Tag Archives: Four

CES 2018 for CIOs: Rise of the AI voice assistant class

CES 2018 happened. Four miles on the Vegas Strip, the latest gadgetry, some 4,000 vendors, 170,000 attendees, 7,000 media, three days of sessions, not including the pre-show briefings, backroom meetings and off-site soirees where the secret stuff goes down — what, if anything, does the world’s biggest consumer tech show mean to CIOs?

Should a CIO, for goodness’ sake, care that the Numi intelligent toilet by Kohler Co., an CES 2018 Innovation Awards Honoree, has a voice-controlled toilet lid lifter and seat warmer among other more intimate services? Or that the Kohler-Konnect Verdera Voice Lighted Mirror is the world’s first bathroom mirror with Amazon’s AI voice assistant Alexa?

Isaac Sacolick, who’s been a CIO at BusinessWeek and McGraw Hill Construction and is now president and CIO at consulting firm StarCIO, believes so. “The Kohler Konnect mirror was probably one of the more interesting voice assistants I looked at,” said Sacolick, who, like SearchCIO, monitored the event remotely. The message: AI voice assistants have gone mainstream.

Sacolick, author of Driving Digital: The Leader’s Guide to Business Transformation Through Technology, remembered when smartphones debuted at CES and were dismissed by peers as having little impact on IT strategies. “But sure enough, people started bringing in smartphones and you needed to worry about BYOD and putting in MDM managers and thinking about policy.”

He sees the dominance of voice interfaces at CES 2018 as signaling another gearshift for CIOs, akin to the migration of data centers to the cloud and the move from web-only to mobile apps. “Now CIOs are going to have go from mobile user experiences to voice UX and make sure the applications they build out have a voice capability.”

Where it makes sense, said Nigel Fenwick, Forrester Research principal analyst who focuses on CIO issues. “We’re not going to put a voice interface on everything, because there is cost and complexity associated with that, and the return is not necessarily going to be there,” he said. So CIOs “will want to be cautious” and use conversational interfaces where they have a “maximum impact.” (Don’t tell that to the vendors: Amazon has a plan to put an Echo in every boardroom.)

But Fenwick agreed that the migration of AI voice assistants from the consumer market to the workplace is inevitable. CIOs will start seeing demand from Millennials. And the technology will evolve from voice interfaces retrofitted on select enterprise applications to AI voice assistants working side by side with employees. “Teenagers growing up are going to be used to having that conversation with a device — and expecting an intelligent response,” he said.

Marriage of IoT and AI

Moreover, voice assistants — of the smart and not-so-smart variety — are just one component of an increasingly complex technology landscape CIO now have to manage, Fenwick said, as companies likes the ones presenting at CES this year outfit the world with a digital skin.

“The big thing for CIOs will be handling all the sensors that are going to be enabled through IoT platforms,” he said, adding that the ability to process and gain insight from IoT data will “separate the winners from the losers” in the next few years. Voice assistant technology that allows users to communicate with IoT devices ups the ante.

“The role of the CIO at once becomes more complicated because of the need to integrate new technology with backend systems of record” as well as “understand what’s happening with the customer in order to create unique value for the customer,” Fenwick said.

The marriage of an AI interface and IoT at CES 2018 also struck Sacolick as a gamechanger. Many of the CIOs he deals with in his consulting business see IoT devices as vehicles for collecting data, allowing companies “to be smarter about what’s happening out in the field.”

“But as soon as you start thinking about these devices as two-way — instead of just data collection devices — they are presentation devices or intelligence devices, making decisions for people” then questions about reliability, performance and analytics arise. How much computing, for example, takes place centrally in the cloud and how much locally? 

“I do think for enterprises it’s still early,” he said, but noted that when you see AI chipmakers Intel and Nvidia battling it out at CES for supremacy in the autonomous vehicle space, it’s time to pay attention. 

‘How, not whether’

Analyst Mike Ramsey, who covers connected vehicles for research outfit Gartner, said that what struck him from this year’s huge focus on autonomous cars was a shift in emphasis. “The focus was on how this was going to work — how will we make money? How will the tech be deployed? It was not whether the tech will work,” Ramsey said, waiting to board a flight home from the show.

A point of debate in the industry is the integration of virtual assistants, which Ramsey said come in two varieties: a voice assistant that communicates your wishes to the world (order a pizza) and “deeply integrated” inteligence that’s embedded in the car’s controls. Google, Amazon and Apple assistants continue to make inroads, but Ramsey said the industry’s embrace of the big tech companies is not universal or without reservations.

“Mercedes announced its own system that has a lot of capability, not just basic things like asking it to change your radio station or call Mom, but weird questions, like ‘Can I wear flip-flops tomorrow?'” he said. The ongoing “tussle between the tech giants and the automakers,” he said, is less about who owns the data and more about brand.

“The issue for them is who owns the experience in the car? They don’t want you to get in and feel like what you love about your car is Alexa,” Ramsey said.

Forrester’s Fenwick had something to say about that.

“You see at CES a sort of shift that has happened over the last few years — and continued to accelerate this year — towards the individualization of product or consumer experience. And that reflects the ability of companies to greatly tailor the experience of the product or service to their customers’ needs and desires,” he said. It’s a challenge for brands — and for CIOs.

“How do you build a technology architecture that is flexible and adaptable, that can quickly integrate as yet undeveloped technologies into the architecture in order to create revenue?” he said.

Watch for more reports this week on the CES 2018 consumer trends CIOs need to pay attention to.

Mike McCarter: lean, mean, hacking machine – Microsoft Life

About four years ago, I almost quit.

I was getting restless and decided that I wanted to launch a startup. Soon after that, I told my manager that I planned to leave within the next year.

I told her that I needed autonomy and creativity. I wanted a job with greater purpose and world-changing impact. I wanted rapid growth, not just of my products, but also of myself.

Her response caught me off guard. She said she’d support me either way and offered a few suggestions for ways I could get all those things at Microsoft, should I consider staying. She could give me more room for creativity and risk-taking, more help gaining access to all of Microsoft’s resources, and a lot of other things that I’d not considered doing before.

I stayed, and I never looked back.

I’ve always looked for creative ways to solve problems, ideally without involving a ton of waste. As a rural kid growing up three miles away from a very small town, I didn’t have much to do other than figure out how to entertain myself. I had to be independent and resourceful. So I got into fixing and building and creating things—treehouses, go carts, you name it.

Once I got my uncle’s ancient dune buggy up and running again with very few tools and even less adult supervision; for a brief moment I may have been the only eighth grader with wheels. I was always redesigning things that were broken and giving them a new purpose.

Although I didn’t know what to call it at the time, I now realize that was lean hacking (experimenting with new ideas and testing them—quickly), and it turns out I’d been doing it for a while.

Instead of leaving the company, I decided to bring more of this mindset to my job at Microsoft. I turned an old lab into a collaboration space where my team and I can experiment constantly. I love that space. In it, our vetting and forensic services team (translation: we protect Microsoft and its customers from a variety of risks) have developed products—sometimes with the help of The Garage, and other times as volunteers supported by Microsoft Philanthropies.

Together, we built a state-of-the-art identity-vetting platform. We found that our skills translated well to areas with great societal value too; our lean hacking tactics have helped us address major global challenges through solutions like PhotoDNA, a product used to fight child exploitation on the internet; Child Finder Service, which helps find missing children; and Content Moderator, which helps organizations identify high-risk text, images, or video on their platforms.

Mike McCarter

Instead of leaving the company four years ago, Mike McCarter decided to bring more of lean hacking mindset to his job at Microsoft. “So far, there’s nowhere else I’ve found where I can have a greater, global impact than at Microsoft,” said McCarter.

Other hacks are fun, and our team engages in small experiments constantly; we’ve created a four-in-one programmable-height ping-pong scrum table, a custom-designed lab layout with a bell for big wins, and a community snack cart for sharing healthy treats. In a team survey, 100 percent of our people said that their jobs are more than just jobs—they have real meaning. I think this is due to our hacking culture.

Since that conversation with my manager four years ago, I’ve gone through a transformation—I used to think that I needed to start my own company, make a fortune, and then have a positive impact on the world afterward. But I’ve realized that life is too short to defer one’s calling.

I still often wonder about other opportunities. But the question I ask myself is how much impact can I make somewhere else versus where I am at. So far, there’s nowhere else I’ve found where I can have a greater, global impact than at Microsoft.

Are you a Microsoft employee with a journey to share? Drop us a line from your work email at MicrosoftLife (at) microsoft.com.

For Sale – Samsung C24F390 24-Inch Curved LED Monitor

Hi,

I have a Samsung C24F390 monitor for sale; it’s only four months old and has only been used a couple of times a week over that time. I’ve been using it to play on the PS4 only and it’s a fantastic monitor. However I’ve bought a PS4 Pro and I’m looking to move onto a 4K monitor.

There are absolutely no marks or blemishes anywhere on the monitor; it’s as good as new.

I prefer collection to be honest, or meeting somewhere locally, but I could look to post it out if needed.

Amazon link for specs, pictures, reviews, etc:

https://www.amazon.co.uk/dp/B01BCF06LE?ref_=Oct_CAMGiftedC_428652031_0

Thanks.

Price and currency: 90
Delivery: Delivery cost is not included
Payment method: PayPal, Bank Transfer
Location: Warrington
Advertised elsewhere?: Not advertised elsewhere
Prefer goods collected?: I have no preference

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

For Sale – Samsung C24F390 24-Inch Curved LED Monitor

Hi,

I have a Samsung C24F390 monitor for sale; it’s only four months old and has only been used a couple of times a week over that time. I’ve been using it to play on the PS4 only and it’s a fantastic monitor. However I’ve bought a PS4 Pro and I’m looking to move onto a 4K monitor.

There are absolutely no marks or blemishes anywhere on the monitor; it’s as good as new.

I prefer collection to be honest, or meeting somewhere locally, but I could look to post it out if needed.

Amazon link for specs, pictures, reviews, etc:

https://www.amazon.co.uk/dp/B01BCF06LE?ref_=Oct_CAMGiftedC_428652031_0

Thanks.

Price and currency: 90
Delivery: Delivery cost is not included
Payment method: PayPal, Bank Transfer
Location: Warrington
Advertised elsewhere?: Not advertised elsewhere
Prefer goods collected?: I have no preference

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

Emergency Microsoft patch out for Malware Protection Engine

Just four days before the final Patch Tuesday of 2017, an emergency Microsoft patch was pushed out for a critical anti-malware flaw.

The vulnerability in the Windows Malware Protection Engine (CVE-2017-11937) was first discovered by the UK National Cyber Security Centre and can affect systems running Windows 7, 8.1, 10 and Server 2016. A similar flaw was found in June by Tavis Ormandy, security researcher for Google’s Project Zero.

According to the security advisory, the emergency Microsoft patch addresses a critical remote code execution vulnerability that can be exploited if a malicious actor can get the Malware Protection Engine to scan a specially crafted file.

Microsoft noted this could happen automatically if the malicious file is delivered to a system with real-time scanning turned on, and could allow an attacker to “execute arbitrary code in the security context of the LocalSystem account and take control of the system … then install programs; view, change, or delete data; or create new accounts with full user rights.”

However, the emergency Microsoft patch should be automatically installed “within 48 hours of release,” according to the advisory.

Michael Patterson, CEO of Plixer International Inc., a network traffic analysis company based in Kennebunk, Maine, said that “although most consumers already have the necessary patch, this is no time to become overly confident in existing security defensive measures.”

“Malware will make it into every organization connected to the internet. This means all companies need to prepare for the inevitable breach,” Patterson told SearchSecurity. “When this happens, incident response systems need to have been rehearsed and the data necessary for network traffic analytics needs to have been collected. An archive of logs and flows is a critical source of forensic data when odd traffic patterns need to be investigated.” 

Anti-malware software is one of the most critical pieces of software on a modern desktop and also one of the most valuable targets for an attacker.
Tyler Regulymanager of the Vulnerability and Exposure Research Team, Tripwire

Tyler Reguly, manager of the Vulnerability and Exposure Research Team at Tripwire, said it was nice to see the emergency Microsoft patch released so quickly but said Microsoft also appears to be deprioritizing customer communication with these security releases.

“Anti-malware software is one of the most critical pieces of software on a modern desktop and also one of the most valuable targets for an attacker, especially products that have automated scanning of new files enabled. Most vendors will be plagued with issues like this from time to time and it shouldn’t scare people away from using the product but, rather, they should feel hopeful that Microsoft released the [out-of-band patch] to ensure quicker protection for their customer,” Reguly told SearchSecurity. However, Reguly added, “the update has been available for nearly 48 hours, but the security guidance page still does not have links to an advisory, bulletin, or KB article. The details have been published, but they are not available via the link that Microsoft provided in their own notification email, you need to know the format of their URLs to build it yourself.”

How Microsoft’s Dona Sarkar Keeps Her Future Self On Track

I believe that your dreams and your day job can coexist. I always have at least four projects going on at the same time, and I switch frequently between them. If I’m struggling to work on a project for Windows Insiders, I’ll write a chapter of a nonfiction book I am writing, or I’ll sketch something from my fashion line, or I’ll watch a short [tutorial] video.

advertisement

If I have a pocket of time—seven minutes or 20 minutes—I set my timer and do a work sprint. You can whip off 10 emails or five ideas in five minutes. If I have seven minutes to write a document, I will finish it: It may not be the best document in the world, but all the bones will be down, enough to the point that I can share it with someone and ask them what they think of the overall framework.

I don’t put all my emotional eggs in one basket. I’ve never had a bad day in my life because I can always go and do something that means a lot to me, and that I have invested a lot in, and that is within my control.

Whatever the opposite of FOMO is, I have that. I am too busy living my life to worry about what other people are doing.

Time she wakes up: 4 a.m.

First thing she does: “I write five gratitudes, five worries, and five intentions. It’s a way for me to prioritize what really matters.”

Productivity tools: “I have a shared OneNote with Jeremiah Marble, the founder and director of the Windows Insider Program. If I feel that I could use his help or vice versa, we’ll send each other a quick message. It’s all real time.”

advertisement

Email strategy: “I check email three times a day: morning, afternoon, and evening. I have a filter that only lets in emails where my name is on the ‘To’ line. If I’m on a CC or alias, I check those emails only a few times a week.”

Dealing with the news: “I consume news twice a day: in the morning, after I am done writing in my journal, and in the evening. During the day, if something breaks, I will find out about it from 12 different sources.”

Motivational object: “I have a framed needlepoint that says hustle, which one of my coworkers made for me.”

Best habit: “I’m not afraid to start something. I don’t need to be good at something that I have never done before: I assume I am going to be very bad.”

Worst habit: “I am awake at all hours and have a lot of energy, which can be overwhelming to some people.”

Productivity advice: “You should track your time every hour of the day, then consider whether what you are doing leaves you in a positive or negative mood. Then do more of the things that bring you joy.”

advertisement

Time she goes to bed: Between midnight and 1 a.m.

EternalRocks malware: What exploits are in it?

Seven NSA cyberweapons, including four Windows SMB exploits, have been combined to create the EternalRocks malware….

“;
}
});

/**
* remove unnecessary class from ul
*/
$(“#inlineregform”).find( “ul” ).removeClass(“default-list”);

/**
* Replace “errorMessageInput” class with “sign-up-error-msg” class
*/
function renameErrorMsgClass() {
$(“.errorMessageInput”).each(function() {
if ($(this).hasClass(“hidden”)) {
$(this).removeClass(“errorMessageInput hidden”).addClass(“sign-up-error-msg hidden”);
} else {
$(this).removeClass(“errorMessageInput”).addClass(“sign-up-error-msg”);
}
});
}

/**
* when validation function is called, replace “errorMessageInput” with “sign-up-error-msg”
* before return
*/
function validateThis(v, form) {
var validateReturn = urValidation.validate(v, form);
renameErrorMsgClass();
return validateReturn;
}

/**
* DoC pop-up window js – included in moScripts.js which is not included in responsive page
*/
$(“#inlineRegistration”).on(“click”,”a.consentWindow”, function(e) {
window.open(this.href, “Consent”, “width=500,height=600,scrollbars=1”);
e.preventDefault();
});

What are the exploits used by EternalRocks, and how is it similar to the WannaCry ransomware worm?

Windows networking has been a scourge to the internet since the first Windows machine on a local network connected to the web. Windows networking still uses the server message block (SMB) protocol, and it was designed for local networks, but enterprises continue to expose their systems with SMB access open to the internet. Most enterprises block inbound and outbound Windows networking packets because of malware like Sircam, Nimda and many others, but when firewalls go down, internal systems can be infected.

Penetration testers and attackers are very aware of the insecurities in Windows networking. Still, one of the NSA exploits — EternalBlue — used in its EternalRocks malware, exploited a vulnerability in SMB v1 that could have been blocked by a border firewall filtering SMB traffic. The other SMB exploits included in the malware are EternalChampion, EternalRomance and EternalSynergy; EternalRocks also includes other NSA cyberweapons, such as the DoublePulsar exploit for implanting backdoors.

The EternalRocks malware kit wasn’t just a Windows networking worm, but also included functionality to download additional code and connect to a command-and-control server for future commands. The initial exploit is very important in order to get initial access to a system, but the later stages of the attack are potentially the most important to defend against, and they have the most impact.

The EternalBlue exploit used by the EternalRocks malware is also used in the WannaCry ransomware worm, but WannaCry takes the next step with malicious action on the endpoint via ransomware. EternalRocks has no ransomware or malicious payloads and only spreads itself on systems and devices. Exploit kits, even security tools like Metasploit and other commercial tools, have much of the same functionality and could include these exploits into their toolkits.

Next Steps

Find out why computer worms like WannaCry continue to pose a threat

Learn why the WannaCry outbreak should prompt hospitals to up their security game

Read about how the NSA balances vulnerability disclosure and national security

Dig Deeper on Malware, virus, Trojan and spyware protection and removal

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever’s puzzling you.

Four in 10 US teens seek help from friends about online woes, new Microsoft study shows – Microsoft on the Issues

Four in 10 American teens say a friend sought help from them because of a negative experience they had online, results of a new Microsoft-sponsored study show. Most situations involved harassment or bullying, according to the teens, while a quarter of survey respondents said their friends had been threatened online.

Forty-one percent of teens say a friend sought guidance from them following a negative online interaction, down from 43 percent who said they were asked for advice in similar situations last year. Moreover, when looking for help with a negative online experience, teens say their friends are the most valuable resource. Nearly six in 10 (57 percent) say friends were the most helpful in such situations, while 42 percent say their parents were the most supportive resource.

Findings are from “Keeping Up with Generation App,” the latest in a series of research studies conducted or sponsored by Microsoft over the past two years and focused on “digital civility” – encouraging safer and healthier online interactions among people of all ages. The study was fielded last month by the Washington, D.C.-based National Cyber Security Alliance (NCSA) and polled 813 teens in the U.S. and 809 parents of American teens.

“It’s not surprising that teens turn to friends for help. During adolescence, peer-to-peer relationships are critical,” said Michael Kaiser, executive director of the National Cyber Security Alliance, which sponsors National Cyber Security Awareness Month each October. “We need to build the capacity of teens to help each other and equip them with the knowledge and tools so they can give meaningful and accurate help to their friends. When we teach them to help others, we are also empowering them to be more resistant to and resilient from any issues they may encounter online.”

Here are some other highlights from this year’s research:

·        In general, teens say they spend more time online than they would like. Nearly three in 10 (28 percent) say they spend “too much” time online, while almost half (46 percent) say they spend “a little more time” online than they’d prefer.

·        Both teens and parents say disagreements about the amount of permitted screen time are the most frequent points of technology-related tension in their households; 22 percent of teens report frequent disagreements with parents about screen time, and 26 percent of parents say they regularly argue with their kids about the issue.

·        The privacy and security of their personal data remains paramount for teens when it comes to their top online safety concerns, but they share larger worries about the veracity of the information they encounter and share online. Nearly one-quarter (24 percent) say they are “very concerned” that they could accidentally spread fake news or other misinformation, and another 25 percent say they are “somewhat concerned” about that possibility.

Microsoft sponsored this same study in 2016 where results indicated that nearly 40 percent of American teens said someone was mean or cruel to them online in the previous year. Negative comments most often stemmed from something the teens said or did, or were about their appearance, according to last year’s results.

On a positive note, those percentages fell this year. About a third (34 percent) of teens reported that someone had been mean or cruel to them when they were online or using cell phones over the past 12 months. But, once again, the content of those messages was most often about something the teen said or did (52 percent) or something about their appearance (35 percent). Race or ethnicity (27 percent), gender (21 percent) and political views (20 percent) were among the other sources of mean or cruel treatment.

To help guard against a range of these issues, Microsoft makes available a collection of resources at our website, www.microsoft.com/saferonline. For instance, we encourage parents and teachers to emphasize critical thinking among young people and to help them to identify misinformation and hate speech online. We also make available materials about responding to online bullying and harassment, as well as the risk of online grooming. Young people and teens themselves can benefit from these resources as well, especially since they’re being asked to assist friends in need.

As for more research, we will continue to release targeted results from our digital civility-based studies in the months leading up to international Safer Internet Day 2018. Early findings show the newer concept of digital civility is resonating across the world, with a number of age demographics and geographies embracing the concept. Full results of our latest 23-country study will be released on Safer Internet Day 2018 on February 6.

Learn more about online safety at our YouthSpark website and check out even more resources here. You can also “like” us on Facebook, follow us on Twitter and take our Digital Civility Challenge using #challenge4civility or #Im4digitalcivility.

Tags: digital civility, National Cyber Security Awareness Month

Play Forza Motorsport 7 Four Days Early with Today’s Release of the Ultimate Edition

The Oct. 3 global launch of Forza Motorsport 7 on Xbox One and Windows 10 PCs is just four days away, but anyone itching to get behind the wheel today can do so with the Forza Motorsport 7 Ultimate Edition. In addition to early access to Forza Motorsport 7, Ultimate Edition owners receive the Forza Motorsport 7 Car Pass, VIP membership and cars, and both the Hoonigan and Fate of the Furious car packs.

Get ready to experience the thrill of motorsport at the limit with the most comprehensive, beautiful and authentic racing game ever made. In Forza Motorsport 7, players on the Xbox One family of devices will experience racing at silky smooth 60 frames per second, HDR (Xbox One S and Windows 10 PCs), and 4K on Windows 10 PCs while collecting over 700 Forzavista™ cars, including the largest assortment of Ferraris, Porsches, and Lamborghinis in any racing game. With over 30 world-famous environments and tracks featuring dynamic weather and race conditions that change every time you return to the track; no two races are the same. And with Xbox One X coming Nov. 7, even more players will experience gorgeous graphics in native 4K, at 60fps and HDR, too.

In celebration of the game’s launch, on Sept. 30 at 1 p.m. PDT, Tanner Foust – professional driver whose awards include four X Games gold medals, three Global Rallycross championships and two Formula Drift national championships –  will go head-to-head with 2017 Indy Car Season Champion Josef Newgarden in the all-new Forza Motorsport 7 on Xbox Live Sessions, an interactive livestream hosted on the Mixer Xbox Channel. During the livestream, the two will join Xbox Daily Show host Major Nelson and Forza Community Manager, Brian Ekberg in the ultimate racing showdown on Xbox One S, live from the Petersen Automotive Museum. Fans who tune-in can submit questions and get the chance to win some awesome prizes. For even more details on the livestream, check out our Xbox Wire post from earlier this week.

If you haven’t experienced Forza Motorsport 7 yet, what are you waiting for? Download the free Xbox One demos from the Windows Store here. See you on the track!

Deloitte hack compromised sensitive emails, client data

Deloitte, one of the “big four” accounting and consultancy firms, has confirmed it exposed confidential emails and client data in a targeted attack.

Deloitte, which provides high-end cybersecurity consulting services, discovered the hack in March 2017, but attackers may have had access to the company’s systems since October or November of 2016.

According to The Guardian, which broke the story of the Deloitte hack early this week, attackers were able to compromise Deloitte’s email server through an administrator account that wasn’t protected with two-factor authentication. Through this email server, The Guardian reported, the attacker likely had privileged, unrestricted access to all systems, including the Microsoft Azure cloud service that Deloitte uses to store the emails its staff sends and receives. In a statement on the incident, Deloitte confirmed attackers were able to “access data through an email platform” but didn’t provide further details on additional systems or services that may have been affected.

Deloitte provides services to major companies across the globe, including banks, multinational corporations and government agencies. The company claimed that “very few clients were impacted” by the breach. According to The Guardian, only six of the organization’s clients have been alerted that their information was compromised in the Deloitte hack. However, the hackers did potentially have access to usernames, passwords, IP addresses, health information and architectural diagrams for businesses.

The Deloitte hack focused primarily on U.S.-based operations and spurred an internal investigation that’s lasted six months so far. The responsible parties have yet to be identified, though, and Deloitte hasn’t released any specific details on how many clients were affected.

In other news

  • A bug in the most recent version of Internet Explorer exposes whatever is entered into the address bar — such as website addresses or searches — to hackers. Security researcher Manuel Caballero disclosed the flaw in a blog post this week. “When a script is executed inside an object-html tag, the location object will get confused and return the main location instead of its own,” Caballero wrote. “To be precise, it will return the text written in the address bar so whatever the user types there will be accessible by the attacker.” This means that whatever a targeted user types into the address bar can be viewed by a malicious actor. Caballero’s proof of concept shows that malicious sites can view information the user assumed was private. He also expressed his concerns about Microsoft’s handling of Internet Explorer. “In my opinion, Microsoft is trying to get rid of IE without saying it. It would be easier, more honest to simply tell users that their older browser is not being serviced like Edge,” he said.
  • The United States has asked China not to enforce its Cybersecurity Law that was passed in November 2016 and went into effect in June this year. In a document submitted to the World Trade Organization, the U.S. said “China’s measures would disrupt, deter, and in many cases, prohibit cross-border transfers of information that are routine in the ordinary course of business.” The Cybersecurity Law states that any “network operators” in China, including any local or international firms that collect data, must store all user data within China. The U.S. argued in the document that “such a broad definition” of network operators “could have a negative impact on a wide range [of] foreign companies.” It also raised concerns that “the measures, which pertain to ‘important data’ and ‘personal information,’ would severely restrict cross-border transfers unless a broad set of burdensome conditions are met.” The U.S. noted some other concerns in the document and requested that China “refrain from issuing or implementing final measures until such concerns are addressed.”
  • Oracle released out-of-band patches for the latest Apache Struts 2 vulnerability, tracked as CVE-2017-9805, a month before its scheduled quarterly Critical Patch Update. In its blog post announcing the availability of the patches, Oracle noted that a previous Apache Struts 2 vulnerability, left unpatched, was implicated in the “significant security incident” suffered by Equifax earlier this month. The patches were made available by the Apache Foundation for the popular web development framework on Sept. 5, but vendors like Oracle using the open source framework need to apply those patches to their own source code. “Oracle strongly recommends that customers apply the fixes contained in this Security Alert as soon as possible,” wrote Eric Maurice, director of security assurance at Oracle. “Furthermore, Oracle reminds customers that they should keep up with security releases and should have applied the July 2017 Critical Patch Update (the most recent Critical Patch Update release).”