5 Companies That Had A Rough Week

For the week ending May 3, CRN looks at IT companies that were unfortunate, unsuccessful or just didn't make good decisions.

The Week Ending May 3

Topping this week's roundup of those having a rough week is Citrix, which acknowledged that it was the victim of a security breach that compromised employee information.

Also making the list this week are Apple for indications of just how much it had to pay to settle a series of lawsuits with Qualcomm, Microsoft and its cloud customers who suffered through a service outage, Sabre and several major airlines who also dealt with IT interruptions, and D-Link for a report on security flaws in its home security camera.

Not everyone in the IT industry was having a rough go of it this week. For a rundown of companies that made smart decisions, executed savvy strategic moves – or just had good luck – check out this week's Five Companies That Came To Win roundup.

Citrix Hackers Sought Employee Financial Data, Social Security Numbers

Hackers who gained access to Citrix’s internal network for nearly five months may have accessed and stolen financial information and social security numbers for current and former employees and, in limited cases, for their dependents and beneficiaries, the software company acknowledged this week.

According to a breach notice filed with the California Attorney General’s office, the cybercriminals had intermittent access to the company’s network between Oct. 13, 2018, and March 8, 2019. The company said it and outside security experts took steps to block the attackers from its systems and prevent future intrusions using similar mechanisms.

The company first learned from the FBI on March 6 that cybercriminals had penetrated its corporate network. The attackers apparently breached the Citrix network using “password spraying,” which attempts to log into a network using commonly used passwords.

The company hasn’t disclosed how many individuals were affected by the breach.

Apple Payment To Qualcomm May Have Reached $4.7 Billion

The recent agreement between Apple and Qualcomm to settle years of litigation may have cost Apple as much as $4.7 billion, it was disclosed this week.

The unexpected settlement, announced April 16, included a six-year patent license agreement, a multi-year chipset supply agreement and a one-time payment of an undisclosed amount by Apple to Qualcomm.

But this week Qualcomm, in announcing its financial results for its second fiscal quarter ended March 31, said it estimates adding revenue of between $4.5 billion and $4.7 billion as a result of the settlement.

Microsoft Azure, Other Cloud Services Knocked Offline By DNS Update

It was a tough week for Microsoft and subscribers to Azure and other Microsoft cloud services when the services were knocked offline for nearly two hours Thursday afternoon.

Microsoft said the outage occurred when it was part way through an effort to migrate its legacy domain name system to its own hosted Azure DNS, according to a report on the Azure status history page.

The problem led to "intermittent connectivity issues" with Azure, Office 365, SharePoint, the Dynamics 365 cloud applications, Xbox Live, Microsoft Teams and other cloud services.

Microsoft said the problems began at 19:43 UTC (3:43 p.m. EDT) on Thursday. Most services were recovered by 21:30 UTC (5:30 p.m. EDT), Microsoft said, with all services restored by 22:35 UTC (6:35 p.m. EDT).

Airline Reservation System Outage Causes Headaches For Multiple Airlines

Speaking of system outages, a system failure with the Sabre airline reservation and booking system, which is used by a number of the nation's major airlines, caused problems for the airlines and travelers this week.

The system outage, which occurred early Monday morning, was resolved by 2:00 p.m. EDT, according to a CNBC report. But not before it caused long lines and frustrating waits for passengers on airlines that use the Sabre system, including American Airlines, JetBlue and Air Alaska, according to CNBC and other media reports.

The cause of the outage has not been disclosed. The outage was similar to a system failure at Sabre on March 26, according to USA Today.

D-Link Cloud Camera Flaws Could Give Hackers Access To Video Stream

Security vulnerabilities in D-Link's DCS-2132L cloud home security camera allows attackers to intercept and view recorded video and even manipulate the device's firmware, according to a report from ESET Research out this week.

The most serious issue with the camera is the unencrypted transmission of the video stream, which the report says runs unencrypted between the camera and the cloud and between the cloud and the client-side viewer application. That could leave the video streams open to "man-in-the-middle" hacker attacks, according to the report.

The report said the camera also had a security vulnerability in the "mydlink services" web browser plug-in that allowed attackers to replace the legitimate firmware with their own backdoor version. While D-Link has "successfully fixed" that issue, according to the report, malicious malware replacement is still possible via vulnerabilities in the custom D-Link tunneling protocol.