Industry News

Tech Issues: Controversies from 2019 and still on the go

You are currently viewing Tech Issues: Controversies from 2019 and still on the go

Even the anti-hacking companies get hacked.. What chance do the rest of us have? 

https://www.crn.com/slide-shows/security/the-10-most-controversial-companies-of-2019/2

Imperva

A security breach is never good news, but it is particularly troubling when the company being hit by hackers is a cybersecurity company.

That’s what happened when Imperva informed customers that a data breach revealed email addresses, hashed passwords, API keys and SSL certificates for some Web Application Firewall (WAF) users.

The Redwood Shores, Calif.-based cybersecurity vendor learned of the breach Aug. 20, 2019, and said it affected a portion of its Incapsula Cloud WAF customers who had accounts through Sept. 15, 2017.

A subset of Incapsula users through Sept. 15, 2017, had their API keys and customer-provided SSL certificates exposed, according to Imperva. In addition, Imperva said email addresses as well as hashed and salted passwords in the Incapsula customer database were also revealed

Imperva said it informed all affected customers directly and shared the steps the company was taking to safeguard their accounts and data. In addition, the company said it implemented forced password rotations and 90-day expirations for its Cloud WAF product.

Nine weeks after the breach, Imperva confirmed that CEO Chris Hylen had resigned. Hylen had joined Imperva as president and CEO in August 2017 following nearly four years overseeing Citrix Systems’ mobility practice, and spearheaded publicly traded Imperva’s $2.1 billion sale to private equity giant Thoma Bravo in January 2019. 

https://www.crn.com/slide-shows/security/the-10-most-controversial-companies-of-2019/3

Cloudflare 

Cloudflare admitted that its products have been used by or for the benefit of individuals and entities that have been blacklisted by federal regulators.

The San Francisco-based networking and cybersecurity vendor said a small number of blacklisted parties made payments to Cloudflare in connection with their use of the company’s platform, according to a regulatory filing.

Parties allowed to use Cloudflare’s products include entities designated as terrorists or narcotics traffickers by the U.S. Office of Foreign Assets Control (OFAC), as well as groups affiliated with governments currently subject to comprehensive U.S. sanctions.

Cloudflare said in its filing with the U.S. Securities and Exchange Commission that it has implemented additional controls and screening tools to prevent similar activity from occurring in the future.  

Cloudflare also indicated that it may have submitted incorrect information to the U.S. government in connection with certain hardware exports, according to the filing. As a result, Cloudflare said it submitted self-disclosures to the Commerce Department’s Bureau of Industry and Security as well as to the Census Bureau regarding potential violations of Foreign Trade Regulation

Outsourcers too…

https://www.crn.com/slide-shows/security/the-10-most-controversial-companies-of-2019/9

Wipro

When India-based outsourcing behemoth Wipro’s internal IT systems were hacked and used to launch attacks against some of its customers, it set off panic in the MSP market.

Wipro’s systems, in fact, were being used as a jumping-off point for exploits targeting at least a dozen client systems. The Wipro breach—first reported by KrebsOnSecurity—ended up being the first of many breaches through MSP systems.

Wipro was one of eight major solution providers targeted in an attempt to perpetrate gift card fraud, according to KrebsOnSecurity.

“It’s a scary time,” said one East Coast MSP who didn’t wish to be identified. “Some of the people on this list have the best security money can buy. I hope it’s working for them, because if it’s not, this problem got a lot bigger.”

The high-profile cyberattack on Wipro “did not impact the company’s ongoing critical business operations,” according to a letter the firm sent to managers of the stock exchanges where it’s traded.

“The Company has used its industry leading Cyber Security practices and partner ecosystem for remedial steps and has shared this intelligence with its partners to develop the AntiVirus signatures. The same has been applied to our enterprise systems,” Wipro said in its letter, published in a filing with the SEC. “We are collaborating with our partner ecosystem to collect and monitor advanced threat intelligence for enhancing our security posture. We continue to monitor our enterprise infrastructure at heightened level of alertness.” 

https://www.crn.com/slide-shows/security/the-10-most-controversial-companies-of-2019/8

So if you buy HP today, who will do the service if Xerox buy them? 

Xerox

Xerox made a hostile bid to take over rival HP Inc.—a PC and printer company six times bigger—even as the copier/printer maker itself grappled with declining revenue and earnings misses.

With a strong position in both printers and PCs, HP, Palo Alto, Calif., generated a total of $58.72 billion in revenue during its latest four quarters. That represented an increase of 2.9 percent from the prior four-quarter period, when HP’s total revenue was $57.04 billion.

For Xerox’s latest four quarters, the Norwalk, Conn.-based company generated revenue of $9.23 billion—down 8 percent from the prior four quarters, when revenue reached $10.04 billion.

Xerox’s revenue decline “raises significant questions for us regarding the trajectory of your business and future prospects,” HP’s board said in its letter rejecting the Xerox takeover bid.

In a letter to HP shareholders posted to the Xerox website, Xerox CEO John Visentin made no apologies for the hostile bid.

“While you may not appreciate our ‘aggressive’ tactics, we will not apologize for them,” he wrote to HP’s board of directors. “The most efficient way to prove out the scope of this opportunity with certainty is through mutual due diligence, which you continue to refuse, and we are obligated to require. We plan to engage directly with HP shareholders to solicit their support in urging the HP Board to do the right thing and pursue this compelling opportunity.”

Is this a back flip and, according to Amazon, something fishy about a $10b government deal! 

https://www.crn.com/slide-shows/security/the-10-most-controversial-companies-of-2019/10

Microsoft 

When Microsoft informed partners that it would no longer offer the internal use rights (IUR) benefit to partners as of July 1, 2020, there was an immediate channel backlash.

The benefit, a staple of Redmond, Wash.-based Microsoft’s partner program for decades, provides partners with free Microsoft products for internal business usage.

A Change.org petition criticizing the IUR move received more than 6,000 signatures. Among the partners who had been advocating for Microsoft to reconsider its decision was Miguel Zamarripa, CIO of Colorado Springs, Colo.-based Simpleworks IT, who shared his message for Microsoft with CRN: “You still have time to make a course correction on this before you lose a large percentage of our advocate base.”

Making a course correction is exactly what Microsoft did just nine days after issuing the IUR change in a July 3 update to its Microsoft Partner Network Programs Guide.

Microsoft channel chief Gavriella Schuster, who had initially defended the move as financially necessary, informed partners in blog post on July 12 that the software giant was rescinding the IUR policy change.

“Your partnership and trust matters to us,” said Schuster. “Given your feedback, we have made the decision to roll back all planned changes related to internal use rights and competency timelines that were announced earlier this month. This means you will experience no material changes this coming fiscal year, and you will not be subject to reduced IUR licenses or increased costs related to those licenses next July as previously announced. We listened to you, and we have acted.” 

Microsoft also found itself caught in the U.S. Department of Defense’s $10 billion Jedi cloud contract controversy. Microsoft was awarded the massive contract, but Amazon Web Services filed a protest, alleging political pressure from the White House.

“We’re going to protest the decision and push the government to shine a light on what really happened,” AWS CEO Andy Jassy was reported as saying at the meeting. “I think that if you do any thorough, apples-to-apples, objective comparison of AWS versus Microsoft, you don’t come out deciding that they’re comparable platforms. Most of our customers will tell us that we’re about 24 months ahead of Microsoft in functionality and maturity.”

Charlotte Walker

I'm the National Account Manager and CEO-in-waiting for Digital Engineering Corporation (DEC). We help business leaders and IT managers reduce their IT maintenance costs and achieve their business goals because our approach is pre-emptive, predictable and purposeful. As an entrepreneur myself, I know consistent and predictable network uptime contributes to a business's bottom line, brand recognition, and market reputation.