ShareFile to add storage options, iPhone app, and more

Thousands of Citrix customers and partners took over the Anaheim Convention Center this week for Citrix Synergy 2014. The annual event is a platform for Citrix to make big announcements and reveal new products and features, such as those it unveiled for ShareFile, its data storage and file sharing platform.

For starters, Citrix announced the ShareFile StorageZone Connectors SDK. ShareFile already has connectors for Microsoft SharePoint and network fileshares, but the new SDK will enable an IT department or third-party provider to develop connectors to link ShareFile with various data storage solutions. Citrix showed off connectors for Alfresco, Documentum, and Filenet.

Citrix also shared new ShareFile Personal Cloud Connectors. These connectors tie ShareFile to popular cloud storage platforms like Box, Dropbox, Google Drive, and Microsoft’s OneDrive. Citrix described a scenario where these connectors could be used to consolidate data to a central point where it can be more easily managed and secured. IT can enable the ShareFile Personal Cloud Connectors for a defined period of time to provide users an opportunity to seamlessly move data from their personal cloud accounts into ShareFile.

Read more »


Report: Phishing scams increasingly using mobile apps to bait victims

When it comes down to it, spam and phishing scams rely primarily on exploiting trust. If the attacker can find a way to make the message appear to be from a known source, the odds that a user will take the bait are much higher. This has led to malware infections that access your contacts and send out infected emails on your behalf to everyone you know, and those same basic techniques have been adapted for instant messaging, social networks, and even SMS text messaging. According to a new report from Kaspersky Lab, Mobile apps are the new frontier.


Kaspersky Lab identified spam and phishing attacks using mobile apps like WhatsApp.

“Gadgets have become popular even among those who had little interaction with computers and are less familiar with computer security," Darya Gudkova, head of the content analysis and research department for Kasperky Lab, said in an email.  "This opens up new vectors of attacks for spammers and phishers.

Read more »


IE zero day is the first sign of the XPocalypse

Well, it took a bit longer than many security experts expected, but the first big security threat for Windows XP users has arrived. The zero day vulnerability will be quickly patched by Microsoft—for supported platforms at least. That means that this will be the first of many open wounds for Windows XP—known vulnerabilities left exposed because the OS is no longer supported by Microsoft.

Security vendor FireEye notified Microsoft about exploits detected in the wild being used against Internet Explorer. The attack in question is specific to IE 9, 10, and 11, but according to Microsoft the underlying vulnerability exists in all versions of Internet Explorer, as well as all supported versions of the Windows operating system other than Server Core. The attack also seems to rely on having Adobe Flash installed.

Microsoft describes some mitigating factors in its security advisory. For example, most versions of Windows Server run in a restricted mode called Enhanced Security Configuration that guards against this threat. The default configuration for Microsoft Outlook, Outlook Express, and Windows Mail is to open HTML messages in the restricted zone, which disables ActiveX controls and reduces the risk. Microsoft also points out that successful exploitation only allows the attacker to access the system or run code in the context of the current user, so systems where the user has fewer rights and privileges are at less risk.

Read more »


Report: Attackers have their sights set on the cloud

If you want to catch trout, you have to fish where the trout swim. That same logic applies for cyber criminals—they will focus their efforts wherever there is a fair chance of finding targets to prey on. This is underscored by a new report from Alert Logic that reveals a dramatic rise in cloud-based attacks as more businesses and individuals migrate applications and data to the cloud.

Alert Logic deployed honeypots in the cloud to collect information about emerging malware, identify the sources of attacks, and determine common or unique attack vectors. The results of this research combined with data collected from AlertLogic customers around the world were used to create the Spring 2014 Alert Logic Cloud Security Report.

The report was compiled from 232,364 verified security incidents, identified from more than a billion events observed by Alert Logic between April 1 and Sept. 30, 2013. The data was gathered from more than 2,200 organizations across a variety of industries around the world. Cloud environments account for 80 percent of the data collected, while the remaining 20 percent comes from on-premise datacenters.

Read more »


Spam turns 20 and is still going strong

We recently passed an Internet milestone: April 12 marked the 20-year anniversary of commercialized spam. But even with two decades and trillions of unsolicited messages behind us, it seems there is still no end in sight.

There were certainly unsolicited messages sent before April 11, 1994, but that's the day two lawyers pitched a green card lottery to the vast Usenet News audience. It’s been mostly downhill since.

You’ve probably been emailed by your fair share of African “royalty” or other foreign nationals seeking your assistance in transferring millions of dollars of wealth to the United States. Perhaps you’ve received email ads for Viagra or unsolicited pitches to for a low-interest mortgage or other loan.

Read more »


Twitter app downloads could put users at risk

Twitter announced that it is putting its MoPub acquisition to use by enabling Twitter marketers to promote and distribute mobile apps. There is a potential opportunity there, though, for attackers to exploit the system if users become conditioned to download apps from their Twitter feed without thinking.

At face value, the move seems a good one for companies that market through the social media platform. According to a blog post from Twitter, the MoPub Marketplace reaches over a billion unique devices and serves over 130 billion ads within Android and iOS apps every month. Now, MoPub Marketplace advertisers will be able to simultaneously market to 241 million active Twitter users.

apppromo twitter

Malicious apps can take advantage of users conditioned to download apps from Twitter.

Read more »


Microsoft takes fight to Google’s home turf with Office Online Apps

Microsoft has adopted a new strategy for its Office productivity tools. Rather than holding Office hostage on Windows devices in an effort to attract customers, it will try and make the suite the default productivity choice no matter what platform or device people are using—including Chrome OS and Chromebooks.

When Microsoft rolled out new and improved Office Online apps this week, it also published them in Google’s Chrome Web Store. The Office apps already worked in the Chrome browser and on Chromebooks, but pushing them in the Chrome OS outlet is a much more aggressive attempt to capture the attention of loyal Google users and drive the point that Google Docs isn’t the only available productivity suite.

Some see this turnabout as Microsoft’s admission that Chromebooks are more capable than the “Scroogled” marketing campaign implies. But Microsoft isn’t conceding that Chromebooks are work-worthy. It is merely admitting that the tech landscape has shifted, and it recognizes that it can’t rely on maintaining a virtual monopoly of the desktop OS market to drive Office sales or vice versa. The move is part of a larger strategy that began with Office Mobile for iPhone and Android and the recent addition of Office for iPad.

Read more »