Industry Rivals Flag Security Issues on Google Play Store, Chrome

Today’s topics include Microsoft and Symantec revealing Google app security flaws; Cisco’s acquisition of new-gen application monitoring company Perspica; improved security in the Windows 10 Fall Creators Update; and Microsoft’s release of Visio Online.

Last week, both Symantec and Microsoft disclosed problems they discovered on Google's products and services. Symantec found at least eight Minecraft Pocket Edition Android applications on Google Play that were infected with the Sockbot malware.

Sockbot is designed to add compromised systems to a botnet that could launch distributed denial of service attacks. Between 600,000 and 2.6 million users may have been affected. Google has since removed the applications.

Meanwhile, Microsoft discovered a remote code execution vulnerability in Chrome and chided Google's handling of the disclosure. Although a fix was available in a beta version of Chrome within four days, Google made the source code for the fix publicly available on the GitHub repository even before it had been pushed to Chrome users.

"The stable channel of Chrome remained vulnerable for nearly a month after that commit was pushed to [GitHub]. That is more than enough time for an attacker to exploit it," Jordan Rabet, a member of the Microsoft security team, said.

Cisco Systems announced Oct. 19 it will acquire 3-year-old San Jose, Calif.-based startup Perspica, which actively monitors, analyzes and optimizes complex application environments at scale. Cisco will integrate Perspica’s engineers and intellectual property with its new AppDynamics team, which it acquired in January for $3.7 billion.

These are Cisco’s 199th and 200th acquisitions in its 33-year history, according to a Cisco spokesperson. With the addition of Perspica, AppDynamics will have more complete capabilities in machine learning, which powers most artificial intelligence applications.

Perspica also brings important IP to the Cisco table, and has expertise in domain-specific machine learning at scale, which means it can ingest and process enormous volumes of data.

Combine these characteristics with AppDynamics’ core data model for business transactions, and it opens up new possibilities for the scale and speed of Cisco’s products.

The Windows 10 Fall Creators Update now includes features that prevent malware, including ransomware, from working, and are part of an overall enterprise security solution.

Smaller organizations that aren’t using the enterprise version of Windows are also getting ransomware protection that comes as part of Windows Defender Antivirus, which prevents unauthorized changes to applications and data in Windows, as well as provides virus and malware protection in real time.

The Windows Fall Creators Update also includes new levels of security built into the Edge browser including Windows Defender SmartScreen, which protects against malicious websites and infected downloads; the Exploit Guard, which is a network intrusion detection system; and the Application Guard, which will isolate any malware that manages to find its way into a Windows computer.

Visio Online, the browser-based version of Microsoft's diagramming software, is now generally available, ending a public beta that began in December 2016.

"Visio Online comes with a host of templates for a variety of audiences, including starter diagrams for basic flowcharts, process diagrams, timelines, business matrixes, Specification and Description Language diagrams, and many more," according to Microsoft Visio staffers.

Visio Online is available in two flavors but with the same 2GB of OneDrive storage. Plan 1 costs $5 per user per month and enables diagram sharing as an image, PDF file, email attachment or web link and includes accessibility features like Microsoft's Narrator tool, high-contrast rendering and an accessibility checker.

Plan 2 is $13 per month and includes everything in Plan 1, plus the Visio desktop application, co-authoring capabilities, improved support for AutoCAD drawings and an integration with Power BI.