5 Companies That Had A Rough Week

For the week ending Aug. 30, CRN looks at IT companies that were unfortunate, unsuccessful or just didn't make good decisions.

The Week Ending Aug. 30

Topping this week's roundup of those having a rough week is cybersecurity vendor Imperva, which was the victim of a data security breach.

Also making the "Rough Week" list are AMD for paying to settle a false advertising lawsuit, Apple for dealing with the fallout from the Siri recorded conversations controversy, Google for facing the possibility of yet another European Commission investigation, and Cisco for scrambling to fix a critical bug in its router software.

Not everyone in the IT industry was having a rough go of it this week. For a rundown of companies that made smart decisions, executed savvy strategic moves – or just had good luck – check out this week's Five Companies That Came To Win roundup.

Imperva Breach Exposed API Keys, SSL Certs For Some Firewall Customers

Cybersecurity vendor Imperva informed customers this week that a recent data security breach exposed email addresses, hashed passwords, API keys and SSL certificates for a number of the company’s customers.

The breach specifically affected a subset of Imperva customers who used Incapsula Cloud, the company’s cloud web application firewall (WAF), and had accounts through Sept. 15, 2017.

Imperva learned of the breach on Aug. 20, Tuesday of last week, and is investigating how it occurred. The company has been informing all affected customers directly and providing details about the steps it is taking to safeguard accounts and data. The company, for example, has implemented forced password rotations and 90-day expirations for the Cloud WAF product.

“We profoundly regret that this incident occurred and will continue to share updates going forward,” Imperva president and CEO Chris Hylen said in a blog post.

AMD To Pay $12.1M Settlement In Bulldozer False Advertising Lawsuit

AMD will cough up $12.1 million to settle charges in a class-action lawsuit that the chipmaker falsely advertised the number of cores in its Bulldozer processors.

The settlement with plaintiffs Tony Dickey and Paul Parmer must be approved by the U.S. District Court for Northern California.

The Bulldozer processors debuted in 2011 targeting content creators and gamers that needed high-performance systems. The lawsuit says AMD advertised Bulldozer as the world’s first 8-core CPU but argued that claim wasn’t true because the cores were really four modules that shared resources, as opposed to eight independent cores.

AMD said it believed the allegations were without merit but chose to settle the suit to eliminate any distraction caused by the ongoing litigation.

Apple Apologizes For Siri Privacy Flap

Apple issued a mea culpa this week when the company posted an apology for allowing contractors to listen to people’s conversations recorded by the Siri digital assistant. Apple also repeated an earlier pledge that it would stop its practice of keeping audio recorded through Siri unless users give their permission.

Recent reports disclosed that Apple contractors routinely listened to Siri recordings to evaluate Siri's performance. Earlier this month a class-action lawsuit, seeking unspecified statutory and punitive damages, was filed against Apple saying the practice violated several California laws including the California Invasion of Privacy Act.

“We know that customers have been concerned by recent reports of people listening to audio Siri recordings as part of our Siri quality evaluation process — which we call grading,” Apple said in the posted apology. “We heard their concerns, immediately suspended human grading of Siri requests and began a thorough review of our practices and policies.”

“As a result of our review, we realize we haven’t been fully living up to our high ideals, and for that we apologize,” Apple said.

Google Facing Yet Another European Union Antitrust Investigation

The European Commission is conducting an initial investigation into Google’s job search tool “Google for Jobs,” scrutinizing whether Google illegally favors its own job ads over rivals, according to a CNBC report.

EU Competition Commissioner Margrethe Vestager disclosed the initial probe in a speech Tuesday. She drew parallels between Google for Jobs and Google’s comparison shopping service, which was the focus of a $2.7 billion fine the EU levied against Google in 2017 for anti-competitive behavior, CNBC said.

Altogether the European Commission has hit Google with fines totaling $9.4 billion in three cases.

Cisco Scrambles To Fix Critical Router Vulnerability

Cisco Systems scrambled to warn customers this week that a bug – deemed “critical,” the highest level of severity – could allow remote hackers to gain full control of Cisco routers.

The critical remote authentication vulnerability was discovered in the Cisco REST API virtual service container for Cisco IOS XE software, according to a Cisco Security Advisory. The bug “could allow an unauthenticated, remote attacker to bypass authentication on the managed Cisco IOS XE device,” the advisory said.

The fault impacts Cisco 4000 Series Integrated Services Routers, Cisco ASR 1000 Series Aggregation Services Routers, Cisco Cloud Services Router 1000V Series and Cisco Integrated Services Virtual Routers.

Cisco has released software updates to fix the vulnerability, according to the advisory.