Mediaboss Marketing

With a single update, a popular barcode scanner app on Google Play transformed into malware and was able to hijack up to 10 million devices.

Lavabird Ltd.'s Barcode Scanner was an Android app that had been available on Google's official app repository for years. The app, accounting for over 10 million installs, offered a QR code reader and a barcode generator -- a useful utility for mobile devices.

The mobile application appeared to be legitimate, trustworthy software, with many users having installed the app years ago without any problems -- until recently.

According to Malwarebytes, users recently started to complain of adverts appearing unexpectedly on their Android devices. It is often the case that unwanted programs, ads, and malvertising are connected with new app installations, but in this example, users reported that they had not installed anything recently.

Upon investigation, the researchers pinpointed Barcode Scanner as the culprit.

A software update issued on roughly December 4, 2020, changed the functions of the app to push advertising without warning. While many developers implement ads in their software in order to be able to offer free versions -- and paid-for apps simply do not display ads -- in recent years, the shift of apps from useful resources to adware overnight is becoming more common.

"Ad SDKs can come from various third-party companies and provide a source of revenue for the app developer. It's a win-win situation for everyone," Malwarebytes noted. "Users get a free app, while the app developers and the ad SDK developers get paid. But every once in a while, an ad SDK company can change something on their end and ads can start getting a bit aggressive."

Sometimes, 'aggressive' advertising practices can be the fault of SDK third-parties -- but this was not the case when it comes to Barcode Scanner. Instead, the researchers say that malicious code was pushed in the December update and was heavily concealed to avoid detection.

The update was also signed with the same security certificate used in past, clean versions of the Android application.

Malwarebytes reported its findings to Google and the tech giant has now pulled the app from Google Play. However, this doesn't mean that the app will vanish from impacted devices, and so users need to manually uninstall the now-malicious app.

Transforming clean SDKs into malicious packages is only one method employed to avoid Google Play protection, with time checks, long display times, the compromise of open source libraries used by an app, and dynamic loading also cited as potential ways for attackers to compromise your mobile device.

Another interesting method, spotted by Trend Micro, is the implementation of a motion sensor check. In 2019, Android utility apps were found to contain the Anubis banking Trojan which would only deploy once a user moved their handset.

ZDNet has reached out to the developer and will update if we hear back.

Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0

Original post:
With one update, this malicious Android app hijacked millions of devices - ZDNet

Huge Ma, a 31-year-old software engineer for Airbnb, was stunned when he tried to make a coronavirus vaccine appointment for his mother in early January and saw that there were dozens of websites to check, each with its own sign-up protocol. The city and state appointment systems were completely distinct.

There has to be a better way, he said he remembered thinking.

So, he developed one. In less than two weeks, he launched TurboVax, a free website that compiles availability from the three main city and state New York vaccine systems and sends the information in real time to Twitter. It cost Mr. Ma less than $50 to build, yet it offers an easier way to spot appointments than the city and states official systems do.

Its sort of become a challenge to myself, to prove what one person with time and a little motivation can do, he said last week. This wasnt a priority for governments, which was unfortunate. But everyone has a role to play in the pandemic, and Im just doing the very little that I can to make it a little bit easier.

Supply shortages and problems with access to vaccination appointments have been some of the barriers to the equitable distribution of the vaccine in New York City and across the United States, officials have acknowledged.

Statistics released recently by the city showed that the vaccine is disproportionately flowing to white New Yorkers, not the Black and brown communities that suffered the most in the pandemics first wave.

Only 12 percent of the roughly 210,000 city residents who are over 65 and were vaccinated were Black, for example, even though Black people make up 24 percent of the citys population.

The only way they are able to access those appointments is to use a very, very complicated tech platform that in and of itself marginalizes the elderly community that I serve, Ebon Carrington, the chief executive officer of Harlem Hospital, said at the end of last month. As a result, she said, white people from outside Harlem for weeks had filled most of her available slots.

So some volunteers in New York, as well as in states including Texas, California and Massachusetts, have tried to use their technological skills to simplify that process.

Jeremy Novich, 35, a clinical psychologist on the Upper West Side on Manhattan, started reaching out to seniors after realizing that his own older relatives could not have made appointments on their own.

The system is set up to be a technology race between 25-year-olds and 85-year-olds, he said. Thats not a race, thats elder neglect.

Along with two friends, on Jan. 12 he launched the Vaccine Appointment Assistance Team, a person-to-person effort that began by helping older people from local synagogues and expanded to help those who sign up via a phone hotline or web form. Because of high demand, the service which now has 20 volunteer caseworkers has stopped taking new cases for now, and the founders are thinking about partnering with a nonprofit to increase capacity.

The most ambitious online volunteer assistance effort in the city is NYC Vaccine List, a website that compiles appointments from more than 50 vaccination sites city, state and private. About 20 volunteers write code, reach out to community organizations and call inoculation centers directly to post the centers availabilities.

Dan Benamy, a software developer for Datadog and one of NYC Vaccine Lists founders, said that when he was searching last month for dates for his grandparents, he was struck at how labor-intensive the appointment system was.

Feb. 9, 2021, 4:25 p.m. ET

Im an engineer and an optimizer, so I was looking at this and saying it feels like we could maybe look at pulling this data together and aggregating it, so that it is faster and easier to find vaccines, he said.

Mr. Benamy reached out to a couple of friends and got to work. The site went live five days later, on Jan. 16.

Inspired by VaccinateCA, a volunteer-run vaccine finder site in California, NYC Vaccine List not only lists available city and state appointments, but also allows users to click through more directly to some available appointment times, saving precious minutes in which a slot could go to someone else.

In its effectiveness, the site is also offering a real-time glimpse at how brutally competitive the appointment process can be. At 2:30 p.m. on Jan. 28, for example, hundreds of openings popped up, including 45 at the citys Brooklyn Army Marine Terminal, and many more at a city-run site in the Bronx. Within 15 minutes, they were gone.

These sites do not solve all access problems, because they still require computer literacy and benefit only those who know about them. As of Feb. 8, NYC Vaccine List was getting about 16,000 visitors a day, which remains a fraction of the millions of qualified New Yorkers who need appointments, its founders said.

But by making the process more efficient, the sites are easing the way for hundreds who were struggling to find a slot. Their Twitter feed has been flooded with messages of gratitude, and NYC Vaccine List been labeled the hottest website in the city by Mark Levine, a city councilman. They recently added a Google translate feature to the site.

As the number of volunteers increases and we get these basic pieces up and running, we would love to make it accessible to as many people as possible, said Mr. Benamy, 36, who lives in Brooklyn.

Mayor Bill de Blasio has promised to improve the appointment system, which he called too cumbersome in a recent news conference, and the city upgraded one of its main scheduling sites to be more user-friendly last week.

Both the city and state also offer the option to schedule by phone. The states hotline recently added a special option for people 75 years and older, as well as a callback service. But operators at those hotlines make appointments at the same city or state run centers where most appointments are snapped up by those using the first-come, first serve web-based system.

Software developers peeking under the hood of some of the public scheduling sites were surprised to see just how messy it was back there. Paul Schreiber, 42, a freelance software engineer in Brooklyn, said he was chagrined to find misspellings and other errors in the code of the vaccine hub run for the first month by the city health department. The new website that rolled out on Feb. 1, he said, seemed substantially better.

Even grading on a very generous curve well, this is a government website, its not Amazon.com it was really bad, he said.

Mr. Schreiber has done some preliminary work on building his own appointment site and was looking at how he could incorporate the updates to the city-run site.

Some of the technological help has come from pure chance.

Adriana Scamparini, 45, a corporate lawyer who lives in the Gramercy area of Manhattan, spent 18 hours trying to make her father an appointment. After she did, she realized that a password she had used for an appointment site was saved on her phone, allowing her to bypass a public page that incorrectly stated no appointments were available.

She began reaching out to friends, family and her doorman to see if they knew older people who needed help. She set up email addresses for those who didnt have them. She printed out appointment forms and delivered them to peoples homes. She made about 30 appointments and personally accompanied seven people to a vaccination site in Lower Manhattan, mostly in the middle of the night when appointments were easier to get. For her efforts, she got tears of gratitude, cards and flowers.

I dont have a computer and I dont have Wi-Fi, said Mariley Carlota, a widow originally from Brazil who lives alone on the Upper East Side. She got her first shot at 4:30 a.m. on Jan. 19 thanks to Ms. Scamparini. She was like an angel for me.

Ms. Carlota had been scared to go to the doctor and go shopping. Now, she is scheduling her colonoscopy, her endoscopy and physical therapy for February. She cries at the thought that she will soon be able to go back to her church and her friends there.

Its like I won a lottery, she said.

More here:
How This New Yorker Created a Vaccine Appointment Website for $50 - The New York Times

This past year put a spotlight on the importance of faster and more effective emergency response.

That's something that RapidSOS has been working on for the past eight years. The company, which built a platform to make it easier for first response teams to do their jobs, just banked $85 million to scale its technology.

The need for critical, life-saving data was never more apparent than in 2020 when the world faced unprecedented emergencies, including the COVID-19 pandemic, natural disasters, and domestic threats like the Christmas Day Nashville bombing.

Disruption, Acceleration & Innovation: Pharmacists on the Frontline

This year, pharmacists will play a critical role in the United States COVID-19 immunization efforts. Although this is welcomed news, this new duty and other coronavirus responsibilities are exacerbating pharmacist burnout. In this panel, experts will explore how pharmacists can leverage technology to automate administrative tasks and satisfy patient needs.

RapidSOSaims to transform emergency response and disaster management by connecting emergency data from digital health, smart buildings, security, connected vehicles, and app companies with emergency responders.RapidSOS provides their software free for 911 centers and works with connected device makers and technology companies to embed their technology into their emergency calling and SOS features.

The company's Series C funding round was led by global venture capital and private equity firm Insight Partners. The investmentbrings RapidSOSs total funding to $200 million.

RELATED:American Heart Association, RapidSOS team up to link emergency responders with patients' medical data

2020 reminded all of us of the heroic work that first responders do in our most challenging moments, said Michael Martin, founder and CEO of RapidSOS in a statement. We spent the past eight years building the RapidSOS emergency response data platform in partnership with thousands of first responderscollaborating with leading technology companies to provide the right data, at the right place, at the right time to save lives across over 150 million emergencies annually.

Data from the RapidSOS platform was used in over 150 million emergencies during 2020, or on average, more than 400,000per day. In some cases, RapidSOS' technologybecame the critical link between citizens and first responders when traditional voice 911 circuits went down in major disasters or attacks.

Through the platform, RapidSOS provides data that supports over 4,800 emergency communications centers across the U.S., covering 92% of the population.

RELATED:Health tech funding snapshotGoogle joins $50M round in Viz.ai, Augmedix raises $19M and more

RapidSOS currently links more than 350 millionconnected devices to emergency services and first responders.These devices, recognized as RapidSOS ready, transmit real-time location, health and medical information, connected building and alarm dataand more in an emergency.

For example, the RapidSOS platform connects crash impact and occupant data from the following sources with 911 and first responders in an emergency: connected vehicles, critical health and medical information from medical profiles, wearables and devices, and connected building/alarm, address, sensorand multimedia.

The medical ID feature on an iPhone also enables people to share medical information with 911. In collaboration with the American Red Cross, the American Heart Association, and Direct Relief, RapidSOS launched the Emergency Health Profile, a simple and free way for anyone to share their health data with 911.

Insight has a history of backing category-defining companies, and RapidSOS has all the makings of one in the emergency response space, said Nikitas Koutoupes, managing director at Insight Partners. We are excited to have our team of software ScaleUp and platform experts help drive RapidSOSs mission.

Link:
RapidSOS lands $85M to integrate connected devices, smart buildings with emergency responders - FierceHealthcare

IoT security startup Armis has doubled its valuation to $2 billion in less than a year thanks to a new funding round that aims to open new business opportunities in health care, manufacturing and retail as the startup pursues its ambitions of going public.

The Palo Alto, Calif.-based company announced Tuesday that it has raised a $125 million funding round from Brookfield Technology Partners the investment arm of alternative asset management company Brookfield Asset Management that manages more than $575 billion of assets and other investors.

[Related: Akamai Buys IoT Security Vendor Inverse To Better Spot Devices]

The firm said it decided to invest in Armis, which has more than 350 employees, after hearing about the issues of identifying and managing connected devices from chief information security officers across Brookfields various businesses.

Brookfield underwent a thorough year-long industry evaluation, and it was clear that Armis was the only platform able to serve and scale globally across the vast industries in which we operate whether it be infrastructure, real estate, renewables, healthcare or telecom, said Josh Raffaelli, managing partner at Brookfield Technology Partners, in a statement.

The round brings the companys total funding to $300 million. The deal also included participation from Insight Partners, which had acquired Armis last year at a $1.1 billion valuation; CapitalG, Alphabets growth fund; and Georgian Partners, a firm that focuses on high-growth software companies.

Yevgeny Dibrov, CEO and co-founder of Armis, told CRN that the Brookfield deal will create new opportunities for Armis to sell its agentless device security platform into more than 100 Brookfield-owned businesses located across more than 30 countries that cover manufacturing, health care, retail, renewable energy and real estate.

Dibrov said the issue is pressing as malicious actors look to take advantage of unsecured IoT devices and operational technology assets to launch ransomware attacks, among other kinds of cyberattacks. Attacks on health care organizations are up from last year, and manufacturers in what Dibrov called the COVID workflow producing vaccines and tests for the coronavirus are also under threat.

Weve seen a lot of risk there, and a lot of targeting by attackers there, he said, adding that such attacks could stall operations.

Operational technology, which includes things like SCADA controls and energy monitoring systems, has becoming an increasing focus for Armis in the past two years, and Dibrov said one of his goals this year is to solidify the companys leadership in OT security.

Dibrov also sees opportunity with the many organizations that continue to have their employees work from home, which is creating new security challenges. To address them, the company rolled out the Armis Asset Management solution as a standalone offering in January, giving organizations expanded visibility and control of devices and systems that are remotely connecting to corporate networks.

Based on a lot of customer feedback, weve been working on that for more than more than a year, Dibrov said, adding that customers were looking for a solution that would allow them to view all their assets, from cloud instances and virtual machines to laptops at employees homes, in one place.

The Brookfield deal means new potential opportunities for Armis channel partners, which are supported by a services-focused partner program that launched last year, according to Dibrov. The company plans to use a portion of the new funding to expand the companys partner organization, which covers 130 total partners now and is led by former Symantec channel executive Peter Doggart.

In terms of our business and across all the Brookfield entities, we are going to involve our partners from a variety of different types, Dibrov said.

As part of the new funding round, Armis disclosed that its revenue has grown more than 750 percent over the past two years while its customer base which includes Sysco, Fresenius Medical Care, Home Depot, Mondelez and Oracle has increased by over 425 percent. And the company is on track to double its business again this year, according to Armis CFO Jonathan Carr.

Michael Parker, the companys CMO, declined to say how much of total revenue partners are contributing, but he said they are driving a significant amount of customer deals.

Weve seen such a ramp up, even during this past year, of our partners, where theyre really becoming an equal player in what theyre bringing to the table for Armis, he said. And thats one of the reasons we want to invest there.

While many IoT security startups are getting acquired, Dibrov said he intends for Armis to become a publicly traded company through an initial public offering, adding that the company has the right strategy and a huge, total addressable market.

We are building our business with the support of Brookfield now, the folks at Insight and CapitalG, towards an IPO, he said. This is why we are a building a platform.

Carr, who was brought in last year, said while the company is working towards being public-ready, Armis is well-funded and well-backed, calling the latest round opportunistic. He added that the company plans to hire 100 to 200 people in the next year.

An IPO is something that were excited about, but its certainly not something that we necessarily feel like we need to do from a funding perspective, he said.

Go here to see the original:
IoT Security Startup Armis Doubles Valuation To $2B With $125M Round - CRN

The Omaha, Neb. software giant is seeking to supply pent-up demand created by the COVID-19 pandemic after many brokers saw the benefits of working independently from home.

Brooke's Note: Like in politics, two credible sources in the RIA world can look at a wall and one can say it's black when the other sees white. In this case, we have two credible sources saying 2020 was an off year for breakaways and two other sources saying it was good -- even hot. Fortunately this article doesn't rely on being sure about either one. For certain, Orion is investing considerable time and resources to spur breakaway activity to fill a void it is willing to bet it can fill. There can be no doubt these two events are not "digital" or "tech" events in disguise considering that the Omaha firm is calling them breakaway boot camps. Meanwhile, you can't help wonder if more is going on here? Are RIA custodians less of a presence in recruiting wirehouse brokers after 2020 was another year of radical fee compression in money market funds, bank deposits, revenue sharing and the completezeroing out of sales commissions?

Eric Clarke says he plans todirectly woo breakaway brokers this year--an unusual move for the CEO of asoftware firm--aftera 20% slide in 2020 recruiting, but some recruiters say he may have just missed the boat in a tough but hot market.

WhileOrion Advisor Servicesdoesn't technically recruit, Clarke says his firm is constantly speaking with advisors before they're ready to go independent.

"Weve always been supportive of helping advisors make a break to independence. Sometimes advisors call us first, sometimes they call a custodian, sometimes a compliance consultant," he says.

Louis Diamond, president of Morristown, N.J.-based Diamond Consultants saysdon't presume that the breakaway broker movement took a year off in 2020.

"It was the busiest recruitment year since 2014 in terms of advisors moving," he says. "I definitely don't think it was slower."

This year is already proving to be another stellar year, Diamond says. "We're very bullish on advisor recruitment for 2021 and the breakaway movement."

But Diamond's view is by no means universal.

My sense is there definitely were a lot less breakaways," saysAlois Pirker, senioranalyst with Aite Group."Everyone in the market has had this, deer in the headlights reaction, and advisors needed to make sure their clients were OK.

Hard numbers are hard to come by, butInvestmentNews Researchtracks breakaways and called the pace "blistering" in 2020. "The numbers are way up, even as firms struggle amid the COVID-19 pandemic," it said, reporting on the first nine months of the year.

RIAs saw a net gain of 931 financial advisers whojumped from one firm to another, a slight decline compared with 998 advisersduring the same period in 2019.

Independent broker-dealers, discounters, and regional broker-dealers all gained, while institutional firms, banks, insurance broker-dealers and wirehouses saw net losses.

LPL Financial, Fidelity Brokerage Services and Cambridge Investment Research were leaders in recruitment gains. See:LPL Financial hires new 'digital' head of recruiting -- IBM exec Scott Posner -- after the old school approach was leaking oil

Merrill Lynch, Wells Fargo Clearing Services and Edward Jones led for net recruiting losses, according to InvestmentNews. See:Timing of Morgan Stanley's Broker Protocol withdrawal sends shocks through RIA legal and recruiting circles

A lot of advisors are accustomed to a 30-minute commute. But, weve been working from home for the past 9-10 months and now they realize that going independent means they can have the flexibility to work from home, Clarke says.

Working from home may in fact be an additional nudge to advisors to leave their current firms for separate reasons than just the commute, Diamond says.

"They're beginning to question why they're paying so much money to the firms and working at home helped them realizethey were more independent than they thought they were," he explains.

In 2020, Clarke says his firm helped 100 advisors breakaway, a 20% decline, from the previous year. He blames the COVID-19 pandemic and not RIA recruiters.

"The pandemic has really slowed down the movement of advisors to existing firms to a new firm," he says. "The pandemic has made it difficult to transfer accounts and have meetings.

"There is a big pent up demand for advisers who are ready to make a break, but we are waiting until the vaccine has been distributed.

"This pent-up demand will manifest over the next 18 to 24 months. They'll not all make the break in July, August, or September, but you'll see it happen over time," Clarke says.

The pandemic has changed advisors' circumstances and it's possible they may feel even more energized about leaving, Clarke says.

While the pandemic has been disruptive to all, Pirker sayshe suspects breakaways will do better than they did in the 2008-2009 financial crisis. For instance, many financial firms had difficult reputations during the financial crisis.

A lot of firms had brand damage then and were in the news about being rescued and that was a burden. This hadnt happened this time around.

"I dont think the breakaway model has fundamentally changed. If someone wants to be independent nothing has really changed. Its just the logistics and timing that has changed, he explains.

Clarke says he's not going to let another year pass where he entrusts such a vital sales process to third parties.

The Omaha, Neb.,software company, with $1.4 trillion in administered assets, will hold two events -- including an in-person confab. The express purpose is to pick up the slack after reliance on the recruiting community last year came up short.

The first "Breakaway Boot Camp" will be held,April 7,virtually on Zoom. Advisorscan turn off their camerashouldthey wish to remain anonymous, Clarke says.

The agenda for the April event will feature a keynote presentation from Downtown Josh Brown.

"I'm not being paid, Orion supports us and I support them at conferences and stuff. We love their products and services. They asked me a favor and I said sure," Brown said.

Other A-list speakers include Clarke andShannon Spotswood of RFG Advisory.

Joel Bruckenstein, founder of the T3 Conference, will discuss technology andBrian Hamburger of MarketCounsel Consulting will discussemployment transition, regulatory complianceand business launch.

The second event will be in-person in Omaha, Neb.,June 30. Bothevents are free.

Of course, Orion is now positioned for a much higher yield on recruiting. It wrapped up a merger with Brinker Capital Investments and creating a $44 billion AUM TAMP.

Orion works with more than 2,100 advisory firms and it can gain directly from tuck-in recruits to those firms. See:With Envestnet-Yodlee showing no let-up, Orion Advisor Services and Brinker Capital race to close merger in just three months, a leap toward 'unstoppable,' both organically and inorganically

Orion's boot camps will be a prelude to its more all-purposeAscent 2021 event at the Fairmont Scottsdale Princess Hotel Aug. 30 to Sept. 2.

"We thought we'd help these advisors by getting out in front of it with options to consider," Clarke says.

View post:
Orion will woo breakaway brokers with two events-- an unusual move for a software firm-- after missing the boat on 2020 recruiting in a tough pandemic...