The Department of Justice announced yesterday (20190722) the defendant (Microsoft Corporation (NASDAQ: MSFT) has agreed to pay $25.3 Million USD to settle violations of the United States Bribery Statutes, when the Redmond, Washington software leviathan decided it should bribe government officials in Hungary and other countries in the Eurozone to gain ill-gotten gains.
via Threatpost author Lindsey O'Donnell, come this remarkably lucid, well crafted interview piece dissecting the nature of low-hanging fruits, where the fruits under scrutiny are in fact cities themselves, specifically - Atlanta. Ensconced (if you will) in the Peach State... Most certainly Today's Must Read.
Quite likely the defining opinion piece, well-crafted by the inimitable Kara Swisher, writing at The New York Times, targeting the the entity known as Facebook, Inc. (NASDAQ: FB) (of which, in our opinion, is a classically structured and well organized criminal enterprise). Today's Must Read.
"With $23 billion in cash on hand, Facebook will see a $5 billion fine as simply the cost of doing business. Needless to say, this is not how fines are supposed to work." - via Kara Swisher's superb opinion piece at The New York Times
via Jon Brodkin, writing at Ars Technica, comes the story of a total of $35 million dollars paid by two sketchy retail corporations (Office Depot and it's partner in crime - Support.com) in the US, whom have fallen from grace most profoundly. Read it and rejoice for a US Federal Agency living up to it's mandate and doing the Rght Thing.
The FTC yesterday announced that Office Depot and its software supplier, Support.com, have agreed to pay a total of $35 million in settlements with the agency. Office Depot agreed to pay $25 million while Support.com will pay the other $10 million. The FTC said it intends to use the money to provide refunds to wronged consumers. - via Jon Brodkin, writing superb reportage at Ars Technica
via Kate Fazzini, writing at CNBC, comes a tale of sweaty desperation, criminal extortion and the appalling dearth of morality in the so-called 'Cybersecurity Marketplace'. Detailing what she describes as 'aggressive tactics' - in reality, simple, single-source extortion - as exhibited by 'cybersecurity vendor salespeople - and their ilk. Today's Must Read.
"The cybersecurity vendor marketplace is growing so crowded that some companies have been resorting to extreme tactics to get security executives on the phone to pitch their products, including lying about security emergencies and threatening to expose insignificant breaches to the media." - via Kate Fazzini, writing at CNBC
Simply superb reportage by the inimitable Dan Goodin writing at Ars Technica, and focusing, as it were, on the nearly inescapable truth of the criminal enterprise - also known as Facebook Inc. (NASDAQ: FB). This time, the criminals possess free reign with nefarious scamming and what-not at the top of their evil-doing list, simply becuase there are not enough competent eyes on the problem... If you read anything today on the untenable position of Facebook Inc., in civil society, read Mr. Goodin's superlative examination.
"The Facebook representative didn't explain why the security department is having such a hard time dismantling the campaign. People who use the site should remain alert." - via Dan Goodin writing at Ars Technica
via Graham Cluely's timely security blog, comes the story of Carole Cadwalladr whom, in her day job, is famous for her highly competent reportage at The Guardian. The specific reporting series is here. Detailing not-so-secret fundamental security and privacy flaws; all combined into a porridge with both blatant stupudity and greed as spices, in which, the aforementioned porridge turns out to be a not-so-tasty dish for Facebook Inc. (NASDAQ: FB) and Cambridge Analytica (now in receivership)... If you spend any time contemplating the evil that is Facebook, read Carole Cadwalladr's work and you'll experience a Silicon Valley revelation (perhaps some avocado toast will calm you down). Today's Must Read!
BGP Related Issues, Along With Malicious Redirection Predicated On Fraudulent Routes To Blame
via Dan Goodin's typically superlative prose, at Ars Technica, in which, Dan details the issues, titled 'Suspicious Event Hijacks Amazon Traffic For 2 Hours, Steals Cryptocurrency' comes the root cause of the Amazon Route53 debacle. Additionally, a great tell-all piece entitled 'Another BGP Hijacking Event Highlights the Importance of MANRS and Routing Security' (discussing the same issues as Mr. Goodin), via The Internet Society's Megan Kruse and Aftab Siddiqui is also worthy of note. Fundamentally, the IETF should step up it's efforts to deal with these issues (and perhaps take MANRS into consideration ASAP. It is important to note that the Internet Engineering Task Force (IETF) is an organized activity of The Internet Society's, and has been for more that a decade. Both posts are Today's Must Read.
via the eponymous Brian Krebs, publishing his perfectly targeted prose at Krebs on Security, comes word of the amount (estimated to be $1.4 Billion USD) Americans spent on freezing their credit histories at the major credit reporting agencies - otherwise known as Adding Insult to Injury. Is it any wonder that many Americans believe that the Credit Reporting agencies are, in fact, Conspiratorial Criminal Enterprises.
via Peter Rudegeair and AnnaMaria Andriotis - writing at The Wall Street Journal - comes a good example of crime reportage, regaling us with an exposé of pernicious criminality within the Identity Theft arena: The utilization of Synthetic Identities leveraged to abscond with fungible assets... In this case, to the tune of billions of dollars. While not new - as the article erroneously claims in both it's title and body copy - the use of synthetic identities targeting our children's identities and unused Social Security Numbers has been an ever-increasing fraud modality for a number of years. Today's Must Read.
via Phys.org, comes a brief news item targeting the trojan exploit dubbed 'Adylkuzz', and it's mining feature. Additionally, read the highly detailed Proofpoint post, of which, contains the true gist of this trojan, as it were..
'Instead of completely disabling an infected computer by encrypting data and seeking a ransom payment, Adylkuzz uses the machines it infects to "mine" in a background task a virtual currency, Monero, and transfer the money created to the authors of the virus.' - via Phys.org
"To exploit the vulnerability, a criminal would need to pose as the control server, which is possible via ARP spoofing, or by simply connecting the ATM to a criminal-controlled network connection," said Georgy Zaytsev, a researcher with Positive Technologies. "During the process of generating the public key for traffic encryption, the rogue server can cause a buffer overflow on the ATM due to failure on the client side to limit the length of response parameters and send a command for remote code execution." - via John Leyden, at El Reg