5 Companies That Had A Rough Week

The Week Ending Feb. 22

Topping this week's roundup of those having a rough week is Xerox, which is undergoing a significant consolidation that reportedly includes closing many Xerox Business Solutions offices.

Also making the list this week are Google for taking fire for an undisclosed microphone in its Nest home security device; Oracle for being hit with a multimillion-dollar lawsuit over a failed ERP project; Adobe for having to fix a security vulnerability – for the second time; and Cisco for having to fix a couple of critical vulnerabilities in its HyperFlex Software.

Not everyone in the IT industry was having a rough go of it this week. For a rundown of companies that made smart decisions, executed savvy strategic moves – or just had good luck – check out this week's Five Companies That Came To Win roundup.

Xerox Undergoing Massive Reorganization, Shuttering Many XBS Offices

Facing declining revenue, Xerox is going through a nationwide consolidation and closing as many as half of its 186 Xerox Business Solutions field offices around the country.

CRN reported this week that the restructuring will result in layoffs among support staff and force sales teams to work remotely. The cuts are part of a move to reduce overhead costs and increase profitability.

While Xerox is reportedly keeping its 40 geographical "core" business offices intact, it is shuttering many of its smaller XBS field offices. XBS is one of Xerox's key ways of serving SMB customers.

Google Takes Heat For Failing To Disclose Nest Microphone

Google came under fire this week as the company acknowledged that its Nest Guard home security device has a built-in microphone – but apparently neglected to tell anyone.

While Google said the existence of the microphone wasn't intended to be a secret, according to a Business Insider story, the company admitted that the microphone's existence wasn't disclosed in any Nest Guard product descriptions.

The disclosure set off a wave of criticism of Google on social media and in the press. The Electronic Privacy Information Center sent a letter to the Federal Trade Commission calling on regulators to force Google to spin off its Nest business.

Oracle Hit With Lawsuit Over Failed ERP System Project

Oracle found itself on the wrong end of a lawsuit this week when a Pennsylvania-based mechanical contractor sued Oracle, seeking more than $4.5 million in refunds and damages relating to an enterprise resource planning (ERP) application deployment project that ran years overdue, according to a story on The Register website.

The lawsuit by Worth & Co., filed in U.S. District Court in San Francisco, charges that Oracle breached its contractual obligations and fraudulently misrepresented the suitability of its software in the case.

Worth & Co. hired an Austin-based systems integrator – which is no longer in business – in February 2015 to install Oracle's E-Business Suite and cloud services with the project scheduled to be completed later that year. But the project was plagued with implementation and integration issues and the completion date was pushed back multiple times until the spring of 2018 when Worth ultimately pulled the plug on the project and chose another ERP system, according to The Register story.

The company is seeking a refund of the $4.5 million it spent on the project, plus damages.

Adobe Re-Patches Critical Acrobat Reader Flaw

Bad news for a software company is having to issue a fix for a product bug. Really bad news is having to issue a fix for the fix because the first effort didn't work.

Adobe this week issued a new, unscheduled fix for a critical zero-day vulnerability in its Acrobat Reader software that could allow hackers to steal victim's hashed password values, according to a Threatpost story.

Adobe had issued a fix for the vulnerability last week as part of its regularly scheduled security updates. But the company had to issue another, unscheduled patch this week when a researcher discovered that the original fix had a hole that could be used to bypass the original fix.

Cisco Scrambles To Fix Two High-Risk Security Flaws In Its HyperFlex Software

Speaking of software bugs, Cisco issued a number of software patches this week including fixes for two vulnerabilities in the Cisco HyperFlex Software that were considered high-risk security flaws.

One bug, a "command injection vulnerability," could allow an unauthenticated adjacent attacker to run commands on an affected host as the root user, according to the Cisco security advisor bulletin. The other, an "unauthenticated root access vulnerability," could allow an unauthenticated, local attacker to gain root access to all nodes of a HyperFlex cluster, warned a second Cisco security advisor bulletin.

Cisco also released fixes for less critical vulnerabilities in its WebEx, Prime Infrastructure and Firepower products.