Security outfit FireEye released some disappointing results and claim it is because firms are skimping on their security budgets.
FireEye forecast a bigger than expected loss for the first quarter and said it expected growth in cyber security spending to slow this year.
FireEye Chief Executive Dave DeWalt said sales across the industry were boosted by “emergency spending” last year as major hacking attacks prompted some companies to place massive orders.
“Now I see a much more normalized spending environment,” he said in an interview ahead of the company’s quarterly earnings call with analysts.
The company forecast an adjusted loss per share of 49-53 cents per share for the quarter ending March, bigger than the 40 cent loss analysts were expecting on average.
DeWalt said the buying of iSight Partners and Invotas this year would hurt profitability in the short term as both businesses were subscription-based.
Subscriptions bring in less money in the short term.
The company bought privately held iSight for $200 million in January to boost its cyber intelligence offerings for governments and businesses.
While demand for more sophisticated security offerings has surged in the face of an increase in cyber hacking, FireEye is facing intense competition from Palo Alto Networks, Proofpoint and Imperva.
FireEye’s fourth-quarter billings was $256.9 million – at the lower end of the $257 million-$258 million the company had estimated in January.
FireEye said net loss attributable to common shareholders increased to $136.1 million, or 87 cents per share, in the quarter ended Dec. 31, from $105.7 million, or 72 cents per share, a year earlier.
Revenue rose 29.2 percent to $184.8 million, missing analysts’ average estimate of $185.3 million.
The US President Barack Obama wants to spend $19 billion to spruce up the Land of the Fee’s cyber security.
In his fiscal 2017 budget proposal, Obama asked for $19 billion for cyber security across the US government, an increase of $5 billion over this year
While the White House’s overall cunning plan faces tough going in the Republican-controlled Congress, increased cyber security funding has bipartisan support.
Obama’s director of national intelligence, James Clapper, warned congress that cyber threats “could lead to widespread vulnerabilities in civilian infrastructures and U.S. government systems.”
The Obama initiative calls for a more than one-third increase from the $14 billion appropriated this year and would include $3.1 billion for technology modernisation at various federal agencies.
The US government has suffered a series of high-profile hacks against the government and companies like Sony Pictures and Target.
Those difficulties played out publicly last year when the Office of Personnel Management announced it had fallen victim to a hack that lifted sensitive information on roughly 22 million individuals from its databases.
A government watchdog report last month concluded the government’s cyber defense system, known as Einstein, is ineffective at combating hackers.
The White House set up a presidential commission on cyber security, which would make recommendations for strengthening defenses over the next decade. A new position of federal chief information security officer also would be established.
Bleeping Computer has been sued by Enigma Software Group after posting a bad review of their core product SpyHunter in 2014.
Enigma Software claims the review was false, disparaging, and defamatory. A court case is going to be interesting the review provides links to support each claim. What Enigma seems to be hoping is that the jury will be influenced by the fact that Bleeping Computer participates in a number of affiliate programs, including run by its sworn rival Malwarebytes.
The lawsuit says, “Bleeping has a direct financial interest in driving traffic and sales to Malwarebytes and driving traffic and sales away from ESG.”
“Bleeping not only has unlawfully benefited from its spear campaign to the detriment of ESG, it has damaged the reputation of ESG by refusing to take down its false and misleading statements which have been reposted numerous times on the other anti-spyware related forums and websites.”
Bleeping Computer use affiliate links for a number of vendors, not just Malwarebytes. Then there is the small matter that Enigma Software and SpyHunter has a poor reputation because of its spam and er questionable detection rates.
One of the more common complaints about SpyHunter and Enigma Software is that the product is promoted as free, when it really isn’t.
Its free version offers a scanner but if you want the malware removed you have to pay for the full version.
In a statement on Bleeping Computer, owner Lawrence Abrams, says the Enigma Software lawsuit is a SLAPP (strategic lawsuit against public participation) suit.
“Enigma Software has a history of filing lawsuits to censor and bully people into removing reviews or opinions about their products… If BleepingComputer does not get the help we need and we lose this battle, it will only embolden Enigma Software to try to silence other bloggers, IT technicians, or computer security enthusiasts.”
Bleeping Computer has started a fund to gather donations for their legal costs, one of the first donations made came from Malwarebytes, which sent $5,000 shortly after the campaign started which though helpful financially probably is not that useful tactically.
Death cult the Islamic state is having a good chuckle after it convinced the main stream media and politicians that it had developed an app which encrypted messages so that intelligence agencies could not read them.
The news was treated as a fact by the mainstream media and created a wave of concern from politicians who are keen to force companies to abandon encryption.
However the app created for Islamic State militants to send private encrypt messages does not exist. So without having to cut anyone’s head off, Islamic State has managed to cause the West to react with fear and in a way that will stuff up business security.
No one has found a copy of the Alrawi app and all the pictures show screenshots of an app which is basically a glorified RSS reader. Even the magazine Defense One which broke the story has not seen a copy.
The Daily Dot managed to get its paws on what was claimed to be the Alrawi encryption app but that did not have the ability to send or encrypt messages.
In fact those who looked at it said that it was based around MIT’s App Inventor, a plug-and-play tool meant primarily for kids. It contains a Bluetooth file transfer button which all smartphones have and that is about it.
No one has seen a version of Alrawi with encrypted communications, there is a jihadist website offering custom-built software where the Alrawi encrypted messaging app was found. The site is now dormant and was created by Al Qaeda, not IS.
Security researchers who closely follow the Islamic State’s online activity say that they haven’t seen the Alrawi app being discussed or shared in any of ISIS’s online channels.
NSA whistleblower Edward Snowden said that nothing IS has shown demonstrates the ability to encrypt anything.
Oracle has finally announced that it is killing off its Java browser plugin.
The cunning plan is to scale down the plugin technology in Java Developer Kit 9 and remove it completely from Oracle JDK and Java Runtime Environment in a future Java SE release.
Oracle admitted that plugins were outdated and modern Web browsers don’t need them. Chrome disabled Java in April last year, while Firefox also announced plans to kill Oracle’s technology.
Oracle has warned developers to find an alternative.
“With modern browser vendors working to restrict and reduce plugin support in their products, developers of applications that rely on the Java browser plugin need to consider alternative options such as migrating from Java Applets (which rely on a browser plugin) to the plugin-free Java Web Start technology,” Oracle said in a blog post to users.
Oracle acquired the Java plugin, in 2010. It is a bit like Flash and Silverlight in that it uses NPAPI, which is an ancient Netscape Plugin API. These plugins have caused more trouble than good and using one is like painting a large bullseye on your back and screaming “hack me”.
Some will be miffed at the plug-in’s exist. Some enterprises are likely still running older Web browsers that need Java, and created plenty of applets for it.
The software genii at the fruity cargo Apple are in hot water after it turns out the browser they came up with crashes easier than a drunken emu.
The Tame Apple Press has done its best to put a lid on the whole matter, but the problem is a little difficult to hide. The problem is worldwide and means that searching from the address bar in both iOS and OS X is causing the browser to crash.
Even the Verge which spun yesterday’s terrible results for Apple ans “the best ever” has confirmed the problem on one of the many iOS devices and OS X machines it has in the office.
The problems are related to a feature on Safari which tells you what you should be looking at as you start typing. You can fix the problem by disabling this feature but it does mean that you will not have the benefit of having Apple to tell you what to do. This will mean that countless fanboys will be in the difficult position of having to think, rather than think different.
The Verge claims that not everyone is affected, but actually everyone is. It is just that they might have the search suggestions cached locally or they can reach Apple’s servers thanks to their DNS cache. TApple is not saying anything of course. But it is just the latest in a number of embarrassing programming errors on some of its products.
A couple of months ago Mac users were forced to reinstall software from the App Store following a security glitch. An expired security certificate used by Apple to verify apps forced a number of Mac users to reinstall certain pieces of software after the company attempted to move from the older SHA-1 standard, to the newer, more secure, SHA-2. Some apps in the App Store did not support the SHA-2 standard, resulting in the forced reinstall.
The US government has handed over the its sensitive cybersecurity role to the military.
The move is seen as a snub to the Office of Personnel Management, the agency at the center of last year’s scandal over one of the worst government data breaches known to the public.
US officials believe a Chinese espionage operation infiltrated OPM’s records accessing information on 21.5 million current and former employment or job applicants. Fingerprint images belonging to some 5.6 million people were stolen.
The Pentagon has been called in to overhaul the federal security clearance system. A new government office, called the National Background Investigations Bureau, will take over the job of running background checks on all federal employees, contractors and others.
The Defense Department will design, build and operate the computer system that houses and processes people’s personal information, Director of National Intelligence James Clapper and other officials said.
The White House wanted to use ththe Pentagon’s expertise in national security and protecting US secrets.
OPM spokesman Samuel Schumach said that since the hack, the agency has started real-time computer monitoring, installed protections against unknown devices and adopted two-factor authentication, which adds a level of security beyond a single password.
The computer networks that hackers breached last year had been left vulnerable for years without basic cybersecurity protections, its internal watchdog told Congress.
In the new system, the Pentagon will encrypt data where appropriate and consider which information should be kept separate from the rest of the network.
The administration didn’t say when they expecte system to be operational. President Barack Obama planned to ask Congress in his budget next month for $95 million to build the computer system, but officials said development would start using the personnel office’s existing funds.
A zero-day vulnerability in the FFmpeg open-source multimedia framework, which is used by shedloads of Linux kernel-based operating systems and software applications and Mac OS X and Windows platforms has been spotted.
The vulnerability was discovered on January 12, 2016, by Russian programmer Maxim Andreev. Anyone who has the necessary skills to hack a computer to read local files on a remote machine and send them over the network using a specially crafted video file.
The hole is limited to reading local files and sending them over the network, not to remote code execution, but it’s rather embarrassing. The FFmpeg developers are aware of the issue, and they are trying to patch it. If you are worried about it you can disable HLS (HTTP Live Streaming) while building the package while the sort out a fix. The FFmpeg team are expected to release a patch or a new version of the software later today.
The attack does not even require the user to open the dodgy file. KDE Dolphin thumbnail generation is enough to start the hack. Desktop search indexers, ffprobe or any operations that involve ffmpeg reading are affected.
The US government has noticed an increase in attacks that penetrate industrial control system networks over the past year.
Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team, or ICS-CERT said he systems are vulnerable because they are exposed to the Internet.
ICS-CERT spokesman Marty Edwards said that more hackers were gaining access to that control system layer.
ICS-CERT helps US firms investigate suspected cyber attacks on industrial control systems as well as corporate networks.
The issue has gained attention after Ukraine authorities blamed a power outage on a cyber attack from Russia, which would make it the first known power outage caused by a cyber attack.
Experts attending the S4 conference of some 300 critical infrastructure security specialists in Miami said the incident has caused U.S. firms to ask whether their systems are vulnerable to similar incidents.
Edwards said he believed the increase in attacks was mainly because more control systems are directly connected to the Internet.
“I am very dismayed at the accessibility of some of these networks… they are just hanging right off the tubes,” he said in an on-stage interview with conference organizer Dale Peterson.
Edwards did not say whether those attacks had caused any service disruptions or threatened public safety.
Apparently the head of the US Director of National Intelligence’s security was so good that he could be hacked by pranking teens.
One of the “teenage hackers,” Cracka who broke into the CIA director’s AOL email account last year said his latest victim is the Director of National Intelligence James Clapper.
The teen is part of a group of hackers calling themselves “Crackas With Attitude” or CWA. It made headlines in October, hacking into CIA Director John Brennan’s email account and apparently getting access to several online tools and portals used by US law enforcement agencies.
One if the group, Cracka said he had Clapper’s home telephone, internet connection, his personal email, and his wife’s Yahoo account.
As a gag he changed Clapper’s Verizon FiOS account so that every call was t forwarded to the Free Palestine Movement.
“I’m pretty sure they don’t even know they’ve been hacked,” Cracka told me in an online chat. Well they do now. Brian Hale, a spokesperson for the Office of the Director of National Intelligence, confirmed the hack to Motherboard.
“We’re aware of the matter and we reported it to the appropriate authorities,” Hale said, declining to answer any other questions on the record. (The FBI declined to comment.)