_________________________ Tacos & Tortas Lures Customers Back With High-Quality Ingredients | Business | chronline.com We recognize you are attempting to access this website from a country belonging to the European […]
View full post on National Cyber Security
All Covered Home Assurance Ecosystem Ramsey, NJ, July 21, 2020 (GLOBE NEWSWIRE) — Konica Minolta Business Solutions U.S.A., Inc. (Konica Minolta), together with its IT Services division, All Covered, today […]
View full post on National Cyber Security
MGM RESORTS SAYS THERE WAS A DATA BREACH IN JULY 2019 — Morgan & Morgan has filed a lawsuit against MGM Resorts International over a data breach that has exposed the personal information of millions of people. The lawsuit was filed February 21, 2020 and states that in July of 2019, MGM’s computer network system was hacked. The stolen information was then posted on a closed Internet forum.
Related: Attorney files lawsuit against MGM Resorts over recent data breach
The report states more than 10.6 million MGM guests were impacted, but one of the lead attorneys said it could be much more.
“We absolutely have heard that we could be talking upwards of 200 million plus,” said Attorney Jean Martin.
She said one of their main concerns is what information was stolen. She said initially, MGM reached out to impacted customers in September of 2019, saying only names and maybe addresses had been posted online, but that information had been taken down. However in February, the lawsuit says even more personal information had been posted on an internet hacking forum, leading to prolonged risk of that stolen information spreading. Some of the information stolen included names, addresses, driver’s license numbers, passport numbers, military ID numbers, phone numbers, emails and birthdays.
“That’s what happens when your information is compromised. You never know when it’s going to go up on the web and on the dark web, when it’s going to be sold and when it’s going to be used, so now the people that have had their information compromised face this risk for the rest of their lives,” said Martin.
MGM Resorts released a statement prior to the lawsuit’s filing, and declined to give any updated information.
“Last summer, we discovered unauthorized access to a cloud server that contained a limited amount of information for certain previous guests of MGM Resorts. We are confident that no financial, payment card or password data was involved in this matter. MGM Resorts promptly notified guests potentially impacted by this incident in accordance with applicable state laws. Upon discovering the issue, the Company retained two leading cybersecurity forensics firms to assist with its internal investigation, review and remediation of the issue. At MGM Resorts, we take our responsibility to protect guest data very seriously, and we have strengthened and enhanced the security of our network to prevent this from happening again.”
A vulnerability in the network of marketing contractor Computer Facilities led to a breach at the South African bank.
Nedbank, one of South Africa’s largest financial institutions, last week disclosed a security incident affecting the personal data of 1.7 million past and current customers.
The breach started with a “data security issue” at Computer Facilities, a third-party marketing contractor Nedbank was using to send SMS and email marketing information, the bank said in a statement. Nedbank identified the vulnerability as part of its routine monitoring procedures. Once it was discovered, officials alerted the service provider and launched an investigation.
“We have moved swiftly to proactively secure and destroy all Nedbank client information held by Computer Facilities (Pty) Ltd.,” the bank reported, noting the contractor has removed its systems from the Internet as a precautionary measure. This incident affected data belonging to about 1.7 million total Nedbank clients, of which 1.1 million are active customers.
A subset of the compromised data includes personal information like names, ID numbers, telephone numbers, physical addresses, and/or email addresses of some Nedbank clients.
Read more details here.
Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio
FELTON, California, Feb. 3, 2020 /PRNewswire/ — With reference to the report published by the specialists the scope of the global Interactive Kiosk Market was appreciated at US$ 23.11 billion in 2018. It is estimated to reach US$ 41.88 billion by 2025 with a CAGR of 8.9% during the prediction period.
An interactive kiosk is a computer station supplemented with particular software and hardware. It proposes admittance to the uses and information for example entertainment, education and communication. It is designed in such a method that information is transported to the operator in the fastest means. Likewise, it is utilized in ATM at the time of carrying out the financial dealings. The interactive kiosk has turn out to be an essential portion of numerous administrations, businesses, and places where substantial information or else super vision is necessary. Interactive kiosk supports the company to reinforce its image in the market. Kiosks will permit the operator to hunt for the data about the library book, products, issue a key card of hotel etc.
The foremost issues those are estimated to be motivating the interactive kiosk industry are growing curiosity of customers in self-service interactive kiosk, improved experience of shopping for the customers, and price active and effective medium for the procedures and terrestrial enlargement of businesses.
The demand for interactive kiosk is increasing through the world. A number of end-use businesses are utilizing these kiosks for varied necessities. Those are stretching from clothing retail, electronic product, ATM, parking, information, check-in, food self-service, electric vehicle charging, photo printing, human resource industry, patient interaction, ticketing and beverage self-service. All over the world, there is a growing demand for cashless payments.
Get Sample PDFand read more details about the “Interactive Kiosk Market” Report 2025.
Due to government resourcefulness for economic enclosure, emerging nations for example, South Africa, India and China are observing a growth in mobile payments. Sequentially, the demand for automated teller machines (ATMs) is getting boost up in Asia Pacific. The sum of non-cash dealings is considerably greater in North America; yet, as equated to that in Asia Pacific this number is growing by a sluggish speed.
The demand for the charging infrastructure of electric vehicles is expected to propose substantial prospect for the manufacturing companies of the interactive kiosk on global level. As stated by the U.S.A. centered manufacturing company of the kiosk, the global market for electric vehicle charger (EVC) is expected to grow substantially during the period of approaching years. This proposes a major break to the manufacturing companies to make available substantial number of interactive kiosk for the charging of electric vehicle.
The hazard of cyber-attack is a major encounter confronted by interactive kiosk, everywhere the world, also the initial asking price of setting up of it is greater. These all issues are restricting the development of the global market for interactive kiosk.
The global interactive kiosk market can be classified by End Use, Type, Component and Region. By End Use, it can be classified as Travel & Tourism, Healthcare, Retail, Government, Food & Beverage, BFSI and others. By Type, it can be classified as Vending, Retail Self-checkout, Self-service, and Automated Teller Machine (ATM). By Component, it can be classified as Service, Software and Hardware.
By Region the global interactive kiosk industry can be classified as North America, Europe, Asia Pacific, Latin America and Middle East & Africa. Due to the deep-rooted sector of banking and financial service infrastructure and existence of QSRs, the market is headed by North America. Furthermore, increasing customer liking for self-service through the various industries such as finance, retail, entertainment, travel and healthcare, is expected to additionally motivate the local market. Similarly, the North America has the registration of the positioning of the maximum number of interactive kiosk, per year.
On the other hand, owing to increasing demand for restoration and advancement of present arrangements, the number of setting out is likely to drop during the period of forecast. Owing to the speedily increasing structured businesses of tourism and retail, the industry in Asia Pacific is estimated to record the uppermost CAGR. Growing infiltration of digital solutions in healthcare and BFSI substructure will additionally motivate the local market. Due to substantial infrastructural enlargement in Saudi Arabia, the Middle East & Africa displays a stable development in the market for interactive kiosk.
Some of the important companies for interactive kiosk market are: NEXCOM International Co., Ltd., KIOSK Information Systems, Inc., Diebold Nixdorf, Inc., RedyRef, Source Technologies LLC, Slabb, Inc., Embross Group Pty Ltd., ZEBRA Technologies Corp., Advantech Co., Ltd., Meridian Kiosks LLC, IER SAS, Advanced Kiosks, NCR Corporation, Wincor Nixdorf Ag, Phoenix Kiosk Inc., IER SAS, and International Business Machines Corporation (IBM) Corp.
Browse 170 page research report with TOC on “Global Interactive Kiosk Market” at: https://www.millioninsights.com/industry-reports/interactive-kiosk-market
Interactive Kiosk Component Outlook (Revenue, USD Million, 2014 – 2025)
Interactive Kiosk Type Outlook (Revenue, USD Million, 2014 – 2025)
Interactive Kiosk End-use Outlook (Revenue, USD Million, 2014 – 2025)
Interactive Kiosk Regional Outlook (Revenue, USD Million, 2014 – 2025)
Browse reports of similar category available with Million Insights:
About Million Insights:
Million Insights, is a distributor of market research reports, published by premium publishers only. We have a comprehensive market place that will enable you to compare data points, before you make a purchase. Enabling informed buying, is our motto and we strive hard to ensure that our clients get to browse through multiple samples, prior to an investment. Service flexibility & the fastest response time are two pillars, on which our business model is founded. Our market research report store, includes in-depth reports, from across various industry verticals, such as healthcare, technology, chemicals, food & beverages, consumer goods, material science & automotive.
Ryan Manuel Research Support Specialist, USA Million Insights Phone: +1-408-610-2300 Toll Free: 1-866-831-4085 Email: email@example.com Web: https://www.millioninsights.com/ Blog: https://millioninsights.blogspot.com/
View original content:http://www.prnewswire.com/news-releases/interactive-kiosk-market-growth-to-propel-based-on-increasing-curiosity-of-customers-towards-self-service-interactive-kiosk-till-2025–million-insights-300997432.html
When you buy a cloud-connected appliance, how long should the vendor support it for with software updates? That’s the question that home audio company Sonos raised this week when it dropped some unwelcome news on its customers.
The company has announced that it will discontinue software updates for older products in May this year (here’s a list of products that it marks as legacy). Stopping software updates for legacy kit is nothing new, but it’s the way the company has done it that has Sonos customers’ hackles up.
Sonos points out that it supports software updates on products for at least five years after it stops selling them. However, the issue here is that all products in a Sonos network must run on the same software, meaning that any newer (‘non-legacy’) equipment connected to the speakers will also stop downloading new software updates. The only way around this for Sonos users is to disconnect their new equipment from their legacy kit and run them independently of each other.
From Sonos’s email to customers:
Please note that because Sonos is a system, all products operate on the same software. If modern products remain connected to legacy products after May, they also will not receive software updates and new features.
This carries service implications for users, because while products will continue working without software updates, it doesn’t mean that they will work as well. Sonos explains that as third-party connected cloud partners change their own services, they may become incompatible with the legacy software.
This isn’t just a product service issue; it’s a cybersecurity problem. Any cloud-connected equipment is potentially vulnerable to attack, and researchers frequently discover new exploits. Ugo Vallauri is co-founder and policy lead of the Restart Project, a European organisation that promotes user repairs of consumer electronics in a bid to cut down on e-waste. He told us:
A big issue is the lack of separation between security updates and software updates. While we can’t expect a product’s software to be improved indefinitely, security updates should be ensured for as long as possible. In this case, Sonos is not even mentioning security updates when suggesting that “legacy” products could continue to be used.
When we asked Sonos about this, it replied:
We take our customer’s security seriously and will work to maintain the existing experience and conduct critical bug fixes where the computing hardware will allow.
So perhaps there’s hope, but there’s no official policy that tells you exactly what to expect in terms of cybersecurity fixes.
Contrast that with computer software companies like Microsoft. It also ceases support for its products (a concept known as end of life, or EOL). However, it lets customers know about it years in advance, rather than giving them four months’ notice, as Sonos has done. It offers cybersecurity updates for an extended period and allows customers to buy extended support after that. And EOL Microsoft software connected to the network doesn’t affect software support for non-EOL software.
Sonos customers are furious. On the company’s forum, one, named Stueys said:
Just received the legacy email that tells me that half my 10 unit system will be obsolete from May. So it appears that I can either pile more money into Sonos, accept that my modern equipment (less than 2 years old) will no longer be updated because I have the audacity of being a long term customer or go somewhere else.
So how long should companies maintain software support for their products?
Gay Gordon Byrne is executive director of the Repair Association, a US non-profit that advocates for the right for people to repair products. She told us:
There are ZERO support obligations in the US. There are no requirements that any product be updated for any reason other than for “Defect Support”. Even fixing known defects is voluntary until/unless there is a mandatory recall or other banishment, such as when the Samsung Galaxy 7 phones were so prone to battery fires that they were prohibited on planes.
We asked Sonos why it couldn’t have introduced a software feature that would enable newer products to maintain backwards compatibility with older products. After all, games console vendors engineer entire operating systems to be backwards-compatible with old games, which is a much tougher task. We’ll update this article when the company respond.
Stueys asked Sonos:
So I can make an informed decision Sonos must now publish the support windows for all products currently available. At least try to recover some credibility.
We put this to Sonos, and it restated that it will support products with regular software updates for at least five years after it stops selling them.
Sonos explains that if customers don’t want to keep their old legacy kit, they can trade up. This program, announced in October 2019, gives customers a 30% credit for each legacy product they replace.
There’s a catch, though: to take advantage of the trade-in deal they have to activate ‘recycle mode’, which is effectively a kill switch for legacy equipment. Activating this mode deliberately bricks Sonos equipment in 21 days with no chance of recovery. It’s designed to stop legacy kit from falling into the hands of second-hand customers and degrading their experience, Sonos told The Verge.
All this leads to a bigger question: Do you really own your equipment when it’s connected to a cloud service? Companies have trampled over user rights in the past, such as when Nest bought IoT home hub device Revolv and then bricked all the devices in the field. It’s an ongoing problem and we document other examples.
Increasingly, products are rendered useless via software before they are physically obsolete. We first experienced this with mobiles and tablets, but we will experience this with many of the products we buy. This is totally unacceptable, given their cost to consumers and their environmental cost.
Latest Naked Security podcast
Click-and-drag on the soundwaves below to skip to any point in the podcast.
The Indonesian cybercrime gang Cyber Army has expanded its phishing-as-a-service offering, dubbed 16Shop, enabling users to target PayPal and American Express customers.
operation was first picked up by McAfee in November 2018 and has primarily
targeted Apple owners and Amazon customers for its phishing attacks, but now
ZeroFOS’s Alpha Team has proof 16hop has added PayPal and American Express. This
information was obtained from phishing kit from the gang picked up by Alpha
Team researchers, the
emails are designed to obtain as much PII as possible. The email note itself
generally informs the target their account has been breached or compromised in
some manner and the alleged company needs to confirm their account details,
including login credentials and payment card data.
themselves are designed for non-technical users.
“The goal of
phishing kits is to make this experience seamless, so not-so-technical kit
operators can deploy phishing pages without needing to understand the
underlying protocols behind managing this infrastructure. This kit also merges
dashboard functionality regardless of the scam page an operator buys, so the
operator gets an integrated experience whether they purchase one or multiple
kits,” the company said.
Want to read more?
Please login or register first to view this content.
Earlier this week Spanish security firm Prosegur shut down its network after its systems were hit by a ransomware infection.
The first reports that the company – which employs 170,000 staff worldwide, and operates a fleet of 10,000 armoured security vehicles transporting cash between banks, ATMs, and retailers – had suffered a serious security breach emerged in the early hours of Wednesday 27 November.
By the afternoon the company had reportedly sent employees home, and confirmed via its Twitter account that the disruption had been caused by the Ryuk ransomware, and that it had taken its network offline as a “preventative measure” while it worked on restoring affected systems.
For a while visitors to the Prosegur website were greeted by an upbeat message explaining that its online presence would be restored soon.
The Ryuk ransomware was blamed for almost single-handedly increasing cryptocurrency payments made to cybercriminals by almost 90% in the first quarter of 2019.
Although Prosegur has not released any technical details of how it came to be infected by the Ryuk ransomware, it is not unusual for attacks to be launched against targeted organisations via malicious emails.
Recent victims of the Ryuk ransomware have included three hospitals in Alabama, which were forced to turn away non-critical patients and ambulances.
Earlier this month, security reporter Brian Krebs revealed that 110 nursing homes in the United States were unable to access health records due to a Ryuk ransomware attack.
To its credit, Prosegur used its social media presence to keep customers updated about the security incident, and its progress in recovering from the attack.
Security researcher Kevin Beaumont noted, however, that Prosegur’s customers were less than happy that the system outage had impacted their own alarm systems which were failing to connect with Prosegur’s monitoring systems.
Prosegur’s website is now back online. Lets hope that Prosegur is able to fully recover the rest of its systems safely and securely, and share more technical information with the community about what occurred so others might be better defended in future.
If you’re a Splunk admin, the company has issued a critical warning regarding a showstopping Y2K-style date bug in one of the platform’s configuration files that needs urgent attention.
According to this week’s advisory, from 1 January 2020 (00:00 UTC) unpatched instances of Splunk will be unable to extract and recognise timestamps submitted to it in a two-digit date format.
In effect, it will understand the ‘year’ up to 31 December 2019, but as soon as this rolls over to 1 January 2020, it will mark it as invalid, either defaulting back to a 2019 date or adding its own incorrect “misinterpreted date”.
In addition, beginning on 13 September 2020 at 12:26:39 PM UTC, unpatched Splunk instances will no longer be able to recognise timestamps for events with dates based on Unix time (which began at 00:00 UTC on 1 January 1970).
Left unpatched, the effect on customers could be far-reaching.
What platforms like Splunk do is one of the internet’s best-kept secrets – turning screeds of machine-generated log data (from applications, websites, sensors, Internet of Things devices, etc) into something humans can make sense of.
There was probably a time when sysadmins could do this job but there are now so many devices spewing so much data that automated systems have become a must.
This big data must also be stored somewhere, hence the arrival of cloud platforms designed to do the whole job, including generating alerts when something’s going awry or simply to analyse how well everything’s humming along.
As with any computing system, however, Splunk depends on events having accurate time and date stamps. Without that, it has no way of ordering events, or of dealing meaningfully with the world in real time.
According to Splunk, in addition to inaccurate event timestamping this could result in:
Incorrect rollover of data buckets due to the incorrect timestamping
Incorrect retention of data overall
Incorrect search results due to data ingested with incorrect timestamps
Incorrect timestamping of incoming data
It gets worse:
There is no method to correct the timestamps after the Splunk platform has ingested the data. If you ingest data with an un-patched Splunk platform instance, you must patch the instance and re-ingest the data for timestamps to be correct.
In short, there’s no quick way to back out of a problem which will only grow with every passing hour, day and week that it’s allowed to continue.
The problem lies with a file called datetime.xml used by Splunk to extract incoming timestamps using regular expression syntax. It sees this and assumes two-date years up to and including 19, but not 20 onwards.
What to do
Leaving aside Splunk cloud customers who should receive the update automatically, there are three ways to patch the bug for all operating systems, the company said.
Download an updated version of datetime.xml and apply it to each of your Splunk platform instances
Make manual modifications to existing datetime.xml on your Splunk platform instances
Upgrade Splunk platform instances to a version with an updated version of datetime.xml
The complication is that applying the new file, or editing it manually, requires customers to stop and restart Splunk, a disruptive process when applied to more than one Splunk instance. Editing the datetime.xml should also be done with great care.
Although reminiscent of the famous Millennium Y2K bug predicted to affect computer systems on 1 January 2000, this class of bugs has popped up on other occasions since then.
A recent example is the GPS date issue that hit older satellite navigation systems earlier this year.
A variation on the same date/GPS problem affected Apple iPhone 5 and iPhone 4s in October, which meant that owners had to update their devices by 3 November 2019 or suffer app synchronisation problems.
Intel Corp (INTC.O) said on Monday that patches it released to address two high-profile security vulnerabilities in its chips are faulty, advising customers, computer makers and cloud providers to stop installing them.
Intel Executive Vice President Navin Shenoy disclosed the problem in a statement on the chipmaker’s website, saying that patches released after months of development caused computers to reboot more often than normal and other “unpredictable” behavior.
“I apologize for any disruption this change in guidance may cause,” Shenoy said. “I assure you we are working around the clock to ensure we are addressing these issues.”
The issue of the faulty patches is separate from complaints by customers for weeks that the patches slow computer performance. Intel has said a typical home and business PC user should not see significant slowdowns.
Intel’s failure to provide a usable patch could cause businesses to postpone purchasing new computers, said IDC analyst Mario Morales.
Intel is ”still trying to get a handle on what’s really happening. They haven’t resolved the matter,” he said.
Intel asked technology providers to start testing a new version of the patches, which it began distributing on Saturday.
The warning came nearly three weeks after Intel confirmed on Jan. 3 that its chips were impacted by vulnerabilities known as Spectre and Meltdown, which make data on affected computers vulnerable to espionage.
Meltdown was specific to chips from Intel, as well as one from SoftBank Group Corp’s (9984.T) ARM Holdings. Spectre affected nearly every modern computing device, including ones with chips from Intel, ARM and Advanced Micro Devices Inc (AMD.O).
Problems with the patches have been growing since Intel on Jan. 11 said they were causing higher reboot rates in its older chips and then last week that the problem was affecting newer processors.