Posts

Oracle acquires Netsuite in $9.3bn deal

Image
Summary: Oracle CEO Mark Hurd called Oracle and Netsuite 'complementary' cloud applications. Oracle has announced it is acquiring cloud-based ERP provider Netsuite for $9.3bn in cash, or $109 per share."Oracle and NetSuite cloud applications are complementary, and will coexist in the marketplace forever," said Oracle co-CEO Mark Hurd. "We intend to invest heavily in both products -- engineering and distribution." Oracle's ties to Netsuite go back to the 1990s, when Netsuite CEO Zach Nelson served as Oracle's marketing chief. Oracle founder Larry Ellison is Netsuite's largest investor, and both companies have had a keen focus on the enterprise resource planning space. But while Netsuite has lived and breathed in the cloud since its inception, Oracle has struggled to transition to an all-cloud business model. Adding Netsuite to the fray, with its subscription-based, on-demand co...

Alleged owner of Kickass Torrents arrested

Image
Summary: Artem Vaulin was charged with operating the illegal file-sharing site, which has allegedly allowed people to copy and distribute more than $1 billion worth of media. Federal authorities on Wednesday arrested the alleged owner of the world's most popular illegal file-sharing site, Kickass Torrents (KAT).  Thirty-year-old Artem Vaulin of Kharkiv, Ukraine, was arrested in Poland, and the United States will seek to extradite him, the US Justice Department announced . He was charged in the US District Court of Chicago with one count of conspiracy to commit criminal copyright infringement, one count of conspiracy to commit money laundering, and two counts of criminal copyright infringement. "Vaulin is charged with running today's most visited illegal file-sharing website, responsible for unlawfully distributing well over $1 billion of copyrighted materials," US Assistant Attorney General Caldwell said in a statement. ...

Millions of Xiaomi phones at risk of remotely installed malware

Image
Summary: A portion of the 70 million phones shipped by Xiaomi last year are affected by the vulnerability. Millions of Xiaomi phones are vulnerable to a flaw that could allow an attacker to remotely install malware.The vulnerability, now fixed, was found in the analytics package in Xiaomi's custom-built Android-based operating system. Security researchers at IBM, who found the flaw , discovered a number of apps in the package that were vulnerable to a remote code execution flaw through a man-in-the-middle attack -- one of which would allow an attacker to run arbitrary code at the system-level. In other words, an attacker could inject a link to a malicious Android app package, which is extracted and executed at the system level. Xiaomi, the world's third-largest smartphone maker with more than 70 million devices shipped last year, fixed the flaw in a recent update. Users should update their devices as soon as possible -- though, updates...

Zero-day flaw lets hackers tamper with your car through BMW portal

Image
Summary: The ConnectedDrive portal and BMW domains are vulnerable to attack through unpatched flaws. Researchers have disclosed zero-day vulnerabilities affecting the BMW web domain and ConnectedDrive portal which remain unpatched and open to attack. According to researchers from Vulnerability Labs, there are two main bugs both related to the BMW online service web app for ConnectedDrive , the connected car hub for new, internet-connected vehicles produced by the automaker. The first flaw , found in the ConnectedDrive portal, is a VIN session vulnerability. The VIN, or vehicle identification number, is used to identify individual models connected to the service. The bug is found within the session management of VIN usage, and remote attackers can bypass validation procedures using a live session.The session validation flaw can be exploited with a low-privilege user account, leading to manipulation of VIN numbers and configuration settings -...

Facebook tweaks News Feed to prioritize friends' posts

Image
Summary: The change "may cause reach and referral traffic to decline for some Pages," the company warned Facebook announced Wednesday it is once again tweaking its News Feed rankings to prioritize posts from friends and family.This may come as good news for the average user looking for family photos or other personal updates from their social network, but it could be bad news for companies relying on their Facebook Pages to draw in business. "Overall, we anticipate that this update may cause reach and referral traffic to decline for some Pages. The specific impact on your Page's distribution and other metrics may vary depending on the composition of your audience," Facebook Engineering Director Lars Backstrom wrote in a blog post . "For example, if a lot of your referral traffic is the result of people sharing your content and their friends liking and commenting on it, there will be less of an impact than if the majority of your traffic ...

IT runs on the cloud, and the cloud runs on Linux.

Image
Summary: IT is moving to the cloud. And, what powers the cloud? Linux. When even Microsoft's Azure has embraced Linux, you know things have changed. Like it or lump it, the cloud is taking over IT. We've seen the rise of the cloud over in-house IT for years now. And, what powers the cloud? Linux.  A recent survey by the Uptime Institute of 1,000 IT executives found that 50 percent of senior enterprise IT executives expect the majority of IT workloads to reside off-premise in cloud or colocation sites in the future. Of those surveyed, 23 percent expect the shift to happen next year, and 70 percent expect that shift to occur within the next four years. This comes as no surprise. Much as many of us still love our physical servers and racks, it often doesn't make financial sense to run your own data center. It's really very simple. Just compare your capital expense (CAPEX) of running your own hardware versus the operational expenses (OPEX) of using a clou...

The buyers aren't biting: Windows zero-day flaw price slashed

Image
Summary: It looks like a willing buyer for the zero-day vulnerability is yet to come forward. A zero-day vulnerability which allegedly compromises a range of Microsoft Windows systems has gone on sale as the seller continues to seek a buyer.After going on sale in May, the exploit's price has been slashed twice -- and is now on the market for the bargain price of $85,000. Earlier this month, reports emerged that an underground seller, BuggiCorp, was offering a rather rare zero-day vulnerability which apparently works against versions of Windows from Windows 2000 to the current Windows 10 operating system. The exploit, for sale on the Russian forum exploit.in , was originally offered with a price tag of $95,000, which later dropped to $90,000, to be paid in the virtual currency Bitcoin. In an update, Trustwave researchers note that the seller has once again lowered their price for the zero-day exploit to $85,000 in the quest to find a buyer."Thi...

New versions of Firefox prepare for its biggest change ever

Image
Summary: Today's launch of Firefox 47 means the E10S version, Firefox 48, has reached the beta stage. With Electrolysis, Firefox will finally be able to use two or more processes at once.... the main problem being that it breaks a lot of extensions Mozilla released Firefox 47 , with improved handling for streaming, HTML5 video and the VP9 codec. But the more interesting news is that Firefox 48 has now reached the beta release stage. Firefox 48 incorporates the long-awaited Electrolysis (E10S), which enables the user interface to be run in a separate process from the tabbed content. Electrolysis will improve Firefox's performance and security, but it breaks a lot of extensions. However, Firefox will stage the release to minimize the problem. In a blog post, Asa Dotzler wrote : "When we launch Firefox 48, approximately 1 percent of eligible Firefox users will get updated to E10S immediately. The 1 percent of release users should get us up to a popul...

Hacked TeamViewer users 'careless' in personal security

Image
Summary: The company has denied all responsibility for a recent spate of reports that user PCs have been compromised.  Faced with angry users complaining of hacked accounts, TeamViewer has placed the blame on the "careless" use of credentials rather than internal issues. Founded in 2005, TeamViewer provides software which can be used to remotely control PC systems and conducted meetings. The company caters for over 200 million users across the globe -- and some of which have recently taken to forums to complain of alleged hacking thanks to the firm's software. On Reddit, users have flooded the forum with complaints over the alleged hack, complaining that their accounts were compromised and attackers have been able to infiltrate their PCs for the purpose of stealing financial data, accessing other accounts and making purchases ranging from designer clothes to Amazon gift cards. One common thread in the story appears to be a file called "webb...

Hacker thrown in jail for reporting police system security flaws

Image
Summary:The sentence probably wasn't quite the reward he was looking for. A hacker has been awarded a suspended sentence for disclosing security vulnerabilities in a Slovenian police system. The student, 26-year-old Dejan Ornig, studied the Tetra police communication system and through his study found that the system contained security vulnerabilities due to incorrect configuration settings, among other issues. Between 2012 and 2014, Ornig, alongside colleagues, discovered that Tetra did not always encrypt communication sent through the protocol. As Tetra is used by the military, the Slovenian Intelligence and Security Service and other agencies, a lack of encryption could have serious ramifications for intelligence and the country as a whole. As noted by Security Affairs , the student then disclosed these security issues to law enforcement, but after waiting at least a year, there was no action taken to remedy the flaw...