Analyst Report Highlights the Value of AppSense Product Suite for User Environment Management and Workspace Management SUNNYVALE, Calif., December 3, 2015 – AppSense, the global leader of user environment management (UEM) solutions for the secure endpoint, today announced that it has been recognized in a 451 Research Impact Report as providing user management that is “the missing link for virtual desktops.” The report showcases AppSense’s renewed focus on extending the security, performance and manageability of end-user computing environments and highlights its growing opportunity to provide end-user management tools that manage user independence from underlying infrastructure. “…AppSense has returned to its roots: extending Citrix, Microsoft and VMware end-user computing environments so that they work better, and pitching in on Windows migration, desktop virtualization, compliance and security projects,” writes John Abbott, Founder and Distinguished Analyst, 451 Research. “As the spectrum of remote and virtual desktop delivery mechanisms broadens – from physical PC, old-style session-based computing to full-strength VDI, streaming, layering, containers and desktop as a service – it’s becoming more important to maintain some independence from the underlying infrastructure and the user-facing management and personalization layer. Desktops and endpoints need to be managed in a way that reduces complexity – at the same time, security must be maintained, and support for cloud delivery models must be built in.”In the report, 451 Research provides analysis on AppSense’s growing international channel-based go-to-market strategy as well as its competitive landscape. It also offers an assessment of AppSense’s suite of UEM solutions, including its DesktopNow Suite, including Enterprise Manager, Application Manager and Performance Manager, as well as its DataNow solution for secure enterprise file sync and share operations. The report additionally discusses AppSense’s new analytics solution, AppSense Insight, for monitoring user devices and interactions across laptops, terminal services, VDI or static desktops. “Enterprise organizations have an increasing need to secure their endpoints without compromising the user experience that fuels workplace productivity,” said Jed Ayres, Senior Vice President of Marketing, AppSense. “At AppSense we are laser focused on helping companies achieve this goal by securing against intentional or unintentional user actions, simplifying desktop control, and delivering unprecedented visibility into endpoints. This is exactly why, as the 451 Research report highlights, the number of endpoints AppSense manages has passed eight million and counting.” To download the complete 451 Research report, “AppSense: User Management is Still the Missing Link for Virtual Desktops,” visit: http://go.appsense.com/451-Research.html.About AppSenseAppSense is the leading provider of UEM solutions for the secure endpoint. AppSense user virtualization technology allows IT to secure and simplify workspace control at scale across physical, virtual, and cloud-delivered desktops. AppSense Solutions have been deployed by over 3,500 enterprises worldwide to over 8 million endpoints. The company is headquartered in Sunnyvale, CA with offices around the world. For more information please visit www.appsense.com.###Media Contact:Erin JonesAvista Public Relations for AppSense704-664-2170appsense@avistapr.com Source: RealWire
AppSense Recognized by 451 Research Impact Report as “The Missing Link for Virtual Desktops”
↧
↧
More Than 80% of Mobile Apps Have Encryption Flaws, Study Finds
More than 80 percent of mobile devices have encryption flaws, while an application written in any of a trio of scripting languages—including PHP, ColdFusion and Classic ASP—are more likely to have serious flaws.
Developers have botched encryption in seven out of eight Android apps and 80 percent of iOS apps, according to Veracode's State of Software Security report.
PHP—and less popular Web development languages ColdFusion and Classic ASP— are the riskiest programming languages for the Web, while Java and .NET are safest, according to the Veracode report.
The report, which summarizes the results of application security tests conducted by the company, found that four encryption issues undermined the data protection of more than 87 percent of Android applications—and 80 percent of iOS applications.
On the Web side, SQL injection vulnerabilities affected 64 percent of applications written in Microsoft's legacy Active Service Pages—known as Classic ASP, 62 percent of ColdFusion apps and 56 percent of PHP applications.
Microsoft’s .NET and Oracle's Java, meanwhile, were far less likely to have a SQL injection vulnerability, with the firm finding 29 percent and 21 percent of applications, respectively, having at least one such vulnerability.
SQL injection vulnerabilities, which allow an attacker to directly interact with a Web site’s database, have been blamed for the breaches at toymaker Vtech and telecommunications firm TalkTalk.
"It is a persistent weakness in the Internet that is not going away," Wysopal said.
While software security and vulnerabilities have garnered a great deal of attention as major breaches and compromises of critical infrastructure become more common, the overall picture has not significantly changed. Many companies' security programs have become more mature, but a large number of smaller software startups have cropped up, with novice programmers in many cases, Wysopal said.
"For every company that is tackling application security there are a bunch of new startups that are not," he said.
Mobile application development is case and point. Four encryption flaws affect the vast majority of apps developed for Android and iOS phones, according to Veracode's report. Two-thirds of applications use insufficient entropy to keep data secure—a problem that requires a single line of code to fix, Wysopal said. The other top issues include failing to properly validate certificates, clear text storage of information, and the use of broken or weak cryptographic algorithms.
"These things are easy to fix, but they are so pervasive it goes to show that the mobile developers are really ignorant about how to write good crypto code," he said.
Many companies may be at an ideal turning point to instill in their developers a greater focus on security. Because many companies are transitioning to agile development methods with a focus on making code that can be quickly modified and updated, they can simultaneously train the developers to write more secure code, the company stated in the report.
Training and online learning appear to have a strong correlation with better code, Wysopal said. Whether the training actually works, or companies that train their developers in security have a better overall focus in security, is unknown.
"One of the theories we have is, if you are spending on training, you are likely taking application security more seriously," he said. "It is either one or the other, or it could be both. Your developers may be more educated or the company as a whole focuses its efforts on risk reduction and not just check-box compliance."
↧
Zycko Deal Paves The Way For Accelerated Growth
Rigby Private Equity makes second major investment in specialist distribution Cirencester, Gloucestershire: 4/12/15 - In a deal announced today, Rigby Private Equity (RPE), the private equity arm of Rigby Group Investments, has made a significant investment in specialist services distributor Zycko Ltd. The deal will allow Zycko to expand more aggressively throughout the EMEA region. David Galton-Fenzi, CEO of Zycko, said: “The backing and support of RPE means we are now in a position to accelerate our ambitious growth plans. It’s a great opportunity for the company to continue its growth and transformation into a significantly larger organisation, but one which is still focussed on providing first-class, specialist support to vendors seeking services-oriented, EMEA-wide distribution. I’m looking forward to spearheading our expansion plans and leading our team at this very exciting time.” Zycko is the second acquisition for Rigby Private Equity, which is building an EMEA-wide high-value specialist distribution business. RPE was formed earlier this year to identify established companies with both a great value proposition and plans for strong growth, to invest in these companies and to support the acceleration of their growth plans. In July, Rigby Private Equity made a major investment in leading specialist security value-added distributor Wick Hill.Paul Eccleston, head of Rigby Private Equity, commented: “We are extremely pleased that Zycko is joining Rigby Private Equity. The company has a great track record and a reputation for helping vendors successfully bring new technologies to market and grow their business. Their ethos of innovation and excellence, alongside a strong commitment to specialist services and support, is entirely aligned with that of Wick Hill. “Zycko is already in twelve countries in EMEA, which helps us move forward rapidly with our growth plans. The benefits for Wick Hill, and its partners and customers, include access to the international scope offered by Zycko’s established EMEA network; and the benefits for Zycko include access to Wick Hill’s strength in security and the chance to further build on high value and consultancy opportunities for channel customers.” About Zycko Established in 1999, Zycko is an international, specialist distributor of innovative IT solutions including data networking, data storage, network monitoring and management, voice and video communications, virtualisation, cloud, and data centre infrastructure. The company focuses on new, best-in-class, innovative technologies, delivering first-class, sophisticated and professional services, accredited training, marketing and business development support to its customers. Through a careful selection of leading-edge strategic partners and technologies, Zycko provides the opportunity for channel customers to differentiate themselves in a crowded market. The company has 14 offices in 12 countries and serves the rest of the world from its UK headquarters. Zycko is part of Rigby Private Equity, a subsidiary of Rigby Group Investments, an independent company within Rigby Group plc. About Wick Hill Established in 1976, value added distributor Wick Hill specialises in secure IP infrastructure solutions. The company sources and delivers best-of-breed, easy-to-use solutions through its channel partners, with a portfolio that covers security, performance, access, networking, convergence, storage and hosted solutions.Wick Hill is particularly focused on providing a wide range of value added support for its channel partners. This includes a strong lead generation and conversion programme, technical and consultancy support for reseller partners in every stage of the sales process, and extensive training. Wick Hill currently has offices in Woking, Surrey, with sister offices in Hamburg. Wick Hill Group is part of Rigby Private Equity, a subsidiary of Rigby Group Investments, an independent company within Rigby Group plc. About Rigby Private EquityRigby Private Equity is the private equity arm of Rigby Group Investments, owned by the Rigby Group plc. Rigby Private Equity was founded in 2015, with significant funding, to build a portfolio of equity investments in leading, high-growth potential companies in the technology sector. ENDS For more information about this release, please contact Annabelle Brown, PR Consultant, on 01326 318212; abpublicrelations@btinternet.com. Source: RealWire
↧
Hello Barbie Toy Security Issues Disclosed and Fixed Quickly
NEWS ANALYSIS: Flaws in Hello Barbie were addressed quickly. Responsible disclosure from security researchers and rapid response from the vendor help limit risk.
With the recent VTech breach exposing million of parents and children to risk, there is increased sensitivity and awareness around the security of Internet-connected toys this holiday season. Today, Bluebox Security revealed flaws in the Hello Barbie connected toy manufactured by ToyTalk. The good news, though, is that Bluebox responsibly disclosed the issues and ToyTalk acted quickly to remediate them.
Bluebox wasn't the only organization looking at the security of the Hello Barbie toy. An NBC report on Nov. 25 alleged multiple security issues with Hello Barbie.
Andrew Blaich, lead security analyst at Bluebox, said that the NBC report was coincidental and not connected to his firm's research.
"There are a few researchers looking at Hello Barbie from a variety of different aspects," Blaich told eWEEK. "We had started our work in early November with a focus on the mobile app and network communications from the doll. We went through responsible disclosure, which takes time before you can publicly disclose the findings."
Bluebox collaborated with independent security researcher Andrew Hay on the Hello Barbie security analysis. Blaich explained that Hay initiated the Barbie research and pulled Bluebox in to assist with the mobile app side of the research.
"We contacted ToyTalk in the middle of November, and we heard back within a few hours of contacting them," Blaich said. "ToyTalk was extremely fast to respond and started patching the issues we found within the same day of disclosure."
ToyTalk now also has a bug-bounty program that is operated by HackerOne, which provides hosted bug-bounty programs for organizations and recently named well-known open-source luminary Marten Mickos as the company's CEO.
"We worked with ToyTalk before their bug bounty became public and then submitted our work through it after it did go public," Blaich said. "Bluebox always follows responsible disclosure when submitting security issues that we find as we feel it is the most appropriate way of letting a vendor know about an issue and giving them time to fix it."
In terms of the actual vulnerabilities, Bluebox found issues on both the mobile app as well as the server side of the Hello Barbie platform. Hello Barbie is an interactive device that makes use of WiFi to listen and respond to a child's voice. Blaich explained that the main issues were the reuse of credentials for authentication with the server and being able to find the password in the source code for it. Additionally, there was an issue with an unsecured WiFi network that could be spoofed by nearby attackers.
"On the app side, the core issue is that the app itself is capable of being tampered with since it lacks self-defending behavior, which leads to things like the password disclosure," Blaich said.
The server side of the Hello Barbie app had a number of configuration and cryptography issues, as well. The biggest issue is that the server supported SSLv3 and was vulnerable to the POODLE attack. POODLE, or Padding Oracle On Downgraded Legacy Encryption, is a vulnerability first disclosed by Google in October 2015.
Blaich explained that because the server was initially vulnerable to the POODLE attack, an attacker could potentially listen on the communication channel and downgrade the crypto used on that channel to steal conversations going from the doll to the servers. He noted that ToyTalk patched the POODLE risk very quickly.
"We were pleasantly surprised at how fast and responsible ToyTalk handled the disclosures," Blaich said. "While there were security issues found, it is important to also measure how fast a company is able to react, respond and resolve the issues."
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.
↧
Health Insurers Test Their Security Capability With Cyber Exercise
A dozen health insurance providers covering 60 percent of the U.S. population took part in CyberRX 2.0, a cyber exercise aimed at minimizing the impact of a breach.
A dozen health care insurance firms that cover 60 percent of the U.S. population took part in CyberRX 2.0, a cyber exercise aimed at evaluating the organizations' response and minimizing the impact of a data breach, participants said on Dec. 4.
The exercise simulated an attack that attempted to profit from the submission of forged health care claims and to steal personal health information. Both the Health Information Trust Alliance (HITRUST) and Deloitte Advisory Cyber Risk Services managed the exercise, pushing new information—or “injects”—to the more than 250 participating professionals.
The health care firms were not graded on their response. Instead the exercises were used to point out problem areas and demonstrate where health plans needed to improve their cyber-response capabilities, Daniel Nutkis, CEO of the Health Information Trust Alliance (HITRUST), said on a conference call with members of the press.
“Although we focus on getting organizations to put strong controls in place, breaches can and will occur,” Nutkis said. “These exercises help organizations and the industry as a whole better prepare and respond and are a critical component of an organization’s and the industry’s cyber-risk mitigation efforts.”
HITRUST launched the Cyber RX program in January 2014 with the U.S. Department of Health and Human Services as a way to evaluate the U.S. health care sector’s ability to defend against attacks and prevent disruptions to their operations. HITRUST updated the program earlier this year to involve a greater number of organizations, including health plans. More than 1,000 organizations have taken part in the exercises this year, Nutkis said.
Health care firms have been one of the most public targets of cyber-attackers, because breaches are required to be reported to the U.S. Department of Health and Human Services. In February, health insurance provider Anthem suffered a significant breach, with information on 80 million patients put at risk, after its systems were compromised – allegedly by Chinese attackers. In August 2014, an attack on health care provider Community Health Systems resulted in the theft of information on 4.5 million patients.
In the CyberRX Health Plan exercise, the industry had to deal with attackers who targeted the laptop of an employee who worked for a third-party vendor, not the actual health care insurance providers. The scenario has become increasingly common, with significant breaches of large companies -- such as Target and the U.S. Office of Personnel Management -- exploiting vulnerabilities in third-party partners. Using information on the laptop, the intruders conducted two simultaneous attacks to carry out claims fraud and steal data.
“When the hackers owned the laptop, they were able to reverse engineer the way that claims were submitted through the claims processing system,” John Gelinne, director of Deloitte Advisory Cyber Risk Services, said during the conference. “They then trickled a few claims, and when they realized it was effective and working, they barraged the system.”
The attackers also used their access to the network to steal personal health information, Gelinne said. Deloitte Advisory Cyber Risk Services created the scenario for HITRUST.
“We have all learned that breaches are going to occur, as bad actors and threat actors become more sophisticated,” Gelinne said. “The sophistication of the breach was very new and unknown to the participants.”
The exercises have helped HITRUST speed its ability to pass along information to the health care industry, Nutkis said. Before the exercise, the information-sharing group did not get the right details of an attack—the so-called indicators of compromise—nor did they get the details in a timely manner, he said.
"It happens now automatically, in a matter of minutes, and that really does solve a problem," Nutkis said.
The attack scenario exposed some interesting peculiarities of the health care industry. The first signs of the simulated attack, for example, came from call centers, according to Deloitte’s Gelinne.
↧
↧
Bootrash Uses Volume Boot Record to Exploit Financial Services
FireEye reports that FIN1 financial services hackers are making use of bootkit malware to infect organizations.
Security vendor FireEye today is warning about the increased use of a new type of attack known as a bootkit. The FIN1 financial hacker group has been using the Bootrash bootkit as part of its Nemesis malware to infect organizations, FireEye has reported.
The idea of rootkits—malware that infects the base operations of an operating system—is one that is well-known, while bootkits go a step further.
"A bootkit is a more advanced type of rootkit that infects a system's boot process by targeting the Master Boot Record, Volume Boot Record or boot sector," Michael Oppenheim, intelligence operations manager at FireEye, explained to eWEEK. "The malicious code is executed before the operating system is fully loaded, and the components are stored outside of the Windows file system. This makes it much more difficult to identify and detect."
While FireEye is now warning about the risk of Bootrash, the real-world deployment is still fairly limited. To date, FireEye has observed very few cases involving the use of bootkits by targeted threat actors, according to Oppenheim. That said, the case that FireEye has observed is tied to a financial hacking group that it has identified as FIN. FireEye has observed FIN1 activity dating back to at least 2010.
"We suspect FIN1 may be located in Russia or a Russian-speaking country based on language settings in many of their custom tools," he said. "We cannot speculate on law enforcement's knowledge of the group or any actions they may have taken to apprehend them."
Based on FireEye's analysis, FIN1 is making use of a malware kit identified as Nemesis, which alongside Bootrash includes a collection of attacker backdoors and utilities. In some malware cases, when a malware kit is used, it's possible to identify and block access from infected machines to the command and control node of the malware botnet. However, according to Oppenheim, simply blocking the command and control IP address isn't enough to fully secure an organization.
"While an organization may be able to prevent the backdoor components from communicating with the command and control, it would need to take a more comprehensive approach to ensure all of the malicious components have been removed and that attackers can no longer access the environment," Oppenheim said.
Many modern desktop operating systems now support the Unified Extensible Firmware Interface (UEFI) Secure Boot mechanism, which aims to only enable authorized software to load. Microsoft's latest operating system is among those that make use of Secure Boot, which can help limit the risk of a bootkit.
"It does not appear that with a Secure Boot enabled on the machine that the Bootrash malware would work," Oppenheim said. "Bootrash relies on the BIOS calling it and intercepting BIOS calls. UEFI checks to make sure the boot code it is loading is signed by Microsoft."
Overall though, Oppenheim suggests implementing the best and basic security practices for networks and endpoints to assist in protecting organizations from the Nemesis and Bootrash malware.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.
↧
Gigya Enables Customer Identity Management in the Cloud
Gigya built its Profile Management identity repository proprietarily with a dynamic schema, differentiating from hierarchical, employee-facing identity repositories.
Search engines, social networks, banks and ...
↧
Microsoft Researchers Make 2016 Tech Predictions
The company's computer scientists and researchers expect breakthroughs in cloud computing, data security and machine learning next year.
New Year's Day is still weeks away, but Microsoft's band of researchers are already looking forward to several technology breakthroughs next year. Their predictions for 2016 are more than some wishful thinking; they provide hints on how the Redmond, Wash., technology giant is preparing for the IT landscape of the future.
Fittingly, Microsoft published the short-term and longer-term predictions of 16 of its researchers on the company's Website.
In 2016, Doug Burger, director of hardware, devices and experiences for Microsoft Research NExT, expects the cloud to loom ever larger over IT organizations.
"The key technology breakthrough will be the successful and large-scale inclusion of specialized compute acceleration in the cloud, which will enable large gains in big data workloads, bioinformatics, high-performance computing and many other important verticals," he stated. "Reconfigurable computing (i.e. FPGAs) go mainstream in the data center, as a first-class compute accelerator."
Brian LaMacchia, director of security and cryptography for Microsoft Research, believes next year will mark the start of a concerted effort to ready the computer industry for the quantum computing era.
"The key cryptographic technology advance in 2016 will be the demonstration of an end-to-end encrypted TLS connection using quantum-resistant public-key algorithms for both key exchange (for confidentiality) and digital signatures (for authentication)," stated LaMacchia. "The coming advent of quantum computers of reasonable size over the next 15 years will necessitate the migration of all our existing public-key cryptosystems to new quantum-resistant algorithms, and a quantum-resistant TLS (used for every https:// secure Web connection) is the first step."
Sriram Rajamani, Microsoft Research India's assistant managing director, expects 2016 to usher in more devices with baked-in security. "We will see the start of a new generation of systems solutions that guarantee security even if the operating system or other infrastructure gets compromised by hackers," he said. "A new generation of security solutions based on trusted hardware (such as Intel SGX and comparable features from other hardware vendors) starts to hit the marketplace, transforming how we think about security."
The debate over data security and privacy will bleed into presidential politics in the United States next year, predicts Jeannette Wing, corporate vice president of Microsoft Research. "Presidential candidates will debate the role of encrypted communication in the conflict between the need for government to protect national security and the need for companies to protect the privacy of individuals' identity and data."
Next year, chipmakers will look beyond graphical processing units (GPUs) in a bid to improve machine learning performance. "During 2016 we will see the emergence of new silicon architectures that are tuned to the intensive workloads of machine learning, offering a major performance boost over GPUs," stated Microsoft Distinguished Scientist Chris Bishop.
Speech-driven, artificial-intelligence (AI) technologies will be noticeably less clunky in 2016, said Eric Horvitz, technical fellow and managing director of Microsoft Research Redmond Lab. "A visible advance in computational intelligence will be the advent of fluid, multi-step conversational dialog with machines—which will be noticeably more natural and competent than the speech interactions we've have had with computers and smartphones to date."
↧
How to Bolster Data, Physical Security to Make Threats Go Elsewhere
NEWS ANALYSIS: There are events in today's society that you simply can't control or prevent, no matter how much you try. But it is possible to help convince the bad guys to go elsewhere.
"I don't have to run faster than the bear," one hunter said to another after spotting the animal in the woods, "I just have to run faster than you."
Yes, I know it's an old joke that you've heard enough times that I don't really need to quote anything except the punch line. But the fact is, this old joke is also an important lesson about your physical and data security. You don't have to be perfect; you just have to be better than most others.
The idea of having security that's good enough to convince the bad guys to look elsewhere is important in terms of data security and physical security. The idea of having good security is more than just putting a lock on the door and an antivirus package on your computer. First, you need to think about the risks your organization is most likely to face, the resources you're likely to have on hand to deal with the risk and then work from there.
When I write about physical security, no doubt your thoughts immediately turn to a county office building and a conference room full of public employees celebrating a seasonal holiday in California, but in reality, this isn't the kind threat you can focus on because it is so unpredictable and so inexplicable that it is extremely hard for any organization to defend against.
Instead, you need to consider several types of threats that could impact your security on a more predictable basis, since those are far more likely than the random terrorists, despite how deadly that type of attack may be.
The threats that are more likely to affect you on a day-to-day basis are from other sources. For example, you're far more likely to be impacted by what's considered petty theft in most scenarios. This might be the thief who strolls into your conference room while everyone is on lunch break and steals their laptops.
In a retail setting, it might be low-level organized crime, such as a group of a half-dozen thugs who storm your store as a mob and steal everything in sight before running out again. Or it might be the credit card thief who enters your office through an unlocked door and takes a server while the cleaning crew is on another floor.
The challenge for your business is determining what the threats actually are. It's not a huge leap to figure out that unguarded laptops are ripe for stealing. But what about that server sitting on a table in an office or in a closet down the hall?
While you know about hackers breaking into your network from some foreign country, what about someone sitting in your reception area who has quietly plugged into an Ethernet port there? Or perhaps that person in your reception area is running a man-in-the middle attack on your WiFi router?
But the threats to your organization go beyond the obvious. Ask yourself who would benefit if your company was hampered because someone stole that server from the closet down the hall? How would you prevent a former employee from connecting to your network and downloading your trade secrets?
↧
↧
Skyscape Cloud Services Wins Deloitte Technology Fast 500 EMEA Award
Assured cloud services provider named the winner of the Communications category, coming sixth overall and second in the Fast 50 UK shortlistLondon – December 8, 2015 – Skyscape Cloud Services Limited, the easy to adopt, easy to use and easy to leave assured cloud services company has been announced as the winner of the Communications category in Deloitte Global’s 2015 Technology Fast 500 EMEA programme, which ranks the fastest growing public and private technology companies annually. Skyscape was in sixth place overall and came second in the Deloitte Technology Fast 50 UK shortlist of the country’s most innovative and fastest growing technology firms. “We’re thrilled to have topped the Communications sector in the Technology Fast 500 EMEA shortlist in recognition of our rapid growth,” said Simon Hansford, CEO of Skyscape Cloud Services. “It’s a great honour to have achieved sixth position overall and to be named the runner up in the Fast 50 UK rankings.”“Making the Deloitte Technology Fast 500 EMEA ranking shows Skyscape Cloud Services’ commitment to innovation and pushing the industry forward,” David Cobb, Deloitte UK and partner in charge of the Deloitte Technology Fast 500 EMEA programme. “With its 13,391% growth rate over four years, Skyscape has proven that its leadership has the vision and determination to grow in a highly competitive market.”Combining technological innovation, entrepreneurship and rapid growth, Technology Fast 500 companies span a variety of industry sectors and are transforming the way business is done today. Now in its fourteenth year, the programme covers over 20 countries, including Belgium, the Netherlands, Finland, Italy, UK, France, Germany and Turkey and the sectors span software, hardware, communications, media, life sciences and clean technology. 2015 has been a very successful year for Skyscape, with this the latest of a string of accolades. Most recently, Skyscape was crowned a Cloudex 20:20 winner and was named ‘One to Watch’ in The Sunday Times Tech Track 100. Skyscape was also announced as the winner of the Community & Environmental Action Award at this year’s British Private Equity and Venture Capital Association (BVCA) Management Team Awards. Hansford continued: “We attribute our success to date to two things: disruption and innovation. Our core business objective is to deliver assured, agile and cost-effective services to the public sector, ultimately delivering better value for money for UK citizens and tax payers.”Skyscape has won a number of high-profile public sector contracts with HMRC, DVLA and the MoD to name a few, and it has rapidly grown to more than 100 employees in just three years, with expectations to almost double that figure in 2016. Skyscape’s channel partner programme has also gone from strength to strength since its launch in 2013, with 190 organisations now able to market their services to the public sector by hosting on Skyscape’s accredited platform. - ends –Deloitte Technology Fast 500 EMEA selection and qualificationsThe Technology Fast 500 list is compiled by the Deloitte EMEA Technology Fast 50 programme, nominations submitted directly to the Technology Fast 500, as well as public company research. To qualify for the Technology Fast 500, entrants must have had base-year operating revenues of at least €50,000and current-year operating revenues of at least €800,000.Entrants may be either public or private companies but must be a ‘technology company’, headquartered in EMEA. A ‘technology company’ is defined as a company that develops or owns proprietary technology that contributes to a significant portion of the company’s operating revenues, or manufactures a technology-related product, or devotes a high percentage of effort to the research and development of technology. Using other companies’ technology in a unique way does not qualify.About Skyscape Cloud ServicesSkyscape’s assured cloud solutions have been specifically designed to meet the needs of the UK public sector, delivering UK sovereign services that are easy to adopt, easy to use and easy to leave, with genuine pay-by-the-hour consumption models. As a UK SME, Skyscape has won a number of high-profile contracts via the G-Cloud Framework and through its large number of channel partners that embed Skyscape’s cloud platform in their solutions.Skyscape’s full range of services are suitable for all data at OFFICIAL (including OFFICIAL-SENSITIVE) and connected to government networks including the Public Services Network (PSN), the N3 health network and others. Its services are delivered with leading technologies from the Skyscape Cloud Alliance Partners: QinetiQ, VMware, Cisco, EMC and Ark Data Centres. Skyscape has been named a “Cool Vendor” by analyst firm, Gartner. To learn more about Skyscape, visit www.skyscapecloud.com or follow on twitter @skyscapecloudAbout DeloitteDeloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. Please see http://www.deloitte.co.uk/about for a detailed description of the legal structure of DTTL and its member firms.Deloitte provides audit, consulting, financial advisory, risk management, tax and related services to public and private clients spanning multiple industries. With a globally connected network of member firms in more than 150 countries, Deloitte brings world-class capabilities and high-quality service to clients, delivering the insights they need to address their most complex business challenges. Deloitte's more than 225,000 professionals are committed to making an impact that matters. Deloitte serves 4 out of 5 Fortune Global 500® companies, please connect with DTTL on Facebook, LinkedIn, or Twitter.@2015. For information, contact Deloitte Touche Tohmatsu Limited.The information contained in this press release is correct at the time of going to press.Media ContactsStacey Nardozzi/Charlotte MartinFinn Partners +44 (0)20 3217 7060SkyscapeTeam@finnpartners.com Source: RealWire
↧
Internet of Things data deluge could lead to security concerns, warns report
Businesses are concerned that rising data volumes as a result of the Internet of Things will overwhelm networks and lead to security concerns
...
↧
EU-wide IT security breach notification laws agreed in Brussels
IT security industry about to go into overdrive as mandatory breach notification laws are agreed
↧
Piper teams up with Life360 to protect the family in and out of the home
Partnership offers enhanced security features for families on the go London, 8 December 2015 – Piper, the all-in-one home security solution powered by Icontrol Networks and designed for mobile, today announced a partnership with Life360, the leading Family Network used by more than 50 million families to privately share their locations and stay connected. The partnership will give Piper and Life360 users the ability to know their home and family members are protected by Piper when they are not around through a new feature called ‘Smart Arming’. With the Life360 integration into Piper’s home security solution, users can feel at ease knowing their families can check in or out with the simple touch of a button. “Piper users are always looking for smart and efficient ways to protect their families and make their home security systems smarter, whether it is through sensors, smart switches or customisable notifications alerting them to what is happening in their home. That is why we believe Piper and Life360 are a perfect pair - users can protect their families in and out of the home with Smart Arming,” said Jason Domangue, vice president of Piper Marketing at Icontrol Networks. “This partnership brings additional peace of mind to Piper users, who are able to check-in with their loved ones throughout the day.”With Smart Arming, Piper will notify users when their system is unarmed and no family members are detected in their home. Users then simply tap the notification on their mobile device to set Piper to “away” automatically arming Piper without having to open any apps."Our focus has always been on providing peace of mind by letting people know where their families are and that they're safe," said Alex Haro, co-founder and president of Life360. “We’re excited to partner with Piper as part of our ‘Works with Life360’ program to connect homes and devices to your family network. Not only can people know their families are safe with our service, but now with Piper they never have to wonder what is going on in their homes thanks to the smart security and real-time alerts that allow them to check in at any time.”With the recently announced Marketplace, Piper is continuing to curate the connected home for the consumer by taking the guesswork and research out of finding the right products and services that will work together and help the home run seamlessly. By doing this, Piper makes it easy for users to build a safer more connected home and family. The new Life360 enhancements to Piper’s application are available starting today. About Icontrol NetworksIcontrol Networks' vision is to provide a connected home solution for every household, so people worldwide spend less time managing their lives and more time living them. Icontrol is making the connected home a reality through its software platforms which are deployed by service providers and home security companies of all sizes, and the all-in-one Piper smart home security system for consumers. Icontrol is further pioneering the next generation of connected living through its Icontrol Developer Program, the first community for application and device makers to partner on a common platform. Venture investors in Icontrol include Charles River Ventures, the Kleiner Perkins Caufield & Byers iFund, and Intel Capital, with strategic investments from a variety of service providers including ADT, Comcast Ventures, Comporium and Rogers Communications. For more information about Icontrol Networks, Icontrol One (for independent service providers) and Piper visit icontrol.com, icontrolone.com and getpiper.com. For the most recent Icontrol research on the smart home industry, visit www.stateofthesmarthome.com. About Life360 Life360 is the world's largest network for families available for Android, iPhone and Windows Phone. Using proprietary location-based technology, Life360 processes over 1.5 billion location requests per day and enables over 50 million families to privately share location, communicate with ease and stay connected with in-app messaging. The app operates in a convenient and secure way reducing friction and offering peace of mind to make family life easier. Founded in 2008, Life360 has raised $76M in venture financing and is headquartered in San Francisco with 75 employees. For more information, visit life360.com Contact informationKate BaileyFinn Partnerskate.bailey@finnpartners.com 0203 217 7060Source: RealWire
↧
↧
Employee Holiday Gift Shopping on Company-Issued &“BYOD” Devices Could Create Data Security Risks for Enterprises
Flexera Software report reveals that popular shopping apps, including Amazon, Disney Store and eBay can access iOS devices' contacts, calendar, location and social networking appsMaidenhead, U.K. - December 8, 2015. Flexera Software, the leading provider of next-generation software licensing, compliance, security and installation solutions for application producers and enterprises, released a new enterprise Application Readiness report detailing potential risks to enterprises whose employees use popular Apple iOS apps (downloadable from the public App Store) to conduct holiday shopping on company-issued or "Bring Your Own Device" (BYOD) phones. The report found, among other things, that of the 26 popular Apple iOS shopping apps tested: 92 percent - all except for Banana Republic and Trunk Club - are capable of accessing an Apple iOS device's GPS location tracking service.69 percent, including Amazon, Disney Store, eBay, Groupon, Macy's, Nordstrom, REI, Shutterfly, Starbucks and Target, are capable of accessing an Apple iOS device's social media apps.65 percent, including Amazon, Best Buy, Disney Store, eBay, Macy's, REI, Starbucks, Target and Walmart are able to gain access to an iOS device's address book.58 percent, including Amazon, eBay, Etsy, Groupon, Macy's, Nordstrom, Shutterfly and Walmart are able to gain access to the iOS device's SMS messaging features.The ability of employee-downloaded apps to access sensitive corporate data and device functions could present a potential risk to enterprises and violate their BYOD policies. Examples of these risks are playing out in the headlines, including the instance of a popular flashlight app that transmitted user locations and device identifiers to ad networks; or a mobile device game app that, unbeknownst to a Federal employee playing it, tweeted out an embarrassing message to the EPA's 52,000 Twitter followers (the organisation's Twitter account, not the employee's, was tied to the device).To compile the report, Flexera Software identified 26 popular shopping apps,[1] representing a small sampling of the thousands of shopping apps that can be found in the Apple App Store and that could easily be downloaded by employees to a corporate-issued or BYOD device. These apps were tested using AdminStudio Mobile, an Application Readiness solution that helps organisations identify, manage, track and report on mobile apps, simplify mobile application management, reduce mobile app risk and address the rapidly growing demand for mobile apps in the enterprise. "Most organisations have standardised Application Readiness processes to test enterprise apps for potential deployment problems and risks, but when it comes to understanding and testing mobile apps, we're still in ‘the wild west.' IT Operations teams largely do not understand what mobile apps do and what functionality and data they can access - and this makes it extremely difficult to create and enforce effective BYOD policies," said Maureen Polte, Vice President of Product Management at Flexera Software. "If employees are using corporate or BYOD devices for holiday shopping, it's critical that IT Operations and security professionals understand which apps employees are using, what features, functions and data those apps can access - and whether that use is in compliance with the organisation's BYOD policy."[1] The apps tested were: Amazon, BestBuy, Banana Republic, Disney Store, eBay, Etsy, Express, Gap, Groupon, Ikea, LivingSocial, Macy’s, Nordstom, PriceJump, RedLaser, REI, RetailMeNot, Rue La La, Shop Advisor, Shop Savvy, ShopStyle, ShutterFly, Starbucks, Target, Trunk Club, Walmart# # #Resources:Download the ReportLearn more about:Flexera Software AdminStudio SuiteAdminStudio VirtualisationAdminStudio Application CompatibilityAdminStudio Virtual Desktop AssessmentAdminStudio Application Inventory and RationalisationAdminStudio MobileApp PortalWorkflow ManagerFlexNet Manager SuiteFollow Flexera Software…on LinkedInon Twitteron Facebookon Google+via RSSAbout Flexera Software Flexera Software helps application producers and enterprises increase application usage and security, enhancing the value they derive from their software. Our software licensing, compliance, cybersecurity and installation solutions are essential to ensure continuous licensing compliance, optimised software investments, and to future-proof businesses against the risks and costs of constantly changing technology. A marketplace leader for more than 25 years, 80,000+ customers turn to Flexera Software as a trusted and neutral source of knowledge and expertise, and for the automation and intelligence designed into our products. For more information, please go to: www.flexerasoftware.com. For more information, contact:Vidushi Patel/ Nicola MalesVanilla PRprflexera@vanillapr.co.uk+44 7958474632 / +447976652491Copyright© 2015 Flexera Software LLC. All other brand and product names mentioned herein may be the trademarks and registered trademarks of their respective owners.Source: RealWire
↧
AppSense Reports Rapid Adoption of Application Manager Endpoint Security Solution
Company Adds More than 900,000 Security Seats during the Last Year as its Advanced Endpoint Security Protects Desktops without Compromising User ExperienceSUNNYVALE, Calif., December 8, 2015 – AppSense, the global leader of user environment management (UEM) solutions for the secure endpoint, today announced that it has enjoyed rapid adoption of its endpoint security solution, AppSense Application Manager. During the last year, Application Manager has been selected to protect more than 900,000 endpoints accounting for more than 75 percent of the company’s new seats. Standalone Application Manager seats have grown 50 percent in each of the last two years.“Growing security risks, both internal and external, are causing IT professionals to take a very hard look at the security policies and practices used to protect and manage their endpoint systems – which are the greatest target for attack in today’s enterprise,” said David Monahan, Research Director, Security and Risk Management, Enterprise Management Associates. “AppSense Application Managers’ endpoint application and privilege controls provide a powerful and manageable solution to protect vulnerable endpoints without disrupting user productivity. When combined with other components like Management Center and Performance Manager they create a holistic, protective solution that enables security and compliance across multiple aspects of the environment without hindering user productivity.”Internal and external threats continue to grow at an alarming rate, with data showing the average cost of a single data breach or security intrusion to be as much as $3.5 million [1]. Among these breaches, zero-day threats, which most typically enter via an exposed user desktop or device, can be among the most disastrous, yet endpoint protection remains limited. Antivirus solutions serve only as a partial defense and users report frustration with their negative impact on system performance and user productivity. In fact, in a recent study conducted by Dimensional Research for AppSense, as many as 63% of users ranked unobtrusive security as an important factor in achieving a great desktop experience. AppSense Application Manager overcomes endpoint security challenges by providing policy-based control to security teams and desktop administrators that secures against intentional and unintentional user actions while delivering unprecedented visibility into endpoints. Working to safeguard the endpoint from the threat of a security breach without negatively impacting users or limiting desktop functionality, AppSense’s new breed of endpoint security enables organizations to: Prevent unknown executables – Kernel-level filter drivers intercept file execution before application launch – regardless if the endpoint is online or offline. Make list management obsolete – Using the practice of “Trusted Ownership,” enterprises are able to go far beyond traditional whitelisting and blacklisting to ensure that only applications from a trusted source can run. Enforce least privilege access – By precisely controlling user and application privileges, users only access what they need. This helps to minimize the risk of human error while supporting a great user experience through self-service access to application requests.View endpoint analytics for proactive threat prevention – Deep visibility into endpoint and user data helps to identify suspicious activity and potential threats before they damage the environment.Customer Adoption Driven by Value The rapid customer adoption of AppSense Application Manager is directly related to the value organizations realize by employing the solution’s policy-based controls, which seamlessly protect the user’s desktop without limiting user performance or productivity.“We’ve been able to lock applications to where if we don’t trust the application or IT didn’t have a hand in putting it in then we can prevent it from ever being executed,” said Johnny Brister, Infrastructure and Technical Services Manager, Franciscan Missionaries of Our Lady Health System, a leading health care innovator in Louisiana.To hear more from customers that have benefited from the value of AppSense Application Manager, view these videos: http://fast.wistia.net/embed/iframe/llv8450zb6?popover=true. “Today’s enterprise infrastructure is increasingly complex. Add to that the increasing number of desktops, laptops, workspaces and devices today’s knowledge worker uses, and the exposure to endpoint risk is nothing short of terrifying. We expect Application Manager’s rapid adoption to continue as organizations become more aware of its ability to limit desktop vulnerabilities while continuing to deliver a great user experience,” said Jed Ayres, Senior Vice President of Marketing, AppSense. AppSense Application Manager is a key part of a multilayer defense in-depth strategy to help companies defend against malicious attacks from outside or inside as well as unintentional user breaches. For more information about AppSense Application Manager, or to request a demo, please visit: http://www.appsense.com/products/application-manager.[1] Ponemon InstituteAbout AppSenseAppSense is the leading provider of UEM solutions for the secure endpoint. AppSense user virtualization technology allows IT to secure and simplify workspace control at scale across physical, virtual, and cloud-delivered desktops. AppSense Solutions have been deployed by over 3,500 enterprises worldwide to over 8 million endpoints. The company is headquartered in Sunnyvale, CA with offices around the world. For more information please visit www.appsense.com.###Media Contact:Erin JonesAvista Public Relations for AppSense704-664-2170appsense@avistapr.com Source: RealWire
↧
Google Enables Safe Browsing by Default on Chrome for Android
Millions more users now get the same protection that has been available to desktop users for years, the company says.
Google's Safe Browsing technology is now available by default on versions of Chrome running on Android handsets.
All Android users running Version 46 or higher of Chrome should find Safe Browsing enabled in their browser, the company said Monday. Users can verify this by going to Chrome's Settings menu and choosing the Privacy option, Google researchers Noé Lutz, Nathan Parker and Stephan Somogyi said.
"Google Safe Browsing has been protecting well over a billion desktop users against malware, unwanted software and social engineering sites on the web for years," the researchers noted. By embedding it in Chrome for Android, Google has extended that same protection to millions of other users, they said.
Google launched Safe Browsing about eight years ago as a way to protect users from browsing on unsafe sites. It is designed to alert users when they arrive on sites that Google deems to be unsafe, such as those that are used for phishing purposes, relaying spam or injecting malware, or unwanted, hard-to-uninstall software on systems. Safe Browsing is also designed to alert Internet users of sites that are unsafe because the sites might have been compromised by others and are being used to serve up malware.
Alerts powered by Safe Browsing are available not just to Chrome users. Similar alerts are available to users of Mozilla's Firefox and Apple Safari browsers.
According to Google, Safe Browsing serves up more than 5 million warnings on average daily for different kinds of malicious sites and malware. The company says the technology helps uncover more than 90,000 phishing sites and some 50,000 malware sites every single month.
In addition to warning users about unsafe sites, Google's Safe Browsing technology warns Website owners about the presence of malware and other security issues on their sites. The company has a process for warning site owners about potential security issues and giving them a chance to remediate the issue. Sites that fail to respond in a timely manner are labeled as being compromised and their exposure is limited on Google search results until the issue is resolved.
According to Google, Android and its Play application store have several built-in protections against harmful apps and malware. But increasingly, many mobile users are also being exposed to social engineering attacks, especially phishing, which require a different set of protections.
To protect mobile users against potentially dangerous sites, Google needs to maintain an up-to-date list of known bad sites on the device, the company said. Maintaining such a list on mobile devices is much harder to do compared with a desktop system.
That's because data size matters a lot in the mobile environment, where people are usually charged for mobile data use, the Google security researchers said in their blog post. Mobile data speeds are typically slower than WiFi in many parts of the world, and cellular service can be patchy as well, making data size an important issue.
"Bytes are big: our mantra is that every single bit that Safe Browsing sends a mobile device must improve protection," the Google researchers said.
In enabling Safe Browsing by default on Chrome for Android, Google also had to think about issues like network bandwidth and battery use. In addition, Google had to find a way to ensure that information about the riskiest sites is sent through first in areas where the company is forced to send only very short security updates because of low bandwidth issues, the researchers said.
↧
Google Continues to Patch Stagefright Flaws in Android
NEWS ANALYSIS: Months after Google issued its first Stagefright patches, more libstagefright vulnerabilities have emerged and more are likely to surface.
Google came out with its monthly Android security update, and once again, there is a fix for Stagefright (technically libstagefright) vulnerabilities. In total, Google is providing patches for 18 uniquely identified Common Vulnerabilities and Exposures (CVEs).
Google first committed to issue monthly Android updates in August in the aftermath of the initial disclosure around Stagefright. The initial Stagefright vulnerabilities were first publicly disclosed in July by Joshua Drake, vice president of Platform Research and Exploitation at Zimperium zLabs.
From a technical perspective, libstagefright is a media library that has been a common part of Google's mobile operating system since the Android 2.2 release. Google patched the initial set of libstagefright flaws that Drake reported in August, but additional flaws have been revealed in the intervening months. In Google's October Android update, 19 vulnerabilities were patched, including multiple Stagefright issues, and the company patched even more Stagefright bugs in its November Android update.
In the December Android update, Google is patching four new libstagefright vulnerabilities. One is CVE-2015-6620, a privilege escalation flaw in libstagefright that was first reported to Google on Sept. 2, 2015.
The December Android update also includes patches for three information disclosure vulnerabilities: CVE-2015-6626, CVE-2015-6631 and CVE-2015-6632. The CVE-2015-6631 issue was first reported to Google on Aug. 21 while CVE-2015-6626 was reported on Sept. 2. Google is not disclosing the date that CVE-2015-6632 was reported.
"There are information disclosure vulnerabilities in libstagefright that during communication with the mediaserver could permit a bypass of security measures in place to increase the difficulty of attackers exploiting the platform," Google's advisory warns about the three information disclosure vulnerabilities.
The fact that Google is still patching the libstagefright flaws five months after the first flaws were reported and publicly discussed isn't all that unusual. In November, Drake told eWEEK that when he first examined the libstagefright code, it was clear to him that the code was written without much concern for security, safety or robustness.
"It will take time and sustained effort to clean it up," Drake said.
The Stagefright vulnerability that first made headlines in July and was the subject of a Black Hat talk in August is a complex issue that exists deep within Android. It's not a single issue—it's many—and untangling the mess and making Android more secure is going to take Google time. No one should be too surprised if there are still libstagefright flaws patched by Google in the January 2016 Android update.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.
↧
↧
Zylpha Selected As an Approved G-Cloud 7 Supplier
Leading legal systems Innovator Zylpha (www.zylpha.com) has been selected as a supplier on G-Cloud 7, the Crown Commercial Service's procurement framework for Cloud based computer services, hosted via the Digital Marketplace.Zylpha’s secure legal document bundling will be available to the public sector through this framework. This widely acclaimed system saves significant amounts of time and eliminates the costs of paper-based files, physical storage and courier services. The software also delivers secure communication, as the electronic files are encrypted before they are sent. As part of Zylpha’s G-Cloud 7 offering, the public sector will be able to use bundling with a host of case management and document management systems including Visualfiles, Peppermint, Proclaim, Civica, Iken and more.Commenting on the news, Zylpha’s CEO Tim Long said, “We have received a great deal of interest regarding our products from government bodies. Naturally, therefore we are extremely happy to be part of G-Cloud 7, which provides central government departments, executive agencies and public bodies with a rapid and cost effective method of accessing and purchasing government approved IT Cloud products and services. We look forward to assessing those areas of government where our services can work best.”endsAbout Zylpha www.zylpha.com Headquartered in Southampton Zylpha is an innovative specialist offering tools for the legal profession including:Secure electronic document production and delivery. Court Bundling.Integration with the MOJ Portal.Links to agencies for AML and Identity Verification.The company, which was founded by Tim Long its CEO, has won widespread acclaim in both the legal and local government sectors for its systems that transform secure communications for court and case management bundles.For more information please contact: For Zylpha:Tim LongZylpha Ltd.T: 01962 658881M: 07917 301496t.long@zylpha.com www.zylpha.com OrLeigh RichardsThe Right ImageT: 0844 / 561 7586M: 07758 372527leigh.richards@therightimage.co.uk www.therightimage.co.uk Source: RealWire
↧
Adactus Housing Group Drives Customer Care With 360 Tenant Portal from 1st Touch
Adactus Housing Group is implementing the 360 Tenant Portal from 1st Touch (www.1sttouch.com). The new system will provide an impressive online resource, enabling easy self-service access to a broad range of customer services for tenants. The software will improve on the group’s existing online services, augmenting the group’s award-winning incoming call centre and extensive customer care facilities. Adactus Housing Group is a Registered Social Landlord managing over 13,000 properties across the North West of England with the majority located in Manchester, Chorley and Wigan. The Group, which currently has a turnover in excess of £59m, is comprised of three subsidiaries: Adactus Housing Association, Beech Housing Association and Chorley Community Housing. With the 360 Tenant Portal from 1st Touch, Adactus tenants will be able to use their own devices, 24/7/365 to review details of their tenancy and submit online requests for a wide range of services. By directing this traffic online, the significant time and resources saved will enable call centre staff to spend more time on those with the greatest need. Initially, the new portal will offer two new services to Adactus’ customers. Firstly the system will enable customers to book an appointment online to view a property that’s ready to let. The second new service feature will be the ability to book repair appointments online. Uniquely, this will be done by specifying particular trades such as plumbers or electricians, at the time of making the enquiry. Tenants will also be able to receive alerts, review rent account balances, view statements, track their current repairs and review repairs history to date. All portal activity is recorded in the back-office Aareon Housing Management system used by the Group. This provides the Adactus management team with a clear single management view of key data and KPIs across the enterprise. The smart analytics available from this data will support the Group’s decision making for both the business and the tenants.1st Touch was chosen as the 360 Tenant Portal has the breadth of functionality to help Adactus deliver on its comprehensive and evolving customer care strategy. The system was also chosen as there was an existing integration with Aareon. Adactus also has in-depth knowledge of 1st Touch, having invested successfully in their mobile Responsive Repairs system some years previously. Suzannah Robinson, Digital Projects Manager at Adactus Group believes the new 360 Tenant Portal will deliver significant benefits for customers. She notes, “Our contact centre does an excellent job, and we want to complement this with a highly effective online offering that would handle many of the most routine enquiries and transactions. By reducing the number of calls our operatives deal with, they can spend more time and give an even greater level of service to those tenants with the greatest need. With its Aareon integration, the 360 Tenant Portal also allows us to drill down into the data to get live information. Over time, this will enable us to tailor our services further to match our customers’ requirements.”“We are just at the beginning of this journey though and the prospects for what the portal can deliver in customer terms over time is exciting. As a result, we are already considering other areas where 1st Touch could help us in the future.”For his part, Greg Johns CEO of 1st Touch welcomed the news adding, “Our 360 Tenant Portal enables tenants to submit a wide range of service requests online 24/7/365. Typically these could include: repairs requirements, estate issues, anti-social behaviour concerns or rent queries. The Portal can also trigger appropriate workflows, for example automating the entire repairs appointment process without any interaction by an association’s staff. Management also has an all round business view of key touchpoints and statistics, enabling even smarter decision-making.“Adactus has recognised the potential of the 360 Tenant Portal and has already identified the first areas where they can add effectively to their customer care interface. By driving their viewing and repair appointments online, tenants will benefit from a call centre that has been freed up from the most routine enquiries. This is great for both the tenants and the operatives too, so it really is a win win situation. We look forward to working closely with Adactus as they explore all the areas where the 360 Tenant Portal can transform their customer care processes.”EndsNote to Editors: About 1st Touch (www.1sttouch.com) Southampton based 1st Touch, a subsidiary of Aareon AG (www.aareon.com), has enabled dozens of social housing organisations to embrace new technologies, such as mobile working, to achieve significant savings, greater productivity and more cost-effective use of resources. The system’s flexibility through simple customer control over mobile and customer service forms creation and amendment is also widely acclaimed. Of particular note is 1st Touch 360. This intuitive new dashboard solution, streamlines processes by delivering a single, 360 degree-view of all key metrics and customer data access points. As a result, all the information needed to conduct any customer visit is collated in one central easily navigable location. With such cross-functional visibility, tasks which would previously have required numerous customer visits by different teams are now resolved in one visit from a staff member operating in a multi-functional role. There is Integration to multiple back office and other enterprise software applications, so that data is entered only once.1st Touch has a clear focus on the Social Housing and Local Government markets. Many social housing providers and local authorities, at large, now benefit from the fast and tangible, best of breed benefits that 1st Touch technology delivers across the enterprise. To date, over 50% of the social housing market, which has deployed mobile technology, has chosen to implement 1st Touch. In local government, 1st Touch has already been adopted for a wide range of mobile workforce uses. Ready to use applications for local authority organisations include: Public Buildings, Highways/Street Services, Environmental/Waste Management, Revenues and Benefits, together with Planning Control and Trading Standards. 1st Touch software is available on a wide variety of platforms including: Windows Mobile, Apple and Android.About the Adactus Housing Group (www.adactushousing.co.uk) The Adactus Housing Group is a North West based registered provider with over 13,000 homes in management across 25 local authorities and employs approximately 650 staff.The Group returned an £18.4m surplus in 2015 on a turnover of £59m and is forecasting a similar strong performance for 2016.The Group is a Homes and Communities Agency partner currently developing more than 500 homes a year and a development pipeline of 2,000 homes after securing one of the biggest national HCA allocations in the 2015-18 bidding round. This makes Adactus the second biggest developer in the North West and the eighth biggest outside of London.In the 2015 Housing Association National Accountancy Awards (HANA) Awards, the Adactus Housing Group was crowned the winner for Achieving Best Value for Money.In July 2015 the Adactus Housing Group became one of the few UK social housing providers to achieve the Carbon Trust Waste Standard.The Group’s ‘connect’ customer contact service, received nationwide recognition in November 2015, winning the CCA Global Standard v6 ‘Small Centre of the Year’ award at the 2015 Customer Contact Association’s (CCA) Excellence Awards ceremony in Glasgow.The Adactus Housing Group have been crowned winners of the 2015 Something to Shout About Award at the Greater Manchester Chamber of Commerce Wigan Business Awards.For further information on 1st Touch please contact: Sally Cops1st Touch 02380 111206sally.cops@1sttouch.com www.1sttouch.com orLeigh Richards The Right Image PR & Marketing Group07758 372527leigh.richards@therightimage.co.uk www.therightimage.co.uk For further information on Adactus Housing Group please contact: Thanasis ProtopapasAdactus Housing Group0300 111 1133a.protopapas@adactushousing.co.uk www.adactushousing.co.uk Source: RealWire
↧
EasyJet*, Aer Lingus and Chiltern Railways exposed customers’ credit card details
EasyJet*, Chiltern Railways and Aer Lingus amongst 16 companies that have exposed credit card data during payments to their mobile websites and appsWandera has identified a vulnerability - dubbed CardCrypt - where customers' personal data is being transmitted unencrypted from mobile devicesLONDON, 9th December 2015: Customers' credit card information, passport data, purchase data and other Personally Identifiable Information (PII) was being sent unencrypted from smartphones when users are purchasing items from major brands' mobile websites and apps.Companies identified include easyJet*, Chiltern Railways, Aer Lingus, AirAsia, Air Canada** and 11 other companies, ranging from taxi firms (KV Cars in the UK and American Taxi in the US) to giftcard and event ticket providers (Sistic in Singapore). Notes to editors - each company has been notified about the vulnerability and a full list is included below the releaseWandera has detected payment information leaking unencrypted from smartphones when users were accessing these companies' mobile websites and apps during the purchase and upgrade processes, for example when booking a ticket or choosing a seat. The data includes complete credit card details, CVV security code, customer names, full addresses, transaction amounts and contact details. The exact information that was being leaked varies according to what details the individual company requests in order for the transaction to take place, but in nearly all cases, complete credit card data was detected ‘in the clear' and in one case even detailed passport information was also revealed. The 16 companies that have been identified have a combined 500,000 passengers and customers per day.Examples:Complete credit card data and customer billing addresses were sent unencrypted to the Aer Lingus website during the booking process. Aer Lingus has 10.6 million passengers a year. Complete credit card data and passport details such as name, date of birth, passport number, expiry date and issuing country code - were unencrypted when sent to Air Canada's mobile website during the booking process. Air Canada has 38.0 million passengers a year. Complete credit card data, customer addresses and transaction details were unencrypted when sent to San Diego Zoo's mobile website during the main purchase process. San Diego Zoo has 5 million visitors a year. Complete credit card data and transaction details were unencrypted when sent to AirAsia's website during the check in process. AirAsia has 45.6 million passengers a year. Dubbed ‘CardCrypt' by Wandera, the flaw in all of the vulnerable websites and mobile apps is that they have not used a secure protocol (HTTPS) to secure and encrypt data connections between the browser or app on the user's smartphone, and the company's website, mobile website or backend web services. This means that the credit card information was instead transmitted ‘in the clear', or unencrypted, over standard web connections i.e. HTTP. This weakness made the data freely available to be easily intercepted and used in wide-ranging identity theft and fraud. It is a fundamental requirement of PCI DSS (Payment Card Industry Data Security Standards) to encrypt transmission of cardholder data across open public networks: "Sensitive information must be encrypted during transmission over public networks, because it is easy and common for a malicious individual to intercept and/or divert data while in transit". Notes to editors - Reference Requirement 4, Page 46 of the latest PCI DSS v3.1 most recently updated April 2015. "We believe there are two likely reasons why HTTPS has not been used, everywhere at all times." comments Eldar Tuvey, CEO Wandera, the company that discovered the data leaks. "It could be a flaw in the coding, or it could be a case of relying on inadequate third party services or libraries. Either way, it's astounding to me that these companies have failed to exercise sufficient care in the collection of their customers' personal data."In one particular instance that Wandera has identified, a customer of Sistic, the Singapore-based ticket provider, purchased two tickets for Cirque du Soleil using the mobile app. Because he is an employee of a Wandera enterprise customer, Wandera secures his mobile device to protect against data leaks. In doing so, Wandera detected his entire credit card information, full name, address and transaction details being transmitted from the smartphone ‘in the clear' and unencrypted. The employee was informed and has now cancelled his relevant credit cards. Notes to editors - this user is available for commentWandera has reported the issue to each company according to its responsible disclosure process prior to issuing this release. The company's investigations are still ongoing and involve mobile users of other global brands, but it wanted to ensure users were alerted as soon as possible. "The most alarming thing is that it is very likely that there are plenty of other brands who have made the same mistakes," concludes Tuvey. "With lots of people booking journeys to go home for the Christmas holidays it is worrying how much sensitive data could be put at risk." ENDSNotes to editors:The 16 identified brands are:UK & EuropeeasyJet*UKAir travelAer LingusIrelandAir travelChiltern RailwaysUKRail travelDash Card services/parking****UKParking servicesKV CarsUKTaxisPerfect Card.ie***IrelandGift card1 Robe.fr FranceDress retailerOui CarFranceTaxisUS & CanadaAir Canada**CanadaAir travelSan Diego ZooUSTourist destinationCN TowerCanadaTourist destinationAmerican TaxiUSTaxisGet HotwiredUSBroadband providerTribeca Med SpaUSHealth spaRest of WorldAirAsiaMalaysiaAir travelSisticSingaporeEvent ticket provider* We are pleased to say that as of 9th December, 14:05, easyJet has confirmed there is no ongoing issue.** Did not include the CVV code but did include Passport details*** Only included card number and CVV **** Included car registration, email address, mobile phone numberMore information:CardCrypt Full ReportCardCrypt Threat AdvisoryCardCrypt InfographicAbout WanderaWandera is the leader in mobile data security and management, protecting enterprises with real-time threat prevention, compliance and data cost management. Wandera's multi-level architecture, which includes a pioneering cloud gateway for mobile, offers unrivalled visibility and control. With the industry's largest mobile dataset, Wandera analyzes billions of daily inputs across its network in real-time to detect emerging mobile attacks and protect sensitive company data. Founded in 2012, Wandera is headquartered in San Francisco and London. For more information visit the website www.wandera.com CONTACT DETAILS:Will Gardiner/Sarah Walkerwandera@ccgrouppr.com 020 3824 9209Source: RealWire
↧
More Pages to Explore .....
