Tag Archives: users

Fake WhatsApp app downloaded 1 million times

Android users were tricked by a convincing fake WhatsApp app listing in the official Google Play Store, but one expert said this incident shouldn’t take away from confidence in the safety of the Play Store.

The issue was first revealed on the r/Android subreddit and showed a fake WhatsApp app listing in the Google Play Store that had the developer name appearing to be the real WhatsApp Inc. Redditor “E_x_Lnc” first posted about the fake listing, noting it used a Unicode character that mimicked a blank space after the name in order to bypass Google’s malware scanner and was invisible unless someone looked at the code itself.

There were some minor red flags on the fake WhatsApp app listing that redditors pointed out though. First, while 1 million downloads may seem impressive, the real WhatsApp has been downloaded more than 1 billion times. The fake WhatsApp app listing also contained the tag claiming the app contained ads, which the real app does not. Finally, the real WhatsApp listing bears the “Verified by Play Protect” branding from Google.

What the fakeout means

Liviu Arsene, senior e-threat analyst at Romania-based antimalware firm Bitdefender, said using Unicode characters to impersonate a brand name and the fake WhatsApp app itself should never have made it past the Google Bouncer malware scanners.

“Malicious app developers have proven to be very resourceful in the past, and this incident with WhatsApp is no different,” Arsene told SearchSecurity. “It’s worth noting that before actually installing an application users should also go through the comments section to see if others reported any abnormalities with it or even doing a little research regarding the developer’s name and what other apps has he published, to spot any potential issues.”

According to redditor “dextersgenius”, the app itself was little more than an ad-wrapper, and once installed it tried to hide itself by having a blank icon and no title.

Malicious app developers have proven to be very resourceful in the past, and this incident with WhatsApp is no different.
Liviu Arsenesenior e-threat analyst at Bitdefender

Arsene said “adware itself is not always malicious,” which may be why this fake WhatsApp app wasn’t caught earlier.

“Benign apps have been smuggled before in Google Play, only to be later updated with malicious components — even if for a short period of time,” Arsene said. “However, malicious behavior that involves data exfiltration and remote control of the device is a lot easier to spot that simply deciding whether or not an ad-displaying app is too intrusive.”  

Despite this incident, Arsene said Android users should still see the Google Play Store as the safest place to get apps.

“The general line for Android safety remains downloading apps from Google Play, mostly because these incidents where malware or aggressive adware makes it in their marketplace are sufficiently rare and quickly handled,” Arsene said. “However, it’s more than recommended to also rely on a security solution for mobile devices, as security vendors are in the business of scrutinizing apps more aggressively for keeping users safe.”

Microsoft Teams roadmap introduces telephony, interoperability

Many Skype for Business users probably won’t migrate to Microsoft Teams over the next year, because they are concerned about the lack of telephony features in the new chat-based workspace in Office 365, according to one industry expert.

The Microsoft Teams roadmap, released this week, promises a slew of Skype for Business features over the coming months. But Microsoft won’t fully roll out many of the telephony features until late next year.

“The biggest concern is Microsoft won’t deliver a lot of the telephony set until well into 2018,” said Irwin Lazar, a Nemertes Research analyst.

The Microsoft Teams roadmap details several Skype for Business features that will be rolled into Teams to help users prepare for a migration. Enterprise calling features — such as call park, group call pickup, location-based routing and shared-line appearance — are not expected until the fourth quarter of next year.

Additionally, the Microsoft Teams roadmap does not offer any new insights into Microsoft’s collaboration strategy, Lazar said. The roadmap, however, does provide customers with a timeline of when they can expect to see certain telephony features in Teams.

“It provides more clarity and will help companies plan for an eventual transition to Teams,” Lazar said.

Microsoft Teams roadmap: A bumpy ride?

The biggest concern is Microsoft won’t deliver a lot of the telephony set until well into 2018.
Irwin Lazaranalyst at Nemertes Research

Microsoft announced last month that Teams would replace Skype for Business Online to become the main communications client within Office 365. The announcement left many organizations questioning the migration process and the quality of telephony within Teams.

After Microsoft posted a blog announcing the roadmap, several users commented to share their thoughts. Some users are happy about the change. They lauded the upcoming Microsoft Teams features, the integration between Skype and Teams, and how the roadmap helps organizations plan for the migration and improve adoption.

Other users, however, remain skeptical.

“Honestly I am very disappointed you are moving in this direction, I miss the days of a small simple interface like the old school Communicator,” John Gooding posted in response to Microsoft’s blog. “We tried Slack and Teams, and it was fun for 30 minutes then it turned into a productivity drag.”

Messaging, meetings and more

The Microsoft Teams roadmap focuses on messaging, meetings and calling capabilities within the application. Lazar said the roadmap will help organizations with their user-awareness and adoption programs, and it will help them plan training for users as features become available.

Messaging. As a messaging-centric application, Teams already offers persistent, one-on-one and group chat. Features such as the ability to import contacts from Skype for Business, unified presence and messaging policies are expected to be available by the end of the first quarter of 2018. Microsoft expects to add screen sharing and federation between companies by the end of the second quarter of 2018.

Meetings. Teams includes meeting capabilities such as screen sharing and capturing chats in the channel after a meeting. Later this quarter, Microsoft will debut audio conferencing in over 90 countries, meeting support in the Edge and Google Chrome web browsers, and call-quality analytics.

Microsoft will introduce meeting room support with Skype Room Systems, cloud video interoperability with third-party devices and support for the Surface Hub by the end of the second quarter of 2018.

Calling. Later this year, Microsoft plans to introduce voicemail, call forwarding, e911 support, Skype for Business to Teams calling, and IT policies for Teams interoperability. In the second quarter next year, Microsoft will enable customers to use their existing telecom voice line to activate calling services in Office 365. Additional capabilities such as call queues and one-to-one to group call escalation with Teams, Skype for Business and PSTN participants will also be available.

Additional Microsoft Teams features will roll out in the second quarter of 2018, including recording and storing meetings, meeting transcriptions and the ability to search key terms.

In an effort to clear up confusion over its collaboration roadmap, Microsoft will also update the names of its PSTN Calling, PSTN Conferencing and Cloud PBX services. PSTN Calling will be renamed Calling Plan, PSTN Conferencing will be named Audio Conferencing, and Cloud PBX will be called Phone System.

For features yet to be announced in the Microsoft Teams roadmap, Lazar said he’d like to see announcements around customers using on-premises Skype for Business being able to use the cloud-based Teams for telephony.

MobileIron, VMware can help IT manage Macs in the enterprise

As Apple computers have become more popular among business users, IT needs better ways to manage Macs in the enterprise. Vendors have responded with some new options.

The traditional problem with Macs is they have required different management and security software than their Windows counterparts, which means organizations must spend more money or simply leave these devices unmanaged. New features from MobileIron and VMware aim to help IT manage Macs in a more uniform way.

“Organizations really didn’t have an acute system to secure and manage Macs as they did with their Windows environment. But now, what we are starting to see is that a large number of companies have started taking Mac a lot more seriously,” said Nicholas McQuire, vice president of enterprise research at CCS Insight.

Macs in the enterprise see uptick

Windows PCs have long dominated the business world, whereas Apple positioned Macs for designers and other creative workers, plus the education market. There are several reasons why businesses traditionally did not offer Macs to employees, including their pricing and a lack of strong management and security options. About 5% to 10% of corporate computers are Macs, but that percentage is growing, McQuire said.

[embedded content]

With Macs growing in popularity, IT needs
streamlined configuration methods.

There are a few potential reasons for the growth of Macs in the enterprise. Demand from younger workers is a big one, said Ojas Rege, chief strategy officer at MobileIron, based in Mountain View, Calif. In addition, because Macs don’t lose value as quickly as PCs, the difference in total cost of ownership between Macs and PCs isn’t as significant as it once was, he said.

“A lot of our customers tell us that Macs are key to the new generation of their workforce,” Rege said. “Another key is that the economics are improving.”

New capabilities help manage Macs in the enterprise

It is surprising how many people still think they do not need additional software to help secure Macs.
Tobias Kreidldesktop creation and integration services team lead, Northern Arizona University

Windows has managed to stay on top in the eyes of IT because of its ability to offer more management platforms from third parties. Despite some options, such as those from Jamf, the macOS management ecosystem was very limited for a long time. But as the BYOD trend took off and shadow IT emerged, more business leaders felt they could no longer limit their employees to using Windows PCs.

VMware in August introduced updates to Workspace One, its end-user computing software, that allow IT to manage Macs the same way they would mobile devices. Workspace One will also have a native macOS client and let users enroll their Macs in unified endpoint management through a self-service portal, just like they can with smartphones and tablets.

MobileIron already supported macOS for basic device configuration and security. The latest improvements included these new Mac management features:

  • secure delivery of macOS apps through MobileIron’s enterprise app store;
  • per-app virtual private network connectivity through MobileIron Tunnel; and
  • trusted access enforcement for cloud services, such as Office 365, through MobileIron Access.

Mac security threats increase

At Northern Arizona University, the IT department is deploying Jamf Pro to manage and secure Macs, which make up more than a quarter of all client devices on campus. The rise in macOS threats over the past few years is a concern, said Tobias Kriedl, desktop creation and integration services team lead at the school in Flagstaff, Ariz.

The number of macOS malware threats increased from 819 in 2015 to 3,033 in 2016, per a report by AV-Test. And the first quarter of 2017 saw a 140% year-over-year increase in the number of different types of macOS malware, according to the report.

“It is surprising how many people still think they do not need additional software to help secure Macs,” Kreidl said. “[Apple macOS] is pretty good as it stands, but more and more efforts are being spent to find ways to circumvent Mac security, and some have been successful.”

Advanced Protection Program locks down Google accounts

The latest Google multifactor authentication solution aims to protect high-risk users from targeted attacks, but will add complexity to logins.

Google’s Advanced Protection Program has been designed to not only help keep users safe from phishing attacks such as spear phishing as well preventing unauthorized access to Gmail accounts by having users take advantage of physical security keys — like a Yubikey — for authentication.

“Journalists, human rights defenders, environment campaigners and civil society activists working on any number of sensitive issues can quickly find themselves targeted by well-resourced and highly capable adversaries,” Andrew Ford Lyons, a technologist at Internews, said in Google’s announcement post. “For those whose work may cause their profile to become more visible, setting this up could be seen as an essential preventative step.”

Google’s Advanced Protection Program could help to prevent some types of cyberattacks seen over the past couple years, including the phishing schemes that compromised the Gmail account of Hillary Clinton’s campaign chairman, John Podesta, or the Google Docs phishing attack.

According to Google, the Advanced Protection Program focuses on three areas of defense: using a security key for multifactor authentication, limiting third-party app access to Gmail and Google Drive, and mitigating fraudulent account access by adding steps to the account recovery process.

Google warns that third-party mobile apps like Apple Mail, Calendar and Contacts “do not currently support security keys and will not be able to access your Google data,” so Advanced Protection Program users would need to use Google’s first-party apps for now.

How the Google Advanced Protection Program works

Google has supported security keys for multifactor authentication in the past and has an option to use mobile devices as a multifactor device, but the Advanced Protection Program is far more strict because there will be no backup options with SMS or stored authentication codes.

Users will only be able to login to Google accounts with their password and registered security keys. If a security key is lost, the account recovery will be more onerous than answering simple security questions, but Google has yet to provide details on what such a recovery process will entail.

For those whose work may cause their profile to become more visible, setting this up could be seen as an essential preventative step.
Andrew Ford Lyonstechnologist at Internews

Although anyone can enroll in the Advanced Protection Program, Google admitted in its blog post that it would be best for those who “are willing to trade off a bit of convenience for more protection of their personal Google Accounts.”

At the start, the Advanced Protection Program requires the use of the Chrome browser and two security keys that support the FIDO U2F standard — one to connect to a traditional computer via USB port and one for mobile devices using Bluetooth.

The former isn’t as troublesome, but users need to be careful about the security key used for mobile. Google’s support page suggests purchasing the Feitan Multipass Bluetooth security key, which appears to be in limited supply on Amazon, as of this post, but, a Bluetooth security key is only necessary for those using iOS devices or an Android device that doesn’t support Near Field Communication.(NFC) for wireless access. An NFC-enabled security key would work for those with NFC-capable Android devices. 

Cloud App Discovery spotlights shadow IT users

Do you know what end users do with a company’s data? Do they use Dropbox to share documents with clients? Discuss…

“;
}
});

/**
* remove unnecessary class from ul
*/
$(“#inlineregform”).find( “ul” ).removeClass(“default-list”);

/**
* Replace “errorMessageInput” class with “sign-up-error-msg” class
*/
function renameErrorMsgClass() {
$(“.errorMessageInput”).each(function() {
if ($(this).hasClass(“hidden”)) {
$(this).removeClass(“errorMessageInput hidden”).addClass(“sign-up-error-msg hidden”);
} else {
$(this).removeClass(“errorMessageInput”).addClass(“sign-up-error-msg”);
}
});
}

/**
* when validation function is called, replace “errorMessageInput” with “sign-up-error-msg”
* before return
*/
function validateThis(v, form) {
var validateReturn = urValidation.validate(v, form);
renameErrorMsgClass();
return validateReturn;
}

/**
* DoC pop-up window js – included in moScripts.js which is not included in responsive page
*/
$(“#inlineRegistration”).on(“click”,”a.consentWindow”, function(e) {
window.open(this.href, “Consent”, “width=500,height=600,scrollbars=1”);
e.preventDefault();
});

trade secrets via Slack? Plan secret projects on Trello? The Cloud App Discovery feature in Office 365 reveals certain shadow IT practices admins need to know to secure the enterprise.

End users often enlist cloud services to perform their jobs, but the practice of introducing unsanctioned apps invites risk. It circumvents security practices, which potentially opens the company to an unexpected compliance issue or a cyberattack. Cloud App Discovery uncovers shadow IT without the need to implement agent-based software on users’ computers and mobile devices.

Here’s how to identify and monitor use of unauthorized cloud services within the organization — and what to do about it.

Find hidden app usage with Cloud App Discovery

Office 365’s E3 subscription includes Cloud App Discovery, a component of Cloud App Security. This service interprets log files from web proxy servers, firewalls and network devices, such as wireless access points and switches, to create a visual picture of the shadow IT services used in the organization.

Cloud App Security dashboard
Figure 1. The Discover tab in Office 365 Cloud App Security presents a visual summary of shadow IT services used in the organization.

The Office 365 version of Cloud App Discovery indicates services that have similar functions to Office 365 apps, especially productivity services. Therefore, the discovered apps section does not include nonproductivity applications. We’ll show how to uncover those later in this article.

Create reports of productivity apps

Cloud App Discovery uses logs taken from a network device that sits between end users and the internet. The Cloud App Discovery service supports common log file formats, such as those generated by Cisco access points, open source web proxy servers or third-party cloud services, such as Symantec Websense.

The admin then accesses the Cloud App Discovery feature from the Security & Compliance Center. Download a log file from the network device in a format that Cloud App Discovery supports, navigate to the main console and choose Discover > Create new snapshot report.

Search for and specify the log format from the list, then upload the log file. Office 365 takes up to 24 hours to process and display the results.

Log file upload
Figure 2. To create a new snapshot report, search for the log format you want to use, and upload the log file.

Navigate to Discover > Manage snapshot reports to see the uploaded file. Office 365 shows processed reports as Ready.

Manage snapshot reports
Figure 3. The snapshot reports section indicates when the admin uploaded the report and its status.

The report shows the productivity apps in use from the Office 365 platform and from other cloud services. Select an app to open an Excel spreadsheet for more details, such as how many users accessed the service, how many times users accessed it and the amount of traffic uploaded to and downloaded from the service.

Discovered apps
Figure 4. View the report to see the productivity apps that are in use and to see detailed information about each app.

Automate the log upload process

Organizations that subscribe to Enterprise Mobility and Security (EMS) E3 can extend Cloud App Discovery’s functionality in several powerful ways.

The continuous reports feature automates log uploads through a customized VM with a syslog server and an HTTPS uploader.

To configure continuous reports, use the Discover > Upload logs automatically option in Cloud App Security. The admin adds a data source, which replaces the uploaded log file. The admin then defines a log collector and links it to the data source, which generates the information to deploy the Hyper-V or VMware VM.

After the VM deploys, configure one or more network devices to send data to the log collector in the format that matches the defined data source. Figure 5 shows an example of a Cisco Meraki device set up to send URL data in syslog format to the log collector’s VM IP address.

Configure URL data
Figure 5. Configure a network device to send data to the VM IP address for the log collector.

After about 24 hours, results from logged data will appear in the Cloud App Discovery section. The admin accesses both real-time and historic information related to app usage.

Cloud App Discovery dashboard
Figure 6. The Cloud App Discovery dashboard shows current app usage statistics and provides access to historical information.

See the threat level of shadow IT services

Aside from productivity services — such as webmail, cloud storage and content sharing — Cloud App Discovery also provides visibility into other areas. The EMS-based version of the tool detects internet of things devices, cloud service use from providers such as Amazon Web Services and visits to websites.

Cloud App Discovery ranks the discovered services based on risk score from one to 10. A lower score indicates a more suspicious application. The Cloud Discovery service determines the rank through assessment of security policies, such as where the data resides, who has access, who has control and whether organizations can prevent unauthorized access.

Apps designed for enterprise use, such as Google’s G Suite, get good scores. Services that provide less organizational control, such as WhatsApp, receive poor grades.

WhatsApp is considered a risky service because no one has administrative control. For example, a financial advisor who communicates with a client over WhatsApp could breach regulations because the business cannot record the conversation for future discovery.

View the detailed report on each service, and decide whether to approve the cloud service.

Figure 7 lists the services with usage statistics and threat level:

Discovered apps tab
Figure 7. The Discovered apps tab lists the services used on the company network with details on the traffic used and the risk score.

Take action against shadow IT

Administrators should take action when armed with data from Cloud App Discovery. If workers use Trello, Slack and Box, then admins should deploy the corresponding Office 365 services — Planner, Teams and OneDrive for Business, respectively.

However, IT should still take action even if the business can’t make these Office 365 apps immediately available. In that case, let end users know that the company plans to roll out Microsoft services to replace shadow IT apps. Explain the benefits of the move, such as service integration across the Office 365 suite.

The EMS-integrated capabilities give admins a way to configure security alerts when workers use these unsanctioned apps. Part of the continuous reports feature partially controls the use of apps. For example, an admin creates a rule that identifies when a user downloads a lot of data from Office 365 and then uploads a lot of data to Dropbox. When the rule detects this activity, the admin gets an alert and notifies the security team to block that user’s access to Office 365.

Next Steps

Slack or Microsoft Teams: Which one makes more sense?

Shadow IT dangers present best opportunity to use cloud access security brokers

Regulate shadow IT to reduce risk

Box Skills, machine learning technology pique IT interest

SAN FRANCISCO — Box shops will be able to help users gain more intelligent insight into their content with new machine learning technology in the content management tool.

Box Skills, introduced here at the company’s annual BoxWorks conference, makes it easier to search for visual and audio content and view information about it. Box Feed uses machine learning to curate content for specific users. Plus, new features in Box Relay aim to improve employee workflows. These capabilities caught the interest of attendees at the show.

“It was kind of nice to see Box incorporating [AI] to start relaying things to certain people at the right time in the right place,” said Ryan Foltz, business systems engineer at Barnhardt Manufacturing Company in Charlotte, N.C.

How Box Skills works

Box Skills is a framework that serves as a layer of abstraction between the content organizations upload to Box and the machine learning. It focuses on three areas: Image Intelligence, Audio Intelligence and Video Intelligence.

With the Image Intelligence component, based on Google Cloud Platform technology, Box automatically tags aspects of an image such as the subject, colors and logos, as well as uploads any text from it. Users can click the tags to access other images with similar contents.

The whole workflow looks really nice.
Will Sheppardtechnical support specialist, The Enthusiast Network

Video Intelligence uses Microsoft Cognitive Services to provide facial recognition to identify people in a video. It also can show users where repeated phrases come up, and extracts a transcript of the video that users can apply as closed captioning. Audio Intelligence functions similarly, without the visual aspect, and is based on IBM Watson technology.

Using the new Box Skills Kit for developers, organizations can also customize what information within a file the machine learning technology tracks. The tool can track tone of voice in a phone conversation, for example, or pull out specific words a company is interested in and show within the Box content when those words were said. Developers can also customize information in documents such as invoices or contracts, and have Box extract information such as dates, signatures, payment amounts and vendor names. That not only extracts the data, but allows users to fill that information in automatically moving forward.

Image Intelligence is currently in beta, and Video Intelligence and Audio Intelligence will come to beta in 2018, Box said.

Box Feed puts relevant information in front of users

Box Feed, powered by Box Graph machine learning technology, was also previewed at the conference and will be available next year. This feature can help users find the content most relevant to them. It shows users active content — files they have been working on or are mentioned in — as well as other relevant content, which appears in a feed based on who is working on the file and what the content is. If a user generally collaborates with another user who is working on a document, for example, it will likely show up in the relevant section. It also shows trending files, or ones that many users throughout the organization are accessing. 

As interesting as these new features are, some companies might need some time to apply them. Barnhardt Manufacturing Company, for instance, is an old organization, but its leaders are getting more and more interested in business data intelligence, said Pete Chantry, application systems manager at the company.

 “We’ve got to allow a little bit of time for them to get accustomed to the basic [enterprise content management] features of Box,” Chantry said.

Updates to Box Relay

Box Relay for workflow automation, announced last year and generally available next month, will get some enhancements as well.

First, the add-on will allow workflows to launch automatically, so if a user uploads a resume of a prospective employee for example, the workflow associated with that kind of document will start automatically. Box also plans to release APIs so IT can integrate Relay with existing third-party applications and automated processes. In addition, users will be able to e-sign documents directly in Box. Finally, a new dashboard will let users manage multiple workflows at the same time by showing every active workflow and what step it is on.   

“I like the way that all ties together,” said Will Sheppard, technical support specialist at The Enthusiast Network based in Los Angeles. “The whole workflow looks really nice.”

Other new features in Box Relay include the ability to invite other users to edit a document and assign them tasks with due dates within the document. There is also a new annotation tool that allows users to write a comment on a specific aspect of a document and tag other users to look at that exact area.

In addition, users no longer have to download previous versions of a document; they can preview them with a single click. Plus, when a user accesses a document, Box will highlight any changes that other users have made since the last time he was in it, and show which user made the edits. Finally, users can thread comments and mark them as resolved.   

Like Box Skills, Relay presents some enticing features for IT, but those at Barnhardt Manufacturing Company are unsure of how to apply Relay immediately.

“I don’t know how often we’d use it, but if we had it, it’d certainly be a nice feature for us,” Foltz said.

Enterprises weigh VMware Cloud on AWS, as vendors pivot cloud strategies

LAS VEGAS — The much anticipated VMware Cloud on AWS is finally available. For potential users, now comes the hard part.

The service that brings the leading private cloud provider’s environments to the leading public cloud provider’s platform has generated a lot of buzz, but the lack of details has kept many potential users on the fence. Important information about pricing and capabilities were disclosed Monday here at VMworld, and now VMware customers must decide if it’s worth it to make the leap.

“I don’t think the customer interest is fully baked,” said David Lucky, director of product management for Datapipe, a managed cloud services provider in Jersey City, N.J. that works closely with AWS and VMware. “But it’s getting a lot of attention from our customers.”

Part of the allure of this deal is the ability to put VMware environments next to AWS services such as DynamoDB and RDS. There are fast, private networks connecting the two services, but there are still functionality limitations.

“It’s separate really,” Lucky said. “It’s got its own portal; its own billing and pricing. You do link your AWS account into it and connect it, but I could see there’s a lot more opportunity to build on that.”

Pricing for the VMware-sold product is complex, and deviates in some important ways from the standard AWS model. Purchases are made on a per-host basis, and can be billed by the hour, or in reserved capacity on one- and three-year contracts.

The three-year contract costs $109,366 per host, which would save about 50% compared to the on-demand hourly billing rate, according to VMware. Another program can cut costs by up 25% based on their on-premises VMware product licenses, as long as those on-premises products remain active.

There are separate charges for IP and data transfers, as the standard AWS egress fees still apply. Each host has 2 CPUs, 36 cores, 72 hyper-threads, 512 GiB RAM and local flash storage.

If a company goes with the three-year contract, the estimated total cost of ownership for VMware Cloud on AWS is up to $0.09 per VM per hour, according to VMware. That’s comparable to native cloud instances costs and a savings of up to $0.08 cheaper per VM per hour than the traditional on-premises set up.

Stay or go?

Whether the move is worth the cost will depend on an organization’s in-house environments — those that are less efficient or bloated are the best candidates, said Kyle Hilgendorf, a Gartner analyst.

Erik Anderson, a senior network engineer at a Midwest healthcare company, said his team works entirely on-premises, but is looking at the public cloud to localize workloads in other parts of the globe. Where those workloads will land will depend on cost and other factors, but those decisions won’t be made any time soon, he said.

“If it turns out the stuff that VMware and AWS is doing reduces operational expenses and administrative headaches, that would be the ideal choice” Anderson said.

The service is built on bare metal, and VMware will carve out capacity within AWS data centers to then provide scalable infrastructure to its customers. It’s the first time bare metal has been sold on AWS and VMware’s SSD architecture is different from AWS’, but executives for both companies don’t foresee capacity issues beyond what users typically find when requesting resources on AWS.

For customers, adding VMware Cloud capacity as part of the service will be no different than any of the other instance types they sell, said AWS CEO Andy Jassy.

The service may even accelerate adoption among companies that already have a footprint in both environments, said Peter Scott, COO of DivvyCloud, a multicloud automation and management company in Arlington, Va., that is among the partner ecosystem for VMware Cloud on AWS.

IT shops, however, are wary to move some workloads to the public cloud that are built on a different operating model and aren’t easily or flexibly scalable, he said.

“You’re essentially taking a whole lot of legacy workloads and sticking them in public cloud, which is ephemeral and by its very definition is very different,” Scott said. “If you’re going to take this stuff and put it in the public cloud that runs 24/7, 365 days a year, you’d be better off back in your data center.”

There are limitations to the new capabilities. Customers can bring applications back and forth, but they will still have to pay the standard AWS egress fees. Amazon doesn’t charge customers to bring data into the cloud, but the cost to pull data out is prohibitive for most users, and is a main reason the public cloud is criticized for workload lock in. Also, the VMware Cloud on AWS service is currently limited to the AWS U.S. West (Oregon) region, and won’t be available in other regions until 2018.

About-face, march

AWS and VMware executives said this is just the first step in the partnership, and though they didn’t provide specifics about future services, they listed tighter integration and migration assistance as items to improve.

“I definitely sense Amazon sees a lot of opportunity and investing more of their time going forward,” Datapipe’s Lucky said.

AWS and VMware executives went out of their way to characterize the partnership as more than just marketing, and observers say the product is surprisingly mature, despite the early limitations and the lengthy wait to bring to market.

And though the deal has publicly discussed for nine months, the actual product release culminates a shifted cloud strategy for both companies. AWS was once borderline dismissive about the future of hybrid cloud, and VMware initially sought to build its own public cloud to usurp AWS and keep everything within its own ecosystem. Officials for both companies, however, effusively praised each other and cited huge potential to extend these capabilities to thousands of customers in the years ahead.

And now that some of the critical information about the service is public – particular the pricing – customers will ultimately decide if the adoption will meet the hype.

“Without knowing the price, how attractive it is is relative, and we got a lot of questions about that,” Lucky said. “Now at least it’s out there so the conversation can move past that.”

Juniper adding microsegmentation to Contrail cloud

Juniper Networks Inc. has added tools for network microsegmentation in Contrail — an important feature for users of the software-defined networking controller, but a capability that’s unlikely to reverse Juniper’s decline in security revenues.

Juniper introduced the capability this week, along with other security features the company labeled as Juniper Contrail Security. In general, Juniper is focusing its latest stab at strengthening its security portfolio on companies with multiple data center environments in a Contrail cloud.

Microsegmentation tools, which have become a popular way to contain malware in the data center, allow corporate IT staff to build a zero-trust security zone around a set of resources, such as network segments and workloads. In network virtualization within SDN, microsegmentation adds firewall capabilities to east-west traffic.

VMware and Cisco have had microsegmentation capabilities in their SDN products, NSX and Application Centric Infrastructure (ACI), respectively, for several years. NSX has outpaced ACI deployments in the data center, primarily because microsegmentation has become its leading use case for protecting applications that run on top of VMware’s ubiquitous server virtualization products.

Contrail cloud use case

Companies use Juniper Contrail and vRouter — the vendor’s virtualized router software — to create a network overlay that extends across cloud-based environments in multiple data centers. The core users of Contrail and Juniper switches include cloud companies that provide infrastructure, platform or software as a service. Others include large financial institutions.

With the latest release, companies can use the Contrail cloud console to carve up their data center LAN and intradata-center WAN, and then create and distribute policies that establish restrictions on communications between network microsegments. Also, Juniper is providing tools that give companies the option of using third-party firewalls for policy enforcement.

The capability is available for cloud environments using bare-metal servers, Linux containers built and managed through the Kubernetes system, and OpenStack — the modular architecture for creating and managing large groups of virtual private servers. Kubernetes and OpenStack are open source technologies.

 Juniper has contributed Contrail’s source code to the open source community through an initiative called OpenContrail. Contrail is a Juniper-supported binary version of OpenContrail, which is available under the Apache 2.0 license.

Juniper has contributed the source code of its latest security features to the OpenContrail community, said Pratik Roychowdhury, the product manager for Contrail. The site GitHub is the online repository for OpenContrail.

“Everything that I’m talking about in Contrail Security is out there [on GitHub],” Roychowdhury said. “Anyone can essentially go and take a look at the source code.”

Other Contrail cloud security features

Besides microsegmentation, Juniper has added other features to the Contrail console. They include a visual depiction of interactions between applications in hybrid cloud environments and analytics that detect anomalies and suggest corrective actions.

The latest features are useful to companies using Juniper switches or its SRX firewalls running alongside other vendors’ switches, said Lee Doyle, an analyst at Doyle Research and a TechTarget contributor. Either scenario would be helpful to Contrail adoption.

“Contrail is one of many SDN controllers that has struggled to break through [a competitive market],” Doyle said. “It’s not contributing a huge amount of revenue.”

What is contributing a growing share of Juniper’s revenue is switching. In the quarter ended June 30, revenue grew nearly 32% year over year to $276 million. However, the company’s overall market share is small at 3.4%, according to stock research firm Trefis.

Security, on the other hand, remains a weak spot in Juniper’s portfolio. Revenue has fallen from $670 million in 2012 to $318 million last year, according to Trefis. In the June quarter, revenue fell 12% to $68.7 million.

“Quite frankly, the focus right now on security has been on achieving stability and returning to growth,” Juniper CEO Rami Rahim said in an online transcript of the July earnings call with financial analysts. The transcript is available on the financial site Seeking Alpha.

Azure Monitor now available in Azure Government

Getting ahead of issues before they impact end users is a key goal of any IT organization. One important tool in this process is the use of monitoring and analytics services, which help ensure that you get up-to-date information on the overall health of your cloud environment. We are happy to announce that we have expanded the portfolio of management services with the general availability of Azure Monitor in Azure Government.

With Azure Monitor, you can now consume monitoring metrics and logs within the portal and via APIs in near real-time and gain more visibility into the state and performance of your resources. Azure Monitor provides you the ability to configure alert rules to get notified or to take automated actions on issues impacting your resources. Azure Monitor enables analytics, troubleshooting, and a unified dashboarding experience within the portal, in addition to enabling a wide range of product integrations via APIs and data export options. All of this has now been enabled for Azure Government.

image

With this release, we are also providing new alerting and notification options including custom email and webhooks. This allows you to enable notification on specific Azure services and receive service health notifications. 

Azure Monitor is not just useful for the administration of your Azure resources. The centralized logging and alerting helps achieve compliance with many NIST SP 800-53 security controls that support CJIS, FedRAMP, and the DoD compliance requirements. The data from Azure Monitor can be queried, archived, or analyzed to provide an audit trail and meet key monitoring controls.

Learn more about Azure Monitor by visiting the documentation page. For a detailed list of Azure Monitor features available in the different Azure Government datacenter regions, visit the Azure Government Monitoring + Management page.

Hijacked Chrome extensions infect millions of users

New research shows millions of Google Chrome users have been hit with malware through eight hijacked Chrome extensions.

According to threat protection vendor Proofpoint, the eight compromised Chrome browser extensions include two that were hijacked earlier this month — Copyfish and Web Developer. According to the Proofpoint researcher known as Kafeine, the other six compromised extensions are Chrometana, Infinity New Tab, Web Paint, Social Fixer, TouchVPN and Betternet VPN. From downloads of all eight hijacked Chrome extensions, nearly 4.8 million users received malicious code from the attackers.

“At the end of July and beginning of August, several Chrome Extensions were compromised after their author’s Google Account credentials were stolen via a phishing scheme,” Kafeine wrote in a blog post. “This resulted in hijacking of traffic and exposing users to potentially malicious popups and credential theft.”

Targeted users were shown a JavaScript alert that said their PC needed to be repaired and were then directed to pay for the false repairs, enabling the attackers to profit from this scheme.

According to Kafeine, the attackers “are leveraging compromised Chrome extensions to hijack traffic and substitute advertisements on victims’ browsers. Once they obtain developer credentials through emailed phishing campaigns, they can publish malicious versions of legitimate extensions.”

However, Kafeine also noted that, “in addition to hijacking traffic and driving users to questionable affiliate programs, we have also observed them gathering and exfiltrating Cloudflare credentials, providing the actors with new means of potential future attacks.”

There is no proof yet that all of the hijacked Chrome extensions were targeted by the same hacker or hacking group, though the compromises all happened in the same time frame.

Google has dealt with security issues surrounding Chrome browser extensions in the past. In 2015, the company implemented a policy that requires all Windows and Mac users and developers to install extensions only from the Chrome Web Store. This change was spurred by concerns about extensions that enabled the download of malware. The policy update also included a feature called Enhanced Item Validation, which runs additional checks on extensions before they are published in the Chrome Web Store.

In other news

  • DNS provider Cloudflare terminated the account of neo-Nazi website the Daily Stormer. In an official statement, the company’s co-founder and CEO Matthew Prince wrote: “Our terms of service reserve the right for us to terminate users of our network at our sole discretion. The tipping point for us making this decision was that the team behind Daily Stormer made the claim that we were secretly supporters of their ideology.” However, in a candid internal notice to Cloudflare employees, Prince said the decision was personal. “I woke up this morning in a bad mood and decided to kick them off the Internet,” he wrote. While the company has previously maintained content neutrality, Prince said Cloudflare still received requests to terminate its distributed denial-of-service (DDoS) attack protection services of the site. “The initial requests we received to terminate their service came from hackers who literally said: ‘Get out of the way so we can DDoS this site off the Internet,'” wrote Prince. In the official statement, he went on to acknowledge his decision is “dangerous,” but argued it likely won’t set a precedent. The Electronic Frontier Foundation (EFF), however, issued a statement that expressed concern over Cloudflare’s decision, arguing that “because Internet intermediaries, especially those with few competitors, control so much online speech, the consequences of their decisions have far-reaching impacts on speech around the world. And at EFF we see the consequences first hand: every time a company throws a vile neo-Nazi site off the Net, thousands of less visible decisions are made by companies with little oversight or transparency. Precedents being set now can shift the justice of those removals.” While the EFF is clear that it disagrees with the content on the Daily Stormer, the group said it defends “the right of anyone to choose what speech they provide online; platforms have a First Amendment right to decide what speech does and does not appear on their platforms.”
  • A Venafi survey found that 72% of security professionals don’t believe that encryption backdoors would make a nation safer from terrorists. Venafi surveyed over 290 attendees of the Black Hat USA conference in July and found that “the majority of industry professionals believe encryption backdoors are ineffective and potentially dangerous.” In a blog post, Venafi wrote that, “it is widely acknowledged that backdoors into encryption technology create vulnerabilities that can be exploited by a wide range of malicious actors, including hostile or abusive government agencies,” and despite the danger, many government officials advocate for encryption backdoors to “strengthen national security and hinder terrorism.” Respondents of the survey disagree — 91% of them said cybercriminals could take advantage of encryption backdoors that are government mandated. Another notable finding is that 81% of respondents said they believe that governments should not have the ability to force technology companies to give them access to encrypted user data.
  • VMware patched an important denial-of-service vulnerability in its NSX-V Edge products. The vulnerability, according to VMware’s advisory, is that the “VMware NSX-V implementation of the OSPF protocol doesn’t correctly handle the link-state advertisement (LSA). A rogue LSA may exploit this issue resulting in continuous sending of LSAs between two routers eventually going in loop or loss of connectivity.” VMware also noted that the vulnerability, classified as CVE-2017-4920, is tough to exploit because an attacker would need local access to the targeted system in order for an exploit to be possible. Security researchers Adi Sosnovich, Orna Grumberg and Gabi Nakibly first reported the vulnerability to VMware. Patches are now available for all affected products, which could be running on any platform.