Uber's Kalanick rekindles power struggle, names two to board

SAN FRANCISCO (Reuters) - Uber Technologies Inc [UBER.UL] co-founder Travis Kalanick said he had appointed two new directors, a surprise move that publicly reignited a board battle over the role of the ousted former chief executive.

from Reuters: Technology News http://ift.tt/2fYPmbB

Security News This Week: The Deloitte Breach Was Worse Than We Thought

Big breaches of Deloitte, Sonic, and Whole Foods dominated this week's security news.

from Security Latest http://ift.tt/2x4NfJ1

How Good Are Equifax's Identity Protection Offerings?

After its massive data breach and bungled initial response, Equifax is offering a free set of tools to protect your identity, but they have limits.

from Security Latest http://ift.tt/2fDXnWw

Uber's Kalanick reignites power struggle, names two to board

SAN FRANCISCO (Reuters) - Uber Technologies Inc [UBER.UL] co-founder Travis Kalanick on Friday said he had appointed two new directors, a surprise move that publicly reignited a board battle over the role of the ousted former chief executive.

from Reuters: Technology News http://ift.tt/2xEpkV3

Uber's Kalanick says he appoints former Xerox, Merrill bosses to board

SAN FRANCISCO (Reuters) - Uber Technologies Inc [UBER.UL] co-founder Travis Kalanick on Friday said that he had appointed two new board members, challenging Uber shareholders who have asked a court to stop the former chief executive from naming directors.

from Reuters: Technology News http://ift.tt/2fFywSm

Nearly two million people watched NFL livestream on Amazon.com

(Reuters) - Nearly 2 million people logged onto Amazon.com for the online retailer's first livestream of Thursday Night Football, the U.S. National Football League said on Friday.

from Reuters: Technology News http://ift.tt/2x3nZb2

Druva InSync

Druva InSync is an enterprise software that provides file backup, sharing, and analytics functionality on the cloud.

Risk:2, Category: Computers / Internet, Applications in this Category: 74

from Check Point AppWiki Updates http://ift.tt/2kahnBA

Evercontact

Evercontact is an extension for Google Chrome that extracts email addresses from web pages.

Risk:2, Category: Computers / Internet, Applications in this Category: 74

from Check Point AppWiki Updates http://ift.tt/2yfindK

GitHub-download

GitHub is an online public free provider of repositories and is used for sharing and revisioning code, files and documents. With GitHub-download, you can download content from GitHub.

Risk:2, Category: Business / Economy, Applications in this Category: 118

from Check Point AppWiki Updates http://ift.tt/2kaouKr

GitHub-editing

HipChat is a private instant messaging network which provides chat rooms, real-time file sharing, and searchable chat history. With HipChat-editing, you can change the details on your application profile.

Risk:2, Category: Business / Economy, Applications in this Category: 118

from Check Point AppWiki Updates http://ift.tt/2ydjg6V

GitHub-posting

GitHub is an online public free provider of repositories and is used for sharing and revisioning code, files and documents. With GitHub-posting, you can post content in GitHub.

Risk:2, Category: Business / Economy, Applications in this Category: 118

from Check Point AppWiki Updates http://ift.tt/2kaosSP

HipChat-editing

HipChat is a private instant messaging network which provides chat rooms, real-time file sharing, and searchable chat history. With HipChat-editing, you can change the details on your application profile.

Risk:2, Category: Instant Messaging, Applications in this Category: 362

from Check Point AppWiki Updates http://ift.tt/2ydr1JL

Motorola MDLC Protocol

The MDLC protocol is used in point-to-multipoint communications networks, such as radio networks or multidrop links, and facilitates communications between all sites in the system, including an extensive diagnostic traffic.

Risk:2, Category: SCADA Protocols, Applications in this Category: 985

from Check Point AppWiki Updates http://ift.tt/2kaoo5x

Motorola MDLC Protocol - Broadcast to RTU

The MDLC protocol is used in point-to-multipoint communications networks, such as radio networks or multidrop links, and facilitates communications between all sites in the system, including an extensive diagnostic traffic. This detection is for the Broadcast to RTU service.

Risk:2, Category: SCADA Protocols, Applications in this Category: 985

from Check Point AppWiki Updates http://ift.tt/2yfhQIM

Motorola MDLC Protocol - Connect

The MDLC protocol is used in point-to-multipoint communications networks, such as radio networks or multidrop links, and facilitates communications between all sites in the system, including an extensive diagnostic traffic. This detection is for the Connect to regular channel service.

Risk:2, Category: SCADA Protocols, Applications in this Category: 985

from Check Point AppWiki Updates http://ift.tt/2k9Jfpj

Motorola MDLC Protocol - Get IPGW Time

The MDLC protocol is used in point-to-multipoint communications networks, such as radio networks or multidrop links, and facilitates communications between all sites in the system, including an extensive diagnostic traffic. This detection is for the Get IPGW Time service.

Risk:2, Category: SCADA Protocols, Applications in this Category: 985

from Check Point AppWiki Updates http://ift.tt/2yfhNN6

Motorola MDLC Protocol - Get RTU Time

The MDLC protocol is used in point-to-multipoint communications networks, such as radio networks or multidrop links, and facilitates communications between all sites in the system, including an extensive diagnostic traffic. This detection is for the Get RTU Time service.

Risk:2, Category: SCADA Protocols, Applications in this Category: 985

from Check Point AppWiki Updates http://ift.tt/2kaHs3D

Motorola MDLC Protocol - Poll COS from RTU Table

The MDLC protocol is used in point-to-multipoint communications networks, such as radio networks or multidrop links, and facilitates communications between all sites in the system, including an extensive diagnostic traffic. This detection is for the Poll RTU Table service.

Risk:2, Category: SCADA Protocols, Applications in this Category: 985

from Check Point AppWiki Updates http://ift.tt/2yfhK3S

Motorola MDLC Protocol - Poll RTU Table

The MDLC protocol is used in point-to-multipoint communications networks, such as radio networks or multidrop links, and facilitates communications between all sites in the system, including an extensive diagnostic traffic. This detection is for the Poll COS from RTU Table service.

Risk:2, Category: SCADA Protocols, Applications in this Category: 985

from Check Point AppWiki Updates http://ift.tt/2ka2sqY

Motorola MDLC Protocol - Send Value to RTU Table

The MDLC protocol is used in point-to-multipoint communications networks, such as radio networks or multidrop links, and facilitates communications between all sites in the system, including an extensive diagnostic traffic. This detection is for the Send Value to RTU Table service.

Risk:2, Category: SCADA Protocols, Applications in this Category: 985

from Check Point AppWiki Updates http://ift.tt/2yfi0zS

Motorola MDLC Protocol - Set IPGW Time

The MDLC protocol is used in point-to-multipoint communications networks, such as radio networks or multidrop links, and facilitates communications between all sites in the system, including an extensive diagnostic traffic. This detection is for the Set IPGW Time service.

Risk:2, Category: SCADA Protocols, Applications in this Category: 985

from Check Point AppWiki Updates http://ift.tt/2k80PKq

Motorola MDLC Protocol - Set RTU Time

The MDLC protocol is used in point-to-multipoint communications networks, such as radio networks or multidrop links, and facilitates communications between all sites in the system, including an extensive diagnostic traffic. This detection is for the Get RTU Time service.

Risk:2, Category: SCADA Protocols, Applications in this Category: 985

from Check Point AppWiki Updates http://ift.tt/2yeokYB

Motorola MDLC Protocol - Sync Time

The MDLC protocol is used in point-to-multipoint communications networks, such as radio networks or multidrop links, and facilitates communications between all sites in the system, including an extensive diagnostic traffic. This detection is for the Sync Time service.

Risk:2, Category: SCADA Protocols, Applications in this Category: 985

from Check Point AppWiki Updates http://ift.tt/2k8T86J

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of September 25, 2017

A couple of years back, I remember working at a tradeshow booth and giving a demo to someone who was interested in our solution. He said, “Your solution is great, but I need something that will not let anyone from the outside in my network and I need something that will not let my employees do anything on the Internet.” I asked, “You don’t want your employees doing anything on the Web?” He replied, “Correct. If they want to do something on the Web, they can do it on their own time and on their own systems.” Hmmm. My tongue-in-cheek response? “Turn off your Internet connection.” I get it…no one wants to have to deal with cyber-attacks, especially in light of recent breaches like Equifax and Sonic Drive-In, and no one wants to deal with zero-day attacks either. Speaking of zero-days…

Earlier this week, the Zero Day Initiative (ZDI) published a zero-day advisory for a bug in the EMC Data Protection Advisor. The team follows specific guidelines on this, so when the time comes where they have to publish an advisory, it’s a big deal. While some of the bugs were addressed through security patches, one bug was not patched because EMC described the issue as “by design.” The bug makes it possible to specify arbitrary executables and even remote storage locations. Although the vulnerability is quite straightforward, exploitation is not as trivial. The endpoint is only reachable by authenticated users, which can be a little interesting since every installation comes with multiple free backdoor accounts: DPA Metrics User, Agent Registration User, and Donald Duck. Yes, I said Donald Duck, the Disney cartoon character – who also happens to have Administrator privileges! Additional steps are needed for full exploitation, which the researcher has provided. This selection of bugs discovered by the researcher has demonstrated how attackers can combine multiple non-RCE vulnerabilities in a target to eventually achieve total system compromise. You can read the details of the EMC zero-day and watch a video on how the exploit chain can be used on the ZDI blog.

Zero-Day Filters

There are seven new zero-day filters covering two vendors in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative website. You can also follow the Zero Day Initiative on Twitter @thezdi and on their blog.

Adobe (6)

29634: ZDI-CAN-5035: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC) 29635: ZDI-CAN-5036: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC) 29636: ZDI-CAN-5037: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC) 29637: ZDI-CAN-5038: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC) 29638: ZDI-CAN-5039: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC) 29639: ZDI-CAN-5040: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)

Cisco (1)

	29640: ZDI-CAN-5041: Zero Day Initiative Vulnerability (Cisco Webex)

Missed Last Week’s News?

Catch up on last week’s news in my weekly recap.

from Trend Micro Simply Security http://ift.tt/2hAt6Zo

Millions of Up-to-Date Apple Macs Remain Vulnerable to EFI Firmware Hacks

"Always keep your operating system and software up-to-date." This is one of the most popular and critical advice that every security expert strongly suggests you to follow to prevent yourself from major cyber attacks. However, even if you attempt to install every damn software update that lands to your system, there is a good chance of your computer remaining outdated and vulnerable.

from The Hacker News http://ift.tt/2ycwPDm

Tesla chief Musk's latest idea: Intercity rocket travel

ADELAIDE/SYDNEY (Reuters) - Silicon Valley billionaire Elon Musk on Friday outlined ambitious plans for a manned mission to Mars and a rocket capable of carrying passengers from one continent to another on Earth.

from Reuters: Technology News http://ift.tt/2ycLui9

Greek plan to regulate taxi apps draws customers' ire

ATHENS (Reuters) - A Greek government plan to regulate taxi-hailing apps, such as Taxibeat and Uber, has angered many consumers who are worried it could disrupt a popular service for their daily commute.

from Reuters: Technology News http://ift.tt/2xLzSRs

This Week in Security News

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days.

Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back each Friday for highlights of the goings-on each week!

 

ZNIU is the First Android Malware to Exploit Dirty COW Vulnerability

Dirty COW attacks on Android has been silent since its discovery, perhaps because it took attackers some time to build a stable exploit for major devices. Almost a year later, Trend Micro researchers captured samples of ZNIU.

The Underground Economy Is Using Coupon Fraud as a Form of Business Process Compromise

The fraudulent redemption of freebies, discounts, and rebates in the form of coupons is reportedly costing U.S. businesses $300–600 million every year. And where there’s money to be made, there are cybercriminals rustling up schemes to take advantage of it.

Fast-Food Chain Sonic Investigates Potential Card Breach

U.S. fast-food chain Sonic Drive-In is investigating a potential payment card breach. Its alert follows a large, potentially related batch of stolen card data appearing for sale on a cybercrime “carder” marketplace. 

Deloitte Claims Recent Cyberattack Affected ‘Very Few Clients’

Global accounting firm Deloitte said on Monday it was the victim of a cyberattack that affected the data of a small number of clients, providing few details on the breach. This breach is the latest in a series of breaches involving organizations that handle sensitive financial data. 

Tech Support Scam Is Being Used to Spread Cryptominer Coinhive’s Monero

An EITest campaign is using tech support scams to deliver Coinhive’s Monero Miner, the same JavaScript cryptocurrency miner silently being used to exploit visitors to The Pirate Bay site. The malware runs smoothly and a victim likely won’t notice that their device has been affected. 

Equifax CEO Retires Amid Cyberbreach Fallout

Equifax CEO and Chairman Richard Smith stepped down Tuesday, becoming the latest executive of the credit-reporting giant to step down following a massive cyberbreach that compromised personal information for 143 million U.S. consumers. 

Cybercrime-as-a-Service Is Becoming Mainstream

Purchasing cybercrime-as-a-service tools for threats is no longer just something for low level or aspiring hackers. Organized criminal gangs are taking advantage of these services as the underground criminal landscape continues to become more professionalized and mature. 

ATM Malware Is a Lucrative Business

Today, there are 475,000 and 500,000 ATMs operating in the U.S. Trend Micro and Europol’s European Cybercrime Centre (EC3) released a report on the ATM malware landscape. The report digs into the depth and breadth of malware targeting ATMs, as well as the attack perpetrators.

Virtualized Network Security Helps Mobile Operators Keep Customers Safe

Mobile network operators (MNOs) are increasingly adopting virtualization and software acceleration technologies to become more agile in how they deploy and operate network services. 

Freezing Your Credit Isn’t Enough to Prevent Identity Theft

In the wake of the Equifax breach, identity-theft horror stories have been easy to come by. The solution, according to many experts, is freezing your credit. But a credit freeze protects only against new accounts being opened in your name. 

Trend Micro Introduces New Email Security Technologies Powered by XGen

On Monday, Trend Micro introduced new email security technologies powered by XGen™ and a new product, Smart Protection for Office 365.This new service combines the advantages of both an email gateway with an API service integrated solution.  

Please add your thoughts in the comments below or follow me on Twitter; @JonLClay. 

from Trend Micro Simply Security http://ift.tt/2yNO7E2

Security firm finds some Macs vulnerable to 'firmware' attacks

(Reuters) - Since 2015, Apple Inc has tried to protect its Mac line of computers from a form of hacking that is extremely hard to detect, but it has not been entirely successful in getting the fixes to its customers, according to research released on Friday by Duo Security.

from Reuters: Technology News http://ift.tt/2xC986M

Flying high after IPO, Angry Birds maker looks to swoop on rivals

HELSINKI (Reuters) - Rovio, the maker of hit mobile game "Angry Birds," will look to buy up other players in the gaming industry following its listing on Friday, its main owner Kaj Hed said.

from Reuters: Technology News http://ift.tt/2k8r9UV

Critical EFI Code in Millions of Macs Isn't Getting Apple's Updates

Researchers dug into the deep-seated, arcane code in Apple machines known as EFI, and found it's often dangerously neglected.

from Security Latest http://ift.tt/2yLR4Ff

New Uber CEO to meet London transport boss in license battle

LONDON (Reuters) - The new chief executive of Uber Technologies [UBER.UL] will meet the head of London's transport system next week to try to retain the license for its ride hailing service in the British capital.

from Reuters: Technology News http://ift.tt/2xGU3P0

Lyft IPO puts investors in self-driving cars as well as ride services

DETROIT (Reuters) - An initial public offering by Lyft Inc will give investors a way to jump into self-driving cars, although the ride services company and rival Uber Technologies Inc may have to wait years before sending a driverless robotaxi to a customer.

from Reuters: Technology News http://ift.tt/2xCst80

Japan's FSA gives official endorsement to 11 cryptocurrency exchanges

TOKYO (Reuters) - Japan's Financial Services Agency said on Friday it has approved 11 companies as operators of cryptocurrency exchanges, in a move that sets the country apart from its neighbors which are tightening their grip on virtual money.

from Reuters: Technology News http://ift.tt/2yxhk5d

New Uber CEO to meet London transport boss over license battle

LONDON (Reuters) - Dara Khosrowshahi, the new chief executive of Uber Technologies [UBER.UL], will meet the head of the London Transport system next Tuesday as the Silicon Valley giant steps up the fight to regain its license in the British capital.

from Reuters: Technology News http://ift.tt/2fvCJnF