1(630)802-8605 Ravi.das@bn-inc.net

Well, hope everybody out there  is having a great Sunday morning!  The news headlines across the Cyber security beat this morning are slow (to be expected), but as I was perusing through some of the headlines from late last week, I discovered two of them of which somehow I did not pay too much attention to.  Well today, I bring them to your attention:

*Malicious Windows Files;

*Data leakages on Salesforce.com.

The Malicious Windows Files

Cyber security researchers at the Palo Alto Unit 42 identified over 145 Google Play apps that are infected with malicious Window’s Executable Files.  However, it should be noted that the associated APK files do not pose  imminent threat to the Android devices, as they can only run on Windows mobile devices.

But, there are a threat to the software supply chain and can ultimately be used to carry out widespread Cyber attacks that are very similar to KeRanger, XcodeGhost and  NotPetya.  According to  the Cyber security researchers report:  “Most of the infected apps were released to Google Play between October 2017 and November 2017, which means these apps have been in Google Play for more than half a year . . . several have more than 1,000 installations and 4-star ratings.”  (SOURCE:  https://www.scmagazine.com/malicious-windows-executable-files-hidden-in-google-play-apps/article/786049/).

The worst of these malicious apps include the  following:

Learn to Draw Clothing; Modification Trail; Gymnastics Training Tutorial

Data Leakages On Salesforce.com

As we all know, Salesforce.com is probably one of the largest Cloud Computing Infrastructures that is out there (probably after the AWS and Microsoft Azure).  Salesforce.com originally started out as a leading CRM provider, but now it offers all types and kind of services, with a notable called the “Marketing Cloud”.

Apparently, Salesforce.com is warning customers about an API error that may have leaked confidential information and data for some of its user base.   The Security breach occurred between June 4 to July 18, and it  impacted the customers of two of its modules: The Email Studio and Predictive Intelligence products.

More specifically, there was a source code  change that resulted in incorrectly implemented REST API calls.  Here is more of a technical of this particular  API:  “[The impact allowed for the ability] to retrieve or write data from one customer’s account to another inadvertently . . .  the API call may have failed and generated an error message rather than writing or modifying data.”  (SOURCE: https://threatpost.com/salesforce-com-warns-marketing-customers-of-data-leakage-snafu/134703/).

Also, rather than having their data leaked out to a malicious third party, some of the impact may have even included the corruption of customer data.  It should be noted at this point that the Marketing Cloud that  is offered by Salesforce.com is a very sophisticated package, in that it allows for a business or a corporation to totally automate marketing campaigns that is delivered  to its customer base, ranging from traditional ads to social media to connected things.  As a result, there is a lot of  sensitive customer information and data that is stored on the  Marketing Cloud, to which Salesforce.com is entrusted to handling in a safe and secure manner.  Some business entities that use the Marketing Cloud include the likes of Aldo, Dunkin Donuts, GE, HauteLook, Nestle Waters, News Corp Australia and Sony.

However, the IT staff at Salesforce.com does not know the exact level of  damage, or the frequency  of the Security breach.  In the meantime, Salesforce.com has highly recommended that its subscribers keep a close eye on their customized platforms to see if they have been impacted.

My thoughts on this?  Well my first and foremost immediate one, is why did Salesforce.com literally wait for two weeks in order notify its subscribers about this?  Why couldn’t this behemoth notify them right away, especially when you are dealing with Fortune 100 companies?  There is absolutely no excuse for this, and this is just not right.  Once Salesforce.com knew of the breach, it should have notified its subscribers immediately.

Second, who is responsible for this?  In the case of the malicious Windows files, this is hard to determine.  More than likely, a Cyber attacker created these files, and uploaded them onto Google Play.  After, it has been noted that Google does not carefully scrutinize all of the mobile apps that are uploaded to it, unlike Apple.

In the case of Salesforce.com., in my view they are completely to blame.  I don’t think it was a Cyber attack, it seems more like a glitch or an error in which the source code was modified.  But, this could have been the work of a malicious insider as well.

Finally, as much as businesses and corporations spend time writing Security policies and investing in very expensive technologies, they need to add one simple clause to it:  NOTIFY THE CUSTOMER IMMEDIATELY IN THE CASE YOU HAVE BEEN IMPACTED BY A SECURITY BREACH!!!