Cisco has completed its acquisition of Acacia, closing a $4.5 billion deal that faced legal hurdles just months ago.
Acacia Communications makes optical interconnect technologies that helps companies deliver faster network performance, cloud services and distributed resources. Acacia’s technology compliments Cisco’s own tech, and will help the company continue to evolve.
In early January, Acacia tried to terminate its merger agreement with Cisco, citing a failure to meet various regulatory requirements. Cisco fought back, claiming all requirements had been met, and sued to keep the deal alive.
Despite the lover’s quarrel, it appears the two companies have made up…or at least come to terms. Oracle has announced it has closed the deal.
“We are thrilled to welcome the Acacia team to Cisco,” said Chuck Robbins, Cisco chairman and CEO. “Our Internet for the Future strategy puts Acacia’s high-speed coherent optics technologies front and center as we work to empower webscale companies, service providers and data center operators to meet today’s fast-growing demands for data.”
While the deal was originally valued at $2.6 billion, the final price comes to a total of “$115.00 per share in cash, or approximately $4.5 billion on a fully diluted basis, net of cash and marketable securities.”
Linux Mint is considering measures to keep users up-to-date, including Windows 10-style forced updates.
Linux Mint is a popular, community-driven distribution (distro) based on Ubuntu. Unfortunately, like users of other operating systems (OS), many Linux Mint users are slow to update, both applications and the OS itself.
In a blog post detailing the problem, the Linux Mint teams notes that only 30% of users updated to the latest version of their web browser in less than a week. Similarly, while acknowledging it is hard to get an exact figure, between 5% and 30% of users are running Linux 17.x.
0% of users should run Linux Mint 17.x! Anything above is not good, whether it’s 5% or 30%.
Linux Mint 17.x reached EOL (End-Of-Life) in April 2019. In other words it stopped receiving security updates for almost 2 years now!
In another blog post, posted Sunday, the Linux Mint team discusses some of the options on the table, including forced updates.
In some cases the Update Manager will be able to remind you to apply updates. In a few of them it might even insist. We don’t want it to be dumb and get in your way though. It’s here to help. If you are handling things your way, it will detect smart patterns and usages. It will also be configurable and let you change the way it’s set up.
It remains to be seen how the community will respond. Forced updates have been one of Windows 10’s most unpopular features. The Linux Mint team may be playing with fire venturing into forced update territory.
A new malware discovered on some 30,000 Macs — both Intel and Apple’s M1 variety — has researchers stumped.
Malware is a relatively rare thing in the Mac community. For decades, the Mac enjoyed “security through obscurity,” meaning that its low market share made it a low-priority target for most hackers. In addition, macOS is based on UNIX, giving it relatively secure underpinnings. Apple has also taken a number of major steps to further harden macOS, all of which make it a very secure operating system (OS).
Nonetheless, researchers at Red Canary have discovered two variants of a macOS malware they have dubbed “Silver Sparrow.” According to the researchers, the only real difference between the two variants is that one targets Intel-based Macs exclusively, while the second is a universal binary, meaning it is compiled to run on Intel and M1-based Macs.
The latter is especially significant, since Apple’s custom M1 chip is based on Arm designs, and is essentially a desktop-class version of the chip used in the iPhone and iPad. As of the time of writing, Silver Sparrow has infected some 29,139 Macs in 153 countries. High numbers of infected machines were found in the US, UK, Canada, France and Germany.
What’s even more suspicious, however, is there doesn’t appear to be a payload in the malware. A payload is the final goal the malware is programmed with, such as locking files for ransom, deleting files, stealing information, etc. With Silver Sparrow, researchers have yet to find its payload. They know the malware checks every hour to see what new content its creators want it to download but, as of yet, no payload has been downloaded by the infected machines.
“After observing the malware for over a week, neither we nor our research partners observed a final payload, leaving the ultimate goal of Silver Sparrow activity a mystery,” writes Red Canary’s Tony Lambert.
Red Canary also found the malware was “distributed through malicious advertisements as single, self-contained installers in PKG or DMG form, masquerading as a legitimate application—such as Adobe Flash Player—or as updates,” adds Lambert. “In this case, however, the adversary distributed the malware in two distinct packages: updater.pkg and update.pkg.”
It remains to be seen what the ultimate goal of Silver Sparrow’s creators is. In the meantime, macOS users should update their antivirus software and check out Red Canary’s blog for detection and mitigation information.
“Business is really simple, and people are more productive, and they’re doing things that can lead to growth and opportunity,” says ServiceNow CEO Bill McDermott. “That’s the whole point of digital transformation. Right now, companies are hunkered down with systems that are absolutely wearing them out. It’s time to make the bold move, pivot to ServiceNow, and let’s get in there and fix the job.”
Bill McDermott, CEO, and President of ServiceNow says that only one in four digital transformation projects actually deliver positive ROI due to lack of integration:
Most Digital Transformation Projects Don’t Deliver
We have a situation on our hands where digital transformation, cloud computing, and business model innovation, are all converging at once. ServiceNow is the platform, of all the enterprise platforms, that really makes business work. One of the big lessons that business has right now is trillions have been poured into digital transformation yet only one in four projects actually deliver positive ROI. The reason for that is lack of integration.
Our system integrates with all the existing systems as well as all the collaborative tools in the enterprise. From day one, the customer gets it up and running swiftly because it’s in the cloud. They begin to derive value from it because you automate the way the work is done and ultimately, you’re now in a position to serve your customers the way they want to be served. It’s a speed game and ServiceNow is at the top of its game.
Companies Have To Create New Business Models
We’re an example. If you’re going to grow your company you’re going to take advantage of digital transformation. This is the only way out and it’s the only way forward. In the 20th Century companies put in big heavy on-premise systems. The issue is now they can’t, in a frictionless economy, immediately pivot those business models because they haven’t digitally transformed their business.
About 25 percent of the opportunity of businesses out there today over the next three years will come from white space places they are not in today. They have to create new business models. They have to think about new partnerships and new routes to market. Without the baseline of a platform like ServiceNow they’re not going to get there.
That’s The Whole Point Of Digital Transformation
I am very optimistic that the economies of the world not only are going to recover but actually going to do very well this year because people are going to be investing in digital transformation. We have seen that does not cost jobs. On the contrary, it frees people up to do things like go after new markets, derive new ideas, and so forth, because the AI revolution is also on.
We have built-in machine learning and AI into our platform. So 80 percent of the soul-crushing work people don’t want to do is done by the Now platform. The 20 percent that involves a human immediately gets initiated through a workflow order from the Now platform.
Business is really simple, and people are more productive and they’re doing things that can lead to growth and opportunity. That’s the whole point of digital transformation. Right now, companies are hunkered down with systems that are absolutely wearing them out. It’s time to make the bold move, pivot to ServiceNow, and let’s get in there and fix the job.
Fastest-Growing Pure-Play SASS Silicon Valley Company
If you look at our actual earnings results, they were stunning and obviously achieved beyond expectations performance across the board. We also followed that through in the guide. We’ll continue to be the fastest-growing pure-play SASS Silicon Valley company. We will continue to have the best margin profile of all of them. Obviously, we’re going to continue to gain market share in industries around the world, in geographies around the world, particularly in Europe and Asia Pacific, and Japan.
We will also gain market share on personas. Lots of people are getting the memo now that ServiceNow obviously dominated the IT automation market but the same backbone platform has enabled us to change the employee experience, the customer experience. In these tough times with COVID we can write low-code onto our platform in minutes and roll out new applications to hundreds of thousands of people so companies can move super fast.
We keep the guide consistent with the revenue that we generated in 2020. If there’s an upside to that… fantastic. That’s what good companies should do. They should go beyond expectations when they can but we stand by the guide and we’re looking forward to having a great year.
ServiceNow Was Born In The Cloud
The whole idea of ServiceNow is so different than SAP which was a company that needed to pivot to the cloud in 2010. We did that and that was very successful. ServiceNow was born in the cloud. It’s a very young company with tremendous growth opportunity on the organic front. Having said that, (we would be in interested in an acquisition) if you have a situation where there is a partner out there that has a substantial TAM, that can be highly complementary and synergistic with ServiceNow on the revenue side.
It also would have to do great things for the customer, because we have a precious platform and we jealously protect the integration power of that platform. A lot of things would have to be right but I can tell you as responsible business people we always look at it. We don’t need it to make our goals but you always have to look at it. We do want to be the defining enterprise software company the 21st century. That’s our plan.
Gartner is predicting companies will spend some $332.9 billion on remote work IT in 2021 as the digital transformation continues.
The coronavirus pandemic has sparked an unprecedented digital transformation, as organizations have turned to remote work, schools have turned to remote learning and individuals have had to rely on videoconferencing to stay in touch.
That trend is expected to continue full force for the next several years. In fact, Gartner predicts businesses will have to accelerate their digital transformation by at least five years through 2024, as they continue to deal with a permanently altered workforce — one where remote work is part of the new reality.
“There are a combination of factors pushing the devices market higher,” said John-David Lovelock, distinguished research vice president at Gartner.. “As countries continue remote education through this year, there will be a demand for tablets and laptops for students. Likewise, enterprises are industrializing remote work for employees as quarantine measures keep employees at home and budget stabilization allows CIOs to reinvest in assets that were sweated in 2020.”
As a result, Gartner predicts remote work-related global IT spending will reach $332.9 billion in 2021, an increase of 4.9% from 2020.
“Digital business represents the dominant technology trend in late 2020 and early 2021 with areas such as cloud computing, core business applications, security and customer experience at the forefront. Optimization initiatives, such as hyperautomation, will continue and the focus of these projects will remain on returning cash and eliminating work from processes, not just tasks,” said Mr. Lovelock.
Gartner’s report is the latest evidence that remote work has become a permanent part of society, with workers continuing to demonstrate their preference for it.
“What’s interesting here about the SolarWinds hack, in particular, is that it’s what’s called a supply chain attack,” says Datadog CEO Olivier Pomel. “This means the attack was made on the code that was shipped to the SolarWinds customer. Then there is this new notion in security called shifting left. By left, it means is closer to the developer and earlier in the development process.”
Datadog CEO Olivier Pomel discusses how the SolarWinds hack signals an increased focus by hackers to target software earlier in its development:
The SolarWinds hack was definitely a very big one. It’s not especially surprising to see new important hacks like this one but definitely a very impactful one. What it makes very clear is that there’s going to be even more of an arms race when it comes to security. It’s not surprising companies are transforming. They’re having more and more of their activity that is happening online is happening in software. So there’s much more that can be done by attacking that software.
What we do is we gather as many signals as possible across observability and monitoring. This is the way we come from and across security. What’s interesting here about the SolarWinds hack, in particular, is that it’s what’s called a supply chain attack. This means the attack was made on the code that was shipped to the SolarWinds customer. Then there is this new notion in security called shifting left. By left, it means is closer to the developer and earlier in the development process.
There’s something really interesting there when it relates to us (Datadog) in how we can solve the problem for our customers by bringing security earlier into the development process and tied in more to the operations and the development of the application. That’s definitely something that we’re investing in and something that we think is going to be a big area of investment for customers in the future.
SolarWinds Hack Was Supply Chain Attack, Says Datadog CEO Olivier Pomel
“Once you get to the cloud all of a sudden the lid is off,” says Snowflake CEO Frank Slootman. “People can just pursue their backlogs and whatever they can imagine. We’re now in a situation where technology is ahead of what people are capable of and imagining what they could actually do with it. That’s really a big part of what you see in Snowflake’s growth profile, a completely variable paradigm.”
Frank Slootman, CEO of Snowflake, says that on-premise data centers can only accommodate a tiny fraction of what their real demand for data analytics really is:
Once You Get To The Cloud The Lid Is Off
The important thing to understand is that there’s a couple of long-term secular trends that are coinciding and driving the development of the market overall. One is, as everybody knows, the movement towards cloud. It’s really a modernization play. We’re moving from on-premise data centers and we’re taking workloads to the cloud because we get to take advantage of better economics and utility models. Then we no longer have to manage capacity, we pay by the drink and all that sort of thing.
The other aspect that’s really important for our business is that we’ve had an extraordinary amount of pent up demand. The on-premise data centers could only accommodate a very tiny fraction of what their real demand for data analytics really is. Once you get to the cloud all of a sudden the lid is off. People can just pursue their backlogs and whatever they can imagine. We’re now in a situation where technology is ahead of what people are capable of and imagining what they could actually do with it. That’s really a big part of what you see in Snowflake’s growth profile, a completely variable paradigm.
Notion Of Headquarters Is Evaporating
We don’t have a yearning to go back to where we were. I can see why people would have that because of lockdowns and things of that sort. From a business standpoint, there’s a lot of positives to the shock to the system that we received. It’s almost like a wake-up call that is just opening our eyes to the opportunity. This whole notion that the office is your workday home we just realized that it’s nonsense. In other words, offices need to be there for specific purposes, for events, for training, for meetings specifically, but not a place to hang out nine to five. That’s definitely changing. It’s going to really reduce the real estate footprint that companies have.
The other trend and you’ve seen it with companies leaving California, the likes of Oracle and HP and Tesla, and so on is that the whole notion of headquarters is pretty much evaporating in front of our eyes. We’re no longer operating with a physical center of the universe. We’re completely virtual. We’re connecting as needed. We’ve been operating for the better part of a whole year without a headquarters and it’s just fine. All of a sudden everybody’s staring at each other and saying like what is the headquarters anyway. You’ve seen companies like Pinterest and you’re writing up massive leeches in San Francisco and saying we’re going to be headquarter-less. It’s just a concept whose time has gone away… and that’s very profound.
We Are Buying Talent And Technology, No M&A
Usually, big M&A is a function of people running out of market and running out of a lot of opportunity. They’re trying to invade adjacent territories to give themselves new runway. That is obviously not the case for Snowflake. We’re in a tremendous marketplace and we are buying talent and technology. We sometimes refer to it as stem cells that we can use that we don’t have ourselves that we can build very specific technologies around that are very much built snowflake way. We can really enable our platform mission or footer. That’s really been our mode. If you looked at our history we don’t have a history of doing big acquisitions.
Snowflake CEO Frank Slootman: Once You Get To The Cloud The Lid Is Off
Intel has decided to outsource its i3 processors to TSMC, after considering such a move for months.
Intel has fallen on hard times in recent years, being eclipsed by its long-time rival AMD, as well as Apple’s switch to its own, ARM-based, custom silicon. The company has dealt with security flaws, production bugs and supply issues. Most recently, it was announced that Pat Gelsinger would replace Bob Swan as CEO.
One of the biggest indications of Intel’s troubles was its willingness to consider outsourcing its processor manufacturing. While Intel has outsourced non-CPU chips for some time, this step would have never been an option years ago.
It appears Intel has moved forward, with plans to outsource its i3 production to TSMC in 2021, before moving its high-end chips over in 2022, according to TrendForce.
While the company is planning to kick off mass production of Core i3 CPUs at TSMC’s 5nm node in 2H21, Intel’s mid-range and high-end CPUs are projected to enter mass production using TSMC’s 3nm node in 2H22.
TrendForce believes the move will allow Intel to reserve its own in-house production for its most profitable, high-end chips.
Mozilla has been looking to expand its services and products beyond its Firefox web browser in an effort to diversify its profits. One of those endeavors is its VPN service that started life as a Firefox extension, before transitioning to a closed beta and then a publicly available service.
The initial releases, however, only supported Windows, Android and iOS. The company has now expanded its support to include macOS and Linux, rounding out support for every major platform.
Mozilla VPN currently offers service in the US, the UK, Canada, New Zealand, Singapore and Malaysia. This makes its focus far more narrow than competing services, such as ExpressVPN, although Mozilla says more countries will be added.
Mozilla promises it doesn’t log network activity and doesn’t restrict bandwidth. Like many of its competitors, Mozilla VPN can be run on five different devices from a single account.
The company has claimed that its service is faster than rivals because it uses less code. In our testing, however, those claims seem highly subjective, based on the selected VPN server.
For example, starting with an internet connection that averages 35 to 40 Mbps, we connected to Mozilla VPN using the three closest available locations. Two of the locations yielded speeds ranging from 0.37 to 0.44 Mbps. The third location, Chicago, yielded speeds of 32 and 33 Mbps.
Mozilla VPN Speed Tests
While not comprehensive, our brief testing shows Mozilla still has some work to do before it rivals ExpressVPN, widely considered the fastest service available.
Nonetheless, with Mozilla’s well-established reputation for protecting user privacy, their entry into the market is a welcome one.
The FBI is warning that cyber criminals are taking advantage of VoIP systems to target company employees in sophisticated voice phishing attacks.
As the pandemic has forced unprecedented numbers of employees to work remotely, maintaining the same level of corporate security has become an issue. Cyber criminals are taking advantage of this by gaining access to VoIP systems and company chatrooms and then convincing employees to log into a fake VPNs in an effort to steal their credentials.
The FBI issued an advisory to warn companies and help them mitigate the threat.
As of December 2019, cyber criminals collaborated to target both US-based and international-based employees’ at large companies using social engineering techniques. The cyber criminals vished these employees through the use of VoIP platforms. Vishing attacks are voice phishing, which occurs during a phone call to users of VoIP platforms. During the phone calls, employees were tricked into logging into a phishing webpage in order to capture the employee’s username and password. After gaining access to the network, many cyber criminals found they had greater network access, including the ability to escalate privileges of the compromised employees’ accounts, thus allowing them to gain further access into the network often causing significant financial damage.
In one instance, the cyber criminals found an employee via the company’s chatroom, and convinced the individual to log into the fake VPN page operated by the cyber criminals. The actors used these credentials to log into the company’s VPN and performed reconnaissance to locate someone with higher privileges. The cyber criminals were looking for employees who could perform username and e-mail changes and found an employee through a cloud-based payroll service. The cyber criminals used a chatroom messaging service to contact and phish this employee’s login credentials.
The FBI recommends multiple mitigation steps, including enabling multi-factor authentication, starting new employees with minimal security privileges, actively scanning for unauthorized access or modifications, implementing network segmentation and giving administrators two accounts, one with admin privileges and the second for other duties.
Google has announced it was not impacted by the SolarWinds hack, one of the biggest cybersecurity breaches in US history.
Corporations and government agencies were compromised by a supply chain attack involving SolarWinds’ Orion IT software. Hackers managed to compromise Orion IT, creating a trojanized version that left organizations using it open to attack.
Despite using SolarWinds software, Google has announced it is not one of the companies impacted. Phil Venables, CISO, Google Cloud, confirmed the information in a blog post:
Based on what is known about the attack today, we are confident that no Google systems were affected by the SolarWinds event. We make very limited use of the affected software and services, and our approach to mitigating supply chain security risks meant that any incidental use was limited and contained. These controls were bolstered by sophisticated monitoring of our networks and systems.
This is good news for Google, as well as its cloud customers.
Intel’s soon-to-be CEO is already taking shots at Apple, as the new M1 Macs offer significant advantages over Intel-based machines.
Intel made headlines Wednesday when it announced Intel alum and VMware CEO Pat Gelsinger would replace Bob Swan as CEO. The change comes at a time when Intel is facing pressure and challenges on all sides. Intel is clearly hoping that Gelsinger has the expertise and experience to turn things around.
While Gelsinger isn’t slated to take over the reigns at Intel until February 15, that hasn’t stopped him from challenging Intel to beat Apple in the processor race.
According to The Oregonian, Gelsinger made his comments at an all-hands meeting on Thursday.
We have to deliver better products to the PC ecosystem than any possible thing that a lifestyle company in Cupertino. We have to be that good, in the future.
Only time will tell if Intel can live up to Gelsinger’s aspirations. Either way, he’s definitely giving the company something to shoot for.
Intel has announced VMware CEO Pat Gelsinger will replace Bob Swan as CEO, effective February 15.
Intel has been struggling in recent years, facing a host of problems. It has witnessed the rise of Arm-based chips, used in everything from phones to computers. AMD, a rival that historically has lagged behind Intel, has been resurgent, releasing chips that have challenged Intel’s core business. In addition to external threats, the company has faced internal problems, including the loss of leading chip engineers, “unfixable” security issues and ongoing production problems.
Intel’s troubles even lead the Third Point hedge fund to pen a letter to Intel, demanding changes to address the problems. Swan indicated a willingness to work with Third Point on potential solutions.
Intel has now announced a change in its top leadership, bringing Gelsinger onboard to replace Swan. Gelsinger is widely seen as one of the best choices to lead the company. He is a 30-year Intel veteran, giving him invaluable experience and insight into company culture. Most recently, he has served as CEO of VMware since 2012, leading that company to some of its greatest successes.
“Pat is a proven technology leader with a distinguished track record of innovation, talent development, and a deep knowledge of Intel. He will continue a values-based cultural leadership approach with a hyper focus on operational execution,” said Omar Ishrak, independent chairman of the Intel board. “After careful consideration, the board concluded that now is the right time to make this leadership change to draw on Pat’s technology and engineering expertise during this critical period of transformation at Intel. The board is confident that Pat, together with the rest of the leadership team, will ensure strong execution of Intel’s strategy to build on its product leadership and take advantage of the significant opportunities ahead as it continues to transform from a CPU to a multi-architecture XPU company.”
“I am thrilled to rejoin and lead Intel forward at this important time for the company, our industry and our nation,” said Gelsinger. “Having begun my career at Intel and learned at the feet of Grove, Noyce and Moore, it’s my privilege and honor to return in this leadership capacity. I have tremendous regard for the company’s rich history and powerful technologies that have created the world’s digital infrastructure. I believe Intel has significant potential to continue to reshape the future of technology and look forward to working with the incredibly talented global Intel team to accelerate innovation and create value for our customers and shareholders.”
Gelsinger has a big challenge ahead of him, as he tries to turn things around at the beleaguered chipmaker. It remains to be seen if he will be successful, although he certainly has the background and experience to have a fighting chance.
Intel is in talks with TSMC and Samsung to produce some of the company’s chips.
Intel has fallen on hard times of late. Once the undisputed leader of the semiconductor industry, the company has struggled to keep up with demand, has been plagued with security issues, lost one of its most high-profile customers, seen an exodus of its top chip engineers and experienced difficulties moving to 7nm processors.
Intel’s troubles have led the company to consider outsourcing production of its chips to outside companies, something that would have been unthinkable just a few years ago. In October, CEO Bob Swan said the company was looking at outsourcing and would make a decision in the next couple of months.
According to Bloomberg Intel is now in talks with both TSMC and Samsung to outsource its production to them. The talks with Samsung, whose abilities still lag behind TSMC, are described as preliminary.
It’s unclear how much business TSMC could take on. TSMC is the company Apple outsources production of its custom silicon, now used in iPhones, iPads and Macs. As a result, reports indicate that Apple has already booked some 80% of TSMC’s 5nm production, raising questions about how much of Intel’s business TSMC could absorb.
While Intel is still holding out hope it will be able to turn things around and keep production in-house, it’s an amazing fall for one of the titans of the semiconductor business.
The US Judiciary is going decidedly low-tech in an effort to protect important information in the wake of the SolarWinds attack.
The SolarWinds attack was one of the most devastating hacks the US has experienced. Multiple government agencies were compromised, with the federal Judiciary suspected to be among them.
The attack was so successful because it was a supply chain attack. Rather than attacking individual target organizations, a supply chain attack relies on compromising a legitimate piece of software up the supply chain, installing a trojan and then gaining access to all the organizations that use the software in question. In this example, the compromised software was SolarWinds’ Orion IT monitoring and management software, used by government agencies and corporations alike.
In the wake of the attack, access to public documents will not be impacted, but the Judiciary is taking no chances with sensitive documents.
Under the new procedures announced today, highly sensitive court documents (HSDs) filed with federal courts will be accepted for filing in paper form or via a secure electronic device, such as a thumb drive, and stored in a secure stand-alone computer system. These sealed HSDs will not be uploaded to CM/ECF. This new practice will not change current policies regarding public access to court records, since sealed records are confidential and currently are not available to the public.
These extraordinary measures are the latest indication of the damage and impact the SolarWinds attack has had on public and private institutions.
Mid-size jurisdictions have lagged in cloud adoption, but new information seems to indicate they’re finally catching up.
Few technologies have become more important during the global pandemic than cloud computing. Cloud platforms have helped companies stay productive, enabled remote workers to keep working and have helped cities and jurisdictions continue functioning.
Unfortunately, many mid-size jurisdictions have been slower to adopt cloud technologies, compared to some of the larger cities. It’s unclear why this is the case, although budget and expertise concerns may have been factors. Others may have wanted to see how well cloud computing worked for larger jurisdictions before getting on board.
“The COVID-19 pandemic exploded that kind of thinking,” says Phil Bertolini, co-executive director of the Center for Digital Government.
“With all this happening, cloud starts to make more sense,” Bertolini continues. “Cities and counties that haven’t started with cloud no longer have the luxury of waiting. And jurisdictions that already have started will go faster.”
According to the Center for Digital Government’s research, cloud adoption has now become “a top-10 technology priority over the next 12 to 18 months.”
Secure messaging app Signal has received a boost from one of the titans of tech, as Elon Musk tells his Twitter followers to “use Signal.”
Signal exists in the same space as WhatsApp and Telegram. The app provides end-to-end encrypted chat and voice calls, and is widely considered one of the most secure communication methods on the planet. In fact, the EU commission, US Senate and some military units all recommend their members use it.
While WhatsApp may be more popular, there have been growing concerns regarding its security and privacy. Most recently, WhatsApp announced a changed to its privacy policies, wherein it will share significant user data with Facebook and other Facebook companies. Needless to say, this has not gone over well with users who value privacy and security.
Elon Musk is the latest to come out in favor of WhatsApp’s more secure alternative.
Facebook has shown a repeated lack interest or ability in protecting people’s privacy. Using WhatsApp for secure communication is the equivalent of having the fox guard the henhouse.
For any individuals concerned with privacy and security, Musk is right: Use Signal.
The Biden transition team has selected David Recordon as the next White House Director of Technology.
Recordon is well-known in the open source community. He is one of the developers behind OpenId and oAuth, he has served as Engineering Director at Facebook and even served as the first Director of White House Information Technology under President Obama.
Recordon made the announcement of his appointment on LinkedIn:
I’m honored to have the opportunity to join the Biden-Harris administration’s White House senior team and am excited to both rebuild past and create new relationships with the incredible teams of career civil servants, active duty military members, and intelligence professionals who make technology work day in and day out for such an important set of missions. The pandemic and ongoing cyber security attacks present new challenges for the entire Executive Office of the President, but ones I know that these teams can conquer in a safe and secure manner together.
Give his vast, and prior, experience, it’s a safe bet Recordon will be well-equipped for his new role.
The FBI is trying to determine if JetBrains was compromised as part of the SolarWinds attack.
The SolarWinds attack was one of the largest, most damaging hacks against US government and corporate entities. Some experts have said it will take months, or even years, to understand the extent of the damage.
What made the SolarWinds attack so successful was that it was a supply chain attack. Rather than trying a brute force attack, or tricking organizations into installing suspect software, hackers compromised SolarWinds’ Orion IT monitoring and management software. Since this legitimate software is in use by countless organizations, by compromising it and installing a trojan directly in it, hackers were able to hack organizations using Orion IT.
The FBI is now concerned a second application may have been compromised in a similar nature, according to Reuters. JetBrains makes a project management application called TeamCity. Like Orion IT, TeamCity is used by companies around the world, making it extremely important to determine if it was compromised as well.
“We are not aware of any investigation nor have we been contacted by any agencies,” a JetBrains spokesman said. “We are not aware of any vulnerabilities in the product or breaches that would allow for this, nor that any of our customers were affected.”
A researcher at Dutch security firm EYE has discovered a critical vulnerability in Zyxel’s firewall and VPN gateways, as a result of exposed credentials.
Zyxel sells a line of popular firewall and VPN gateway devices. Niels Teusink, a researcher with EYE, discovered a major issues that leaves over 100,000 devices vulnerable.
When doing some research (rooting) on my Zyxel USG40, I was surprised to find a user account ‘zyfwp’ with a password hash in the latest firmware version (4.60 patch 0). The plaintext password was visible in one of the binaries on the system. I was even more surprised that this account seemed to work on both the SSH and web interface.
Teusink goes on to highlight why this vulnerability is so dangerous.
As the zyfwp user has admin privileges, this is a serious vulnerability. An attacker could completely compromise the confidentiality, integrity and availability of the device. Someone could for example change firewall settings to allow or block certain traffic. They could also intercept traffic or create VPN accounts to gain access to the network behind the device. Combined with a vulnerability like Zerologon this could be devastating to small and medium businesses.
Teusink recommends updating to the latest firmware version immediately.
Microsoft has revealed that hackers viewed some of its source code as part of the SolarWinds attack that government agencies are still investigating.
The SolarWinds attack is one of the most devastating cyberattacks perpetrated against US companies and government agencies. Believed to be the work of Russian hackers, the attack was a supply chain attack, compromising SolarWind’s Orion IT monitoring and management software.
As one of the organizations impacted, Microsoft has now revealed the hackers viewed some of its source code, but did not make any modifications.
We detected unusual activity with a small number of internal accounts and upon review, we discovered one account had been used to view source code in a number of source code repositories. The account did not have permissions to modify any code or engineering systems and our investigation further confirmed no changes were made. These accounts were investigated and remediated.
Microsoft is not concerned about the source code being viewed, since the company’s security protocols assume its source is being viewed by outside elements.
At Microsoft, we have an inner source approach – the use of open source software development best practices and an open source-like culture – to making source code viewable within Microsoft. This means we do not rely on the secrecy of source code for the security of products, and our threat models assume that attackers have knowledge of source code. So viewing source code isn’t tied to elevation of risk.
As with many companies, we plan our security with an “assume breach” philosophy and layer in defense-in-depth protections and controls to stop attackers sooner when they do gain access.
Although Microsoft seems to be containing any damage adequately, the degree to which the attackers compromised one of the biggest tech companies in the world is further evidence just how successful the SolarWinds attack was.
