Posts

New Linux crypto-miner steals your root password and disables your antivirus

Image
Trojan also installs a rootkit and another strain of malware that can execute DDoS attacks. Malware targeting Linux users may not be as widespread as the strains targeting the Windows ecosystem, but Linux malware is becoming just as complex and multi-functional as time passes by. The latest example of this trend is a new trojan discovered this month by Russian antivirus maker Dr.Web. This new malware strain doesn't have a distinctive name, yet, being only tracked under its generic detection name of Linux.BtcMine.174. But despite the generic name, the trojan is a little bit more complex than most Linux malware, mainly because of the plethora of malicious features it includes. The trojan itself is a giant shell script of over 1,000 lines of code. This script is the first file executed on an infected Linux system. The first thing this script does is to find a folder on disk to which it has write permissions so it can copy itself and later use to download other modules. O...

Workday customers starting to run on AWS Cloud

Image
Workday said the early batch of customers running its finance and HR software on AWS represents a milestone. Workday is beginning to scale customers who are running the company's finance and human resources software on Amazon Web Services. While multiple software providers such as Infor, Salesforce and SAP have customers running their products on AWS, Workday's move to the public cloud is relatively new. Workday said customers running its software on AWS "signals a milestone" and broadens the company's reach. At Workday Rising Europe, the company highlighted Twitch and Fresche Solutions as customers running Workday applications on top of AWS. The company added that Workday Financial Management and Human Capital Management is available to enterprises based in the U.S. and Canada. Workday will extend AWS support to Germany in the first half of 2019 and expand to other geographies. Workday said running on AWS gives it more freedom to choose how and wh...

The Samsung foldable phone is here and will be in customer hands shortly

Image
A tantalizing glimpse was all Samsung gave. It was still enough to make one ponder. He just   pulled it out of his inside jacket pocket , as if this was just another little thing he carried around with him all the time. And there it was. What is the core excitement here? The sheer relief that it's possible to have a phone that folds? Well, what, exactly? A   camouflaged phone   created to show off Samsung's Infinity Flex Display, the fancy wording for the company's new foldable phone. Samsung's SVP of Mobile Product Marketing, Justin Denison, was effusive at yesterday's Samsung Developer Conference. He used creative phrases such as "taking it to the next level" and "big milestone." He insisted he was "honored" to reveal this whole new generation of smartphones.And then he held the phone up and unfolded it. At least one gasp was heard. "When it's open, it's a tablet offering a big screen experience,...

Intel CPUs impacted by new PortSmash vulnerability

Image
Vulnerability confirmed on Skylake and Kaby Lake CPU series. Researchers suspect AMD processors are also impacted. Intel processors are impacted by a new vulnerability that can allow attackers to leak encrypted data from the CPU's internal processes. The new vulnerability, which has received the codename of PortSmash, has been discovered by a team of five academics from the Tampere University of Technology in Finland and Technical University of Havana, Cuba. Researchers have classified PortSmash as a  side-channel attack . In computer security terms, a side-channel attack describes a technique used for leaking encrypted data from a computer's memory or CPU, which works by recording and analyzing discrepancies in operation times, power consumption, electromagnetic leaks, or even sound to gain additional info that may help break encryption algorithms and recovering the CPU's processed data. Researchers say PortSmash impacts all CPUs that use a  Simultaneous Mu...

Oracle acquires DataFox, brings AI-based company data management to cloud apps

Image
DataFox uses artificial intelligence to help clients gain an up-to-date view of customer accounts and organizations. Oracle   has announced plans to acquire data management and AI solutions provider DataFox. Financial details were not disclosed. Founded in 2013, San Francisco, CA-based   DataFox   is the developer of an artificial intelligence (AI)-based engine which automatically locates and pulls the most current information available on public and private businesses. The engine currently manages the information of over 2.8 million companies, with 1.2 million being added on an annual basis. Customers, including Goldman Sachs, Bain & Company and Twilio, use the platform for account management, lead generation, and to keep customer-relationship management (CRM) solutions current. On Monday,   Oracle said   the acquisition will merge DataFox technologies with Oracle Cloud Applications, giving customers an "extensive set of trusted company-level ...

Zero-day in popular jQuery plugin actively exploited for at least three years!!

Image
A fix is out but the plugin is used in hundreds, if not thousands, of projects. Patching will take ages! For at least three years, hackers have abused a zero-day in one of the most popular jQuery plugins to plant web shells and take over vulnerable web servers. The vulnerability impacts the  jQuery File Upload  plugin authored by prodigious German developer Sebastian Tschan, most commonly known as Blueimp . The plugin is the second most starred jQuery project on GitHub, after the jQuery framework itself. It is immensely popular, has been forked over 7,800 times, and has been integrated into hundreds, if not thousands, of other projects, such as CMSs, CRMs, Intranet solutions, WordPress plugins, Drupal add-ons, Joomla components, and so on. A vulnerability in this plugin would be devastating, as it could open gaping security holes in a lot of platforms installed in a lot of sensitive places. This worse case scenario is exactly what happened. Earlier this yea...

Microsoft takes another step to fight patent trolls by joining the LOT Network

Image
Microsoft is joining the 300-member LOT Network in a move meant to advance the company's campaign against patent trolls. Last year, Microsoft created the  Azure IP Advantage program , which was designed to defend and indemnify developers against claims of intellectual property infringement. On October 4 this year, Microsoft took another step toward  combating patent trolls by joining the LOT Network . The LOT Network  is a nonprofit community working to fight trolls. The group has nearly 300 members, covering approximately 1.35 million patents, Microsoft officials said. Members include Amazon, Canon, Cisco, Lenovo, Red Hat Google, Lyft, Oracle, Salesforce, SAP and Tesla, to name a few. Members are free to cross-license, assert, sell or do nothing with their patents. But if any member of the LOT Network sells a patent to a troll, all LOT members automatically get a free license to that patent. According to the LOT Network officials, the average cost to defen...

Ten scenarios where edge computing can bring new value to the world

Image
Edge computing use cases span manufacturing, security, healthcare, and more. By 2022, more than half of enterprise data will be produced and processed outside traditional data centers and clouds -- up from about 10 percent currently, according to a  Gartner report . "The number of our enterprises who are saying edge is part of their core strategy has doubled in a year," said  Thomas Bittman , vice president and distinguished analyst at Gartner. "We think by next year about half of enterprises will have edge as a part of their strategy." The rise of edge computing has helped companies analyze information in near real-time, and create new value around Internet of Things (IoT) devices and data. However, there is no standard formula for implementing edge computing, Bittman said. "The biggest benefit is to be able to exploit data and insight faster," said  Brian Hopkins , vice president and principal analyst at Forrester. "Closing the gap betw...

AI security camera detects guns and identifies shooters

Image
Silicon Valley is hoping technology can provide some relief from gun violence. Athena Security, a San Francisco-based AI company that utilizes computer vision for security applications, has announced implementation of an AI camera system it says can identify guns in crowds. The system is one of a  growing number of technologies  aimed at preventing gun crime. In addition to detection, Athena's cameras can also alert police to the presence of an active shooter, potentially reducing response time, according to the company. Wood High School in Warminster, PA, will be an early testbed for the technology. Though mass shootings in schools have  declined  since the 1990s, the threat has never loomed larger in the minds of concerned parents. Information on mass shootings (defined as an event in which four or more people are shot, not including the gunman) is notoriously difficult to track, but the  Gun Violence Archive  places the overall number of mass...

Sapho aims to use machine learning to save employees more time navigating systems

Image
Sapho's Employee Experience Portal plans to use machine learning to monitor how an employee uses business applications and then dish out the most relevant information to them. Sapho is banking that machine learning will allow it to manage your personal enterprise applications so you don't have to. The company, which is focused on integrating enterprise applications into what it calls an Employee Experience Portal, plans to use machine learning to monitor how an employee uses business applications and then dish out the most relevant information to them. Time savings from Sapho's machine learning tools would come from less time searching, navigating various systems and completing work within legacy systems. Sapho estimates that employees spend one day a week searching enterprise systems for work information. Sapho's machine learning features are being rolled out with key features being in tech preview. Sapho's machine learning technology integrates with b...