A senior advisor to the U.S. Food and Drug Administration (FDA) tossed cold water on speculation that the Agency might try to police mobile health and wellness applications, saying the FDA couldn’t possibly scale up to meet the challenge of policing the hundreds of new apps appearing every month. Correction: The article was changed to clarify Mr. Patel’s comments. He was not responding to a direct question about the FDA setting up an office to regulate mobile health applications. He was commenting on the possibility of creating a platform to evaluate and rate mobile health applications. Also, he said “It’s not do-able,” not “it’s not possible.” We apologize for any confusion created by the article. – PFR July 10, 2014. The sheer pace of innovation in the mobile health application space and the numbers of such applications already available on mobile marketplaces like the iTunes App Store and Google Play mean that many mobile health applications will escape scrutiny by federal […]
Reports
Microsoft Uses Courts To Take Down Malicious, Managed DNS Services
Microsoft Corp. has taken action against yet another cyber crime network, taking control of- and shutting down a managed DNS (domain name system) operated by the firm No-IP that were being abused by cyber criminals, the company said on Monday. The domains were associated with malware families named Jenxcus and Bladabindi that are believed to have infected on some 7.5 million systems, globally. The malicious programs – which are used to spy on the operators of infected systems – use Dynamic DNS services like NO-IP to communicate with command and control systems used to manage infected systems. Dynamic DNS makes the malicious systems more difficult to trace. In a post on Microsoft’s Digital Crimes Unit blog, Richard Domingues Boscovich, the company’s Assistant General Counsel said that the company had filed a civil case on June 19 naming two foreign nationals: Mohamed Benabdellah and Naser Al Mutairi along with a U.S. company, Vitalwerks Internet Solutions, LLC (doing […]
DHS Warns Energy Firms Of Malware Used In Targeted Attacks
The Department of Homeland Security warned firms in the energy sector about new, targeted malware infecting industrial control systems and stealing data. DHS’s ICS CERT, the Industrial Control Systems Computer Emergency Response Team, said it is analyzing malware associated with an ICS-focused malware campaign. The malicious software, dubbed “Havex” that was being spread by way of phishing emails and so-called “watering hole” attacks that involved compromises of ICS vendor web sites. DHS was alerted to the attacks by researchers at the security firms Symantec (which dubbed the malware campaign “Dragonfly”) and F-Secure (“Havex”) -a remote access trojan (or RAT) that also acts as an installer (or “downloader”) – fetching other malicious applications to perform specific tasks on compromised networks. One of those additional payloads is a Trojan Horse program dubbed Karagany (by Symantec) that has been liked to prior attacks on energy firms. According to Symantec, the malware targeted energy grid operators, major electricity generation firms, […]
The Internet Of Things Will Need Millions Of Developers By 2020 – ReadWrite
Matt Asay over at ReadWriteWeb has an interesting piece that’s worth reading on the (coming) shortage of qualified application developers engendered by The Internet of Things. Asay cites a new report out from the firm VisionMobile that projects a shocking 57% CAGR (compound annual growth rate) in developers between now and the end of the decade. Much of that will be driven by opportunities in the IoT. Like past gold rushes, the riches in the IoT gold rush won’t go to the “miners” (read: thing makers) but to their suppliers – the 21st century Levi Strauss’s of the world who figure out a way to “stitch” Internet enabled devices together, Asay writes. In other words: value in the age of the IoT is created not by generating data, but by making sense of the (low value) data spewed out by billions of connected devices. (This isn’t exactly ground breaking – […]
Cisco: MS Word Macro Attacks Still Work Just Fine
We like to throw around the term ‘Advanced Persistent Threat’ casually these days to refer to a whole range of sophisticated and persistent attacks – usually on high value targets. But a blog post today by Cisco Systems makes clear that many otherwise sophisticated attackers do just fine with some pretty low tech and old school methods. Case in point: an attack Cisco is dubbing “String of Paerls-” a series of attacks on companies involved in research and what Cisco calls the ‘industrial manufacturing vertical.’ According to the report, the attacks start with a decidedly old school attack: a Microsoft Word document that includes a malicious Office Macro.”When the victim opens the Word document, an On-Open macro fires, which results in downloadin and executable and launching it on the victim’s machine.” Now, macro-based attacks are truly vintage. They first came to light in the late 1990s, with the Melissa virus – an early and successful […]
