Archive for October 24, 2019

7-Eleven fuel app data breach exposes users’ personal details

October 24, 2019 Leave a comment

App users were able to see other customers’ data, including names, dates of birth and mobile numbers

The popular petrol-buying app run by 7-Eleven has suffered a data breach that allowed customers to view the names, email addresses, mobile numbers and dates of birth of other users.

The 7-Eleven fuel app, which the company said this week has been downloaded two million times, was taken offline for a matter of hours on Thursday after a customer alerted the company to the fact that he was able to access the personal information of several other customers via the app.

Continue reading…

from Data and computer security | The Guardian

Cachet Financial Reeling from MyPayrollHR Fraud

October 24, 2019 Leave a comment

When New York-based cloud payroll provider MyPayrollHR unexpectedly shuttered its doors last month and disappeared with $26 million worth of customer payroll deposits, its payment processor Cachet Financial Services ended up funding the bank accounts of MyPayrollHR client company employees anyway, graciously eating a $26 million loss which it is now suing to recover.

But on Oct. 23 — less than 24 hours before another weekly payroll rush — Pasadena, Calif.-based Cachet threw much of its customer base into disarray when it said its bank was no longer willing to risk another MyPayrollHR debacle, and that customers would need to wire payroll deposits instead of relying on the usual method of automated clearinghouse (ACH) payments (essentially bank-to-bank checks).

Cachet processes some $150 billion in payroll payments annually for more than 110,000 employers. But payroll experts say this week’s actions by Cachet’s bank may well soon put the 22-year-old company out of business.

“We apologize for the inconvenience of this message,” reads the communication from Cachet that went out to customers just after 6:30 PM ET on Oct. 23. It continued:

“Due to ongoing fraud protocol with our bank, they are requiring pre-funding via Direct Wire for all batches that were uploaded this week, unless employees were already paid or tax payments were already transmitted. This includes all batch files moving forward.”

All files that were uploaded today for collection and disbursement will not be processed. In order to process disbursement, we will need to receive a wire first thing tomorrow in order to release the disbursements.

All collections that were processed prior to today will be reviewed by the bank and disbursements will be released once the funds are cleared. Credit trans

Deadline for wires is 1 P.M. PST.

This will be the process until further notice. If you need a backup processor, please contact us.

If you require wire instructions, please respond to this email and they will be sent to you.

We welcome and anticipate your phone calls and inquiries. We remain committed to our clients and are determined to see this through. We appreciate and thank you for your patience and understanding.”

In a follow-up communication sent Thursday evening, Cachet said all debit transactions with a settlement date of Oct. 23 had been processed, but that any transactions uploaded after Oct. 23 were not being processed at all, and that wires are no longer being accepted.

“If they aren’t taking money, they’re out of business,” Friedl said of Cachet.

Cachet’s financial institution, Wilmington, Del. based The Bancorp Bank (NASDAQ: TBBK), did not respond to requests for comment.

Cachet also did not respond to requests for comment. But in an email Thursday evening, the company sought to offer customers a range of alternatives — including other providers — to help process payrolls this week.

Steve Friedl, an IT consultant in the payroll service bureau industry, said the Cachet announcement has sent payroll providers scrambling to cut and mail or courier paper checks to client employees.  But he said many payroll providers also use Cachet to process tax withholdings for client employees, and that this, too, could be disrupted by the funding changes.

“There’s a lot of same day stuff that goes on in the payroll industry that depends on people being honest and having money available at certain times,” Friedl said. “When that’s not possible because a bank in that process says it doesn’t want to be stuck in the middle that can create problems for a lot of people who are then stuck in the middle.”

Another payroll expert at a company that uses Cachet but who asked not to be named said, “everyone I know at payroll providers is scrambling to get it done another way this week” as a result of the decision by Cachet’s bank.

“Those bureaus will do whatever they can to keep their clients happy because something like this can quickly put them out of business,” the source said. “Unlike what happened with MyPayrollHR — which harmed consumers directly — the payment service bureaus are the ones potentially getting hurt here.”

Most corporate payroll is handled through ACH transactions, a system that allows financial institutions to push and pull funds to and from checking accounts between banks. ACH is essentially the same thing as writing a check for a good or service, and it typically involves an element of trust because there is a time delay (24-48h) between which the promised funds are released to the receiving bank and the funds are made available to the recipient.

In contrast, a wire transfer takes minutes and the funds are made available to the recipient almost immediately. Wires are also far more expensive for customers, and they earn banks hugely profitable processing fees, whereas ACH transaction fees are minuscule by comparison.

Ultimately, banks may decide that for certain clients they no longer wish to assume the risk of fraudsters exploiting the float period for ACH transactions to steal tens of millions of dollars, as was the case in the MyPayrollHR fiasco.

It’s worth noting that the MyPayrollHR fraud wasn’t the first time Cachet has been tripped up by the demise of a payroll company: In 2016, the collapse of Monterey, Calif. based payroll processor Pinnacle Workforce Solutions left Cachet holding the bag for more than $1 million. Cachet sued to recover the money stuck in Pinnacle’s frozen accounts. From The Monetery County Weekly:

“Cachet’s lawyers also outline possible nefarious action by Pinnacle. ACH companies act as middlemen for processing payroll and other large transactions. Every pay period, Pinnacle would send Cachet a coded file to tell the ACH how to distribute funds. But, on Sept. 21 [2016] Pinnacle had manipulated the code sent to Cachet so the money collected from its clients went directly to Pinnacle instead of being held in the ACH account before being distributed to its clients’ employees, the suit alleges.”

Friedl said it’s likely Bancorp stopped routing ACH transactions for Cachet because it believed the company still lacked sufficient security and process controls to avert yet another payroll company disaster.

“Their bank stopped them suddenly due to a lack of controls that they most likely promised a few years ago, after they had the same story with Pinnacle Workforce and obviously didn’t implement any controls,” he said.

It will be interesting to see how long the fallout from the MyPayrollHR episode will last and how many other firms may get wiped because of it. Shortly after MyPayrollHR closed its doors last month and disappeared with $35 million in payroll and tax payments, the company’s 49-year-old CEO Michael Mann was arrested and charged with bank fraud.

The government alleges Mann was kiting millions of dollars in checks between his accounts at Bank of American and Pioneer from Aug. 1, 2019 to Aug. 30, 2019. The Times Union reports that Mann and his company are now being sued by Pioneer Bank and a large insurance company over a $42 million loan it gave to Mann and his companies just a month before his payroll business closed up shop.

from Krebs on Security

Amazon’s Profit Falls Sharply as Company Buys Growth by KAREN WEISE

October 24, 2019 Leave a comment


The company has been investing heavily to keep its giant core businesses growing at the expense of higher profits.

Published: October 23, 2019 at 07:00PM

from NYT Technology

Categories: Internet Tags: ,

AMD, Embark Studios y Adidas se unen a la Fundación Blender

October 24, 2019 Leave a comment


Hace algunos días aquí en el blog compartíamos la nota sobre la integración de Nvidia como Patron Corporativo (Corporate Patron) del Fondo de Desarrollo Blender en el cual se representa con una contribución de al menos 120,000 € al año.

Ahora varios días después, AMD se unió al programa Blender Development Fund como patrocinador principal, en el cual aporta con más de 120 mil euros por año para el desarrollo del sistema gratuito de modelado 3D Blender.

Por la parte de los fondos recibidos se menciona que se inviertan en el desarrollo general del sistema de modelado 3D de Blender, la migración a la API gráfica Vulkan y la prestación de soporte de calidad para las tecnologías AMD.

Además de AMD, tal y como mencionábamos al inicio NVIDIA y Epic Games también han estado entre los principales patrocinadores de Blender. Los detalles de la participación financiera de NVIDIA y AMD no fueron revelados.

Mientras que por el lado de Epic Games asignó 1.2 millones para financiar Blender con la finalidad de promover el desarrollo de “Creative Software Suite Blender” el cual es un sistema gratuito de modelado en 3D y de código abierto que proporciona una gama completa de herramientas que permiten a los artistas crear gráficos, animaciones, efectos especiales y juegos en 3D.

Además de ellos, Blender también anunció la compañía Embark Studios y Adidas, que entraron en las categorías de patrocinadores “oro” y “plata”, respectivamente. Embark Studios transferirá Blender desde 30 mil euros al año y tiene la intención de transferir sus herramientas para Blender a la categoría de software abierto (algunas herramientas de Embark ya están abiertas).

A la larga, Embark Studios planea cambiar a usar Blender como su software 3D y ambiental principal. La contribución de Adidas, que utiliza Blender para resolver problemas de visualización, será de 12 mil euros al año.

Con la integración de estos nuevos miembros a la lista de patrocinadores de para Blender podemos ver que este se ha convertido en un importante software al que las empresas, productoras y diseñadores estan comenzando a tomar más en cuenta.

from Linux Adictos

Categories: Internet, Linux Tags: , ,

Always Building, From the Garage to Her Company by JOHN MARKOFF

October 24, 2019 Leave a comment


Jeri Ellsworth started as a self-taught computer hacker and chip designer. In an industry dominated by men, she’s the head of a company focusing on augmented reality.

Published: October 23, 2019 at 07:00PM

from NYT Technology

Categories: Internet Tags: ,

40% of Security Pros Job Hunting as Satisfaction Drops

October 24, 2019 Leave a comment

Symptoms of job dissatisfaction creep into an industry already plagued with gaps in diversity and work-life balance.

from Dark Reading:

FBI Expands Election Security Initiative

October 24, 2019 Leave a comment

The program offers resources and advice to help protect elections at every level within the US.

from Dark Reading: