[Solved] How to Fix Drive is not accessible with the message “The volume does not contain a recognized file system”

This error message only occurs when you connect SD card, USB drive, memory card, external hard drive, SSD, or any other media storage even internal drive to PC and Windows pop-up the message:

You need to format the disk in drive H: before you can use it. Do you want to format it?

Error message “You need to format the disk in drive H: before you can use it. Do you want to format it?”
Error message “You need to format the disk in drive H: before you can use it. Do you want to format it?”

After clicking on the Cancel button, then Windows will pop-up another error message displaying

Drive H:\ is not accessible. The volume does not contain a recognized file system. Please make sure that all required file system drivers are loaded and that the volume is not corrupted.

And this is how this error “The volume does not contain a recognized file system” occurs in Windows 7/8/10 PC.

[Solved] How to Fix Drive is not accessible with the message "The volume does not contain a recognized file system"
[Solved] How to Fix Drive is not accessible with the message “The volume does not contain a recognized file system”
You can fix the error messages of external or USB drive “The Volume Does Not Contain A Recognized File System, Please make sure that all required file system drivers are loaded and that the volume is not corrupted” with the title “Location not available” by following proposed solutions. Before starting to execute the below solution, it is highly recommended that recover important data from the drive using Photo recovery software.
Continue reading “[Solved] How to Fix Drive is not accessible with the message “The volume does not contain a recognized file system””

10 Tenets of Effective SASE Solution to Secure Cloud-Enabled Organization

As cloud adoption grows, cloud-enabled organizations are experiencing an influx of new security requirements. On top of these demands, they still need to protect their cloud applications and give users secure cloud access.

10 Tenets of Effective SASE Solution to Secure Cloud-Enabled Organization
10 Tenets of Effective SASE Solution to Secure Cloud-Enabled Organization

As defined by Gartner, a “secure access service edge” (SASE) supports cloud-enabled organizations by combining networking and network security into a single cloud-delivered offering.

Delivered through a common framework, SASE provides consistent security and access to all types of cloud applications. Organizations can simplify management, get consistent visibility and maximize network protection across users, devices and applications, no matter their location.

This article guides you through the top 10 requirements to keep in mind as you look for an effective SASE offering. Among other things, you’ll learn about:

  • Zero Trust network access
  • Quality of service (QoS)
  • DNS security
  • Threat prevention

Read the article to learn how SASE and Prisma™ Access can help secure your cloud-enabled business.
Continue reading “10 Tenets of Effective SASE Solution to Secure Cloud-Enabled Organization”

Security Guide: Building Strong Foundation for Cybersecurity Program and Privacy Standards with ITAM

The journey into a regulated world is a daunting one. With high-profile data breaches on the rise and millions of consumers’ data exposed, organizations have a heightened responsibility to keep sensitive information secure.

This article shows users how IT asset management can help you navigate the changing threat landscape, strengthen your security posture and enhance your current security stack. Strengthen your security posture, enhance your security stack and reduce the time taken to gain complete visibility into your IT environment.

Takeaways:

  • What the cybersecurity standards are, and how they are valuable.
  • Why IT asset management is foundational to cybersecurity programs.
  • How to build a strong foundation for cybersecurity programs today.

Continue reading “Security Guide: Building Strong Foundation for Cybersecurity Program and Privacy Standards with ITAM”

Internet of Things News Headline Updated on 12 Feb 2020

The headline on 12 Feb 2020

MWC may be cancelled due to coronavirus fear. This month’s Mobile World Congress in Barcelona could be cancelled as big name exhibitors pull out due to fears over the coronavirus. Show organiser, the GSMA, is believed to be holding a meeting on Friday this week to decide the event’s fate. Source: The Verge > The world’s biggest phone show has been canceled due to coronavirus concerns

Arm increases on-device intelligence. AI technology from chip designer Arm is aiming to increase the amount of on-device intelligence for IoT applications. This it hopes will increase security as it reduces reliance on cloud and internet connections. Source: New AI Technology From Arm Delivers Unprecedented On-Device Intelligence for IoT

Telit partners Sternum for IoT cybersecurity. Telit is working with Israeli cyber-security company Sternum to provide real-time embedded protection for IoT devices. Source: ViaSatellite > Telit, Sternum Partner on Real-time Embedded Cyber Visibility

Telit partners Sternum for IoT cybersecurity.
Telit partners Sternum for IoT cybersecurity.

Sigfox IoT network proves itself in direct marketing. Sigfox has found that its IoT network could have benefits for direct marketing campaigns. Its UK operator WND collaborated with Ebi, a print and fulfilment specialist with expertise in interactive communications, to enable live communication over the public Sigfox network with potential customers in their homes. Source: Enterprise IoT Insights > Interactive marketing campaign delivered over Sigfox’s IoT network

Sigfox IoT network proves itself in direct marketing.
Sigfox IoT network proves itself in direct marketing.

US Cellular LTE-M running on 90% of cell sites. US Cellular has launched its LTE-M network on more than 90% of its cell sites across the USA, with plans to have them 100% covered in the second quarter of 2020. Source: RCRWirelessNews > US Cellular launches LTE-M network on 90% of cell sites to support IoT

US Cellular LTE-M running on 90% of cell sites
US Cellular LTE-M running on 90% of cell sites

1NCE and Ubirch put blockchain on SIM card. German companies 1NCE and Ubirch are implementing blockchain security technology on SIM cards. Source: G+D Mobile Security, Ubirch and 1NCE bring IoT security to mass production

1NCE and Ubirch put blockchain on SIM card
1NCE and Ubirch put blockchain on SIM card

Verizon certifies Sequans LTE-M modules. Verizon has launched Monarch Go and Monarch GPS, two Verizon-certified LTE-M products for companies looking to fast-track commercial deployments of wireless-IoT connected devices. The tech company is the first carrier to certify these Sequans all-in-one modem components. Source: telecompaper > Verizon certifies Monarch devices based on Sequans LTE-M module

AWS puts NimbeLink asset trackers on Marketplace. NimbeLink’s cellular-based asset trackers are available on the Amazon Web Services (AWS) Marketplace device catalogue. Source: IoT M2M Council > NimbeLink asset trackers on AWS Marketplace

AWS puts NimbeLink asset trackers on Marketplace
AWS puts NimbeLink asset trackers on Marketplace

Kinéis raises €100m to finance IoT nanosatellites. French space start-up Kinéis has raises €100m to finance a constellation of nanosatellites dedicated to the IoT. Source: Advanced Television > Kinéis raises €100m for IoT

Omni-ID launches Bluetooth LE and LoRa devices. RFID tag specialist Omni-ID has launched a range of, Bluetooth Low Energy (BLE) and LoRa-enabled devices. The Sense range of RFID devices uses sensors to transmit situational and status data over BLE, GPS, and open standard LPWAN communication protocols. Source: RFID Journal > Omni-ID Offers New Product Family With BLE, LoRaWAN

Omni-ID launches Bluetooth LE and LoRa devices
Omni-ID launches Bluetooth LE and LoRa devices

The headline on 06 Feb 2020

TrapX spots malware on IoT devices running Windows 7. Microsoft is putting workers at risk by stopping releasing security patches for Windows 7, according to TrapX Security, which has identified a malware campaign targeting IoT devices running Windows 7 at manufacturing sites. Source: TrapX Security Identifies New Malware Campaign Targeting IoT Devices Embedded With Windows 7 at Manufacturing Sites

Libelium evolves to become IoT systems integrator. Libelium is integrating customised IoT projects and consulting services into its business model. The Spanish company says it is evolving from a hardware manufacturer business with the aim of becoming a system integrator. Source: Libelium integrates customized IoT projects and consulting services into business model

Sara Brown elected chairman of IMC. Sara Brown from MultiTech is the new chairman of the IoT M2M Council (IMC) following the trade body’s annual general meeting at last month’s Consumer Electronics Show in Las Vegas. Kim Bybjerg of Tata Communications was elected as vice chairman. Source: IoTnow > IMC Governors elect Brown and Bybjerg as new chair and vice chair

AttoCore adds IoT support to mobile network software. AttoCore, a developer of 4G and 5G mobile core network software, has enhanced its flagship AttoEPC enhanced packet core to add support for the IoT. Source: realwire > AttoCore Announces IoT Support

AttoCore adds IoT support to mobile network software.
AttoCore adds IoT support to mobile network software.

IoT malware attacks rise in 2019, says SonicWall. IoT malware is up year-on-year by 4.8% to 34.3 million attacks, including a Q3 jump of 33%, according to this year’s SonicWall Threat Report published this week. Overall, malware attacks fell by 6% to 9.9bn. Source: SonicWall > Cyber Threat Intelligence – Cyber Security Report

IoT malware attacks rise in 2019, says SonicWall.
IoT malware attacks rise in 2019, says SonicWall.

Aptilo introduces IoT connectivity control service. Swedish mobile data software company Aptilo Networks has introduced the IoT CCS connectivity control service, delivered as a service for mobile operators that want to innovate in the IoT era. Source:
Aptilo Launches New Cellular IoT Connectivity Control Service

Advantech module targets machine vision and big data. Taiwanese embedded computer company Advantech has released a Q Seven module for AI, machine vision and big data processing and analytics in IoT applications. Source: Advantech Releases NXP i.MX8 QuadMax ROM-7720 Qseven Module for AI and Machine Vision Applications

Advantech module targets machine vision and big data.
Advantech module targets machine vision and big data.

Victoria trial tests IoT on Australian farms. Four regional areas are set to benefit from networks being funded by the Victorian government in Australia as part of its trial to test IoT technology on farms. The networks will cover approximately 600 farms and 5000 square kilometres. Source: IT Brief > NNNCo and Agriculture Vic to roll out rural IoT networks

DigiCert PKI tools help manage IoT devices. Utah-based DigiCert has announced two public key infrastructure (PKI) tools – IoT Device Manager and Enterprise PKI Manager. Both use a container-based, cloud-agnostic implementation that ensures fast and flexible on-premises, cloud and hybrid PKI deployments. Source: DigiCert Modernizes PKI with the Release of IoT Device Manager and Enterprise PKI Manager, New Offerings in DigiCert® ONE

[Solved] How to Fix The File “is Too Large for the Destination File System” Error When Copy or Move

Windows show the following error message when copy or move the large files from computer to a USB drive or external hard disk although there was sufficient free storage space on the destination disk drive:
The file is too large for the destination file system.

[Solved] How to Fix "The File is Too Large for the Destination File System" Error
[Solved] How to Fix “The File is Too Large for the Destination File System” Error
You get only to click the Cancel button to stop the operation.

This problem occurs when you try to copy or move a file larger than 2 GB and 4 GB to an external hard disk or USB flash drive which was formatted using FAT/FAT16 and FAT32 file system respectively due to the internal structure of file system limitations.

The most common cause of this sort of error message is making a conversion from NTFS file system, which is the default format for hard drives under any Windows going back to Windows XP, to a portable media like a USB stick that came pre-formatted from the factory with the FAT16 or FAT32 file system. Unfortunately, under those two file systems, the largest a single file can be is 2GB/4GB respectively, even if the media overall can store more data.

With large video files routinely exceeding those size limits, attempting to copy one from a hard drive to FAT-formatted media will cause this problem if the file is large enough. Solutions are to reformat the destination with NTFS, or to split the source file if possible so that it’s no larger than 2 (or 4GB) per chunk. Follow the various solution outlined in this article to fix this error message.
Continue reading “[Solved] How to Fix The File “is Too Large for the Destination File System” Error When Copy or Move”

Gaming News Headline Updated on 18 Feb 2020

The headline on 18 Feb 2020

melonDS switch port update featuring several improvements and fixes. Source: GBAtemp

Deep Silver and Nine Dots Studio announce the first DLC pack, The Soroboreans is due for Spring 2020.

King Lucas will release on Nintendo Switch (US & Europe) on February 21st.

Super Rare Games have announced partnership with Tomorrow Corporation to release World of Goo for the Nintendo Switch™. Pre-orders for the game open on February the 20th, exclusively at Super Rare Games for £29.99. Or get the Steelbook version for £47.99.

Everbyte has released the 3rd episode major content update for Duskwood, available for free and can be played in English, German, Portuguese or Russian.

Duskwood on Android
Duskwood on iOS

Portal Games brings to life the second expansion for Empires of the North: Roman Banners, includes two brand new Roman decks with fresh new game mechanics, as well as additional island cards, starts selling in retail on February 20th.

Lines XL – beautiful brain-teasing Numberlink puzzles coming to Nintendo Switch on February 20, 2020.

The headline on 17 Feb 2020

TextReaderOverlay-NX: A Text Reader Tesla Overlay for the Nintendo Switch that lets you view text files on top of any foreground application. Source: GitHub > diwo / TextReaderOverlay-NX

TextReaderOverlay-NX: A Text Reader Tesla Overlay
TextReaderOverlay-NX: A Text Reader Tesla Overlay

The headline on 14 Feb 2020

KOEI TECMO America and Omega Force released WARRIORS OROCHI 4 Ultimate on the PlayStation®4 Computer Entertainment System, the Nintendo Switch™, the Xbox One family of devices including the Xbox One X, and digitally on Windows PC via Steam®.

SEGA Games Co., Ltd is proud to announce that Sonic at the Olympic Games – Tokyo 2020™ the official mobile game of the Olympic Games will be coming to Android and iOS on May 7, 2020.

PQube and Fiction Factory Games announce the console release date for Arcade Spirits will be available for Nintendo Switch, PlayStation 4 and Xbox One digitally on May 1st, 2020.

The National Videogame Museum (NVM) in Sheffield is proud to announce that they will be holding a very exclusive event that sees the eminent Nintendo engineer, Masayuki Uemura, to Sheffield, discussing his legendary 32-year career as Nintendo’s hardware designer, where he spearheaded the creation of the NES and the SNES. Tickets for the event with Masaykui Uemura here.

The headline on 12 Feb 2020

TX announces testing phase for SX CORE and SX LITE mods, 300 pre-production units are going out to testers that apply to Team-Xecuter with their modding skills! Source: GBAtemp > TX announces testing phase for SX CORE and SX LITE mods

The headline on 11 Feb 2020

Tilting Point and Edgeworks Entertainment have launched TerraGenesis, featuring real data and science from NASA.
TerraGenesis for PC
TerraGenesis on App Store
TerraGenesis on Google Play stores

One Finger Death Punch 2 Journeys to Xbox One, Nintendo Switch, and GOG on February 26. One Finger Death Punch 2 is currently available on Steam, Humble Store, and Kartridge.

Super.com, in cooperation with Navel to confirm that Tilt Pack is out today exclusively for the Nintendo Switch™ platform.

Zen Studios announces Operencia: The Stolen Sun expanding to PlayStation 4, Nintendo Switch, Steam and GOG.com next month on March 31st.

Pearl Abyss announced that Shadow Arena will be available to play through a closed beta test from February 27 to March 8. Shadow Arena will be released in the first half of 2020 for PC first and console later.

Europe eShop sale announced starting Thursday at 3pm; Fire Emblem: Three Houses and Super Mario Maker 2 are 33% off.

NS-USBloader v2.0: Now with RCM payload tool and split/merge files functionality.

Changelog:

  • UI updated: colors, tabs, drag-n-drop functions etc
  • Added tool for splitting files
  • Added tool for merging split-files
  • Added ‘Fusée Gelée’ RCM payload tool for:
  • Windows (I tested it on Windows 7 64-bit)
  • MacOS (not tested)
  • Linux (I tested on amd64)
  • FreeBSD (not tested)

For all three platforms only x86 and x86_64 (amd64) architectures supported. Download NS-USBloader

The headline on 10 Feb 2020

Remnant: From the Ashes Boxed version releases on March 17, 2020 for PC, PlayStation®4 and Xbox One at USD/EUR 39.99

Project Starship will be available digitally this week for Nintendo Switch, Xbox One & PS4, worldwide for just US$4.99/€4.99.

Veteran ex-Sony and Lionhead developer Robert Tatnell goes solo with the first project: Hokko Life, a creativity-filled community sim game that invites players to escape the hustle-bustle and relax in their new home of Hokko, coming soon to Steam!

Paper Cult announced that Bloodroots will be available on digital store shelves on February 28 on PlayStation 4, Nintendo Switch and the Epic Games Store for $19.99 USD / €15.99 / £15.99, currently available for pre-order on the Epic Games Store with a 10% off limited time discount.

Qube and CooCooSqueaky announced to release Tears of Avia for PC on Steam and Xbox One.

sys-clk-Overlay v1 released! Source: GitHub > Sun-Research-University / sys-clk-Overlay

The headline on 09 Feb 2020

SysDVR V3 with RTSP server released: no more desync and live streaming support! Source: GitHub > exelix11 / SysDVR Version 3.0

The headline on 07 Feb 2020

Free League Publishing today launched the Free League Workshop – the official community content program for Free League tabletop roleplaying games, in collaboration with OneBookShelf.

Games Revolted announced that Phageborn launches on Steam Early Access. Featuring unique features specifically created for online card game fanatics, such as a dual resource system, a twin lane battleground and a 2v2 multiplayer mode, Phageborn challenges players to create high-level strategies to reign supreme. Start playing Phageborn today in Early Access for 10% off of the standard price of $14.99, €12.49, £11.39. Additionally, join the Issilith battlefield today for the chance to win €10,000 in the Phageborn Early Access tournament.

Strategy publisher Kalypso Media and developer Palindrome Interactive have today released their new strategy IP Immortal Realms: Vampire Wars on Xbox One in Game Preview.

Square Enix Collective announces that The Turing Test™ has now launched for Nintendo Switch™, players can now experience this challenging puzzler game at home or on-the-go. The Turing Test is available on:

Steam for £14.99/$19.99/€19.99
Xbox One™ for £15.99*/$19.99/€19.99
PlayStation 4™ for £15.99*/$19.99/€19.99.
Nintendo Switch™ for £15.99*/$19.99/€19.99 with 10% off for two weeks (ends February 21).

A Main Assembly beta will be live from 2pm GMT on February 14th and will finish at 2pm GMT on February 28th! Visiting the official site for Beta signups, with keys distributed on the 14th and 21st February. Main Assembly will then launch into Steam Early Access on 16th April.

The Outer Worlds on Nintendo Switch will be delayed due to the coronavirus.

The headline on 04 Feb 2020

Team17 announced Moving Out is releasing April 28th 2020 on Xbox One, PlayStation 4, Nintendo SwitchTM, and PC (Wishlist now on Steam). Moving Out sees players relocating furnishings in increasingly bizarre locations in a fast-paced furniture moving simulator that brings new meaning to ‘couch co-op’.

Resort Boss: Golf final content update arrives, with a brand new campaign mode, Steam Workshop support, expanded scenario modes, and over 100 bug fixes/tweaks.

Assetto Corsa Competizione featuring the official GT World Challenge License, is ready to deploy the Intercontinental GT Pack, available for £12.49 on Steam.

Assetto Corsa Competizione – Intercontinental GT Pack on Steam introduces four iconic international circuits from four different continents:

  • Kyalami Grand Prix Circuit (South Africa)
  • Suzuka Circuit (Japan)
  • Weathertech ®️ Raceway Laguna Seca (United States)
  • Mount Panorama Circuit (New South Wales)

New 1.3 patch which will update the whole game, improving several aspects in order to grant the best game experience to all Assetto Corsa Competizione users.

SQUARE ENIX® announced that Life is Strange™ 2 is now available at retailers in the Americas. Players can pick up the Standard or Collector’s Edition, both of which will include the complete season of Life is Strange 2.

Blackened artpunk RPG MÖRK BORG gets its worldwide release on February 25 by Free League Publishing. MÖRK BORG is already available to pre-order in the Free League webshop, and will be available in select retail stores from February 25.

Information and Cyber Security News Headline Updated on 15 Feb 2020

The headline on 15 Feb 2020

GAO Report Enumerates Census Bureau Security Concerns. A Government Accountability Office (GAO) report on the Census Bureau’s preparedness found that the bureau is lagging on some of its goals, including IT system implementation and cybersecurity issues. The report says that the bureau has not met its goal of ensuring that its self-response site can support up to 600,000 users at a time. GAO also notes that the bureau needs to fix cybersecurity issues “in a timely manner,” implement DHS recommendations, and ensure that the privacy of those responding is protected.

Read more in:

Microsoft’s February Updates Include Fix for Zero-day Flaw in Internet Explorer. Microsoft’s monthly security updates include fixes for 99 vulnerabilities in multiple products. Twelve of the flaws are rated critical; of those, one, a remote code execution vulnerability in Internet Explorer, is being actively exploited. Microsoft disclosed the IE vulnerability in January but a patch had not been available until earlier this week.

Read more in:

Adobe February Updates. Adobe’s security updates for February include fixes for 42 vulnerabilities in multiple products. The updates address 21 critical issues in Framemaker and 12 critical flaws in Reader and Acrobat. The updates also fix critical flaws in Flash Player and Experience Manager.

Note:

  • Hey, Adobe and McAfee – it has been at least 8 years since Adobe patches started trying to trick users into installing McAfee software. That practice continues to make both companies look cheap and sleazy – imagine if Ford said, “Every time a Ford car has a defect that requires a recall, we will try to trick you into turning on a satellite radio service.” Is whatever revenue flows on this deal really worth it???
  • Remember the Flash Player EOL date is 12/31/20, so we’re not yet done patching it. The Adobe Creative Cloud application keeps that suite of applications updated, augmenting the enterprise capabilities. Even so, scanning to make sure they are applied is prudent.
  • Tens last month, tens this month, likely tens next month. How deep must the reservoirs be?

Read more in:

US and German Intel Agencies Owned Controlling Stake in Swiss Encryption Device Maker. According to reports in the US, German, and Swiss press, between 1970 and 1993, the US and West German intelligence agencies were secret majority owners of Crypto AG, a Swiss company that made encryption devices. The reports say that the agencies were able to control aspects of Crypto AG’s business, including manipulating algorithms used in the company’s devices so that the agencies could easily decrypt foreign adversaries’ communications. Crypto AG customers included more than 130 national governments. Germany withdrew from the arrangement in 1993; US intelligence bought its stake and remained in control until it sold off Crypto AG’s assets in 2018. The controlling partnership was shielded behind a trust company in Liechtenstein. Bruce Schneier points out that while the story itself is not news, “what is new is the formerly classified documents describing the details” of how the agencies were able to exploit their access to supposedly encrypted information.

Note: As the article points out, this was no longer a secret by the early 1990s, but Crypto AG products were still used by many who weren’t paying attention to relatively low visibility reports. Today, every piece of software used by businesses (especially mobile applications) is a potential “Crypto AG” scenario. Supply chain security has to focus on risk assessment and testing of products and services in use, not just country of origin.

Read more in:

US Justice Department Charges Huawei with Racketeering and Conspiracy. The US Department of Justice (DoJ) has returned a superseding indictment, charging China’s Huawei Technologies with racketeering and conspiracy to steal trade secrets. The defendants named in the indictment include Huawei and four subsidiaries. The indictment includes examples of Huawei’s alleged theft of intellectual property from US companies

Note:

  • Like the Crypto AG item, this is also another “old news” item. Back in 2003 Cisco went public with intellectual property theft claims against Huawei and later settled a lawsuit. Trade wars between countries raise the press visibility of these issues, but the supply chain risk doesn’t change – accurate assessments and monitoring are needed.
  • In his recent book, Hamilton, the author Ron Chernow noted that the US became an industrial power, in part, by stealing intellectual property and suborning talent from England. While free trade is the preferred way to redress inequities among nations, theft of IP is to be preferred to armed conflict.

Read more in:

Mozilla Updates. Mozilla has released updated versions of Firefox, Firefox ESR, and Thunderbird. Firefox 73 includes fixes for six vulnerabilities; Firefox ESR 68.5 includes fixes for five vulnerabilities; and Thunderbird 68.5 includes fixes for four vulnerabilities.

Note: Your enterprise may already be pushing out these updates. If not, leverage slipstreaming them in with the February Microsoft and Adobe updates you’re already deploying.

Read more in:

Fix Available for Critical Flaw in GDPR Cookie Consent WordPress Plugin. The developers of the GDPR Cookie Consent plugin for WordPress have released an updated version to address a critical flaw. The vulnerability could be exploited to alter website content or to inject malicious JavaScript code. As its name suggests, the plugin is designed to help websites comply with the EU’s General Data Protection Regulation (GDPR); the plugin is estimated to be in use on more than 700,000 websites.

Note: While your WordPress site will detect out-of-date plugins, updating them automatically requires additional software or a plugin. If you’re manually checking and updating, put a reminder on your calendar; don’t wait to find out you have a problem the hard way.

Read more in:

Malicious Extensions Pulled from Google Chrome Store. Google has pulled more than 500 malicious extensions from its Web Store. The extensions redirected users to potentially malicious sites and harvested users’ personal information.

Note: If you have one of these extensions installed, it will be automatically be disabled and marked as malicious. Extensions so marked should be uninstalled.

Read more in:

MIT Researchers Detail Mobile Voting App’s Flaws. In a paper released earlier this week, researchers from the Massachusetts Institute of Technology (MIT) say that the Voatz mobile voting app, which has been used in several US states to allow voters overseas to cast their ballots, contains worrisome security shortcomings. The flaws could be exploited to see data being transmitted from the app, alter users’ votes, and to impersonate a user’s mobile phone. In addition, Voatz does not use blockchain to secure votes in the way its makers say it does. Voatz responded to the papers findings, noting in a blog post that the researchers based their conclusions on an outdated version of the app and that the researchers did not connect to the Voatz servers.

Read more in:

xHelper Android Malware is Vexingly Persistent. Android malware known as xHelper reinfects devices even after factory resets. The malware dropper Trojan was first noticed last spring. Theories that the reinfections came from pre-installed malware or from the Google Play store were disproven. Researchers at Malwarebytes, along with a savvy Android user, discovered that the reinfection came from folders that were not removed even after a factory reset. Malwarebytes has instructions for removing the folders.

Note:

  • In short, the malware dropper hangs out in hidden directories that are not removed during a factory wipe and leverages Google PLAY to reinstall itself. The Malwarebytes article has steps for finding and removing the files. As the dropper uninstalls itself after setting up the processes for installing the malware, your MDM is unlikely to detect it.
  • It seems unlikely that most, or even many, Android users will even know about xHelper, much less do anything about it. One accepts that geeks can manage the security of Android devices. One should not give them to children, the elderly, or the otherwise naive.

Read more in:

Car Mobile Apps Not Always Reset After Vehicles Are Rented or Resold. A man who leased a car from Ford between 2013 and 2016 discovered that he still had access to the vehicle’s controls through the mobile app more than three years later. Another man has twice rented cars and found that he could still access the controls for the vehicles months after he had retuned them.

Note:

  • The same is true for many of those smart TVs in hotels, but especially in Airbnbs and other consumer grade lodging that employees and executives might be using on travel. Good to use this item as an updated warning in awareness campaigns.
  • When selling or turning in your personal vehicle, it is prudent to factory reset the mobile apps, including any phonebook information which has been downloaded. When purchasing a vehicle, make sure you are the only one with access to the online management features, which may require dealer support to verify. Current Rental Car agreements also advise consumers to reset the information prior to turning in the vehicle. In any cases, it’s prudent to make sure the vehicle doesn’t contain prior data before connecting your devices.

Read more in:

Mobile World Congress Tech Show Cancelled Over Coronavirus Worries. The Mobile World Conference tech show, which was scheduled to be held February 24-27 in Barcelona, Spain, has been cancelled due to concerns about the coronavirus. The decision to cancel the conference was made after a number of high-profile vendors announced they would not attend.

Read more in:

Ransomware Targets Texas City and School District. A city and school district in Texas have been hit with ransomware. Computers belonging to the city of Garrison became infected on February 10; Garrison’s mayor says the city has recovered from the attack and is operating as usual as of February 13. Computers at the Nacogdoches Independent School District became infected on February 11; the district is still working to recover access to its data. The city and the school district are about 20 miles apart and do not share a computer system. Officials are investigating whether the two attacks are related.

Read more in: Texas attack: Garrison, Nacogdoches schools hit with ransomware

Florida County Election System Infected with Ransomware in 2016. Palm Beach County (Florida) election supervisor Wendy Sartory Link said that computers at the the county’s election office became infected with ransomware shortly before the 2016 US general election. Link, who became election supervisor in January 2019, learned of the incident during a conversation with the office’s acting IT director.

Read more in:

North Miami Beach Police Systems Hit with Ransomware. Hackers have targeted computers belonging to the North Miami Beach (Florida) Police Department with ransomware. The police department’s IT staff shut down affected machines to curtail the malware’s spread and have alerted the FBI and the Secret Service.

Note: Remember that, while the decision as to how to deal with a “ransomware” attack is a business decision, ensuring that the decision is made prior to the attack is a responsibility of security staff.

Read more in:

The headline on 11 Feb 2020

GAO Report Finds CISA’s Election Security Strategy Has Not Been Finalized. In January 2017, the US Department of Homeland Security (DHS) designated state and local election infrastructure used in federal elections as a component of the country’s overall critical infrastructure. The designation allows DHS to provide state and local election officials with help to protect assets, which include voter registration databases and voting equipment. A report from the Government Accountability Office (GAO) found that DHS’s Cybersecurity and Infrastructure Security Agency (CISA) “has not yet completed its strategic and operations plans to help state and local officials safeguard the 2020 elections or documented how it will address prior challenges.” The report urges CISA to finalize its strategic plan.

Note:

  • While not the end of the world, there is no time for local agencies to implement strategic measures prior to the election. CISA needs to quickly publish prioritized tactical guidance that can be implemented through the rest of this election year.
  • This is not that damning a report, but with the primaries underway and the Presidential election less than 9 months away, I’d say no more time for strategic plans: the focus should be on prioritizing which fires to put out first.

Read more in:

State Election Officials More Accepting of Federal Help. US State election officials are more willing to accept help from the Department of Homeland Security’s (DHS’s) Cybersecurity and Infrastructure Security Agency (CISA) than they were in the past. Officials were initially resistant to having their election systems designated as critical infrastructure, but have come to see that information and support provided by CISA can help them proactively secure their election infrastructure. CISA director Christopher Krebs said that two conference calls in January regarding potential cyberthreats from Iranian hackers had 1,700 and 5,900 dial-ins, respectively.

Read more in: Once wary of feds, state election leaders now welcome help

Maryland Jurisdictions Will Not Use Problematic Reporting Network in Upcoming Elections. During a special district primary in Maryland last week, a network designed to send voter information to state officials was shut down because it was causing delays at polling places. Elections officials say they will not require jurisdictions to use the network in the upcoming primary election in April or in the November general election.

Read more in:

Iowa Caucus Reporting App Security Examined. Pro Publica asked security firm Veracode to review code in the caucus tally reporting app used in Iowa last week. The company found security issues it deemed “elementary.” The flaws could be exploited to intercept and alter data, including passwords and vote tallies.

Note: The app vendor’s CEO says the reporting app “…underwent multiple, rigorous tests by a third party” but Veracode says the flaws they found were “elementary.” The standard advice for mission-sensitive software requires the vendor to show evidence of third-party testing of the software – important to have full transparency about the qualifications of who did the testing.

Read more in: The Iowa Caucuses App Had Another Problem: It Could Have Been Hacked

Chrome Will Block Unsecure Downloads. Over the course of 2020, Google’s Chrome browser will block all HTTP downloads started on HTTPS pages, also known as mixed content. Chrome 81, scheduled for release in March 2020, will print console warnings about mixed content. Over the following months, in Chrome 82 through Chrome 85, the browser will warn about and then block mixed content downloads of executables, archives, disk images, images, audio, video, and text. Chrome, 86, scheduled for release in October 2020, will block all mixed content downloads.

Note:

  • When we first started using HTTPS, the overhead was such that we limited it to secure operations only. Now current software and hardware make the overhead negligible and all content should be delivered over secure connections.
  • Google has a lot of resources, and applying them to make the Chrome browser more restrictive on unsecure downloads is a good thing. However, I’d really like to see more Google posts about improvements in pre-release security and privacy testing of apps in Google Play. Google’s Vulnerability Reward Program bug bounty payouts almost doubled from 2018 to 2019, which is kind of like a restaurant saying, “Our volunteer food testers removed twice as many glass shards from our food!” Google’s Play Protect was ranked at or the near the bottom of malware detection by AV-TEST in 2019 – it would be good to see many fewer glass shards in published apps.

Read more in:

Firefox Will Take Step Toward Blocking TLS 1.0 and 1.1. Starting in March 2020, Firefox users will need to intentionally allow connections to websites using TLS 1.0 or 1.1. When users attempt to connect to websites that support only lower versions of TLS, they will see a “Secure Connection Failed” message that offers an option to override and continue to the site.

Note: Browsers negotiate to the highest common denominator which can mask the presence of less secure connection options. Make sure you’re regularly scanning the encryption settings on your web servers to ensure older, less secure connections are disabled, or monitored and documented where enabled. Monitoring may show the need to support older less secure operating systems and browsers may not be as significant as thought, or worth the risk.

Read more in:

Google’s February Android Updates Include Fix for Critical Bluetooth Vulnerability. Google has published its February security updates for Android. In all, the updates address 25 security issues. One of the flaws addressed in the updates is a critical vulnerability affecting Bluetooth in Android Oreo (8.0 and 8.1) and Pie (9.0) that could be exploited to allow remote code execution with no user interaction. The issue is also present Android 10, but the effects are somewhat less severe: exploitation could crash vulnerable devices, but would not allow code execution.

Note: One trusts geeks to be able to operate Android safely, even with late availability of patches. It is important to keep Android out of the hands of children, the elderly, and the otherwise naive.

Read more in:

New Emotet Variant Can Spread Through Wi-Fi Networks. A recently-detected variant of Emotet malware has the ability to spread from infected devices to nearby unsecured Wi-Fi networks. From there, it can attempt to infect connected devices. When Emotet first appeared more than five years ago, it was a banking Trojan. Over the years, it has gained the ability to install a variety of malware on infected devices.

Note: The Japanese CERT, JP-CERT, has a great write up on this malware at www.jpcert.or.jp: [Updated] Alert Regarding Emotet Malware Infection, and they have also released a tool to check for Emotet called EmoCheck; it can be downloaded from the JP-CERT GIT Repository: github.com: JPCERTCC / EmoCheck

Read more in:

US DOJ Announces Charges Against Alleged Chinese Hackers in Equifax Case. A US federal grand jury has returned an indictment charging four members of China’s People’s Liberation Army (PLA) with breaking into Equifax computer systems and stealing data. The breach occurred in 2017 and compromised personal data belonging to nearly 150 million US citizens.

Read more in:

Minebridge Backdoor Used in Attacks Against Financial Sector Firms. A report from FireEye says that since the beginning of 2020, phishing campaigns attempting to spread the Minebridge backdoor have been targeting organizations in the financial sector. The messages contain malicious attachments; if they are opened, macros attempt to install Minebridge. If it is successfully installed on a system, Minebridge can be used to deliver additional malware.

Read more in:

Abandoned Driver Code Lets Hackers Disarm Security Software. Ransomware actors are exploiting a known but unpatched vulnerability in an old and no longer supported Gigabyte motherboard driver to take control of Windows computers and disable security software. The attackers load a driver of their own that kills processes and files related to security products and allows the ransomware to encrypt data without being detected or thwarted.

Read more in:

Rockdale County, GA Ransomware Attack Affects Water Department. Rockdale County, Georgia, is recovering from a ransomware attack that hit its municipal computer systems. County officials have shut down nine servers to contain the infection. The attack has affected the county’s water department and water billing services. Rockdale County was also the target of a ransomware attack in 2017; the county was able to decrypt infected servers at that time.

Read more in: Metro county shuts down 9 servers after ransomware attack on water department

Having Backups May Not Be Sufficient for Ransomware Recovery. While victims of ransomware attacks have successfully restored systems from backups, the ransomware threat landscape is changing. Some attackers now steal data before files are encrypted and upload them if the victims refuse to pay the ransom.

Note:

  • Good isolated differential backups remain necessary for recovery. The tactics have changed to add exfiltration to the attack and has been seen with Maze, Sodinokbi and Chimera. Some mitigation can come through the use of DLP solutions. The consequences of publishing need to be added to the ransom payment decision process, along with an assessment of likely of future payment demands.
  • If your system is compromised, it is compromised. “Ransomware” is only a way to exploit that. These attacks will continue until the cost of attack exceeds the value of success and the risk of punishment goes up. Only the cost of attack and value of success are in our hands. We must increase the cost of attack roughly ten fold in 2020. Strong authentication, least privilege access control, restrictive policy, end-to-end application layer encryption, and mean time to detection of breaches in hours to days. We must ensure the survivability of our data and its timely recovery. Get on with what we can do.

Read more in: Why you can’t bank on backups to fight ransomware anymore

The headline on 07 Feb 2020

Coronavirus Cybersecurity Preparedness. The recent Coronavirus (2019-nCoV) outbreak has brought the topic of an epidemic or pandemic impacting businesses from the hypothetical to the possible. With 25,000 infections and counting, it would be a good time to consider the business and cyber impacts of an illness such as this. The primary risks fall into two categories: (1) fraud and other ways criminals take advantage of situations like this, such as fake donation sites, malware and fake news, and (2) business continuity preparedness measures such as remote access capacity review, understanding limitations of biometric authentication, supply chain considerations, emergency communication plan, and plans for business shutdown if appropriate.
Read more in the SANS ISC diary: isc.sans.edu: Network Security Perspective on Coronavirus Preparedness

Note:

  • Fraud and malware related to the Coronavirus is currently seen in Asia. Catastrophic events tend to be used for fraud as news focuses on them and in the US, impeachment and primaries have dominated the news. Expect more virus-related fraud as news media pay more attention to it. And please let us know if you see anything via our contact form: isc.sans.edu/contact.html
  • The Coronavirus introduces an illness which does not yet have a cure, and is resulting in, sometimes unexpected, quarantine and other restrictions which can have a direct business impact. Johannes Ullrich does an excellent job of summarizing things to consider and revisit in your DR plans in the ISC diary entry.

Additional Resources:
Business Pandemic Influenza Planning Checklist (PDF)
Public Health England Response Plan: Pandemic Influenza Response Plan (PDF)

Iowa Caucus Reporting App Problems. A buggy mobile app that was created for Iowa’s Democratic presidential caucuses did not work as hoped. Some precinct leaders had trouble downloading and installing the app, which was designed to let Iowa’s precincts report caucus tallies. The app appears to have recorded the data correctly, but reported only partial counts due to coding problem in the reporting function. Nevada State Democratic party says it will not use the app in its upcoming caucuses. (Please note that the WSJ story is behind a paywall.)

Note:

  • Think of the Iowa caucus primary as that troublesome business unit in your company that is considered a key performer by management and is allowed to do everything just a little bit differently than all the other business units. The security approach here was “rather than make sure this new app is thoroughly tested, we will only release it to the users at the last minute – that way hackers won’t have time to hack it if there are vulnerabilities.” Not only is that always a bad approach to security, it is absolutely the worst approach to take with that business unit that never follows all the policies and procedures everyone else does. This one will make a very good Harvard Business Review case study – next time a business unit is pressuring to subvert the time require to thoroughly test new stuff, just tell management “We will be at risk of an Iowa caucus implosion….”
  • The issues underscore the need for usability and load testing before a wide scale deployment. The plan for the caucus included backup measures, including a number to call as a backup; unfortunately, the number was released widely and was overwhelmed, creating an intentional denial of service.
  • Testing the app was necessary but not sufficient. The deployment of applications must be end-to-end and must include the training and participation of the end users.
  • Another connection between cybersecurity and the Iowa Caucus App is that many Americans, including very senior government policy makers and politicians, perceive the Iowa App debacle as a cybersecurity-related problem or at least something that cybersecurity people should have anticipated and solved. At the same time many software development organizations consider 5 to 15 minute cybersecurity awareness training as sufficient for their software development people.

Read more in:
Election tech was supposed to clean up the Iowa caucus — instead, it may have killed it
The Iowa Caucus Tech Meltdown Is a Warning
Iowa’s Tally-by-App Experiment Fails (paywall)

Fixes Available for Five Flaws in Cisco Discovery Protocol. Cisco has released fixes for five flaws in the Cisco Discovery Protocol (CDP) that could be exploited to execute code remotely or cause denial-of-service conditions. CPD is enabled by default in most Cisco products, which means there are millions of vulnerable devices that need patching.

Note:

  • This is not the first CDP vulnerability; as such. the best mitigation is to disable it explicitly. A notable concern is the flaws can be used to access other VLANS, possibly allowing access to sensitive traffic such as VoIP or ICS.
  • Cisco has joined Adobe and Microsoft among the infrastructure software providers with routine patches.

Read more in:
Cisco Flaws Put Millions of Workplace Devices at Risk
Critical Cisco ‘CDPwn’ Protocol Flaws Explained: Podcast
Cisco Patches Critical CDP Flaws Affecting Millions of Devices
Cisco Fixes CDP Flaws in Routers, Switches
Five high-level flaws patched in Cisco Discovery Protocol

FBI: DDoS Attack Targeted Voter Registration Website. The FBI issued a Private Industry Notification warning of “a state-level voter registration and voter information website received anomalous Domain Name System (DNS) server requests consistent with a Pseudo Random Subdomain (PRSD) attack.” The website was not adversely affected by the attack because it had established rate-limiting on its DNS servers.

Note: Some attention has been paid to the security of voting equipment, but very little paid to the complex “supply chain,” from registration to voting to tallying to announcing results, etc. The business equivalent is the ordering app being very secure and having DDoS protection but the user sign-up app being vulnerable.

Read more in:
FBI warns of DDoS attack on state-level voter registration website
FBI Warns of DDoS Attack on State Voter Registration Site

Critical RCE Flaw in OpenSMTPD Patched. A critical flaw in OpenSMTPD version 6.6 could be exploited to allow remote code execution. The vulnerability is due to improperly sanitized user input that could allow local attackers to gain elevated privileges. Users are being urged to upgrade to OpenSMTPD version 6.6.2p1.

Note:

  • This is a “must patch now” vulnerability (emergency priority) for anybody using OpenBSD with OpenSMTPD. OpenSMTPD is not very popular, and as far as I can tell used only on OpenBSD systems. But OpenBSD, due to its reputation as a secure operating system, is often used for critical systems like security devices and firewalls. The vulnerability is trivial to exploit, and likely already exploited.
  • Exploitation of this flaw harkens back to the Morris Worm. A properly crafted message can be sent which causes the message body to be executed with the privileges of the SMTP daemon. Vulnerable daemons can be detected by vulnerability scanners, the best mitigation is to apply the update.
  • The modern “stack” makes it difficult to fully vet input at the application layer. It is essential that every layer also parse its input.

Read more in:
Critical flaw in OpenSMTPD found, patched
OpenSMTPD 6.6.2p1 portable release

Health Share of Oregon Medicaid Data Compromised. A laptop stolen from a third-party vendor has exposed data belonging to patients of Health Share of Oregon, a Medicaid coordinated care organization. The compromised information includes names, dates of birth, Social Security numbers (SSNs) and Medicaid ID numbers.

Note: It has always been dangerous to store sensitive data on portable devices. The speed and ubiquity of the modern “cloud” (storage, connectivity, and software) makes it not only unnecessary but reckless to do so.

Read more in:
Health Share of Oregon discloses data breach, theft of member PII
Health Share Oregon Announces Security Incident and Data Leak

Cryptomining Malware Found on DOD Network. A researcher participating in a US Department of Defense (DOD) bug bounty program found that a SOS-related server was being used as part of a cryptocurrency mining botnet. He found cryptocurrency mining malware on a DOD-related server. The initial bug report was made regarding a misconfigured Jenkins automation server that could be accessed without credentials. DOD fixed that problem, but when the researcher who made the report looked at his findings more closely, he determined that the server had been compromised before he detected the misconfiguration issue.

Note: It is easy to focus on a single issue and miss other indications of compromise, particularly with pressure to return services to operational status rapidly. Regular scanning and monitoring for indicators can provide a backup for when this happens.

Read more in: Bug hunter finds cryptocurrency-mining botnet on DOD network

NHS Missed Windows 10 Migration Target. The UK’s National Health Service (NHS) has about half a million computers that are still running Windows 7, despite the organization’s plan to migrate all computers to Windows 10 by January 14, 2020. Microsoft ended support for Windows 7 last month.

Read more in: Windows 10 migration struggles: 500,000 NHS computers are still running Windows 7

Coronavirus Concerns Prompt Companies to Pull Out of Tech Shows, Revise Sales Forecasts. LG has decided not to attend the Mobile World Congress (MWC) technology show in Barcelona due to concerns about coronavirus. ZTE has cancelled a planned press conference at the show, which opens on February 24, but still plans to host a booth. A Chinese company that manufacturers iPhones has cut its sales forecast due to the coronavirus outbreak.

Read more in: Coronavirus: LG pulls out of Mobile World Congress

Fondren Orthopedic Patient Data Compromised. A Texas orthopedic practice has started notifying its patients that a malware infection compromised their healthcare information. Fondren Orthopedic Group experienced a cybersecurity incident in November 2019. In a letter to its patients, Fondren said that the incident damaged medical records belonging to more than 34,000; some of the records are beyond recovery.

Read more in:
Malware Destroys Data of 30,000 Fondren Orthopedic Patients
Malware attacks destroy Fondren Orthopedic Group patient records
Notice of Data Incident

University of Maastricht Paid Ransom. The University of Maastricht in the Netherlands says that it paid a 30-bitcoin (US $292,000) ransom to regain access to its computer systems following a December 24, 2019 ransomware attack.

Read more in:
University of Maastricht Paid 30 Bitcoins to Ransomware Attackers
University of Maastricht says it paid hackers 200,000-euro ransom

Baton Rouge Vocational School Ransomware Attack. The computer system at ITI Technical College in Baton Rouge, Louisiana was hit with a ransomware attack in late January. The college’s vice president said that the school did not plan to pay the ransom. IT staff has isolated affected systems and bringing cleared elements back online gradually.

Read more in:
ITI Technical College latest victim of ransomware attacks
Cyberattack Disrupts Baton Rouge, La., College Ahead of Finals

NIST Draft Ransomware Guidelines. The US National Institute of Standards and Technology (NIST) has published two draft practice guidelines regarding ransomware. NIST is accepting public comments on Data Integrity: Identifying and Protecting Assets Against Ransomware and Other Destructive Events, and Data Integrity: Detecting and Responding to Ransomware and Other Destructive Events through February 26, 2020.

Note: The time allowed for public comment on NIST publications seems to be disproportionate to their size and importance. Few of us are sitting around with time on our hands just waiting to work full time for a month on their latest effort. We should admit that we are only giving lip-service to the idea of “public comment.”

Read more in:
NIST Drafts Guidelines for Coping With Ransomware
Data Integrity: Identifying and Protecting Assets Against Ransomware and Other Destructive Events
Data Integrity: Detecting and Responding to Ransomware and Other Destructive Events

The headline on 04 Feb 2020

Hackers are Hijacking Vulnerable Smart Building Access Systems to Launch DDoS Attacks. Attackers are hijacking vulnerable smart building access systems and using them to launch distributed denial-of-service (DDoS) attacks. There have been increased scanning for Nortek Security & Control (NSC) Linear eMerge E3 systems that are vulnerable to a known critical command injection flaw.

Note: Back in late 2013, SANS held an Internet of Things Security Summit where we pointed out smart building systems as the most likely future attack path for real business damage, vs. other attacks. The growth of commercial real estate being developed with wired and wireless networks built-in, and with elevator, HVAC systems on the network with remote access to all those systems means many companies are putting their internal systems onto building networks that are being run quite often at very low levels of security hygiene.

Read more in:
Linear eMerge E3 Access Controller Actively Being Exploited
Attackers Actively Targeting Flaw in Door-Access Controllers
Attackers Exploit Security Flaws in Smart Building Systems
Hackers are hijacking smart building access systems to launch DDoS attacks

Pentagon Releases Cybersecurity Maturity Model Certification Standard. The US Defense Department (DoD) has released the Cybersecurity Maturity Model Certification version 1.0. The framework describes the cybersecurity standards that DoD contractors must meet if they want to win contracts. CMMC will be applied to some contracts starting later this year; by 2026, all DoD contracts are expected to include CMMC.

Read more in:
Pentagon finalizes CMMC standard for contractors
DoD to Require Cybersecurity Certification From Defense Contractors
Pentagon issues long-awaited cyber framework for the Defense industry
Pentagon finalizes first set of cyber standards for contractors
Cybersecurity Maturity Model Certification (CMMC) (PDF)

EKANS Ransomware Also Kills ICS Processes. The ransomware known as EKANS not only encrypts data on infected systems, it also interrupts Industrial Control Systems (ICS) applications. Before encrypting data, EKANS kills 64 different ICS processes named in a static list. Some versions of MegaCortex ransomware target the same list of ICS processes.

Note: Given the frequency and success of “Ransomware” attacks, we must increase the cost of attack and improve our resilience in the face of such attacks. It is a myth that the advantage is always to the attacker. We can get a ten-fold increase in the cost of attack for a relatively small increase in one’s cost of security. Keep in mind that most of these victims are targets of opportunity. One does not have to “outrun the bear.”

Read more in:
EKANS Ransomware and ICS Operations
Mysterious New Ransomware Targets Industrial Control Systems
New ransomware doesn’t just encrypt data. It also meddles with critical infrastructure
EKANS Ransomware Raises Industrial-Control Worries

Maze Ransomware Hits French Construction Company. A French construction company was hit with Maze ransomware on January 30. Bouygues Construction has shut down its network to prevent the ransomware from encryption additional data. The operators of Maze ransomware have gained a reputation for stealing data from targeted organizations and uploading it if the victims do not pay the ransom.

Read more in:
Bouygues Construction Shuts Down Network to Thwart Maze Ransomware
Maze Ransomware Hits Law Firms and French Giant Bouygues

Tillamook County Will Negotiate with Hackers for Decryption Key. Tillamook (Oregon) County Commissioners have voted unanimously to negotiate with hackers for the decryption key to regain access to the county’s computer systems. Tillamook County systems were with ransomware on January 22, 2020.

Note:

  • This case illustrates the factors that have to be balanced: (1) The need for both public and private meetings to keep the public informed, including the appointment of communication officers and selection of communication means; (2) the complexity of a transition from old to new update information systems; (3) getting professional help where needed; and (4) keeping as much of business, as usual, operating smoothly while (5) informing the public of alternate mechanisms for offline components. The complexity shows why a verified thorough disaster recovery plan is so important.
  • It appears to be the consensus among the NewsBites editors that the decision to pay the ransom is a business, not security, decision. However, the failure to make this decision in advance of an attack is a security decision. There should be accountability.

Read more in:
Cyberattack: County to negotiate for ransomware key
US County’s Computers Still Down Nine Days After Ransomware Attack

The city of Racine, Wisconsin Hit with Ransomware. Computer systems belonging to the city of Racine, Wisconsin were infected with ransomware on January 31. As of February 3, the city’s website, email, and online payment systems were still down. The attack did not affect 911 and public safety systems. Tax collection systems are also operating as usual.

Read more in: Ransomware knocks city of Racine offline

TVEyes Target of Ransomware Attack. Broadcast media monitoring company TVEyes was hit with ransomware early on Thursday, January 30. The company’s CEO said on Friday, January 31 that they had restored servers from backups.

Note:

  • At last, a good news story relating to ransomware and evidence that reliable backups are an effective measure against ransomware.
  • Note that this may only be successful to the extent that one has addressed the vulnerabilities that led to the breach in the first place. We have seen reinfections.

Read more in:
Ransomware hits TV & radio news monitoring service TVEyes
Ransomware hits TV search engine popular among political campaigns

Prosecutors Drop Burglary Charges Against Coalfire Pentesters. Prosecutors in Iowa have dropped burglary charges against two people who broke into a county courthouse after hours as part of a penetration test. The two are employees of Coalfire labs, which had been hired by Iowa’s State Court Administration to test the security of its IT systems and its buildings. Gary DeMercurio and Justin Wynn were arrested in September 2019 and held for hours before being released on bail. The case illustrates the need for establishing pen-testing best practices.

Note:

  • This is awesome news. An important lesson from this case is that security contractors, and especially penetration testers, have the responsibility to educate their customers on all aspects of authorized permission including specific actions and timing and to ensure a common understanding so that they have the pen tester’s back when something goes awry.
  • The case illustrates the need for well documented and agreed terms of service.

Read more in:
KrebsOnSecurity: Iowa Prosecutors Drop Charges Against Men Hired to Test Their Security
Remember those infosec fellas who were cuffed while testing the physical security of a courthouse? The burglary charges have been dropped
Charges dropped against Coalfire security team who broke into the courthouse during the pen test
Exonerated: Charges dropped against pen-testers paid to break into Iowa courthouse

Australian Freight Company Suffers Cyberattack. Australian freight and logistics company Toll Group has shut down several of its IT systems to contain the damage from a cybersecurity incident. Toll customers have experienced problems tracking shipments. The company has not released details about the nature of the cyberattack.

Read more in:
Toll stops services after the security breach
‘Cybersecurity incident’ takes its Toll on the Aussie delivery giant as box-tracking boxen yanked offline
Cybersecurity Incident Mars Australian Freight Giant’s Operations

Six Arrested in Connection with Maltese Bank Cyberattack. The UK’s National Crime Agency (NCA) has arrested six people in connection with a cyberattack against Malta’s Bank of Valletta. The suspects allegedly gained access to the bank’s IT systems in February 2019 and made several large transfers totaling €13 million (the US $14.4 million). The Bank of Valletta said in May 2019 that it had recovered €10 million (the US $11.1 million) of the stolen funds.

Note: Prevention is easier than recovery. That said, early (within hours) reporting of fraudulent transfers to the FBI will greatly improve the chances of recovery. Do you know who to call?

Read more in:
UK Arrests Cyber-Thieves Who Stole Millions from Maltese Bank
A year after Bank of Valletta ‘cyber heist’, cuffs applied as the cash-cleansing case continues
Three suspects arrested in Maltese bank cyber-heist

Raytheon Engineer Arrested for Taking Laptop with Missile Data to China. US federal law enforcement agents have arrested a Raytheon engineer after he took a work laptop containing missile defense systems information to China. Wei Sun has worked at Raytheon since December 2008. In December 2018, Sun traveled abroad with his work laptop in defiance of Raytheon’s exhortations not to bring it on his travels. In January 2019, Sun emailed Raytheon and informed them he was resigning from his position so he could study and work abroad. Sun returned to the US later that month. He initially told Raytheon security officials that he had traveled to Singapore and the Philippines, but eventually admitted that he had traveled to China, Cambodia, and Hong Kong.

Note: Mechanisms to limit sensitive data exposure include specific laptops configured for foreign travel, DLP solutions that limit data storage and access, and location-aware device management which could be used to remotely wipe a device. Even so, the employee is the critical most challenging link in the security chain. In support of the human factor, appropriate consequences with visible actions may act as a deterrent.

Read more in:
Raytheon engineer arrested for taking US missile defense data to China
Missile Engineer Arrested After Taking Secret Info to China
First Superseding Indictment (PDF)

Hackers Insert Themselves in eMail Conversation, Steal Payment in Fine Art Sale. The ownership of a 200-year-old painting by British artist John Constable is in question after hackers infiltrated email conversations regarding payment for the artwork. A museum in the Netherlands had agreed to purchase the painting from a British art dealer for £2.4 million ($3.1 million). Hackers sent a spoofed message directing the museum to transfer the payment into a bank account they controlled. Each party blames the other: the museum maintains that the dealer should have known that spoofed messages were sent, while the dealer maintains that the museum should have verified the details of the bank transfer.

Note:

  • Non-routine payments must be verified out of the band before paying: “Pick up the telephone.” This the responsibility of the payer. Transfers should be confirmed out of the band; this is the responsibility of the paying agent (usually the bank.) The role of reconciling confirmations should be separate from that of authorizing payments in the first place.
  • This is a classic invoice/payment redirection scam, also known as Business Email Compromise. Technical controls such as DMARC, DKIM, and SPF, and also using effective email filtering solutions can help minimize the risk of this type of attack. However, as demonstrated by the blame game in this example, the human factor plays a significant part. Basic manual verification processes can often be the most effective prevention measures. Europol provides some excellent guides on how to protect against scams targeting employees www.europol.europa.eu: Infographic: Fraud Scams Targeting Employees

Read more in:
Hacker snoops on art sale and walks away with $3.1m, victims fight each other in court
Fraudsters Posing as Art Dealer Got Gallery to Pay Millions

NEC Acknowledges December 2016 Breach. Japan’s NEC Corp. has disclosed that its systems were breached in December 2016. The company did not detect the breach until June 2017, when it noticed encrypted traffic being sent from a company server. NEC decrypted the traffic in July 2018 and found that the attackers had exfiltrated data from the company’s defense business division.

Note: Mean time to detection (MTTD) of a breach needs to go from months in 2017 to days in 2020. Many companies that take cybersecurity seriously have or have nearly accomplished that goal. For others, it will never happen because they have not yet established MTTD as a key cybersecurity objective and thus they are not measuring it.

Read more in: Japanese company NEC confirms 2016 security breach

APT34 Targeting US Company Through Spear Phishing eMail. A hacker group with ties to Iran has been sending spear-phishing emails to customers and employees of a company that works with US federal, state, and local governments. The phony messages sent to Westat employees contain malicious Excel spreadsheet attachments. The spreadsheets appear to be black; if recipients enable macros, the content – a phony job satisfaction survey – appears and malware that installs the TONEDEAF backdoor is downloaded in the background.

Read more in: Iranian Hackers Target U.S. Gov. Vendor With Malware

Some US Emergency Alert Systems Remain Unpatched Years After Fix Released. A vulnerability in certain emergency alert systems (EAS) that was disclosed in 2013 remains unpatched on at least 50 systems across the US. The issue lies in the web interfaces for Monroe/Digital Alert Systems EAS hardware.

Note: These systems are effective appliances that are configured to accept and forward emergency messages. The challenge with appliance-type systems is not only monitoring them for security vulnerabilities but also having appropriate processes in place, with accountability, to keep them updated and secure.

Read more in: Seven Years Later, Scores of EAS Systems sit Un-patched, Vulnerable

[Solved] How to Fix Windows could not search for new updates unknown error “Code 8000FFF”

The unknown error with “Code 8000FFF” occurs on Windows 7 when users try to install pending updates through WU or WSUS. Usually, KB3212646 is the update that ends up triggering this error code caused by a bug that Microsoft has patched. Run the Windows Update troubleshooter and apply the recommended fix that may resolve this error or manually install the KB3212646 update downloaded from Windows Update Catalog. Follow the below resolution to eliminate this unknown update error.


Continue reading “[Solved] How to Fix Windows could not search for new updates unknown error “Code 8000FFF””

Media and Video News Headline Updated on 19 Feb 2020

The headline on 19 Feb 2020

Google Maps got a big redesign. It changed its app icon and logo. The classic map intersection icon has gone, and we now have a map pin on a white background that is way more consistent with all the rest of the Google product branding. Strategically, this is symbolic of the evolution of the Maps product itself; 15 years ago, it addressed a user problem around “How do I go there?”, or the journey; Maps is now arguably more about what I can do when I get there — the destination. They also redesigned the app user experience, with two new Contribute and Updates tabs at the bottom, a clear shift to highlighting user-submitted content. Source: The Verge > Google Maps gets a new icon and more tabs to celebrate 15th anniversary

Wanted a way to unlock your phone without taking off your COVID-19 mask? This hipster design firm (called Resting Risk Face) plans to make Face ID-compatible N-95 respirator masks that print the hidden part of your face on to the mask to make “phone access easy during viral epidemics.” These things are “still in development”. The bad news? $40 per mask.

The headline on 18 Feb 2020

ConvergeOne, a global IT services provider, announced that it has expanded its SD-WAN portfolio with the launch of its Secure SD-WAN managed services offering powered by Cisco Viptela. Source: ConvergeOne Expands SD-WAN Portfolio with Secure SD-WAN Managed Services Powered by Cisco Viptela

beIN SPORTS XTRA launches on Pluto TV. Source: beIN SPORTS XTRA Launches on Pluto TV
Amazon Channels is offering deals on both HBO and Starz. Source: Amazon Prime Video

The headline on 15 Feb 2020

The Duterte administration wants the Supreme Court to shut down ABS-CBN, the biggest TV network in the Philippines. The Solicitor General alleged that ABS was conducting “highly abusive practices” and so should have its business license revoked. The company’s operating franchise expires in March. The owners and staff of the network have been anticipating the move since Duterte came to power in 2016. “This ABS, your contract will expire, and you try to renew. I don’t know what will happen to you. If I were you, just sell it,” he warned. Source: ABS-CBN > Solicitor General questions ABS-CBN franchise before Supreme Court

Facebook banned a network of Pages and accounts linked to Vietnam’s Viettel and its Myanmar franchise Mytel in the company’s first takedown of “commercial misinformation”. The network allegedly used fake accounts to pose as “independent telecom consumer news hubs” while spreading lies about business failures and fraud at rival telcos. Viettel says it doesn’t condone the tactics and is running an internal review. With everyone’s attention drawn to fighting fake political news, are we missing what companies are doing with misinfo? Source: Facebook Newsroom > Removing Coordinated Inauthentic Behavior From Russia, Iran, Vietnam and Myanmar

A BuzzFeed News investigation found more than 100 sites posing as legit local news and financial outlets. The sites not only stole content from real publishers, they were also able to make money through ads and by selling financial email subscriptions. “These sites show how easy it’s been to bypass the procedures Google uses to keep low-quality sites out of Google News.” Source: BuzzFeed News > These Fake Local News Sites Have Confused People For Years. We Found Out Who Created Them.

The U.S. FTC wants tougher penalties on influencer ads that run on social platforms. It’s been trying for years to get influencers to disclose sponsored posts, but that hasn’t had an impact. In one recent case, an advertiser paid 50 influencers to post about a dress on Instagram — without mentioning the sponsorship. The FTC charged the company with deceiving the public. Source: The Verge > The FTC is cracking down on influencer marketing on YouTube, Instagram, and TikTok

YouTube is testing clapping. It’s a feature that it “borrowed” from Twitch to help creators earn money on the side. Clapping will cost you $2. Source: The Verge > YouTube continues to mirror Twitch, tests new clap feature that lets fans donate to creators

Myanmar’s Daily Eleven has a long, critical op-ed about Facebook’s plan to help the Union Election Commission monitor hate speech on its platform before the election. It says FB is biased in favor of Muslims. It also alleges that FB will issue a warning or suspend the account of anyone who uses the word “kalar” (typically used to refer to people of south Indian origin) in a post. Source: Eleven Media Group > Is Facebook’s bias a source of concern for Myanmar’s 2020 election?

McClatchy filed for bankruptcy in the U.S. The newspaper publisher, which provides “local” coverage across 14 states, wants to restructure the debt that it took on after it acquired Knight-Ridder in 2006. Source: The New York Times > McClatchy, a Major U.S. Newspaper Chain, Files for Bankruptcy

Vice Media’s co-founder wanted a massive valuation for the company when he fundraised about two years ago. TPG put in $450 million, valuing the company at $5.7 billion — far larger than any of Vice’s rivals. Vice agreed to guaranteed payments to TPG of up to $400 million in stock and cash dividends. The problem is, Vice is still struggling to turn in a profit — and it’s coming time to pay the piper. Rafat Ali said it beautifully on Twitter: “No one running Vice gives a shit about what Vice stands for, what is its purpose as a media co; it is turd that needs to be financially managed just to sell off so it becomes someone else’s problem.”

The New York Times is undoubtedly the best example of a legacy, local newspaper pivoting into becoming a digital, international brand. It recently announced that it hit its ambitious target of $800 million in annual revenue — a full year ahead of schedule. But while all that’s great for the NYT, it isn’t indicative of the rest of the industry. Source: The Guardian > The New York Times’s success lays bare the media’s disastrous state

Josh Benton at Nieman Lab has been looking into the rise of NYT and what that means for the rest of the industry. In particular: Is there even a viable No. 2 player in the U.S.? A nugget in his piece: “Here’s a shocking statistic: It’s possible that, today in America, 1 out of every 10 newspaper journalists works for The New York Times.” Source: NiemanLab > The Wall Street Journal joins The New York Times in the 2 million digital subscriber club

The Coalition For Women In Journalism is beta-testing their safety app. JSafe (only on iPhones) is meant to help journos report threats, attacks, and abuse they face in the field. They’d like you to try it. Source: JSAFE: DEFEND AND REPORT

The headline on 14 Feb 2020

Second Spectrum, the official optical tracking and analytics provider of sports leagues including the NBA and the English Premier League, has chosen AWS as its preferred cloud, machine learning and artificial intelligence provider. Source: Second Spectrum Selects AWS as its Preferred Cloud, Machine Learning, Artificial Intelligence, and Media Services Provider

The headline on 13 Feb 2020

Sony Electronics named Jeff Goldstein as head of sales to the custom integrator channel. Source: Sony Electronics Taps Jeff Goldstein to Lead Custom Integration Sales

The headline on 12 Feb 2020

Altice USA introduced Smart WiFi, a whole-home intelligent mesh WiFi system. Source: Altice USA Upgrades Broadband Experience for Optimum and Suddenlink Customers with Introduction of Smart WiFi Technology

WarnerMedia Entertainment Chairman Robert Greenblatt will present a keynote address on Sunday at the NAB Show in April. Source: WarnerMedia Entertainment Chairman Robert Greenblatt to Keynote 2020 NAB Show Executive Leadership Summit

Entertainment Studios closed on the acquisition of 11 broadcast television stations from USA Television Holdings. Source: Entertainment Studios Expands Broadcast Television Holdings By Closing Deal To Purchase Eleven Television Stations With Network Affiliations Including ABC, CBS, NBC, And FOX For $305 Million

Stop listening to your users. Watch them instead. This is an oldie but a goodie, counterintuitive as it may seem. “Don’t base design decisions on what customers say. You have to watch people’s behaviour to form valid insights that can drive your product to better user experience and higher business success.” Don’t listen to your user; watch this video of Jakob Nielson for all of its oddly compelling 2 minutes and 57 seconds. Source: Nielsen Norman Group > Don’t Listen to the Customers

In India, Mint recently blew past The Economic Times, its closest competitor in the biz news space. According to The Ken, there are three reasons this happened: strategic hiring, counterintuitive web practices that paid off, and “some questionable design choices”. They made a number of decisions when they redesigned their website: infinite (ish) scroll, topics over categories (‘coronavirus’ and ‘CAA’ instead of the more traditional ‘politics’ and ‘health’) — and they stopped caring about desktop altogether. Source: The Ken > Beating ET: Unboxing Mint’s defiance of online media

Assembler, a tool to identify doctored images, is being tested by a number of newsrooms around the world, including Rappler. Assembler has been built by Jigsaw (previously Google Ideas), owned by Google’s parent company. “[A] Jigsaw product manager said Assembler might be “most helpful in a situation where a journalist from a large news organization receives a scandalous image and is under pressure to break the news.” It could also be used to verify an image that has gone viral, he said.” Source: The New York Times > Tool to Help Journalists Spot Doctored Images Is Unveiled by Jigsaw

Why is it called UPPERCASE and lowercase? Because in the physical case that typesetters stored their letter in, all the CAPS were kept in…the upper part of the case and the regular letters in the lower part of the case. And why is leading (the space between lines) have called leading? Because of the strips of lead inserted between the rows of letters. Source: Origin of Upper and Lower Case!

Origin of Upper and Lower Case
Origin of Upper and Lower Case

The headline on 11 Feb 2020

Redbox has reportedly launched an ad-supported streaming service. Source: Protocol > Redbox quietly launches ad-supported video service

AT&T is reportedly eying a February 27 launch for AT&T TV. Source: Cord Cutters News > AT&T TV’s Launch Date Has Been Moved To February 27th

beIN SPORTS XTRA is launching on Xumo. Source: beIN SPORTS Strikes Partnership With XUMO TV

The headline on 10 Feb 2020

Real Networks CEO Rob Glaser is investing $10 million in the company. Source: RealNetworks CEO Rob Glaser to Invest $10 Million into the Company

The headline on 07 Feb 2020

Pluto TV signed a multiyear global pact bringing its ad-supported service of more than 250 live, linear, thematically-curated and branded partner channels onto Hisense’s new Vidaa platform across the United States, Europe and Latin America. Source: Media Play News > Pluto TV Joins New Hisense Vidaa Platform

Interlink and Loop Media said their merger has closed. Source: Interlink Plus, Inc. and Loop Media, Inc. Close Merger

Lionsgate’s global subscribers from Starz, STARZPLAY Arabia and PANTAYA reached 28.5 million in the company’s fiscal third quarter, and global OTT subscribers reached 8.6 million. Source: LIONSGATE REPORTS RESULTS FOR THIRD QUARTER FISCAL 2020

Google revealed its YouTube revenue numbers for the first time in their latest quarterly earnings: $5 billion ($15 billion for the whole of 2019). Overall, YouTube makes up 10% of all Google revenue, which is spectacular. Google also revealed how much Cloud brings in ($2.6 billion for the quarter). All this is Google’s way of reminding you that it’s much more than just a search business. Source: The Verge > YouTube is a $15 billion-a-year business, Google reveals for the first time

Trivia: How much do you think Instagram makes for Facebook? According to Bloomberg, Instagram brought in $20 billion in revenue for 2019 — bigger than YouTube! — which is about a quarter of Facebook’s sales. You’ll remember that FB bought Insta for $715 million in 2012. Easily the smartest acquisition in this internet age. Source: Bloomberg > Instagram Brings In More Than a Quarter of Facebook Sales

TikTok is apparently trying out a new user profile design that’s hmm… a bit similar to Instagram’s. And that’s a problem because all social networks just end up looking the same. Source: The Verge > TikTok is testing profile redesigns that make it look like Instagram

Twitter has a new rule around deep fakes. “You may not deceptively share synthetic or manipulated media that are likely to cause harm. In addition, we may label Tweets containing synthetic and manipulated media to help people understand their authenticity and to provide context.”

Spotify made its fourth podcast acquisition by picking up The Ringer. No deal price was mentioned. “With the Ringer, we’re basically getting the new ESPN,” said Spotify. But it’s not clear where owning these titles fits in with Spotify’s overall strategy. Making these podcasts exclusive to Spotify would kill those audiences, unless of course the plan is to create specific Spotify-only shows. Source: vox recode > Spotify is buying Bill Simmons’s The Ringer to boost its podcast business

You know what? The world’s largest music streaming platform isn’t Spotify. You may not have heard of Gaana. The India-focused service has 152 million subs. Its killer strategy: local languages and ridiculously low prices. Source: The Wall Street Journal > Spotify, Apple Music Trail Little-Known Rival in Music-Obsessed India

How hot is Disney+? It’s signed up almost 29 million subs now — in less than three months. Source: The Ney York Times Media > Disney Plus Racks Up 28.6 Million Subscribers

BuzzFeed is looking for some teens to help them create election-themed TikTok and IG videos. “I feel it’s really important to pass the mic to them.” Source: NiemanLab > BuzzFeed News is recruiting teenagers to make election-themed TikTok and Instagram videos

If you’re looking to get your newsroom started on TikTok, here are some tips. Perhaps the most interesting tip: Share a skill. Source: journalism.co.uk > Seven tips for publishers to get started with TikTok

Even Forbes is getting into the video streaming game. The goal is to stream “expert content” into an app. “There’s 3,500 videos that we have in there from successful entrepreneurs, successful startups, to tutorials on how to write a business plan, how to raise capital, everything you might need to know.” Good luck trying to crack this crowded space. Source: FIPP > Forbes on innovation, audiences, and the changing nature of the business world

The Guardian, The Times of London, and Le Monde have cut back on the articles they publish. Net result: higher audience traffic, more time spent, more subs… and lower costs. “Whether a digital magazine publishes 100, 500, or 1,000 articles makes no difference.” Amen. Source: digiday > Publishers are growing audiences by producing less content

Crowdfunded media startup Hong Kong Free Press published its 2019 annual report detailing its work, audience numbers, and financials. HKFP made a monthly income of about US$19K. Perhaps the most interesting bit in here is how HKFP is organized — non-profit, no shareholders, limited by guarantee. A fantastic case study for small media startups. Source: Hong Kong Free Press Editorial: Our new Annual Report

Myanmar ordered the country’s telcos to reimpose an internet shutdown in parts of Rakhine and Chin state. The last shutdown was only partially lifted just five months ago. According to Telenor, the directive reportedly cited security requirements and public interest. Source: The Myanmar Times > Govt doubles down on internet shutdown in western Myanmar

Like many countries, internet-based news is popular in Pakistan because it doesn’t draw the same scrutiny as traditional broadcasters. All of that is going to change with new regulations to standardize laws across digital and analog media. And the government is going after critical voices. Source: CPJ > Pakistan broadcast regulator proposes sweeping control of internet news programs

Applications to CrowdTangle’s Southeast Asia Data Bootcamp close on Monday. The program, designed to help newsrooms integrate data analytics in their operations, will cover flights and hotel accommodation for selected participants. Source: Apply to join CrowdTangle’s Southeast Asia Newsroom Data Bootcamp

Applications for the Singapore-based Asia Journalism Fellowship 2020 are now open. The program runs from July to October this year. Fellows will receive return airfare and accommodation.

What are the most important programming languages to learn? According to a survey of 116,000 developers from 162 countries, Google-supported Go and Python are where the opportunities lie. Source: ZDNet > Programming languages: Go and Python are what developers most want to learn

Reuters Institute for the Study of Journalism is looking for an associate director of the Journalist Fellowship Program. “Experience of fundraising and marketing would be desirable.” Source: journalism.co.uk > Associate director of the Journalist Fellowship Programme

HBO Max and Warner Bros have created Warner Max, a small film label that will produce movies specifically for HBO Max. Source: Motion Pictures > WBPG AND HBO MAX ANNOUNCE WARNER MAX,THE FEATURE FILM PRODUCTION ARM FOR THE NEW STREAMING SERVICE

Radix is launching a new Android TV device management and MDM for telcos and operators. Source: Radix to Launch Its New Solution for Telcos and Operators, Android TV Device Management and MDM at MWC

The headline on 05 Feb 2020

Vizio hired Adam Bergman as its new vice president of ad sales. Source: Adam Bergman Joins VIZIO Ads To Build Advertiser-Direct Business

Cable One declared a quarterly cash dividend of $2.25 per share. Source: Cable One Declares Quarterly Dividend

Minnow has introduced a curated guide to help viewers find award-winning and festival selected film or TV series. Source: Minnow, the Next Generation Streaming Guide, Introduces New ‘Prestige’ Content Guide, Allowing Viewers to Find Specially Curated Selection of all Oscar®-Winning Movies, Golden Globe®-Winning Films and TV Series, and Festival Favorites from Sundance, Cannes, and More!

CSS Grid and Flexbox have made a huge difference to editorial layouts. This is a great showcase and demo of different design and layout ideas. Source: speckyboy > This Just In: Excellent News and Magazine CSS Layouts

One hundred and seventeen new emoji will soon be added to your vocab. This is 2020, and the politics of emoji have been well-documented: we use it for non-verbal communication, to signal that which we could not signal with words, and to represent. So we will soon be able to express ourselves with the brand-new Pinched Finger emoji (popularly also known as the “Italian Hand Gesture”), People Hugging (yay), the Transgender Flag, Bubble Tea, Cockroach (ew), and bottle-feeding parents. “Announced [on January 29] by the Unicode Consortium, the 117 new emojis form part of Emoji 13.0.” Source: Emojipedia > 117 New Emojis In Final List For 2020

One hundred and seventeen new emoji will soon be added to your vocab.
One hundred and seventeen new emoji will soon be added to your vocab.

Every once in a while, a little corner of your life presents itself as an intentionally designed thing, and all feels right with the world. Here is a messy collection of wonderful real-world UX in the wild to make you happy.

The headline on 04 Feb 2020

LG is now launching the Apple TV app for compatible 2019 LG smart TVs in the United States and more than 80 other countries. Source: Apple TV App And Apple TV+ Now Available On 2019 LG TVs In U.S. And 80-Plus Other Countries

Vizio launched five new apps for SmartCast TVs. Source: Cord Cutters News > VIZIO Announces 5 New SmartCast TV Apps

The headline on 03 Feb 2020

LBI Media has changed its name to Estrella Media, effective immediately. Source: LBI Media Rebrands as Estrella Media

Mobile Technology and Wireless Communication News Headline Updated on 18 Feb 2020

The headline on 18 Feb 2020

Japan has approved a bill to support companies that are developing secure 5G and drone technologies in order to compete with China’s 5G advancement. (Reuters > Japan approves bill to help firms to develop 5G, drone technologies

Etisalat is set to trial Parallel Wireless’s OpenRAN solution for 2G, 3G, 4G and 5G across its markets in the Middle East, Asia and Africa. Source: Parallel Wireless to Deliver on Etisalat’s OpenRAN Vision across Middle East, Asia and Africa

JMA said it demonstrated industrial-grade connectivity with its private wireless solution, testing more than 5,000 simultaneous connections on a single radio. Source: JMA Wireless > JMA’s U.S.-Developed Private Wireless Solution Demonstrates “Industrial Grade” Connectivity, Capacity and Flexibility

Ericsson and Audi are extending their 5G collaboration by testing Ultra-Reliable Low-Latency Communication (URLLC) capabilities for factory automation at the car maker’s lab in Germany. Source: 5G URLLC from Ericsson to accelerate automation at Audi factory

The headline on 14 Feb 2020

U.K.’s Three is deploying 5G in major cities including London, Glasgow and Birmingham. Source: The New York Times > British Network Three Joins 5G Mobile Club

Nokia has partnered with French mobile operator Illiad Group to roll out 5G networks across France and Italy. Source: Nokia partners with IIiad Group to roll out 5G in France and Italy

Canadian operator Xplornet Communications completed the acquisition of Silo Wireless, a rural provider operating in southwestern Ontario. Source: Xplornet Acquires Silo Wireless

The headline on 13 Feb 2020

Orange reported a 1.3% increase of its core operating profit in the fourth quarter, as sales returned to growth in France and rose sharply in Africa and the Middle East. Source: Reuters > Orange Q4 core profits rise 1.3% on improved sales in France, Africa

Huawei has provided a longer response to U.S. allegations of spying, claiming that it doesn’t have the spying capability alleged by the U.S. and pointing out that the US itself has a long history of spying on phone networks. Source: Ars Technica > Huawei fires back, points to US’ history of spying on phone networks

Broadcom announced what it dubs the world’s first Wi-Fi 6E chip for mobile devices. Source: Broadcom Announces World’s First Wi-Fi 6E Chip for Mobile Devices

Ericsson has launched two new artificial intelligence (AI)-powered offerings in its Network Services portfolio. Source: Ericsson launches new AI-powered Network Services

The headline on 12 Feb 2020

Versa Networks has hired former Apstra, Cisco and VMware executive Michael Wood as its chief marketing officer. Source: Versa Expands Executive Leadership Team to Lead Global Expansion and Meet Accelerating Worldwide Demand for Secure SD-WAN

Microsoft Corp said on Wednesday it has appointed Michal Braverman-Blumenstyk as the general manager of the Microsoft Israel Development Center. Source: Reuters > Microsoft names Braverman-Blumenstyk head of Israel development center

GSMA is lobbying Spain’s government to declare a health emergency over coronavirus so that it can cancel the MWC event in Barcelona. Source: Wired > MWC has been cancelled

AT&T has added its 5G+ service to the United Center in Chicago ahead of this weekend’s NBA All-Star Game. Source: AT&T Makes Fans First With 5G Experiences at NBA All-Star

Nokia and SoftBank say they’ve demonstrated the world-first successful 5G connected car test. Source: Nokia supporting SoftBank Corp. in completing the world-first 5G connected car test

Millicom has selected Affirmed Networks as its strategic partner to deploy its cloud-based 5G-ready core network in Latin America. Source: Millicom Selects Affirmed Networks as the Strategic Partner to Deploy Its Cloud-Based, 5G-Ready Core Network

The headline on 11 Feb 2020

Lawmakers from Chancellor Angela Merkel’s conservative party are set on Tuesday to back a strategy paper that stops short of banning China’s Huawei from taking part in the rollout of Germany’s 5G network. Source: Reuters > Merkel’s conservatives stop short of Huawei 5G ban in Germany

On Tuesday, Cisco became the latest heavyweight technology company to pull out of the Mobile World Congress (MWC) in Barcelona due to the coronavirus outbreak. Source: The New York Times > Major U.S. Tech Firms Pull Out of Barcelona Meet Over Coronavirus Fears

Facebook, Sprint, and Cisco have joined the growing number of companies pulling out of MWC in Barcelona. Source: SeekingAlpha > Facebook, Sprint, Cisco now out of MWC

Verizon has certified two new LTE-M products, Monarch Go and Monarch GPS, based on Sequans IoT modules. Source: Verizon and Sequans team up to fast-track IoT device deployments in just minutes

Sprint announced a smart watch for kids called WatchMeGo, featuring monitoring and communication functions for parents. Source: WatchMeGo from Sprint Brings Peace of Mind to Parents as a Wearable Safety and Security Solution for Young Children

The headline on 10 Feb 2020

Verizon opened a new 5G Lab and production studio in London – the company’s first 5G-enabled facility outside the United States – to support its international business and media customers. Source: Verizon expands international 5G ecosystem with new 5G Lab & Studio in London

Nokia has been selected by Orange Slovensko in Slovakia to prepare its RAN for 5G. Source: Nokia to prepare Orange Slovensko RAN for 5G

The United States has charged four Chinese military hackers in the 2017 breach of the Equifax credit reporting agency that affected nearly 150 million American citizens. Source: Reuters > U.S. charges four Chinese military hackers in 2017 Equifax breach

NJFX announced on Monday that DE-CIX has established a point-of-presence (PoP) in the NJFX CLS. Source: DE-CIX Establishes Point of Presence in NJFX

Samsung showed off its new Galaxy Z Flip foldable phone in a surprise ad during this year’s Oscars. Source: The Verge > Samsung aired a Galaxy Z Flip commercial before it even announced the phone

Trendforce forecasts global smartphone production to fall by 12% in the first three months of 2020 because of supply chain impact from the coronavirus outbreak in China. Source: In Light of the Coronavirus Outbreak’s Impact on Smartphone Supply Chain, 1Q20 Global Production Forecast Revised to 12% Decrease YoY, Says TrendForce

Parallel Wireless expanded its partnership with Robin.io to help transition legacy RAN towards webscale end-to-end orchestration and automation. Source: Parallel Wireless and Robin.io Expand Partnership to Transform Legacy RAN towards Webscale End-to-End Orchestration and Automation

The headline on 07 Feb 2020

With concerns over using Huawei’s 5G gear, Deutsche Telekom has told Nokia it must improve its products and service to win business installing the German group’s 5G wireless networks in Europe. Source: Reuters > Exclusive: Fearing Huawei curbs, Deutsche Telekom tells Nokia to shape up

Elliot Management has built up a more than $2.5 billion stake in Japan’s SoftBank Group, pushing for changes to boost share price. Source: WSJ > Elliott Management Builds More Than $2.5 Billion Stake in SoftBank

Concerned over limits on Huawei gear, Deutsche Telekom has told Nokia it must improve its products and services to win the operator’s 5G business in Europe. Source: Reuters > Exclusive: Fearing Huawei curbs, Deutsche Telekom tells Nokia to shape up

Activist fund Cevian Capital urged Ericsson executives to explore potential opportunity from recent U.S. interest in purchasing a stake in the Swedish telecom to counter Huawei’s 5G dominance. Source: Yahoo Finance > ‘No concrete proposition’ from U.S. to back Huawei rival Ericsson: Swedish minister

The headline on 06 Feb 2020

The Central Intelligence Agency is planning to hire multiple companies for lucrative cloud computing deals in a new program that will give rivals a chance to take on market leader Amazon. Source: Bloomberg > CIA Opens Competition for Lucrative Cloud Deals to Amazon Rivals

Great Plains Communications, the largest privately-owned telecommunications provider in Nebraska, has named Tony Thakur as its chief technology officer. Source: Markets Insider > Great Plains Communications Appoints Tony Thakur as New Chief Technology Officer

Cisco has joined Facebook’s Express Wi-Fi Technology Partner Program, which is part of Facebook’s efforts to get internet service to underserved areas. Source: Cisco Joins Facebook Express Wi-Fi Technology Partner Program to Connect More People to a Faster Internet

Sprint and Comcast announced the two companies are successfully using STIR/SHAKEN to authenticate calls between Sprint mobile customers and Xfinity Voice landline customers. Source: Sprint and Comcast Start Rollout of Anti-Robocall Technology

Southern Linc will deploy Ericsson’s next-generation Mission Critical Push-to-Talk (MCPTT) solution on its LTE network. Source: Southern Linc opts for Ericsson’s mission critical push-to-talk solution

China’s Xiaomi, Huawei, Oppo and Vivo are reportedly teaming up to create a platform for developers meant to challenge Google’s Play store. Source: Reuters > Exclusive: China’s mobile giants to take on Google’s Play store – sources

Enea launched its Unified Data Manager, a hardware-agnostic, cloud-native network function for 4G and 5G data management. Source: Enea Launches Cloud-native 4G/5G Unified Data Manager

The headline on 05 Feb 2020

The cloud-computing unit of Amazon will invest $236.18 million in the Brazilian state of Sao Paulo over the next two years, the state government said on Wednesday. Source: Reuters > Amazon’s AWS to invest $236 million in Brazil to strengthen cloud infrastructure

As it shifts to more of an enterprise focus, Epsilon has named Michel Robert as its new CEO to replace co-founder and former CEO Jerzy Szlosarek. Source: EPSILON APPOINTS MICHEL ROBERT AS GROUP CHIEF EXECUTIVE OFFICER

A new Dell’Oro Group report forecasts mobile core network shipments will reach $45 billion from 2019 to 2024. Source: Mobile Core Network Shipments Forecast to Reach $45 B through 2024, According to Dell’Oro Group

Britain’s digital minister Nicky Morgan said the country will look to international allies to develop 5G alternatives to Huawei. Source: Reuters > Britain to look to allies to find 5G alternatives to Huawei: minister

Hawkeye Systems announced its future subsidiary Radiant Images assisted in the first-ever 5G broadcast of a major sports event, the 2020 NFL Pro Bowl. Source: Yahoo Finance > Hawkeye Systems’ Future Subsidiary Assists With First-Ever 5G Broadcast of a Major Sports Event, the 2020 Pro Bowl

The headline on 04 Feb 2020

SQUAN recently promoted Carolyn Hardwick to the role of vice president and general manager of engineering. Source: SQUAN Announces Internal Executive Reorganization to Continue Focus on Operating as a Full-Service Network Life-Cycle Services Business

Vodacom Group said it expects to launch 5G services in South Africa in 2020 using a network built by Liquid Telecom. Source: Reuters > Vodacom to launch 5G services in South Africa in 2020

Ericsson signed a five-year network deal to upgrade Telekom Albania’s radio and core networks to gigabit LTE and 5G-ready. Source: Ericsson to modernize Telekom Albania core and radio networks

The headline on 03 Feb 2020

CTIA points to a new Analysys Mason study that illustrates the U.S. mid-band spectrum challenge and underscores the importance of American policymakers moving quickly to bring more licensed mid-band spectrum for 5G. Source: ctia press release > New 14-Country Study Shows Time Has Come for Licensed Mid-Band Action

Everstream announced on Monday that it has completed its purchase of a 200-plus-mile Indianapolis-based fiber network and CLEC operation from DataBank. Source: Everstream Closes Purchase of LightBound Fiber Assets from DataBank

Apple said Saturday it would shut all of its official stores and offices in mainland China until Feb. 9 due to caution over the coronavirus outbreak. Source: Reuters > Apple to close all China mainland stores due to virus outbreak

Nokia has launched its Network Operations Master product, which it says provides highly automated and scalable software with vendor-agnostic management functionalities for 5G networks. Source: Nokia Press Release > Nokia launches cloud-native network operations software with extreme automation for 5G

Unite Private Networks announced it will provide increased bandwidth to wireless carriers in Kansas City to accommodate visitors along the Chiefs’ Championship parade route. Source: Unite Private Networks To Provide Increased Bandwidth To Wireless Carriers in Kansas City