KP Snacks hit by ransomware: Crisps and nuts firm KO’d by modern scourge

The US Senate Judiciary Committee on Thursday voted to pass the Open App Markets Act, despite intense lobbying from Apple and Google.

The bill, S.2710 [PDF], limits the kinds of restrictions major app platforms can impose on competitors, developers, and customers, will now be considered by a full Senate vote.

If approved, along with its companion bill H.R. 5017 [PDF] introduced in the House of Representatives last year, and then signed by President Biden, the legislation will remake an app economy that generates well over $100bn annually.

Officials from the EU and US are nearing a solution in long-running negotiations over transatlantic data sharing.

Previous legal arrangements for sharing data between the two jurisdictions, the so-called Privacy Shield, were struck down by the EU Court of Justice in what became known as the Schrems II ruling in 2020.

The decision had ramifications for US cloud providers, social media sites, and providers of online tools which are still becoming clear. Although it had been commonly held that standard contractual clauses (SCCs) may offer a way to continue to share data legally, that was also in doubt. Earlier this month, the Austrian data protection authority ruled that those arrangements were insufficient for data sharing.

In the beginning we had passwords. Their hackability made a lot of people very angry and passwords were widely regarded as a bad move. Then we had two-factor authentication – and now Proofpoint reckons criminals online are able to start bypassing them with transparent reverse proxies.

Phishing kits, readymade deployables used by crooks to steal victims’ login details, are increasingly capable of bypassing multi-factor authentication (MFA), the company warned today.

In a blog post Proofpoint said it sees “numerous MFA phishing kits ranging from simple open-source kits with human readable code and no-frills functionality to sophisticated kits utilizing numerous layers of obfuscation and built-in modules that allow for stealing usernames, passwords, MFA tokens, social security numbers and credit card numbers.”

The Raspberry Pi Foundation has officially released the 64-bit version of the Linux-based OS Formerly Known As Raspbian.

A year and nine months after the beta was announced, the 64-bit version of the Raspberry Pi OS is ready for download.

If you’re still rocking an older Pi, be aware that the first few models had 32-bit-only CPUs. The new 64-bit OS won’t run on a Pi 1, Pi 2, or Pi Zero.

Cloud directory specialist JumpCloud is moving into the crowded patch management market with an extension to its platform to automate patch updates.

Companies such as Apple or Microsoft already have varying levels of patch management tools in their armoury. JumpCloud’s take, like its directory platform, straddles devices with a centralised view across a company’s estate.

The first release will take care of Windows and Mac, with Linux following by the end of the first quarter of 2022.

A pro-outsourcing CIO whose first act at a new employer was to set up a £475,000 backhander scheme has been jailed for six years.

Brian Chant, 62, took the bribes after joining procurement services firm Achilles in 2011, Southwark Crown Court heard.

One of the first things he did was recommend outsourcing of various IT functions, suggesting three companies to Achilles’ board for the £22m SPTL and Systems Plus IT contracts.

StarlingX, an open-source platform for edge computing based on OpenStack, has hit release 6.0 with a Linux Kernel upgrade plus security and deployment enhancements to make it easier to manage systems.

The StarlingX project offers a complete software stack for edge and IoT deployments, with support for code running in containers or virtual machines. It was started by Intel and Wind River, but is now an independent project supported by the Open Infrastructure Foundation, with code available under the Apache 2 licence.

Companies using StarlingX in production systems include T-Systems, Verizon and Vodafone, with the code freely available to download from the StarlingX website.

Distributed in-memory analytics specialist Exasol has launched a database-as-a-service claiming its approach to parallel processing could help reduce nasty shocks in cloud fees.

According to the vendor, users buying the software-as-a-service get the ability to scale both vertically and horizontally while Exasol manages hot and cold data between the object store, local SSDs, and main memory. The back end is AWS, with which Exasol has a “deep technical partnership.”

Launching a DBaaS is very much a “me too” move for a database firm. MariaDB, for example, launched SkySQL, a MySQL-derived system, in 2020. In analytics, Snowflake has long been a managed service.

Fresh from years of complaining about underfunding and not having enough staff to deal with problems, infosec bods are now complaining that corporate execs merely firehose cash at them without getting their own hands dirty or engaging with the problem.

That’s one conclusion that could be drawn from a Trend Micro study published yesterday. Around half of businesses surveyed are spending more on “cyber attacks” than they used to, it said, while a similar number reckon their C-suites don’t know what “cyber risk management” means – possibly something about ensuring monitors are firmly bolted to desks.

“Low C-suite engagement combined with increased investment suggests a tendency to ‘throw money’ at the problem rather than develop an understanding of the cybersecurity challenges and invest appropriately,” intoned Trend Micro.

Updated Microsoft’s legendary approach to quality was demonstrated this morning as the Microsoft 365 Admin Portal fell over.

Without a hint of irony, the company posted: “We’ve identified a recent service update designed to improve user experience is causing impact.”

The impact in question was an inability to access the admin portal, something unlikely to affect an end user pootling around in Excel, but a huge headache for an administrator trying to manage their tenant.