We say reportedly as we have not been able to contact Hilton ourselves and can rely only on reports. They are pretty solid reports, however, and they concern a problem at the company that happened between 21 April and 27 July.

Brian Krebs, of KrebsOnSecurity, started this off with a report about a payment card breach. Krebs said that he had heard about the breach from various sources, and that Visa – the card provider – has mailed potentially affected parties with a warning, and the news that it is the fault of a bricks and mortar company.

Visa did not name the company, but affected parties, or banks to be more precise, have uttered it to Krebs. Its name is Hilton.

“Sources at five different banks say they have now determined that the common point-of-purchase for cards included in that alert had only one commonality: they were all were used at Hilton properties, including the company’s flagship Hilton locations as well as Embassy Suites, Doubletree, Hampton Inn and Suites, and the upscale Waldorf Astoria Hotels & Resorts,” he wrote.

“It remains unclear how many Hilton properties may be affected by this apparent breach. Several sources in the financial industry told KrebsOnSecurity that the incident may date back to November 2014, and may still be ongoing.”

Krebs has a statement from the Hilton organisation in which the firm defended its security practices, and revealed that it is aware of the potential problem and is looking into it. This is a common theme among the breached, and should soon become part of mission statements.

“Hilton Worldwide is strongly committed to protecting our customers’ credit card information,” said the company in the statement to Krebs.

“We have many systems in place and work with some of the top experts in the field to address data security. Unfortunately the possibility of fraudulent credit card activity is all too common for every company in today’s marketplace. We take any potential issue very seriously, and we are looking into this matter.”

We have asked Visa and Hilton for their comments.

Source-http://www.thegurureview.net/computing-category/was-the-hilton-hotel-chain-hacked-in-april.html

Coming in three incredible versions, Fedora 23 Cloud, Fedora 23 Server and Fedora 23 Workstation, this new edition picks up where the old one left off and runs with it.

The biggest news for fans is the use of compiler flags to help improve security. These are designed to help protect Fedora 23 beta binaries against memory corruption vulnerabilities, buffer overflows and similar issues.

This is the latest iteration of Red Hat’s Linux-based operating system that likes to think of itself as the leading-edge open source operating system across all use cases. It’s hard to believe, but absolutely true.

The dazzling array of updates starts with Red Hat Fedora Server Beta, which offers a new role through the rolekit service in the form of a cache server for web applications, with the underlying functionality delivered by memcached.

Also new is the fact that rolekit can now be triggered by anaconda kickstart to determine what function should be started with the next reboot, and I think we can all agree that’s been a long time coming.

Cockpit also sees some big changes, including a basic cluster dashboard for Kubernetes, Support for SSH key authentication and support for configuring user accounts with their authorised keys and compatibility with multipath disks.

Meanwhile in Fedora 23 Workstation Beta, the fun keeps coming with a preview of GNOME 3.18. Changes to the software application will allow it to offer firmware updates and access to Libreoffice 5. Improvements have also been made to Wayland, with the ultimate aim being to make it the default graphic server in a future release.

Sadly, that’s where the thrillride ends as Cloud Beta contains very little new of note – but we are warned to stay tuned for news of Fedora 23 Atomic Host, said to be coming soon. We’re literally on the edge of our seats and will bring you the news as soon as we get it.

Source-http://www.thegurureview.net/computing-category/red-hat-releases-fedora-23-to-address-security-issues.html

A Reddit discussion has heard from furious users who spotted that the simplified policy effectively gives the company permission to sell its mailing lists to third parties for fun and profit.

AVG stated under ‘Do You Share My Data?’ in the Q&A about the new policy, which is automatically enforced on 15 October: “Yes, though when and how we share it depends on whether it is personal data or non-personal data. AVG may share non-personal data with third parties and may publicly display aggregate or anonymous information.”

AVG has hit back at the criticism in a blog post today, by which we mean confirmed that its stance is correct, explaining: “Usage data allows [AVG] to customize the experience for customers and share data with third parties that allow them to improve or develop new products.

“Knowing that 10 million users like a certain TV program gives broadcasters the data to get producers to make more of that type of program.

“This is also how taxi firms know how to distribute their fleets, and how advertisers know where to place banners and billboards, for example. Even at AVG, we have published non-personal information that we have collected regarding app performance.”

But AVG added in big, bold type: “We do not, and will not, sell personally identifiable data to anyone, including advertisers.”

This will placate some, but others fear that the lack of choice over this matter, which requires an active decision to opt out, is too clandestine. As ever, there are threats to move to everything from Linux Mint to the Commodore 64, some more serious than others.

Several Redditors have likened it to similar warnings in Windows 10′s Insider Programme which essentially say: ‘we can track you … but we won’t, unless we do.’

Courtesy-TheInq

For the past seven years, a cyberespionage group operating out of Russia on the orders of Tsar Putin have been conducting a series of malware campaigns targeting governments, political think tanks and other organizations.

Researchers at F-Secure have been looking into the antics of an outfit called “the Dukes” which has been active since at least 2008. The group has evolved into a methodical developer of “zero-day” attacks, pulling together their own research with the published work of other security firms to provide a more detailed picture of the people behind a long-running family of malware.

The Dukes specialize in “smash and grab” attacks on networks, but have also used subtle, long-term intrusions that harvested massive amounts of data from their targets.

The group’s targets do include criminal organisations operating in the Russian Federation, which suggest there is some form of policing element to it. But they are mostly interested in Western governments and related organisations, such as government ministries and agencies, political think tanks and governmental subcontractors.

F-Secure team wrote. “Their targets have also included the governments of members of the Commonwealth of Independent States; Asian, African, and Middle Eastern governments; organisations associated with Chechen terrorism; and Russian speakers engaged in the illicit trade of controlled substances and drugs.”

The group was named after its earliest-detected malware, known as PinchDuke. Its targets were associated with the Chechen separatist movement. Later that year they were going after Western governments and organisations in search of information about the diplomatic activities of the United States and the NATO.

Most of the attacks used spear phishing emails as the means of injecting malware onto targeted systems, one of their attacks have spread malware through a malicious Tor exit node in Russia, targeting users of the anonymising network with malware injections into their downloads.

The targets have always followed Russian government interests. There are a number of Russian-language artifacts in some of the malware, including an error message in PinchDuke. GeminiDuke also used timestamps that were adjusted to match Moscow Standard time.

Before the beginning of the Ukraine crisis, the group began using a number of decoy documents in spear phishing attacks that were related to Ukraine. They included a letter undersigned by the First Deputy Minister for Foreign Affairs of Ukraine.

However, after the crisis happened the attacks dropped off suggesting that it was an intelligence gathering operation. It is also a big operation, which, if operating in Russia would most likely require state acknowledgement, if not outright support.

Shifu is described as “masterful” by IBM X-Force, and is named after the Japanese word for thief, according to the firm. It is also the Chinese word for skilled person, or tutor.

X-Force said in a blog post that the malware has been active since the early summer, and comprises a number of known tools like Dyre, Zeus and Dridex. It has been put together by people who know what they are doing, and sounds like a significant problem for the 20 institutions it is targeting.

“The Shifu trojan may be a new beast, but its inner workings are not entirely unfamiliar. The malware relies on a few tried-and-true trojan mechanisms from other infamous crimeware codes,” said the IBM researchers.

“It appears that Shifu’s internal makeup was composed by savvy developers who are quite familiar with other banking malware, dressing Shifu with selected features from the more nefarious of the bunch.”

The Shifu package offers a range of attack features as well as clean-up tools to cover its tracks. It reads like a Now that’s what I call … recent attacks compilation CD, and has some oldies but baddies.

“Shifu wipes the local System Restore point on infected machines in a similar way to the Conficker worm, which was popular in 2009,” added the firm as one example.

The package can wreak havoc on companies and their users. If we had a bucket of damp sand we would pour it all over Shifu and stamp on it.

“This trojan steals a large variety of information that victims use for authentication purposes. For example, it keylogs passwords, grabs credentials that users key into HTTP form data, steals private certificates and scrapes external authentication tokens used by some banking applications,” said IBM.

“These elements enable Shifu’s operators to use confidential user credentials and take over bank accounts held with a large variety of financial service providers.

“Shifu’s developers could be Russian speakers or native to countries in the former Soviet Union. It is also possible that the actual authors are obfuscating their true origin, throwing researchers off by implicating an allegedly common source of cybercrime.”

Source-http://www.thegurureview.net/computing-category/is-the-shifu-trojan-wreaking-havoc-in-japan.html

Sales are way up for little-known manufacturers that sell directly to big cloud companies like Google and Facebook, while the market for traditional external storage systems is shrinking, according to research company IDC.

Internet giants and service providers typically don’t use specialized storage platforms in their sprawling data centers. Instead, they buy vast amounts of capacity in the form of generic hardware that’s controlled by software. As users flock to cloud-based services, that’s a growing business.

Revenue for original design manufacturers that sell directly to hyperscale data-center operators grew by 25.8 percent to more than US$1 billion in the second quarter, according to the latest global IDC report on enterprise storage systems. Overall industry revenue rose just 2.1 percent from last year’s second quarter, reaching $8.8 billion.

These so-called ODMs are low-profile vendors, many of them based in Taiwan, that do a lot of their business manufacturing hardware that’s sold under better known brand names. Examples include Quanta Computer and Wistron.

General enterprises aren’t buying many systems from these vendors, but the trends at work in hyperscale deployments are growing across the industry. Increasingly, the platform of choice for storage is a standard x86 server dedicated to storing data, according to IDC analyst Eric Sheppard. Sales of server-based storage rose 10 percent in the quarter to reach $2.1 billion.

Traditional external systems like SANs (storage area networks) are still the biggest part of the enterprise storage business, logging $5.7 billion in revenue for the quarter. But sales in this segment were down 3.9 percent.

Overall demand for storage capacity continued to grow strongly, with 37 percent more capacity shipped in the quarter compared with a year earlier.

Source-http://www.thegurureview.net/aroundnet-category/enterprise-storage-needs-driving-cloud-sales-boom.html

The company has seen drops in key parts of the business and an overall drop in GAAP net revenue of eight percent year on year to $25.3bn, compared with $27.6bn in 2014.

The company failed to meet its projected net earnings per share, which it had put at $0.50-$0.52, with an actual figure of $0.47.

The figures reflect a time of deep uncertainty at the company as it moves ever closer to its demerger into HP and Hewlett Packard Enterprise. The latter began filing registration documents in July to assert its existence as a separate entity, while the boards of both companies were announced two weeks ago.

Dell CEO Michael Dell slammed the move in an exclusive interview with The INQUIRER, saying he would never do the same to his company.

The big boss at HP remained upbeat, despite the drop in dividend against expectations. “HP delivered results in the third quarter that reflect very strong performance in our Enterprise Group and substantial progress in turning around Enterprise Services,” said Meg Whitman, chairman, president and chief executive of HP.

“I am very pleased that we have continued to deliver the results we said we would, while remaining on track to execute one of the largest and most complex separations ever undertaken.”

To which we have to ask: “Which figures were you looking at, lady?”

Breaking down the figures by business unit, Personal Systems revenue was down 13 percent year on year, while notebook sales fell three percent and desktops 20 percent.

Printing was down nine percent, but with a 17.8 percent operating margin. HP has been looking at initiatives to create loyalty among print users such as ink subscriptions.

The Enterprise Group, soon to be spun off, was up two percent year on year, but Business Critical system revenue dropped by 21 percent, cancelled out by networking revenue which climbed 22 percent.

Enterprise Services revenue dropped 11 percent with a six percent margin, while software dropped six percent with a 20.6 percent margin. Software-as-a-service revenue dropped by four percent.

HP Financial Services was down six percent, despite a two percent decrease in net portfolio assets and a two percent decrease in financing volume.

Source- http://www.thegurureview.net/computing-category/is-hps-forthcoming-split-a-good-idea.html

According to a website set up by the company to share information about the incident, Web.com discovered the security breach on Aug. 13 as part of its ongoing security monitoring.

Attackers compromised credit card information for around 93,000 accounts, as well as the names and addresses associated with them. No other customer information like social security numbers was affected, the company said.

According to the company, the verification codes for the exposed credit cards were not leaked. However, there are websites on the Internet that don’t require such codes for purchases.

Web.com has notified affected customers via email and will also follow up with letters sent through the U.S. Postal Service. Those users can sign up for a one-year free credit monitoring service.

The company did not specify how the intruders gained access to its systems, but has hired a “nationally recognized” IT security firm to conduct an investigation.

Web.com provides a variety of online services, including website and Facebook page design, e-commerce and marketing solutions, domain registration and Web hosting. The company claims to have over 3.3 million customers and owns two other well known Web services companies: Register.com and Network Solutions.

Register.com and Network Solutions customers were not impacted by this breach unless they also purchased services directly from Web.com.

Source-http://www.thegurureview.net/aroundnet-category/web-com-latest-victim-of-credit-card-hacking.html