Today’s topics include Amazon’s proposed $13.7 billion purchase of Whole Foods, a FireEye report on the hacker group FIN10, HP’s efforts to raise customer awareness about the security risks posed by aging network printers and a report by tCell on mass vulnerabilities in Web application designs.
Amazon’s proposed $13.7 billion purchase of Austin, Texas-based grocery chain Whole Foods will broaden the capabilities of its Amazon Fresh grocery delivery service and push the company to become a top competitor in food retail. By pairing with Whole Foods, Amazon hopes to solve such customer complaints as inaccessibility, expense and delayed delivery.
A prominent reason for the acquisition is the similar demographics the companies share—largely higher income shoppers and millennials who are tech-savvy. The purchase will also immediately supply Amazon with 431 stores far faster and in far more communities than it could ever acquire on its own.
In addition, the buyout will provide Amazon with grocery business and marketing knowledge, as well as access to the suppliers that Amazon Fresh needs to become a major player in the food retail industry.
Security firm FireEye released a report last week that details the activities and techniques utilized by the FIN10 hacker group, which has been exploiting mining companies and casinos since at least 2013.
FireEye’s analysis shows the cyber-extortion group uses publicly available software and techniques to exploit victims instead of relying on zero-day vulnerabilities. After infiltrating an organization, FIN10 steals data and then threatens the victims that the data will be publicly released or that IT systems will be disrupted.
Charles Carmakal, vice president with FireEye’s Mandiant cybersecurity consulting group, confirmed that “all of the known compromised organizations are based in Canada.”
HP is raising customer awareness about the security risks posed by aging network printers, and the solutions it has to offer.
Printers represent a network vulnerability, Enrique Lores, president of HP’s imaging and printing business, said during the company’s Power of Print event last week. HP’s efforts to raise awareness include a series of online short films by HP Studios that dramatize the security threat posed by printers.
HP started developing security technology years ago in hopes it would be a key differentiator for its products, including its printers. HP has invested to make sure its printers were the most secure in the planet, and the company has gone through a lot of legal checks to make sure it can say that, Lores said. What HP has done is integrate all the technology it has developed for PCs, servers and network equipment and integrated it to the printers for the same level of security.
According to data collected by tCell, an application-security firm, the vast majority of Web applications are vulnerable to cyber-attack because developers continue to leave behind unused code, work with third-party libraries and allow code frameworks to make requests for content from third-party sites.
Based on observations made during real-world attacks, tCell reported to eWEEK that more than 90 percent of companies have unused code in their applications that could be exploited and 88 percent of companies have Web applications that use vulnerable third-party libraries.
“This is important, because once you have a really good handle on the risk profile of the application, then you can start implementing policies to secure the application,” Michael Feiertag, CEO and co-founder of tCell, told eWEEK.