Cloud

Researchers have uncovered advanced malware that can steal virtually all of a large organization’s e-mail passwords by infecting its Outlook Web Application (OWA) mail server over an extended period of time.

Researchers from security firm Cybereason discovered the malicious OWA module after receiving a call from an unnamed company that had more than 19,000 endpoints. The customer had witnessed several behavioral abnormalities in its network and asked Cybereason to look for signs of an infection. Within a few hours, the security firm found a suspicious DLL file loaded into the company’s OWA server. While it contained the same name as a benign DLL file, this one was unsigned and was loaded from a different directory.

The OWAAUTH.dll file contained a backdoor. Because it ran on the server, it was able to retrieve all HTTPS-protected server requests after they had been decrypted. As a result, the attackers behind this advanced persistent threat—the term given to malware campaigns that target a specific organization for months or years—were able to steal the passwords of just about anyone accessing the server.

We can’t tell whether that recipient’s face is one of joy because she received a package within an hour or sheer terror because she got it from a random dude who makes money via Amazon’s new Flex delivery program. (credit: Amazon)

If you think there’s not enough self-employed driving gigs in today’s Uber-style economy, Amazon has some news for you. Starting Tuesday in the company’s home base of Seattle, the online shopping giant will begin paying people “$18-25 per hour” to deliver Amazon Prime Now packages out of their own cars.

The program, dubbed “Amazon Flex,” will eventually launch in a number of major markets, including New York, Dallas, Chicago, Miami, Baltimore, Austin, Indianapolis, Portland, and Atlanta—in short, major Amazon Prime Now markets. Notably, no Californian cities are included in the list, though we can’t be sure whether that’s because of “sharing” economy pitfalls such as litigation filed by San Francisco Uber drivers about benefits they may be entitled to due to “employee” status.

According to the program’s site, participating delivery men and women must own cars, have valid drivers’ licenses, be over the age of 21, pass a background check, and own an Android smartphone.

It’s not often that you see a CEO launching a Change.org petition drive and a Twitter hashtag campaign over a dispute with another company. But that’s exactly what Parker Conrad, the CEO and co-founder of the cloud HR software company Zenefits, has done in a battle of words with the payroll processing giant ADP.

In his blog posts about ADP’s move to cut off clients’ access to data through Zenefits, Conrad also directed customers to a Change.org petition directed at ADP’s CEO Carlos Rodriguez and asked them to air their complaints on Twitter using the hashtag #ADPeeved. But ADP has responded by filing suit against Zenefits and Conrad, claiming that statements by Conrad accusing ADP of anti-competitive practices are defamatory.

Zenefits offers businesses its human resources management services for free and is funded by commissions from insurers and other benefit providers. The company ran afoul of ADP, according to statements issued by ADP, because of its unorthodox approach to integration with ADP’s data. An ADP spokesperson has issued statements accusing Zenefits of poor security practices that could have exposed the personal identifying information of clients’ employees and taxing ADP’s systems by using “screen scraping” to get access to payroll data rather than through a partner data interface.