Category Archives: business

Threat Intelligence Software Market to Witness Huge Growth by 2025 : Leading Players- Lookout, McAfee, CylancePROTECT, Symantec – Press Release – Digital Journal - This press release was orginally distributed by SBWire Edison, NJ -- (SBWIRE) -- 02/16/2019 -- A new business intelligence report released by HTF MI with title "Global Threat Intelligence Software Ma…

Tweeted by @KeoXes

How News Affects Your Investments - The number of publicly available data increases year by year. Every day we are overwhelmed with hundreds of news, some of which have nothing to do with reality. It is worth to ask yourself whether be…

Tweeted by @vestywaves

Major Global Study of Senior Cyber Security Professionals reveals increasing pressure, workload and budgetary deficits – Nominet - 14 February 2019 – Oxford, UK. – Today, Nominet publishes Life Inside the Perimeter: Understanding the Modern CISO, a report which examines the external and internal stresses and pressures facing a m…

Tweeted by @fabcara

January 2019 Cyber Attacks Statistics - After the two timelines of January (part I and part II), it’s time to publish the corresponding statistics: this month I have collected a total of 126 events. We definitely left the drop of December …

Tweeted by @jangeirnaert

Kaspersky Lab official blog: Cloud migration: Not so fast!

In recent years, analysts and visionaries have been talking nonstop about digital transformation, viewing migration to a public cloud as an integral part of it. On the whole, they are likely to be right. But from our point of view, the idea that by 2020 everyone will have migrated most of their workloads to the cloud looks rather optimistic. The process is undoubtedly underway, but it is going much slower than enthusiasts like to think.

Migration into the public cloud

In fact, the migration depends on markets considerably. For North America, the real dynamics might actually approach forecast levels. There, business integration with public clouds is being aggressively pursued in all business segments and verticals — including enterprise customers. That is largely because it is the home market for the largest cloud service providers, and above all Amazon Web Services (AWS). In their home market, cloud service providers have more market penetration, capabilities, and data centers, allowing them to provide clients with the requisite capacity and, if necessary, guarantee compliance with legal data-processing requirements.

But elsewhere, even in well-developed European markets, we see a different picture. Our market research and client feedback show that despite a constantly growing interest in all cloud service models, it is premature to speak of any kind of mega-trend, especially as regards enterprise companies — which, in the context of the evolution of Kaspersky Hybrid Cloud Security (which protects private, hybrid, and public clouds), are of primary interest to us (80% of clients that use the solution are big businesses). Why is this? It seems that at present, full migration is unattainable because of a number of obstacles.


In fact, companies would gladly migrate to a public cloud. The first reason is the obvious economic benefits. In the case of SMBs, it would be a sure way to reduce infrastructure costs and stay with more preferable operational expenditures rather than capital expenditures. But for most enterprise companies that already have CAPEX spending, the economic factor is less significant (although that depends on the particular business, of course).

For enterprises, the top reason for migrating skyward is instead the opportunity for rapid infrastructure growth and an elastic approach to any kind of business workloads. A public cloud (especially IaaS) offers a super-convenient environment for instant access to technology stacks that usually have no local equivalent (well, there are always exceptions — e.g., Azure Stack). Sure, you can try to recreate the same level of flexibility on a local platform, say in a private cloud, but it will be eye-wateringly expensive, especially the administration.

Meanwhile, public cloud providers are not sitting idle, and are constantly improving their technology stacks. For example, they now offer services to quickly build, ship, and run containers (Container as a Service) or use the FaaS (Function as a Service) model for serverless architectures, completely abstracting away from concepts such as “virtual machine,” “instance,” and the like. Providers give the client a pure development environment and charge only for function execution time — a great approach for microservices apps. These trends are only emerging, but in five years such services will be run-of-the-mill.

All in all, then, a public cloud is an ideal platform for many things such as development, testing, rapid service, and product delivery, making it the de facto standard for IT companies of any size even now.

Speaking of product delivery, another major reason for cloud migration (one that can apply to any kind of company) is the possibility of significantly reducing time-to-market. That is, the ability to deploy some business functions and processes in a public cloud, and thus deliver products or services to the end user much faster, simply because everything is faster in the cloud.


But there are also obstacles to migration that prevent many companies from moving most of their workloads and data to public clouds. Chief among them are the numerous regulators and their strict data-processing requirements. And don’t think this pertains exclusively to the infamous GDPR — the phenomenon stalks virtually all markets in one form or another.

The very concept of a public cloud is rooted in the uniform distribution of information and processing load across all available capacities. It is through this that accessibility, scalability, and fault tolerance are achieved. Many regulators, meanwhile, require that data belonging to residents of a particular country be processed and stored only in its territory. But cloud-solution providers cannot guarantee the location of information storage data centers. So, for some businesses, especially large multinational enterprises and government agencies, migration is not an option.

The other common issue is security concern, but, frankly speaking, it’s fading. Businesses are starting to acknowledge that cloud environments often can be even better secured than the companies’ own premises. It’s still important to keep in mind that different service models require different security efforts from a customer perspective. IaaS (Infrastructure-as-a-Service) is the most responsible model — with full control of your workloads comes full responsibility for their protection. An IaaS provider is responsible for protecting your infrastructure but not, for example, keeping ransomware away from your EC2 instance. It is a so-called shared responsibility model. To protect IaaS properly and to enjoy all of its features fully, customers should use specialized cloud security solutions (such as Kaspersky Hybrid Cloud security), which are quite different from traditional endpoint protection platforms.

Amazon Shared Responsibility Model

Shared responsibility model. Source:

As you can see, the pros of migration greatly outweigh the cons, but some companies face an unmovable obstacle. As a result, two simultaneous yet divergent processes are in play: globalization and localization.

Therefore, we are now witnessing a fairly stabilizing trend toward the emergence of local IaaS and PaaS (Platform-as-a-Service) providers. They see the demand for public clouds yet understand that not everyone can use a global heavyweight. Despite lacking the most advanced technologies such as AWS or MS Azure, local players can guarantee that all data is stored and processed within the territory of one country.

At the same time, global providers continue to grow and develop, offering more — and more-effective — technologies.

Perhaps most interesting, many companies are moving toward a multicloud strategy, using different cloud providers for different workloads and processes.

As a global vendor of cybersecurity solutions, we see this trend and believe that successful cloud workload protection demands cooperation and integration with both local and global cloud providers. That is why Kaspersky Hybrid Cloud Security is constantly supporting new cloud and virtualization platforms as well as different deployments. Seven years ago, we started with the protection of on-premises virtualization and private clouds, and now we provide unified protection for hybrid and public clouds.

February 26–27, 2019, we will be at the AWS Summit in Berlin, where our tech experts will do demos of how Kaspersky Hybrid Cloud Security resides in the AWS ecosystem and natively integrates into it. Visit us at booth B09 to learn more about our solution. See here for details of our participation in the event.

Kaspersky Lab official blog

Tackling the shortage in skilled IT staff: whole team security

Is your IT department understaffed, overworked, and are you looking for reinforcements in vain? Maybe these hard-to-hire reinforcements can be hired from within, rather than having to outsource or hire expensive, short-term extra help. While this was usually only done if your own staff was falling too far behind, the burden of the shortage of skilled IT staff in the workforce is starting to take its toll, and this is now be a viable option for all.

Undoubtedly, there is a person in every group who is more computer-savvy than others. The one who can end your problem or answer your question in seconds, when it would take hours, if not days, to get someone from the IT department to look at it. These people shield the IT department from several questions each day, and keep frustrated endpoint users at bay that had given up asking the overwhelmed crew for help and assistance.

Nevertheless, professionals often frown upon the help given by these helpful troubleshooters on the floor level. How can we ensure that the help given by these often self-appointed volunteers is nothing short of the first-tier support provided by the IT department?

Pros and cons

First of all, make sure that your IT staff is willing to share their responsibilities with people on the work floor. Without their full cooperation, this plan is destined to fail. We can all agree that trained and weathered IT professionals will generally do a much better job than people who have been trained for other jobs. But if you are facing the same problem as most companies and you just can’t hire enough IT professionals, you will probably welcome all the help you can get. And having to rely on a frustrated and overworked IT staff might be worse than letting volunteers that feel recognized and empowered help in any way they can.

On the other hand, in “any way they can” might be just turn out to be the problem with this solution. It should be made crystal clear when the volunteers are expected to call in the help of the professionals. You do not want to face some catastrophe because one of the benevolent volunteers Googled a half-baked solution for a problem that was reported to them.

This whole team security strategy fits nicely in the ongoing shift to BYOD, and even Bring Your Own Security (BYOS). Generally speaking, it will make your employees happier, but it takes some planning and attention to make sure it also works for the company as a whole.

BYOD strategy

One important thing to consider is whether the company has adapted a user-centric or device-centric approach to technology integration. If every user is equipped with a device according to their personal preference, there could be a multitude of devices in use. This can be frustrating enough for a trained professional to deal with, let alone a volunteer who is about to find out that everything works just a little bit differently on their colleagues’ devices.

Determine at the outset the composition of your technology and workforce, and you can better structure a plan for your volunteers—and your IT staff, too.

Education and training

Training your entire staff in security basics will certainly result in less work for your IT staff. And while providing your employees with security awareness training is a good and necessary start, you can bolster support for your IT team by offering additional IT and security training to those who are interested. There are lots of useful training programs that deal with common issues found in the software that your employees are using on a daily basis. And if the trainee is motivated and interested (as we would expect from these volunteers), it shouldn’t take up a large amount of their time.

In addition to training, you’ll also want to set up a system of rewards for your volunteers, whether that’s monetary compensation, company swag (for example, custom hoodies designating them as IT helpers), or other perks. While many volunteers may be happy to help out of the goodness of their hearts, given them additional incentive will only strengthen their commitment and attract others to the team.


Once the volunteers have received proper awareness training, equip them with the tools and authority to help their peers and make sure the rest of their department knows that they have been properly trained and can be asked for help with certain issues. This way, the people in that department are comfortable with asking for their help and will know when they can go to them instead of IT.

What this means: Volunteers will need access to certain software, systems, or cloud-based services. They’ll also need a way to communicate their actions to the IT team, so they’re aware of minor issues, even if they didn’t have to fix them themselves. Do they develop a ticketing system? Do they integrate with the current system for reporting issues? Do they spend an hour at the help desk?

No matter how you decide to enable your volunteer staff, make sure that they understand the consequences of their actions. Don’t tell them to “just do this” without explaining why you want it done that way. Give them some background so they can build out their expertise and learn how you want to run things.


Another important step is to give volunteers the administrative powers to make the actual changes themselves. With the ongoing uptick in Bring Your Own Device (BYOD) policies, most of these users have learned how to make the necessary changes to their own devices, and how to troubleshoot some of the more common issues. They may even have some specialists outside of the company that they turn to when there are problems with the device that they consider their own.

One caveat: Make sure that the volunteer is informed about the risks of combining work and personal information on the same device—and what the consequences are if they don’t adhere to company policies. As always, clear communication is a key to success. Make sure everyone is aware of what is expected of them, and what they can expect in return.

Points of attention

Finding the right people to assist your IT staff with easy-to-fix issues or simple roll-outs can make your employees happier. The IT staff can concentrate on problems that are more challenging and don’t have to run around like headless chicken playing whack-a-mole for every minor problem, like users who just need to reboot, haven’t turned on the power, or are holding the mouse upside-down. Meanwhile, your volunteers will feel that their helpful attitude has paid off, and they are now officially allowed to help their peers.

The volunteers will need the training, tools, permission, and rewards to perform their new tasks. But, and we cannot stress this enough, they will also have to be informed about their boundaries. You don’t want to see them go overboard because they are reluctant to admit that something is over their head. Remember that difficult problems may show up as minor issues at first. So empower them to help, but make sure they know when to step aside. That way, the whole team can keep your organization secure.

The post Tackling the shortage in skilled IT staff: whole team security appeared first on Malwarebytes Labs.

OCR - Most businesses, whatever the economic sector, acknowledge that they must devote resources to understanding and implementing data security, particularly given that security incidents and their fallou…

Tweeted by @Polsinelli

Insurance Giant Allstate Buys Independent Phone Repair Company, Joins Right To Repair Movement

An anonymous reader quotes a report from Motherboard: Allstate, one of the largest insurance companies in the United States, just made a curious purchase. Through its subsidiary SquareTrade, the insurance giant bought iCracked, one of the largest independent smartphone repair companies in the country. The acquisition means that Allstate has become one of the most powerful proponents of right to repair legislation in the United States. According to Gay Gordon-Byrne, executive director of, which is pushing for the legislation, the company has already loaned a lobbyist to the effort in New Hampshire. This is potentially big news for the right to repair movement, which is trying to get laws passed in 15 states this year that would make it easier for independent repair professionals to get repair tools and parts for consumer electronics. Thus far, it's been largely a grassroots effort from organizations like and iFixit. Companies such as Apple, John Deere, Facebook, Microsoft, and trade organizations that represent huge tech companies have used their considerable political power to lobby against these bills. But Allstate's purchase of iCracked is a potential gamechanger. iCracked is a giant chain that does a lot of third party repairs. A change in the laws would benefit it, and now Allstate, as much as the average consumer. "iCracked has been a major supporter of right to repair, and we really appreciate their valuable contribution to the fight for freedom," Kyle Wiens, CEO of iFixit, told Motherboard in an email. "I'm optimistic that this partnership will elevate the visibility of the work that we're doing together." "SquareTrade continues to work with manufacturers as well as the independent repair community," Jason Siciliano, VP and Global Creative Director of SquareTrade told me in an email. "As this issue evolves, we will maintain good relationships and continue to listen to the key players on all sides of the debate and will work towards sensible solutions whether they are led by the industry or regulators."

Read more of this story at Slashdot.

Amazon Pulls Out of Planned New York City Campus

As expected, Amazon said on Thursday that it was canceling plans to build a corporate campus in New York City [The link may be paywalled; alternative source]. From a report: The company had planned to build a sprawling complex in Long Island City, Queens, in exchange for nearly $3 billion in state and city incentives. But the deal had run into fierce opposition from local lawmakers who criticized providing subsidies to one of the world's richest companies. Amazon said the deal would have created more than 25,000 jobs.

Read more of this story at Slashdot.

Don’t Blame Employees who fall for a BEC scam!

The BBC reports that a media company based in Scotland is now suing a former employee who fell for a Business Email Compromise (BEC) scam. In the scam, the employee received emails which appeared to be from the managing director and requested wire transfers. The employee worked with her line manager on the first payment and then made 3 subsequent payments while her direct manager was on vacation. In total, £193,250 was transferred to the scammers. The company recovered £85,000 from their bank and is suing the employee, who was already fired over the incident, for the remaining balance of £108,000 because she ignored a standard checkbox security warning from the bank about wire transfer scams.

It’s time to stop blaming the victims of email scams and instead put in place user training, security controls, and process controls to prevent Business Email Compromise scams from occurring.

Train your employees – for free

The employee in this case claims she never received training from the company on how to stop online fraud. Like many employees, when an email request appears to come from an executive, the recipient is often so focused on appearing responsive, that they do not realize the email is an impersonation. It’s important to make sure your employees are aware of these attacks and can look for signs that the email is a fraud. Train them not to respond, act open, open an attachment, or click on a link when an email is suspicious or unexpected.

Free phishing simulation and user training is available with Trend Micro Phish Insight. With it you can send test phishing emails to your users, reward / recognize employees who identify the emails as suspicious, and offer training to those who need it most. Phish Insight is free for all organizations.

Prevent BEC scams with Email Security

BEC emails typically don’t have a malicious attachment or malicious URLs and rely solely on social engineering This makes detection difficult without security controls specifically designed to catch these attacks. Cloud App Security for Office 365 uses two AI methods to detect BEC scams. First an expert rule system looks for social engineering and attacker behaviors. Amongst the rules is one that looks for matches of the names of high-profile users to the sender’s display name when the email comes from a free email account domain. A machine learning model decides how best to weigh and apply all the rules for the most accurate detection.

Writing Style DNA is employed to spot the hardest to detect impersonation attempts. Writing Style DNA creates an AI model of the writing style of high-profile users such as executives. The model is created by extracting metadata from previously sent emails. When an email arrives with a name matching or similar to a high-profile user, and it hasn’t already been ruled out by the expert rule system, then the style of the writing within the email is compared to the AI model for that high-profile user. You can see how it works in this short video.

Process Controls

In addition to user training and security controls, your organization should also examine its wire transfer procedures and ensure two approvals are required. The FBI provides guidelines for additional steps to harden your organization against these attacks.

Together with user training, security controls, and process controls, we can stop the $12 billion in losses to Business Email Compromise scams.

The post Don’t Blame Employees who fall for a BEC scam! appeared first on .

The Best Ways to Catch McAfee at RSA Conference 2019

In just a few weeks, San Francisco will be taken over by cybersecurity professionals and vendors at Moscone Center for the 2019 RSA Conference. There’s a lot packed into the conference—that’s why we’re breaking down the best ways to see McAfee in action. So take out your calendars and make note of the events below.

McAfee Leadership Takes the Stage

CSA Summit Keynote: Case Study: Behind the Scenes of MGM Resorts’ Digital Transformation
Monday, March 4 | 11:35 am – 11:55 am | Moscone Center

Rajiv Gupta, Senior Vice President, Cloud Security Business Unit, McAfee

Scott Howitt, Senior Vice President & Chief Information Security Officer, MGM Resorts International

As a leader in their industry, MGM is transforming into a digital business by aggressively adopting the cloud to make their employees more engaged and productive and to deliver modern experiences to their customers. Join Rajiv Gupta, SVP of McAfee’s Cloud Business, and Scott Howitt, SVP and CISO for MGM Resorts International, to hear how MGM is protecting their enterprise data across the whole spectrum of their evolving infrastructure, from on-prem, to the device, to their SaaS, IaaS and PaaS cloud instances. More, here.


Session: #Ransomware – The Rise, Death and Resurrection of Digital Extortion
Monday, March 4 | 4:45 pm – 5:15 pm | Session Code: SEM-M03

John Fokker

Head of Cyber Investigations

Raj Samani

Chief Scientist, McAfee Fellow


Hear from cybercrime experts on the successes and lessons learned from the No More Ransom initiative, an online portal that has prevented millions of dollars in ransom payments to cybercriminals. Recent statistics point to a decrease in the number of ransomware variants. So, is ransomware dead? Not so fast. Get up to speed on what’s new in the ongoing effort to combat the threat of ransomware. More, here.

Keynote: Lightning in a Bottle, or Burning Down the House?
Tuesday, March 5 | 8:35 am – 8:55 am | RSA, West Stage

Dr. Celeste Fralick 

Chief Data Scientist 

Steve Grobman

Senior Vice President and Chief Technology Officer


Fire. In the wild, it’s a force for destruction. Controlled, it powers civilization’s forward evolution. But containing phenomena—natural or manmade—is a devilish challenge. Today’s regulatory hotspots include AI and quantum computing, because innovations that strengthen defenses can also fuel targeted threats. The weaponization of AI to amplify cyberattack impacts is enough to give anyone pause, so discussion of export controls on these and other technologies is a worthy conversation. What is the path forward to advance and protect human progress? How do we nurture sparks of innovation without burning bridges to the future? More, here.

Session: Using Machine Learning to Improve Security Predictions
Tuesday, March 5 | 11:00 am – 11:50 am | Session Code: SPO2-T06

Grant Bourzikas

Chief Information Security Officer (CISO) & Vice President of McAfee Labs Operations




Organizations are overwhelmed by data and dependent on outdated (nonpredictive) tools and methods. Security companies can’t keep up with the frequency of attacks, 50% of which are missed by traditional antivirus programs. In this session, McAfee’s CISO will share his experiences, providing valuable information for security organizations to predict attacks by relying on data science and machine learning. More, here.

Session: Mulitparty Vulnerability Disclosure: From Here to Where?
Wednesday, March 6 | 9:20 am – 10:10 am | Session Code: PDAC-W03

As the world grows ever more dependent on complex technological systems, the risk of broadly impactful vulnerabilities in software and hardware is driving the need for improvements in how the global ecosystem addresses identification and disclosure of those vulnerabilities. This panel will discuss what works, what doesn’t, and suggest a path forward that can benefit everyone globally. More, here.

Moderator: John Banghart, Senior Director, Venable

Panelists: Kent Landfield, Chief Standards and Technology Policy Strategist, McAfee LLC

Art Manion, Vulnerability Analysis Technical Manager, CERT Coordination Center

Audrey Plonk, Director, Global Security Policy, Intel Corporation

Session: Law Enforcement: The Secret Weapon in the CISO’s Toolkit
Friday, March 8 | 11:10 am – 12:00 pm | Session Code: AIR-F03

John Fokker

Head of Cyber Investigations




This session will show you how to get the most out of working with law enforcement agencies (LEA) before, during or after a security breach. Learn why partnering with law enforcement can be a valuable strategic asset in the CISO’s ever-expanding toolbox of security measures. More, here.

Hack Your Way Through the Crowds at the McAfee Booth

We’re hosting a fun and interactive Capture the Flag challenge at our RSA booth to test the investigative and analytical skills of RSA attendees. Contestants will be given various challenges and will receive “flag” details on how to complete each challenge as quickly and accurately as possible. Want to know who is in the lead? Don’t worry, we’ll have a live scoreboard. The winner of the RSA Capture the Flag contest will get bragging rights and a cool prize to take home. Visit us at booth #N5745 in the North Hall.

Cloud Security BarCade Challenge

Tuesday, March 5 | 6:00 pm – Midnight | Coin-Op Game Room, San Francisco | 508 4th Street

We’re hosting an epic cloud security networking event at Coin-Op Game Room in San Francisco! What’s the challenge? Come out to see us and find out. There will be prizes, games, food, networking, and more. Register here.

RSA After-Hours Social & Cloud Security Panels

Wednesday, March 6 | 6:30 pm – 11:00 pm | Mourad, San Francisco | 140 New Montgomery Street

We’re bringing the cloud community together for a night of networking at Mourad, so grab your peers and head over to the after-hours social. We will have a DJ, awesome food, creative libations, and a VIP area upstairs for a private whiskey tasting. Throughout the night, we’ll be hosting cloud security panels, where you’ll hear perspectives from industry experts on the current security landscape, best practices, and how to elevate your cloud security posture. Register here and join us as we close out RSA at the after-hours social of the year.

There’s a lot to look forward to at RSA 2019, so be sure to stop by booth #N5745 in the North Hall for demos, theater sessions, and more. Feel free to use code XSU9MCAFEE for a free RSAC expo pass. Also, be sure to follow @McAfee for real-time updates from the show throughout the week.

The post The Best Ways to Catch McAfee at RSA Conference 2019 appeared first on McAfee Blogs.

12 HR Predictions for 2019 - AI in HR was one of the hottest topics of 2018, and it’s likely to dominate again in 2019. I asked several HR analysts and thought leaders what they think this year will hold – AI came up several tim…

Tweeted by @meQuilibrium

Airbus Is Giving Up On the A380

"It's the end of the line for the biggest passenger jet ever built: the A380 is going to cease production," writes Slashdot reader Required Snark, citing a report from CNN. From the report: The European plane maker said Thursday that it will stop delivering A380s in 2021 after its key customer, Dubai-based airline Emirates, slashed its orders for the huge jetliner. "We have no substantial A380 backlog and hence no basis to sustain production, despite all our sales efforts with other airlines in recent years," Airbus CEO Tom Enders said in a company statement. The company has delivered 234 of the superjumbos to date, less than a quarter of the 1,200 it predicted it would sell when it first introduced the double-decker aircraft. Its plans were undermined by airlines shifting their interest to lighter, more fuel efficient passenger jets that have reduced the need to ferry passengers between the big hubs. "Passengers all over the world love to fly on this great aircraft. Hence today's announcement is painful for us and the A380 communities worldwide," Enders said. "But keep in mind that A380s will still roam the skies for many years to come and Airbus will of course continue to fully support the A380 operators."

Read more of this story at Slashdot.

Cybersecurity, Baldoni svela la strategia italiana. Obiettivo: mettere in sicurezza reti e servizi – CorCom - “La tecnologia ha generato inevitabilmente anche nuove complessità. E l’accelerazione continua procederà nei prossimi anni in particolare con l’avvento dell’intelligenza artificiale e della robotica.…

Tweeted by @chrisneel

Intelligence Sec - Cybercrimes are still a common occurrence globally and many governments are now paying special attention to protecting their critical infrastructures. Other industries are also improving their cyber …

Tweeted by @resecurity_com

Regulatory Intelligence: Criminals Mix & Match Children’s Personal Data for Synthetic Identity Fraud - Cyber-criminals and fraudsters are increasingly mixing and matching children’s stolen personal data to create new, synthetic identities for use in fraud and other financial crimes. Criminals can buy …

Tweeted by @GinaScialabba

Most Online ‘Terms of Service’ Are Incomprehensible To Adults, Study Finds

Two law professors analyzed the sign-in terms and conditions of 500 popular US websites, including Google and Facebook, and found that more than 99 percent of them were "unreadable," far exceeding the level most American adults read at, but are still enforced. From a report: According to a new paper published on SSRN (Social Science Research Network), the average readability level of the agreements reviewed by the researchers was comparable to articles in academic journals. "While consumers are legally expected or presumed to read their contracts, businesses are not required to write readable ones. This asymmetry -- and its potential consequences -- puzzled us," wrote co-author Samuel Becher, a law professor at Victoria University of Wellington, in an email to Motherboard.

Read more of this story at Slashdot.

Former Apple Lawyer Who Was Supposed To Keep Employees From Insider Trading Has Been Charged With Insider Trading

The SEC Wednesday charged a former Apple executive with insider trading. From a report: Gene Levoff, senior director of corporate law and corporate secretary until September, "traded on material nonpublic information about Apple's earnings three times during 2015 and 2016," according to the lawsuit filed Wednesday in the U.S. District Court of New Jersey. "Levoff also had a previous history of insider trading, having traded on Apple's material nonpublic information at least three additional times in 2011 and 2012. For the trading in 2015 and 2016, Levoff profited and avoided losses of approximately $382,000," the complaint says. Levoff's position at Apple granted him insider access to not-yet-public earnings results and briefings on iPhone sales, the complaint says. On more than one occasion, he disobeyed the company's "blackout" period for stock transactions, selling or buying stock worth tens of millions of dollars, according to the SEC.

Read more of this story at Slashdot.

Businesses: It’s time to implement an anti-phishing plan

Businesses: phishers aren’t just coming for you. They’re coming for your employees and your customers, too.

Phishing attacks are on the rise this year, thanks in part to massive Emotet and TrickBot campaigns, which make use of phishing emails to deliver their payloads. If you don’t already have one in place, then it’s time to implement an anti-phishing plan.

Where phishes are concerned, it doesn’t matter if the technique being used is revolutionary or old hat. Somebody, somewhere is going to fall for it. It’s up to you and your employees to ensure that your business is secure, and that your customers are performing safe email practices, too.

If your customers are logging into fake portals, eventually they’re going to tie up your support channels asking for help, refunds, reorders, and more. If your employees are being stung, they open the door to data theft, network infiltration, ransom demands, spying, and a massive dent in your company’s reputation to boot.

All of these are poor directions to head in. So let’s first take a look at some of the targets of phishing campaigns. Then, we’ll talk about what your employees and customers can do to identify a phish.

Targets for phishers

The 2018 Phishing Trends & Intelligence Report (PDF) from PhishLabs stated that Email/Online Services were the top targeted industry in the second half of 2017 by a margin of 26.1 percent, with a high concentration of phishing URLs mimicking Microsoft Office 365 login pages.

Office 365 is enormously popular for businesses, with Microsoft revealing in 2016 that is has:

  • 60 million active commercial customers
  • 50,000 small business customers added every month
  • 340 million downloads of its mobile app

As our 2019 State of Malware report shows, there’s no real sector of industry left alone by malware attackers. Trojans (which include Emotet and TrickBot) lured in targets in manufacturing, education, and retail in 2018 with phishing emails. And ransomware, which is also a popular payload of phishing attacks, crippled organizations in government, as well as education, manufacturing, retail.

Outside of those verticals, however, phishers know that every business is sitting on something juicy: personally identifiable information (PII). Just about any organization in any vertical is sitting on databases of customer names, emails, and their payment details.

That’s a huge number of potential targets at which to aim.

What should we do?

While it’s nearly impossible to predict every threat model, or what an attacker may want with your company’s data, you can better thwart phishing attacks by putting in place a clear anti-phishing plan. There’s never been a better time to start beefing up your cybersecurity policy for employees, as well as update your website with solid anti-phishing tips for your customers.

If you’re short of a few ideas on how to help your employees and customers identify phishing attempts, we have a handy introductory list below.

Anti-phishing tips for your employees

  1. Attachments aren’t always a guarantee of malware. Often, phishers will send perfectly clean files as an additional confidence trick. “Please fill this in and send it back,” they’ll say. Having said that, many phish campaigns will happily try to backdoor a network with a rogue file alongside a phish attempt. When in doubt, do not open the file. Instead, try to contact someone you know from the organization listed in the email to confirm.
  2. Mobile devices are particularly at risk from lengthy scam URLs, as the visible portion may be tailored to appear legitimate, but the rest of it—which would give the game away—is hidden offscreen. Employees checking email on their phones or browsing the Internet should always review the whole URL before clicking. If it looks suspicious, or uses numbers or peculiar letters in place of what you’d expect to be there, it’s best to leave immediately.
  3. Dubious apps are also a potential problem, so it’s best to review apps you plan to install on your work mobile device or desktop with a hawk eye. Are the logos the same? Does the user experience match what you’d expect?
  4. Promoted content on social media can lead to phishing, and it’s worth advising all employees and customers to be wary of this—especially as ads tend to be targeted to your interests (thanks, trackers). While you may not want to prohibit use of social media at work entirely (especially as it’s part of the job for many folks in marketing), recommending that users not engage on social media from work devices, or limiting their engagements to work-specific tasks, could help thwart phishing attempts.
  5. Bit of a niche one, but you may wish to advise employees not to waste spammer’s/phisher’s time with any of these tactics during work hours. Using personal accounts is all fun and games, but replying with anything work-related could go terribly wrong. The bad guys know your work mail exists for one thing, and they’ll either spam it hard, send you more junk, or go after your business even more than they were already.

Anti-phishing tips for your customers

  1. Look at some anti-phish pages from the biggest brands. You’ll notice that they all mention the most obvious forms of attack. If you’re eBay, you’re going to see customers sent fake auction missives, or “problem with your auction” attacks. If you’re Steam, it’ll be “problems with your marketplace item” or free game keys. A bank? it’ll be bogus re-authentication mails. For Apple, it’ll be issues with pending refunds for items they don’t remember purchasing. This is how you should lead the charge.
  2. Point out that the presence of a padlock isn’t a guarantee the site they’re on is real. Certificates for websites are easily obtained for free these days, and scammers are taking full advantage of it. It may have been useful to tell people “Avoid sites with no padlock because it isn’t real” years ago, but the game has changed and so must our messaging.
  3. Warn them about bad spelling, errors in formatting, and email addresses in the “From” field which look suspicious. Also mention that many phishers spoof mails in the “From” field so this isn’t a guarantee of safety either. Perhaps the formatting and design are different from what you usually receive from an organization. Maybe the logo looks pixelated or the buttons are different colors. The possibilities are endless.
  4. Desperation is a surefire sign that something may be wrong. It’s panic buying, but not as we know it. Emails claiming a tight time limit to login and perform an action, alongside the threat of losing X or Y forever, is a good sign of bad things afoot.
  5. Warn them off emails asking for additional personal information (and if your organization sends such emails, try to wean yourself off this practice, too). Links to sites asking for logins is bad practice. Train your customers and employees out of this habit. If they won’t click links asking for information, the battle is halfway won.
  6. The URL shown on the email and the URL that displays when you hover over the link are different from one another. An oldie, but goodie.

My business uses Office365, what else can I do?

Microsoft has a handy list of security suggestions for you to deploy on your network. Suggestions include:

And finally

Google has come up with a short, fun, and difficult anti-phishing test. It’s a fantastic way to experience some common phishing techniques safely. There aren’t many ways to experience real phishing examples in a safe environment, so it’s well worth having a go. You’ll likely find that there’s a few tactics in there you haven’t seen before, and it’s always a good idea to test your employees on some left-field phishing techniques. However you choose to go about putting together an anti-phishing plan for your organization, we wish you many years of safe emailing ahead.

The post Businesses: It’s time to implement an anti-phishing plan appeared first on Malwarebytes Labs.

Favourite Player’s Injured? Get a Refund

An anonymous reader shares a report: Any sports fan will know, or at least appreciate, the disappointment of going to watch your team only to find that a top player has been left out. But what if you could pay an extra bit of money for your ticket -- say, 5-15% on top of the normal price -- and insure the cost of your ticket against such a situation? If your favourite player does not play, for whatever reason, you get your money back. That's the intriguing premise behind Fansure, a start-up currently based in Belmont, California. When I spoke to the firm's marketing manager, Tara Fan, she explained it in the context of a basketball game: "Some tickets are $300-$400 to go to a game. Typically, you're paying that to see someone like LeBron James, or Kevin Durant, or someone like that." It works like this: You buy the ticket as normal. Then, at least 48 hours before the game, you go to Fansure, and you pay them an added percentage. The amount reflects what Fansure thinks is the likelihood of your selected player appearing or not. Someone like Durant for instance, rarely misses a game for the Golden State Warriors and so the premium would be relatively low. "It would only be, I would say, 8% of your ticket price," Ms Fan explained. "It's like... $30 to cover a $400 ticket. And so that's where the benefit rolls out." If Durant plays, you've wasted your $30, which Fansure pockets. If he doesn't, you still get to go and enjoy the game, and Fansure will refund you the entire amount of the ticket (but keeps the bit you paid for insurance).

Read more of this story at Slashdot.

California Governor Proposes Digital Dividend Aimed At Big Tech

An anonymous reader quotes a report from Bloomberg: California Governor Gavin Newsom proposed a "digital dividend" that would let consumers share in the billions of dollars made by technology companies in the most populous U.S. state. In his "State of the State" speech on Tuesday, Newsom said California is proud to be home to tech firms. But he said companies that make billions of dollars "collecting, curating and monetizing our personal data have a duty to protect it. Consumers have a right to know and control how their data is being used." He went further by suggesting the companies share some of those profits, joining other politicians calling for higher levies on the wealthy in U.S. society. "California's consumers should also be able to share in the wealth that is created from their data," Newsom said. "And so I've asked my team to develop a proposal for a new data dividend for Californians, because we recognize that data has value and it belongs to you." Newsom didn't describe what form the dividend might take, although he said "we can do something bold in this space." He also praised a tough California data-privacy law that will kick in next year.

Read more of this story at Slashdot.

Les opérateurs de compétences se préparent à leurs nouvelles missions – Le Journal de la réforme de la formation 2018 - Le paysage des futurs opérateurs n’est pas encore totalement stabilisé mais d’ores et déjà, les structures ayant été jugées cohérentes par le ministère du Travail adaptent leur organisation à la nouv…

Tweeted by @AFDET1

SMEs overconfident on cyber threats - New figures from the Australian Bureau of Statistics (ABS) show that crime rates in Australia are for the most part substantially below the levels recorded a decade ago. While the rate of sexual assa…

Tweeted by @mybusinessau

Global Industry Data – Debt Collection & Management software market analysis 2019-2015 explored in latest research - This unique report explains the present industry situations that gives the crystal-clear picture of the global Debt Collection & Management Software market to the clients. The thorough database which…

Tweeted by @XmarketReports

Publishers Chafe At Apple’s Terms For ‘Netflix For News’ Subscription Service As It Demands a 50 Percent Revenue Cut

Zorro shares a report from The Wall Street Journal: Apple's plan to create a subscription service for news is running into resistance from major publishers over the tech giant's proposed financial terms (Warning: source may be paywalled; alternative source), according to people familiar with the situation, complicating an initiative that is part of the company's efforts to offset slowing iPhone sales. In its pitch to some news organizations, the Cupertino, Calif., company has said it would keep about half of the subscription revenue from the service, the people said. The service, described by industry executives as a "Netflix for news," would allow users to read an unlimited amount of content from participating publishers for a monthly fee. It is expected to launch later this year as a paid tier of the Apple News app, the people said. The rest of the revenue would go into a pool that would be divided among publishers according to the amount of time users spend engaged with their articles, the people said. Representatives from Apple have told publishers that the subscription service could be priced at about $10 a month, similar to Apple's streaming music service, but the final price could change, some of the people said. Another concern for some publishers is that they likely wouldn't get access to subscriber data, including credit-card information and email addresses, the people said. Credit-card information and email addresses are crucial for news organizations that seek to build their own customer databases and market their products to readers. Digital subscriptions are powering growth at big publishers including the Times, whose basic monthly subscription costs $15, the Post, which charges $10, and the Journal, which charges $39. Some of those companies are skeptical about giving up too much control to Apple, or cannibalizing their existing subscriptions to sign up lower-revenue Apple users, according to people familiar with the matter.

Read more of this story at Slashdot.

Activision Blizzard Cuts 8% of Jobs Amid ‘Record Results In 2018’

On an earnings call this afternoon, publisher Activision Blizzard said that it would be eliminating 8% of its staff. "In 2018, Activision Blizzard had roughly 9,600 employees, which would mean nearly 800 people are now out of work," reports Kotaku. "This afternoon, the mega-publisher began notifying those who are being laid off across its various organizations, which include Activision, Blizzard, and King." From the report: On the earnings call, Activision Blizzard CEO Bobby Kotick told investors that the company had "once again achieved record results in 2018" but that the company would be consolidating and restructuring because of missed expectations for 2018 and lowered expectations for 2019. The company said it would be cutting mainly non-game-development departments and bolstering its development staff for franchises like Call of Duty and Diablo. Development sources from across the industry told Kotaku this afternoon that the layoffs have affected Activision publishing, Blizzard, King, and some of Activision's studios, including High Moon. At Blizzard, the layoffs appear to only have affected non-game-development departments, such as publishing and esports, both of which were expected to be hit hard. "Over the last few years, many of our non-development teams expanded to support various needs," Blizzard president J. Allen Brack said in a note to staff. "Currently staffing levels on some teams are out of proportion with our current release slate. This means we need to scale down some areas of our organization. I'm sorry to share that we will be parting ways with some of our colleagues in the U.S. today. In our regional offices, we anticipate similar evaluations, subject to local requirements." Thankfully, the letter promised "a comprehensive severance package," continued health benefits, career coaching, and job placement assistance as well as profit-sharing bonuses for the previous year to those who are being laid off at Blizzard. "There's no way to make this transition easy for impacted employees, but we are doing what we can to support our colleagues," Brack wrote.

Read more of this story at Slashdot.

AI IN BANKING AND PAYMENTS: How artificial intelligence can cut costs, build loyalty, and enhance security for financial institutions - This is a preview of the AI in Banking and Payments (2018) research report from Business Insider Intelligence. To learn more about the use cases, trends and future of AI in finance, click here. Curre…

Tweeted by @PaulTheDigit

What, No Expense Account? My RSA 2019 Itinerary

Yes, you read it here first, I will not be jetting into San Francisco on my private jet and staying at a hotel I wouldn”t tell you plebs about anyway. RSA 2019 will be a first for me in that I am representing myself and not expensing my trip on the company dime. I am … Read More

Kicking off 2019 with Recognition Across the McAfee Portfolio

It’s always great to start out a new year with recognition from our industry. We hear over and over from our customers that they are looking for us to help them overcome the complexity challenges that are inherent in building a resilient enterprise. This requires partnering with a vendor that delivers excellence across a multitude of technologies. Excellence that we believe is validated by our larger peer and analyst community.

We’ve just announced that McAfee was named a Gartner Peer Insights Customers’ Choice for another two technologies. Our customers have recognized us as a January 2019 Gartner Peer Insights Customers’ Choice for Secure Web Gateway for McAfee Web Protection, McAfee Web Gateway, and McAfee WebGateway Cloud Service. In addition, for the second year in a row McAfee’s MVISION Cloud (formerly McAfee Skyhigh Security Cloud) was named a January 2019 Gartner Peer Insights Customers’ Choice for Cloud Access Security Brokers. In 2018, McAfee was the only vendor named a Customers’ Choice in the Cloud Access Security Brokers market.

Our team at McAfee takes great pride in these distinctions, as customer feedback is essential in shaping our products and services. We put our customers at the core of everything we do and this shows pervasively across our portfolio. We believe our position as a Gartner Peer Insights Customers’ Choice for Secure Web Gateway, Data Loss Prevention, SIEM, Endpoint Protection and Cloud Access Security Broker (CASB) is a testament to the strength of our device-to-cloud strategy. This adds up to recognition’s in the last year in five different markets.

We also think it’s a signal of the way enterprises are approaching security – with the innovative technology solutions and integrated strategies that must evolve to fight a threat that is constantly evolving, too.

The post Kicking off 2019 with Recognition Across the McAfee Portfolio appeared first on McAfee Blogs.

Cyber Risk Index – A Guide for CISOs and IT Security

Trend Micro has partnered with the Ponemon Institute to develop a new Cyber Risk Index (CRI), which is intended to help CISOs and their IT Security teams better understand the current cyber risk compared to similar businesses of their size and industry. The CRI is based on a survey conducted by Ponemon to more than 1,000 IT professionals in the US from small, medium and large businesses and it looks at two aspects: How prepared are organizations to protect their data and systems versus the current threats targeting them. Our plan is to run the CRI every six months to obtain trending data to see if the CRI improves or not over time.

The CRI is based on a -10 to +10 scale with -10 being high risk and +10 being minimal risk. The results show that businesses overall are at an elevated risk of cyber threats with a score of -0.15. We also broke out the results based on company size, which shows that small businesses are at the highest risk at -0.59.

The good news is enterprise businesses responded with a moderate risk index level. When we break out the results by industry, for those industries where we had enough responses for a good statistical average they all showed elevated risk levels with the highest risk associated with services, public sector, retail, health & pharmaceutical industries.

Let’s look at some of the more interesting results from the survey based on all respondents. 

Cyber Attacks Will Likely Occur

  • Likelihood of a data breach of customer data in next 12 months: 77% likelihood
  • Likelihood of a data breach of critical data (IP) in next 12 months: 80% likelihood
  • Likelihood of one or more successful cyber attacks in next 12 months: 80% likelihood

The above results show that our respondents are not confident that they can thwart an attack, and believe some of their most valuable data will be exfiltrated. 

Critical Data is at Risk

The top four things at highest risk of loss or theft are (in order of highest risk):

  • R&D Information
  • Trade Secrets
  • Customer Accounts
  • Company-confidential information

The good news is our respondents recognize that their most valuable data is at risk, as these four data types could significantly affect the businesses existence if stolen. 

Challenges within Organizations

The following represent challenges within organizations that add additional risk. Respondents reported that they don’t believe their business is sufficient in these areas.

  • My organization’s IT security function is involved in determining the acceptable use of disruptive technologies (such as mobile, cloud, social media, IoT devices) in the workplace.
  • My organization’s IT security function is able to detect zero-day attacks.
  • My organization is well prepared to deal with data breaches and cybersecurity exploits.
  • My organization’s IT security architecture has high interoperability, scalability and agility.
  • My organization’s IT security function conducts assessments and/or audits to identify threats, vulnerabilities and attacks.

When you look at these top risks, many appear to show a lack of confidence in the organization’s security controls to detect and block attackers as well as challenges dealing with new technologies being introduces and a security architecture that isn’t well coordinated. 

Top Threats

When we asked what the top threats against them we see the top two targeting their employees:

  • Phishing & social engineering
  • Clickjacking
  • Ransomware
  • Botnets
  • SQL & code injection

There are many more results we can share and I’ll do so in further blogs to help you better understand all of the insights we’ve obtained from this project. We also look forward to seeing the next round to see if organizations feel they’ve improved their capabilities or if they think the threats targeting them have gotten easier or harder to defend against. I’ll leave you with a few of the ways we think organizations can improve their capabilities in protecting against these threats:

  • Identifying critical data and building security around this data, taking a risk management approach
  • Minimizing the complexity of infrastructure and improving alignment across the security stack
  • Improving the ability to protect mobile devices, information and operational technology devices, and cloud infrastructure
  • Investing in new talent and existing personnel
  • Reviewing existing security solutions with the latest technologies to detect advanced threats like ransomware and botnets.
  • Improving IT security architecture with high interoperability, scalability, and agility

Check out more details of the Cyber Risk Index as well as taking a shortened version of the survey yourself to see how you stack up against your peers on our CRI webpage.

The post Cyber Risk Index – A Guide for CISOs and IT Security appeared first on .

What It’s Like To Work Inside Apple’s ‘Black Site’

An anonymous reader shares an excerpt from a Bloomberg report: Apple's new campus in Cupertino, California, is a symbol of how the company views itself as an employer: simultaneously inspiring its workers with its magnificent scale while coddling them with its four-story cafe and 100,000-square-foot fitness center. But one group of Apple contractors finds another building, six miles away on Hammerwood Avenue in Sunnyvale, to be a more apt symbol. This building is as bland as the main Apple campus is striking. From the outside, there appears to be a reception area, but it's unstaffed, which makes sense given that people working in this satellite office -- mostly employees of Apple contractors working on Apple Maps -- use the back door. Workers say managers instructed them to walk several blocks away before calling for a ride home. Several people who worked here say it's widely referred to within Apple as a "black site," as in a covert ops facility. Inside the building, say former workers, they came to expect the vending machines to be understocked, and to have to wait in line to use the men's bathrooms. Architectural surprise and delight wasn't a priority here; after all, the contract workers at Hammerwood almost all leave after their assignments of 12 to 15 months are up. It's not uncommon for workers not to make it that long. According to 14 current and former contractors employed by Apex Systems, a firm that staffs the building as well as other Apple mapping offices, they operated under the constant threat of termination. "It was made pretty plain to us that we were at-will employees and they would fire us at any time," says one former Hammerwood contractor, who, like most of the workers interviewed for this story, spoke on condition of anonymity because he signed a nondisclosure agreement with Apex. "There was a culture of fear among the contractors which I got infected by and probably spread." Apex manages the workers it hires -- not Apple. "Following an inquiry from Bloomberg News, the company says, it conducted a surprise audit of the Hammerwood facility and found a work environment consistent with other Apple locations," reports Bloomberg. "Like we do with other suppliers, we will work with Apex to review their management systems, including recruiting and termination protocols, to ensure the terms and conditions of employment are transparent and clearly communicated to workers in advance," an Apple spokesperson says in a statement.

Read more of this story at Slashdot.

It’s a good time to be working in IT - New Zealand's tech sector grew 12 per cent last year and is not expected to slow down soon. That's putting upward pressure on the job market and on wages. Recruitment firm Talent puts the growth down…

Tweeted by @NewZealandNewsV

Amazon Is Buying Mesh Router Company Eero

Amazon has announced that it's acquiring Eero, the maker of mesh home routers. "Amazon says buying Eero will allow the company to 'help customers better connect smart home devices,'" reports The Verge. "It will certainly make Alexa-compatible gadgets easier to set up if Amazon also controls the router technology. Financial terms of the deal are not being disclosed." From the report: Eero kicked off a wave of "smart" mesh router setups designed to overcome the coverage issues and dead zones of traditional routers. Instead of a single router device, multiple access points are used to blanket an entire home or apartment with a strong Wi-Fi signal. The system works as advertised, and it's all controlled with an intuitive smartphone app. Google, Samsung, Linksys, Netgear, and other electronics companies have since followed Eero's lead and released their own mesh bundles. It sounds as though the Eero brand will live on after the acquisition -- at least in the near term. "By joining the Amazon family, we're excited to learn from and work closely with a team that is defining the future of the home, accelerate our mission, and bring Eero systems to more customers around the globe," said Nick Weaver, Eero's co-founder and CEO. Amazon isn't saying much about its future plans for Eero; might we see an Alexa-enabled router? An Echo that doubles as a Wi-Fi access point sounds nice. The report notes that Amazon will now have "more valuable data on consumers and advance Amazon's growing dominance of the smart home." Last year, Amazon acquired smart doorbell and camera maker Ring and bought Blink in 2017.

Read more of this story at Slashdot.

Mars One is Dead

The company that aimed to put humanity on the red planet has met an unfortunate, but wholly-expected end. Engadget reports: Mars One Ventures, the for-profit arm of the Mars One mission was declared bankrupt back in January, but wasn't reported until a keen-eyed Redditor found the listing. It was the brainchild of Dutch entrepreneur Bas Lansdorp, previously the founder of green energy company Ampyx Power. Lansdorp's aim was to start a company that could colonize one of our nearest neighbors. Mars One was split into two ventures, the non-profit Mars One Foundation and the for-profit Mars One Ventures. The Swiss-based Ventures AG was declared bankrupt by a Basel court on January 15th and was, at the time, valued at almost $100 million. Mars One Ventures PLC, the UK-registered branch, is listed as a dormant company with less than $25,000 in its accounts. There is no data available on the non-profit Mars One Foundation, which funded itself by charging its commercial partner licensing fees. Speaking to Engadget, Bas Lansdorp said that the Foundation is still operating, but won't be able to act without further investment. Lansdorp declined to give further comment beyond saying that he was working with other parties "to find a solution."

Read more of this story at Slashdot.

Web Intelligence In Action! - From time-to-time Verint (and its subsidiaries) would like to share information relating to future events, surveys about Verint, webinars, industry best practice and thought leadership with you. If y…

Tweeted by @Verint_Cyber

In Granite State: Industry Groups Paint Dark Picture of Right to Repair

The battle lines were drawn at a hearing in New Hampshire last week for a proposed right to repair law, with supporters calling for economic justice for consumers and opponents warning of crime and injury should the law pass.

The post In Granite State: Industry Groups Paint Dark Picture of Right to Repair appeared first on The Security Ledger...

Read the whole entry... »

Related Stories

Artificial Intelligence (AI) In Cyber Security Industry: Global Market Trend, Share, Profit, Growth and Key Manufacturers Analysis Report – Honest Version - Artificial Intelligence (AI) In Cyber Security Market Insights 2019, Global and Chinese Scenario is a professional and in-depth study on the current state of the global Artificial Intelligence (AI) I…

Tweeted by @weichieh

Booz Allen Hamilton’s top tips to online retailers and customers in the UAE against cyber threats during the festive season – Business Intelligence Middle East – – News, analysis, reports - UAE. As the holiday shopping season begins, cyber savvy retailers in the Gulf stand to reap the benefits of substantial growth in the e-commerce sector. However, while e-commerce enjoys rapid growth,…

Amazon To NYC After Reconsidering HQ2 Plans: It’d Be a Shame If Something Happened To Your Kids’ CS Education

theodp writes: Commenting on reports that Amazon is reconsidering its plan to bring 25,000 jobs to a new campus in New York City following a wave of political and community opposition, Amazon issued the following statement: "We're focused on engaging with our new neighbors -- small business owners, educators, and community leaders. Whether it's building a pipeline of local jobs through workforce training or funding computer science classes for thousands of New York City students, we are working hard to demonstrate what kind of neighbor we will be." Yep, it'd be a shame if something happened. The Washington Post earlier reported that New York State Sen. Michael Gianaris, a strong opponent of the Amazon HQ2 deal, described the possibility that Amazon would pull out of the deal -- which totals up to $3 billion in state and city incentives -- as akin to blackmail. "Amazon has extorted New York from the start, and this seems to be their next effort to do just that," he said. "If their view is, 'We won't come unless we get three billion of your dollars,' then they shouldn't come." Over at Vice, Ankita Rao examines what Amazon infiltrating America's school system might look like.

Read more of this story at Slashdot.

Electric Minerals: Tesla, Chrysler Feel the Heat as African Nations Demand Bigger Cut

Officials from mineral-rich African nations met with representatives from the ‘big mining’ industry at the Mining Indaba investment conference in Cape Town this week, with each hoping to make headway amid newly-simmering economic tensions. Those tensions have been fuelled by a realization on the part of certain African nations that they now hold all the […]

The post Electric Minerals: Tesla, Chrysler Feel the Heat as African Nations Demand Bigger Cut appeared first on Hacked: Hacking Finance.

DoorDash and Amazon Won’t Change Tipping Policy After Instacart Controversy

An anonymous reader quotes a report from Forbes: The tipping controversy that prompted Instacart to reverse a compensation plan to its contract workers isn't likely to go away: Rivals DoorDash and Amazon Flex are continuing to adjust driver pay based on how much they get tipped, saying doing so ensures a minimum payout. The practice, which has its roots in the way brick-and-mortar restaurants pay waitstaff, has been adapted to suit the needs of app-based delivery companies. The difference is that gig-economy workers are independent contractors, and so aren't protected by the minimum wage laws. Instacart, a $7.6 billion grocery delivery company, made a change in October 2018 that workers would receive at least $10 per delivery order. Customers and shoppers didn't realize that the tips were counting towards that minimum instead of being a bonus on top. So if someone tipped more, Instacart effectively had to pay less. That's how one Instacart delivery driver ended up with Instacart only paying 80 cents and the rest of the minimum being met with tips. The company reversed its decision on Wednesday after public outcry, admitting that counting tips in its payout totals was "misguided" and has moved to a new pay scale that doesn't factor in tips at all. But DoorDash and Amazon Flex, the contract workforce that delivers packages for Prime Now, continued to stand their ground. DoorDash claims it has been transparent about the tips being part of its delivery driver pay since it made the change in 2017, including on a blog post on whether customers should tip, and maintains that delivery-driver retention and overall satisfaction both "increased significantly" since the change. Both DoorDash and Instacart insist that they never turned the payment dial down if someone received a large tip. Instead, both companies used an algorithm to calculate a base pay rate that would include things like time and effort it took to deliver. If that base pay plus tip fell short of the price they guaranteed, then both companies would pay out more to make sure its delivery drivers reached the payout they had been promised. But in cases where the tip plus its initial calculation reached the promised payout, then the companies would only contribute the amount that the algorithm had calculated the delivery person deserved. One simple solution if you want to make sure your tip gets into the hand of your digital delivery worker: tip in cash.

Read more of this story at Slashdot.

Defence Cyber Security Market: Comprehensive Study Explores Huge Growth in Future: Leading Key Players- IBM, Intel Security, Symantec – Press Release – Digital Journal - This press release was orginally distributed by SBWire New Jersey, NJ -- (SBWIRE) -- 02/07/2019 -- The new Business Intelligence Report, titled '' Global Defence Cyber Security Market'' by AMA, has t…

Tweeted by @dataprivacyasia

Netflix Price Hike Helps Bag $10 Million Alexandria Ocasio-Cortez Documentary

Shortly after Netflix announced it would be raising the costs of subscriptions for U.S customers, the movie streaming giant just splashed out $10 million to secure a documentary on Alexandria Ocasio-Cortez. Bearing the politically provocative title of Knock Down the House, the movie was subject to a bidding war at the Sundance Film Festival last […]

The post Netflix Price Hike Helps Bag $10 Million Alexandria Ocasio-Cortez Documentary appeared first on Hacked: Hacking Finance.

Amazon Quietly Confirms It Is Competing With UPS and FedEx

schwit1 shares a report from Business Insider: Amazon declared in its 2018 annual filing that it competes against transportation and logistics companies, as CNBC first reported. It's a clear warning shot against UPS and FedEx, two companies that used to claim Amazon is simply their customer. Meanwhile, Amazon CFO Brian Olsavsky told analysts last week that the retail giant will "continue to expand (its) Amazon logistics and (its) delivery capability" in 2019. Meanwhile, UPS CEO David Abney said the company "monitor(s) them (Amazon) as is if they were a competitor." And FedEx claimed, seemingly out of nowhere, last week that Amazon is not their largest competitor, claiming just 1.3% of the company's 2018 revenue.

Read more of this story at Slashdot.

Where Does a Tip To an Amazon Driver Go? In Some Cases, Toward the Driver’s Base Pay

Amazon at times dips into the tips earned by contracted delivery drivers to cover their promised pay, a Los Angeles Times review of emails and receipts reveals. From the report: Amazon guarantees third-party drivers for its Flex program a minimum of $18 to $25 per hour, but the entirety of that payment doesn't always come from the company. If Amazon's contribution doesn't reach the guaranteed wage, the e-commerce giant makes up the difference with tips from customers, according to documentation shared by five drivers. In emails to drivers, Amazon acknowledges it can use "any supplemental earnings" to meet the promised minimum should the company's own contribution fall short. "We add any supplemental earnings required to meet our commitment that delivery partners earn $18-$25 per hour," the company wrote in multiple emails reviewed by The Times. Only drivers who deliver for Amazon's grocery service or its Prime Now offering -- which brings household goods to customers in two hours or less -- can receive tips through the company's app. Amazon insists that drivers receive the entirety of their tips but declined to answer questions from The Times about whether it uses those tips to help cover the drivers' base pay.

Read more of this story at Slashdot.

Compromising vital infrastructure: communication

Have you ever been witness to a Wi-Fi failure in a household with school-aged children? If so, I don’t have to convince you that communication qualifies as vital infrastructure. For the doubters: when you see people risking their lives in traffic just to check their phone, you’ll understand why most adults consider instant communication to be vital as well.

Forms of communication

Humanity has come a long way in communication techniques. From drawings on the cave wall to wartime messages sent via courier to the Pony Express and now, the Internet. Modern communication tools enable us to reach most places across the world in a matter of seconds.

What are the lines of communications that are more or less vital to our everyday life?

  • The Internet
  • Telephone lines
  • Mobile telephone networks
  • TV and radio broadcasting

Granted, if one of these communication forms fails, part of its traffic can be taken over by another form, but they all have their specific pros and cons that make a durational outage hard to cope with. For example, most smartphones are capable of using both the mobile networks and the Internet, but the latter is limited to when they have Wi-Fi access. When cell phone towers go down, as they did during 9/11, users could send messages via Internet messaging services—at that time, AIM, but today WhatsApp, Facebook Messenger, or other platforms.

Growing importance

In the list I posted earlier, you may have felt that I missed out on letters and postcards, or snail-mail as we often call it. This is because a growing number of companies are keeping us informed through email, their websites, text messages, and other forms of communication that are way faster than postal services. Most companies will still send letters and paper bills if you ask for them, but it’s no longer the default. Our mail delivery services are increasingly starting to resemble package delivery services. They see a growing number of deliveries that require a physical transfer of an object rather than information alone.

Instead, the majority of modern communication is digital.

Securing digital communication

Digital information that needs to be kept from prying eyes and eavesdropping is usually encrypted. To establish secure communication, one may use encrypted mail, crypto-phones, and secure protocols on the Internet. Most of these encryptions are strong enough to withstand brute force attempts at entry—at least for long enough to outlive the usefulness of intercepting the message. Future computer systems like qubit quantum computers, however, may require us to upgrade the encryption strength that we use for these methods.

Breaking the Internet

Because of the way the Internet has grown and become more versatile, the Internet backbone is robust enough to withstand DDoS attacks of a large magnitude. Yet, there have been instances where an entire country, such as North Korea, was taken offline, or where an attack on a major DNS provider caused a serious disruption in the number of sites we were able to visit.

These attacks were targeted at systems that were important for specific parts of the Internet. Nevertheless, they demonstrated that there are weaknesses in the infrastructure that can be exploited to paralyze parts of the Internet, and therefore, parts of our vital communication.

Misinformation and fake news

Another growing problem with predominantly online communication is the spreading of fake news and deliberate misinformation. The most common reasons for spreading misinformation are political and financial gain, as well as attention. The problem has reached a size and impact that caused government bodies like the EU to announce countermeasures. During that process, and due to other influences social media has over its users, many organizations felt the need to hired hordes of moderators who are tasked with keeping the information spread on their platforms as clean and as honest as possible. This still fell short in some instances, such as the dramatic events in Myanmar where Facebook was used as a tool for ethnic cleansing. And these are not the only problems social media are trying to deal with.

propaganda or truth

Malware and communication

Communication is also a vital part of some types of malware, such as backdoors, Trojans, and especially spyware. After all, what use is it to spy on someone if you are unable to get your hands on the gathered information? Traditional malware communication relies on the use of Command and Control (C&C) servers. But since those servers can be taken down or blocked, malware authors have been looking at rotation systems like Domain Generating Algorithms and some other creative ideas, like using social media and other public platforms.

While you may use social media to stay in contact with family and friends, there are many forms of malware that use those same media for different purposes. Botnets are known to use Twitter as an outlet for spam, fraud, and fake news. But they also use it to send commands to Remote Access Trojans (RATs) that wait for code hidden in memes posted by a particular account.

In addition, malware exploits messenger platforms to communicate instructions. There’s the Goodsender malware, for which threat actors used the Telegram messenger platform to communicate with the malware and send HTTPS-protected instructions. Another well-known phenomenon are the Facebook Messenger apps that spread in a worm-like fashion by sending out links to friends in an attempt to trick users into being installed.

Social media countermeasures

While social media is struggling with its public reputation these days, they at least seem ready to take baby steps forward in tightening up security—whether that’s from political pressure or self-awareness. At an event in Brussels, Nick Clegg, Facebook’s head of global public relations, stated:

We are at the start of a discussion which is no longer about whether social media should be regulated, but how it should be regulated. We recognize the value of regulation, and we are committed to working with policymakers to get it right.

Working out the “how” could turn into a long-winded discussion, however. Maybe the rumors about a space laser communications system represent a step in the right direction. In theory, such a system could be used to improve security.

Better communication results in better security

Having all the facts helps us to improve security. Making sure that this information reaches the people that need it is a matter of effective communication strategy. And in some cases, it may be just as important that the information is not communicated so that it doesn’t fall into the wrong hands.

The National Intelligence Strategy released in January 2019 by the Office of the Director of National Intelligence states:

Nearly all information, communication networks, and systems will be at risk for years to come.

Therefore, an important part of communication strategy must be to recognize the risk and integrate the proper tools—such as end-to-end encryption or intel on certain platforms known to be used by cybercriminals, for example. The National Intelligence Strategy goes on to say that they’ll be “harnessing the full talent and tools of the IC [Intelligence Community] by bringing the right information, to the right people, at the right time.”

Cyberattacks on communication infrastructure

A pretty bizarre method of abusing communication happened when a family was scared into believing there was an ongoing nuclear attack, as some prankster accessed their Nest camera to issue realistic warnings about missiles heading to the US from North Korea.

More worrying is the trend for ransomware authors (especially groups using SamSam) to aim their targets at cities and small government bodies with the aim of shutting down infrastructure, including communications. Taking down a city website, as was the case in the city of Atlanta, cripples an important medium of disseminating citizen information, not to mention that the costs related to getting everything back online were absorbed with taxpayer money that could have been better spent on other services.

Information is crucial

Important decisions may be postponed when the person or body that is supposed to make that decision is unable to gather the information necessary. Communications are also a vital part of some malware infections. Perhaps organizations can use some of the ingenious methods malware authors have thought up when looking for ways to make vital lines of communication more robust. Redundancy is a good thing when it allows us to use multiple methods and networks to transmit the same information. On the other hand, it also enlarges the attack surface when it comes to sharing confidential information.

This does have an upside for the quality of free information. Because of all the communication options out there, some regimes are having an increasingly difficult time shielding their population from information they would rather keep under the carpet. This hasn’t stopped some, like China’s Great Firewall, from trying, though.

Communication is everywhere

Communication is truly always available to nearly everyone that wants it in the western world, and this readiness—and the danger that lurks with it—may shape how our generation is viewed far into the future. This may be the era when communication both flourished to its true potential, and reached its limits. After all, pitfalls are inherent when technology develops faster than regulation can keep up.

Maybe the developments we are seeing now are just another step forward for the eventual better regulation of communication, though I’m convinced it will not be the last step regulators need to take. In fact, 5G is already waiting around the corner to add another level in speed and bandwidth to an already connected society. Let’s see how this new technology impacts an already complex tapestry of communication triumphs and failures.

The post Compromising vital infrastructure: communication appeared first on Malwarebytes Labs.

Security Threat Intelligence Products and Services Market 2019-2024 Comprehensive Study By Industry Size, Share, Growth , Application, Emerging-Technology, Service-Solutions & Renowned-Players – Honest Version - Threat intelligence(TI) is evidence-based knowledge — including context, mechanisms, indicators, implications and actionable advice — about an existing or emerging menace or hazard to IT or informati…

Tweeted by @KeoXes

Finland Basic Income Trial Left People ‘Happier But Jobless’

Giving jobless people in Finland a basic income for two years did not lead them to find work, researchers said. From a report: From January 2017 until December 2018, 2,000 unemployed Finns got a monthly flat payment of $685. The aim was to see if a guaranteed safety net would help people find jobs, and support them if they had to take insecure gig economy work. While employment levels did not improve, participants said they felt happier and less stressed. When it launched the pilot scheme back in 2017, Finland became the first European country to test out the idea of an unconditional basic income. It was run by the Social Insurance Institution (Kela), a Finnish government agency, and involved 2,000 randomly-selected people on unemployment benefits. It immediately attracted international interest - but these results have now raised questions about the effectiveness of such schemes.

Read more of this story at Slashdot.

Facing Opposition, Amazon Reconsiders NY Headquarters Site: Report is reconsidering its plan to bring 25,000 jobs to a new campus in New York City following a wave of opposition from local politicians, The Washington Post reported Friday [Editor's note: the link may be paywalled; alternative source], citing two people familiar with the company's thinking. From the report: The company has not leased or purchased office space for the project, making it easy to withdraw its commitment. Unlike in Virginia -- where elected leaders quickly passed an incentive package for a separate headquarters facility -- final approval from New York state is not expected until 2020. Tennessee officials have also embraced Amazon's plans to bring 5,000 jobs to Nashville, which this week approved $15.2 million in road, sewer and other improvements related to that project. Amazon executives have had internal discussions recently to reassess the situation in New York and explore alternatives, said the two people, who spoke on the condition of anonymity to speak candidly about the company's perspective.

Read more of this story at Slashdot.

Four Signs You’re Ready for a Virtual CISO

A virtual Chief Information Security Officer (or vCISO) can be a great resource to a company. But how do you know when your company is ready for one? Rob Black of Fractional CISO shares four telltale signs to watch for.

The post Four Signs You’re Ready for a Virtual CISO appeared first on The Security Ledger.

Related Stories

GCHQ drive for more young women to become intelligence agents – keeping country safe from global dangers and cyber threats – The Girl Sun - GCHQ says: “Analysis is at the heart of what GCHQ does, which means our analysts are at the very hub of our workforce. Information comes from across the globe, in all kinds of formats, and your job a…

Tweeted by @thegirlsun21

Don Codling – Speaker at Paranoia 2019 - While at the FBI, Don supervised a variety of investigative programs with a primary focus on international cyber crime and cyber national security operations, and with a particular emphasis on the cy…

Tweeted by @combitech

Understanding China’s AI Strategy - Clues to Chinese Strategic Thinking on Artificial Intelligence and National Security In the second half of 2018, I traveled to China on four separate trips to attend major diplomatic, military, and p…

Tweeted by @jaymemetcalfe

eFIN DEX exchange Review 2019 - In next few years Blockchain will disrupt many industries like banking,healthcare to supply chains. So to keep up the pace in the Digital currency world, Token Pay has come with eFIN exchange platfor…

Tweeted by @TpaySoldiers

2019 Winners | Global Excellence Awards - Winning three awards, including the gold for ‘Innovation in Cloud Security,’ in a very large field of highly talented companies, demonstrates the market momentum ShieldX is gaining due to our un-matc…

Tweeted by @CyberThreatInt3

Artificial Intelligence And Machine Learning Market Report Disclosing Latest Trends and Advancement 2019 to 2025 – Nevada Greentimes - Global Artificial Intelligence And Machine Learning Market 2019 by Manufacturers, Regions, Type and Application, Forecast to 2025 This report tracks the major market events including product launches…

Tweeted by @dxnbxn

FMA Industry Day – Fort Meade Alliance - Wondering where the three major organizations on Fort Meade will be spending their acquisition dollars in 2019 and beyond? You can hear from top officials about the cyber landscape and potential proc…

Tweeted by @FtMeadeAlliance

Raspberry Pi Gets Its Own Brick-and-Mortar Retail Store

The Raspberry Pi, believe it or not, now has its very own retail store. From a report: Located on the first floor of the Grand Arcade in Cambridge, U.K., the Raspberry Pi Store is open through the day, every day, and sells everything from Raspberry Pi microcomputers and accessories, to branded coffee mugs, soft toys, and more. [...] Despite its popularity -- more than 19 million Raspberry Pi units have been sold since 2012 -- the Raspberry Pi still feels a little niche to merit its own dedicated retail store. Indeed, most people who would be interested in building their own electronic gadgets from scratch are likely well-versed in the wonders of online retail. But conversely, that is likely the same reason why the Raspberry Pi Foundation wants its own space in the physical retail realm: it needs a new audience.

Read more of this story at Slashdot.

Qiraat african - The phishing attempts happen frequently. A text message purporting to be from a major mobile payment firm will come through to Laura Tich’s mobile encouraging her to transfer funds. “It happens every…

Tweeted by @africanqiraat

Reddit, Banned In China, Is Reportedly Set To Land $150 Million Investment From a Chinese Censorship Powerhouse

Reddit is about to get a huge new round of investment of up to $300 million. As Gizmodo points out, "the first $150 million is reportedly expected to come from the Chinese tech giant Tencent, the first ever Asian technology company to pass a $500 billion market value." The investment is complicated since Reddit is banned in China via the Great Firewall of China. Also, "Tencent is not merely a resident of China's internet -- the company is one of the most important architects of the Great Firewall," reports Gizmodo. "It's an interesting source of cash for a Silicon Valley company whose product is essentially speech." From the report: Tencent is, at great cost and ultimately for great profit, literally reinventing censorship in China. The Great Firewall was not built by the Communist Party in Beijing, it's built by the tech giants all around China. This opaque but clearly powerful relationship between the $500 billion company and the Chinese government raises interesting and unanswered questions about Tencent's forays into the West, including questions about Reddit's future. The pending Chinese investment in Reddit, a social media company with relatively little Chinese-language community, is a richer twist on that old tale, and it's a part of Tencent's expanding global investment strategy. The Chinese company owns about 12 percent of Snap, for instance, even though Snapchat is banned in China. Tencent also owns a piece of the chat app Discord even though, you guessed it, Discord is blocked in China. If Tencent does kick in $150 million on a nearly $3 billion valuation for Reddit, as TechCrunch reports, it will be interesting if we ever find out exactly what it means. What kind of influence and position, if any, will Tencent gain at Reddit? Neither company responded to Gizmodo's questions.

Read more of this story at Slashdot.

Microsoft Really Doesn’t Want You To Buy Office 2019

An anonymous reader shares a report: Microsoft today launched a marketing campaign pitting Office 2019 and Office 365 against each other. The goal? To prove Office 2019 isn't worth buying -- you and your company should go with Office 365 instead. In a series of three videos, twins Jeremy and Nathan calculate the differences in Excel, Cynni and Tanny present their findings in PowerPoint, while Scott and Sean type it out in Word. The ads are cringe-worthy, to say the least, but they do get the point across. When Microsoft announced Office 2019 in September 2017, the company said the productivity suite was "for customers who aren't yet ready for the cloud." And when Microsoft launched Office 2019 in September 2018, the company promised it wouldn't be the last: "We're committed to another on-premises release in the future." And yet, Microsoft would much rather you join the ranks of Office 365's 33.3 million subscribers. If you must, Office 2019 is available for purchase. But Office 365 is really what the company wants you to buy.

Read more of this story at Slashdot.

Adobe is Considering Whether it Wants To Design Its Own Chips

A growing number of technology companies are trying to manufacture their own chips, cutting their reliance on Intel and other chip providers. This week Adobe pondered making a similar move. From a report: At an internal innovation conference on Tuesday, Adobe CTO Abhay Parasnis posed the matter as a question for his colleagues, noting the significant increases in performance from chips designed specifically for specialized tasks, like machine learning. "Do we need to become an ARM licensee?" he said, referring to the company whose underlying chip design is used across a wide range of devices, including computers, servers and phones. "I don't have the answer, but it is something we are going to have to pay attention to." Later on Tuesday, Parasnis told Axios that there are a range of ways that Adobe could get deeper into silicon. "ARM does afford a model for a software company to package its technology much closer to silicon," he said, adding Adobe could do that without literally making its own chips, including by partnering with an existing chipmaker.

Read more of this story at Slashdot.

Ex-FCC Commissioner Advises T-Mobile, Sprint On $26 Billion Merger

An anonymous reader quotes a report from CNET: Former FCC Commissioner Mignon Clyburn is working to help T-Mobile and Sprint get their $26 billion merger approved by regulators. Clyburn, a Democrat, confirmed she's working as a paid consultant to the carriers to advise them on their impending merger. The news of her involvement was first reported by Politico on Monday. The companies, whose merger was announced in April last year, need approval from the Federal Communications Commission and the US Department of Justice. "Affordable broadband access is a critical priority particularly for those Americans who are underserved or currently have no viable options at all," she said in an interview with CNET. "I am advising T-Mobile and Sprint as they seek to accelerate the creation of an inclusive nationwide 5G network on how best to build a bridge across the digital divide that currently exists in our country." Clyburn's involvement in advising the merger is interesting because she was part of the majority on the FCC in 2011 that rejected the merger between AT&T and T-Mobile, concluding that a reduction in the number of national carriers would harm consumers. When the idea of a merger between T-Mobile and Sprint was first floated in 2014, the Democratic-controlled FCC also signaled it wouldn't approve the deal for the same reason. [...] Executives for the companies say they will not raise rates on consumers. In a letter to the FCC on Monday, T-Mobile CEO John Legere made a personal pledge to regulators that the "New T-Mobile" would not raise prices on its service following the merger. Doing so, he said, would erode the relationship with T-Mobile customers.

Read more of this story at Slashdot.

Apple Reaches Deal With France To Pay Estimated $571 Million In Back-Taxes

Apple has reached a deal with French authorities to pay an undeclared amount of back-dated tax. While the amount isn't disclosed, French media suggest the sum is around $571 million (500 million euros). MacRumors reports: France has been working diligently to stop tech companies like Apple from exploiting tax loopholes in the country. The loopholes are said to have allowed Apple to "minimize taxes and grab market share" at the expense of Europe-based companies. French President Emmanuel Macron is one of the leaders behind the tax crackdown on international tech companies, with a goal of bringing a more unified corporate tax system across the nineteen euro area states. As noted by, Apple and French tax authorities reached the agreement for the payment of several years of unpaid taxes in December, according to French newspaper L'Expansion. The agreement followed a meeting in October between Apple CEO Tim Cook and President Macron, in which both reportedly agreed that a solution would ultimately be enacted by the European Union rather than France.

Read more of this story at Slashdot.

Podcast Episode 132: NERC issues a Big Fine – does it matter?

In this week’s episode of the podcast (#132): in the wake of news of the biggest fine yet for violations of the NERC Critical Infrastructure Protection (CIP) standard, we talk with Willy Lighter and Saurabh Sharma of the firm Virsec about whether the industry’s main security standard even matters in an age of sophisticated, nation-backed...

Read the whole entry... »

Related Stories

Amazon Finally Admitted To Investors That It Has a Counterfeit Problem

Amazon has for the first time acknowledged sales of counterfeits and pirated items as a risk in its annual earnings report to investors and the U.S. SEC. "Some third-party sellers have been using the reach of Amazon's marketplace as an opportunity to sell counterfeit and pirated items," reports Quartz. "The pressure on the company has been growing as brands such as Birkenstock and Mercedes Benz have lambasted it for not being able to control the problem." From the report: Under the section of "risk factors" to the business, Amazon says it "could be liable" for the activities of its sellers, and explains: "Under our seller programs, we may be unable to prevent sellers from collecting payments, fraudulently or otherwise, when buyers never receive the products they ordered or when the products received are materially different from the sellers' descriptions. We also may be unable to prevent sellers in our stores or through other stores from selling unlawful, counterfeit, pirated, or stolen goods, selling goods in an unlawful or unethical manner, violating the proprietary rights of others, or otherwise violating our policies. Under our A2Z Guarantee, we reimburse buyers for payments up to certain limits in these situations, and as our third-party seller sales grow, the cost of this program will increase and could negatively affect our operating results. In addition, to the extent any of this occurs, it could harm our business or damage our reputation and we could face civil or criminal liability for unlawful activities by our sellers."

Read more of this story at Slashdot.

Samsung Cancels Partnership With Counterfeit Supreme Brand

An anonymous reader writes: Back in December, Samsung took the stage at one of its Chinese product launches and announced it was partnering with "Supreme," the popular skateboard fashion brand. The announcement was made with all the usual tech launch pomp and circumstance, with the CEO of "Supreme" coming on Samsung's stage to talk about the collaboration. The only problem: this was a Supreme counterfeiter called "Supreme Italia." The announcement was met with widespread ridicule online, as "Samsung the Apple copycat" had teamed up with a Supreme copycat. Samsung initially defended the deal, but after seeing the online reaction, the company started "reconsidering" its counterfeit collaboration. Now, two months after announcing the deal, Samsung is walking away.

Read more of this story at Slashdot.