, which was traced back to hacked servers of Ukrainian software maker MeDoc. This time, fortunately, the attackers did not compromise the firm’s software and push out an update laden with malware. Instead, … More

Malware creators increasingly run their business like legitimate software companies

The continuing increase in ransomware attacks is, partly, due to how easy the malware can be built and used by attackers that have limited technical skills. Take for example the Philadelphia Ransomware-as-a-Service (RaaS) offering. Offered for sale by a group (or individual?) that calls itself The Rainmakers Labs, it is just a part of the overall arsenal of “anti-security solutions” on offer: Philadelphia is a typical piece of crypto-ransomware and, as it’s usual with RaaS … More

Two Iranians charged with hacking, stealing US missile design software

Two Iranians are accused of hacking of a US software company and the theft of missile design software restricted from export from the US without a license. Mohammed Reza Rezakhah, 39 and Mohammed Saeed Ajily, 35, have been charged with a criminal conspiracy relating to computer fraud and abuse, unauthorized access to, and theft of information from, computers, wire fraud, exporting a defense article without a license, and violating sanctions against Iran. According to the … More

AI technologies will be in almost every new software product by 2020

Market hype and growing interest in artificial intelligence (AI) are pushing established software vendors to introduce AI into their product strategy, creating considerable confusion in the process, according to Gartner. Analysts predict that by 2020, AI technologies will be virtually pervasive in almost every new software product and service. “As AI accelerates up the Hype Cycle, many software providers are looking to stake their claim in the biggest gold rush in recent years,” said Jim … More

DevSecOps: Build a bridge between fast and secure software development

Despite the pervasive belief that security and development teams have conflicting priorities, initiatives such as creating DevOps environments and focusing on product innovation have the two teams aligned toward a common goal of creating secure software. In fact, according to new research conducted by Enterprise Strategy Group (ESG), 58 percent of survey respondents stated their organization is taking a collaborative approach to securing applications. Growing need for DevSecOps The research aims to determine security and … More

Introducing security into software through APIs

Application programming interfaces (APIs) can make life easier for software developers, allowing them to concentrate on what they do best and preventing them from being forced to fiddle with things they know little about. Identity and Access Management APIs APIs are also a great way to implement/enhance the information security aspects of a product. One good example of this are IAM (Identity and Access Management) APIs. “An API receives so much data that it can … More

4 vectors transforming the security software market

The security software market is undergoing a transformation due to four key developments, according to Gartner. The use of advanced analytics, expanded ecosystems, adoption of SaaS and managed services, and the prospect of punitive regulations are causing enterprises to rethink their security and risk management software requirements and investments. “The overall security market is undergoing a period of disruption due to the rapid transition to cloud-based digital business and technology models that are changing how … More