On April 30, the House’s Technology Service Desk informed users about an increase in ransomware-related emails on third-party email services like Yahoo Mail and Gmail.

“The House Information Security Office is taking a number of steps to address this specific attack,” the Technology Service Desk said in an email obtained and published by Gizmodo. “As part of that effort, we will be blocking access to Yahoo Mail on the House Network until further notice.”

The ban on Yahoo Mail access suggests that some House of Representatives workers accessed Yahoo mailboxes from their work computers. This raises questions: Are House workers using Yahoo Mail for official business, and, if they’re not, are they allowed to check their private email accounts on work devices?

If they use the same devices for both personal and work activities, one would hope that there are access controls in place to separate the work and personal data. Otherwise, if they are allowed to take those devices outside of the House’s network, they could just as easily become infected there, where the ban is not in effect.

“The recent attacks have focused on using .js files attached as ZIP files to e-mail that appear to come from known senders,” the House’s Technology Service Desk said. “The primary focus appears to be through Yahoo Mail at this time.”

The increase in ZIP and RAR attachments that contain malicious JavaScript (JS) files has been observed by multiple security companies in recent months. Microsoft offers several recommendations, like using the Windows AppLocker group policy to restrict the execution of .JS files.

The House Information Security Office also banned access to appspot.com, the domain name used by applications hosted on the Google App Engine platform, Reuters reported.

Source- http://www.thegurureview.net/aroundnet-category/u-s-house-of-representatives-block-yahoo-and-google-apps.html

Knowledge about threats is often hidden in unstructured sources such as blogs, research reports and documentation, said Kevin Skapinetz, director of strategy for IBM Security.

“Let’s say tomorrow there’s an article about a new type of malware, then a bunch of follow-up blogs,” Skapinetz explained. “Essentially what we’re doing is training Watson not just to understand that those documents exist, but to add context and make connections between them.”

Over the past year, IBM Security’s own experts have been working to teach Watson the “language of cybersecurity,” he said. That’s been accomplished largely by feeding it thousands of documents annotated to help the system understand what a threat is, what it does and what indicators are related, for example.

“You go through the process of annotating documents not just for nouns and verbs, but also what it all means together,” Skapinetz said. “Then Watson can start making associations.”

Now IBM aims to accelerate the training process. This fall, it will begin working with students at universities including California State Polytechnic University at Pomona, Penn State, MIT, New York University and the University of Maryland at Baltimore County along with Canada’s universities of New Brunswick, Ottawa and Waterloo.

Over the course of a year, the program aims to feed up to 15,000 new documents into Watson every month, including threat intelligence reports, cybercrime strategies, threat databases and materials from IBM’s own X-Force research library. X-Force represents 20 years of security research, including details on 8 million spam and phishing attacks and more than 100,000 documented vulnerabilities.

Watson’s natural language processing capabilities will help it make sense of those reams of unstructured data. Its data-mining techniques will help detect outliers, and its graphical presentation tools will help find connections among related data points in different documents, IBM said.

Ultimately, the result will be a cloud service called Watson for Cyber Security that’s designed to provide insights into emerging threats as well as recommendations on how to stop them.

Source-http://www.thegurureview.net/computing-category/ibms-watson-to-get-schooled-on-cybersecurity.html

Twitter, which provides Dataminr with real-time access to public tweets, seems to be trying to distance itself from appearing to aid government surveillance, a controversial issue after former National Security Agency contractor Edward Snowden revealed that the government was collecting information on users through Internet and telecommunications companies.

Executives of Dataminr told intelligence agencies recently that Twitter, which holds around 5 percent of the equity in the startup and provides the data feed, did not want the company to continue providing the service to the agencies.

Twitter’s move appears to be in line with its policy on the use of its tweet data by external companies.

“Dataminr uses public Tweets to sell breaking news alerts to companies such as Wall Street Journal parent Dow Jones and government agencies such as the World Health Organization, for non-surveillance purposes,” Twitter said in a statement Sunday. “We have never authorized Dataminr or any third party to sell data to a government or intelligence agency for surveillance purposes.”

U.S. intelligence agencies gained access to Dataminr’s service after In-Q-Tel, aventure capital organization backed by U.S. intelligence agencies, put money in the firm, the WSJ said, quoting a person familiar with the matter. Twitter is said to have conveyed to Dataminr that it didn’t want to continue the relationship with intelligence agencies at the end of a pilot by the data analysis firm arranged by In-Q-Tel. Dataminr does not figure in the list of In-Q-Tel portfolio companies on its website.

Source-http://www.thegurureview.net/uncategorized/twitter-blocks-intelligence-agencies-access-to-tweet-analytics.html

Researchers from security firm PhishLabs claim that they’ve found 11 such applications since the beginning of 2016 hosted on Google Play, most of them created by the same group of attackers.

The apps are simple, yet effective. They load Web pages containing log-in forms that look like the target companies’ websites. These pages are loaded from domain names registered by the attackers, but because they are loaded inside the apps, users don’t see their actual location.

In some cases attackers registered domain names that are similar to those of the impersonated online payment services, PhishLab Security Threat Analyst Joshua Shilko said in a blog post.

More recently, attackers used domain names similar to those of cryptocurrency companies, suggesting that the cryptocurrency industry is also targeted.

PhishLabs did not name the exact payment card companies and online payment services whose users were targeted by these fake apps. However, most of those companies provide links to their official mobile applications on their websites and users should always use those links instead of manually searching for them on the Play store.

“In one case, a targeted company explicitly states on their website that no mobile application exists for their company and that users should be wary of any mobile application using their brand,” Shilko said.

The danger is that if phishers manage to routinely bypass Google’s review process and upload such apps to the Google Play store, their attacks might extend to other industries in the future.

Another problem is that even when these apps are detected by third-parties and reported, it can take several days for Google to remove them from the app store, leaving a sufficiently large window of opportunity for attackers. It’s not clear how attackers promote these fake apps or if they rely only on users finding them themselves, but in general phishing attacks are most effective during the first several hours after they’re launched.

Source- http://www.thegurureview.net/mobile-category/phishing-apps-continue-to-play-google-play.html

T-Mobile has been offering cheaper leasing plans and free music and video streaming to lure customers away from larger rivals Verizon Communications Inc and AT&T Inc.

T-Mobile, controlled by Deutsche Telekom, said it added 2.2 million customers on a net basis in the first quarter ended March 31.

That easily topped the average analyst estimate of 1.72 million, according to research firm FactSet StreetAccount.

The company said it expected to add 3.2 million to 3.6 million postpaid customers on a net basis in 2016, compared with its previous forecast of 2.4 million to 3.4 million.

T-Mobile’s 10.6 percent jump in quarterly revenue to $8.6 billion suggested its strategy to boost revenue was working. Analysts on average had expected revenue of $8.43 billion, according to Thomson Reuters I/B/E/S.

In comparison, market leader Verizon’s operating revenue rose just 0.6 percent to $32.17 billion.

AT&T is scheduled to report results later on Tuesday.

T-Mobile reported net income of $479 million, or 56 cents per share, for the first quarter, compared with a loss of $63 million, or 9 cents per share, a year earlier.

Source-http://www.thegurureview.net/mobile-category/t-mobile-revenue-up-continues-attracting-new-customers.html

“Microsoft has agreed to withdraw its regulatory complaints against Google, reflecting our changing legal priorities. We will continue to focus on competing vigorously for business and for customers,” a Microsoft spokesperson said in an email.

Google, in a separate email, said the companies would want to compete vigorously based on the merits of their products, not in “legal proceedings”.

The companies in September agreed to bury all patent infringement litigations against each other, settling 18 cases in the United States and Germany.

“… Following our patent agreement, we’ve now agreed to withdraw regulatory complaints against one another,” Google said on Friday.

Google’s rivals had reached out to U.S. regulators alleging that the Internet services company unfairly uses its Android system to win online advertising, people with knowledge of matter told Reuters last year.

The European Commission also accused Google last year of distorting internet search results to favor its shopping service, harming both rivals and consumers.

Source-http://www.thegurureview.net/aroundnet-category/google-microsoft-drop-regulatory-complaints-against-each-other.html

While we would have thought that there would be little choice between Oracle and Apple as evil software outfits, the fact that Apple uncharacteristically made Swift open source might make life a bit brighter for Google. At the moment Oracle is suing Google for silly money for its Java use in Android.

Swift was created as a replacement for Objective C, and is pretty easy-to-write. It was introduced at WWDC 2014, and has major support from IBM as well as a variety of major apps like Lyft, Pixelmator and Vimeo that have all rebuilt iOS apps with Swift.

But since Apple open sourced Swift, Google, Facebook and Uber have al said that they are interested in it. Taking Java out of Android is a big job. Google would also have to make its entire standard library Swift-ready, and support the language in APIs and SDKs. Some low-level Android APIs are C++, which Swift cannot bridge to. Higher level Java APIs would also have to be re-written.

Of course if it did all this, Apple might realize that its biggest rival was using its own software to club it to death. It might not be be so nice about allowing Swift out to play and eventually Google have to fork Swift and dump the Apple version. This would probably result in an anst-ridden moan album about how life is so unfair which makes a fortune while scoring passive agressive revenge on the dumpee.

Courtesy-Fud

The FCC voted 3-2 last week to approve a notice of proposed rule-making, or NPRM, the first step toward passing new regulations, over the objections of the commission’s two Republicans.

The rules, which will now be released for public comment, require ISPs to get opt-in permission from customers if they want to use their personal information for most reasons besides marketing their own products.

Republican Commissioners Ajit Pai and Michael O’Rielly complained that the regulations target Internet service providers but not social networks, video providers and other online services.

“Ironically, selectively burdening ISPs, who are nascent competitors in online advertising, confers a windfall on those who are already winning,” Pai said. “The FCC targets ISPs, and only ISPs, for regulation.”

The proposed rules could prohibit some existing practices, including offering premium services in exchange for targeted advertising, that consumers have already agreed to, O’Rielly added. “The agency knows best and must save consumers from their poor privacy choices,” he said.

But the commission’s three Democrats argued that regulations are important because ISPs have an incredible window into their customers’ lives.

ISPs can collect a “treasure trove” of information about a customer, including location, websites visited, and shopping habits, said Commissioner Mignon Clyburn. “I want the ability to determine when and how my ISP uses my personal information.”

Broadband customers would be able to opt out of data collection for marketing and other communications-related services. For all other purposes, including most sharing of personal data with third parties, broadband providers would be required to get customers’ explicit opt-in permission.

The proposal would also require ISPs to notify customers about data breaches, and to notify those directly affected by a breach within 10 days of its discovery.

Courtesy- http://www.thegurureview.net/aroundnet-category/fcc-votes-to-tighten-broadband-providers-privacy-rules.html