19-05-202021-05-2020

Security daily (20-05-2020)

Forescout alleges private equity buyer 'concocted' reasons to avoid a deal as pandemic intensified

If Advent International still intends to acquire the security vendor Forescout, then the companies’ relationship is getting off to an awkward start. Forescout said Wednesday it had filed a complaint against Advent, a Boston-based private equity firm, for allegedly violating the terms of the acquisition. Advent announced in February it would acquire Forescout for roughly $1.9 billion, only to say on Monday it would not complete the deal by the May 18 deadline. The delay coincides with the ongoing coronavirus pandemic, and a significant increase in the number of deals between security vendors and private equity firms in recent years. Advent blamed a “material adverse effect” for the holdup, a claim that Forescout is disputing. “We have satisfied all conditions to closing under our merger agreement, and a material adverse effect has not occurred,” Theresia Gouw, chair of the Forescout board of directors, said in a statement Wednesday. “The only […] The post Forescout alleges private equity buyer 'concocted' reasons to avoid a deal as pandemic intensified appeared first on CyberScoop. (CyberScoop)

Japan investigates Mitsubishi Electric breach amid national security concerns

Japan is investigating a possible breach of sensitive defense contracting data following a cyberattack last year on electronics giant Mitsubishi Electric, officials said Wednesday. Data likely stolen in the hack, which Mitsubishi disclosed earlier this year, included specifications of hypersonic missile prototypes that Japan is developing, according to a report in Asahi Shimbun, a Japanese newspaper. The Ministry of Defense had sent the specifications to multiple companies, including Mitsubishi, interested in bidding on the missile contract, the report said. Japanese officials have said the high-velocity missile could be used to protect islands in the East China Sea that are the subject of an ongoing territorial dispute between Japan and China. At a press conference Wednesday, government spokesperson Yoshihide Suga confirmed that Japan’s Ministry of Defense was examining the incident’s impact on national security, but declined to give further details. Mitsubishi said in a statement that it reported the breach to the […] The post Japan investigates Mitsubishi Electric breach amid national security concerns appeared first on CyberScoop. (CyberScoop)

Home Chef food delivery service confirms breach, two weeks after stolen data went for sale

Customers who used the Home Chef delivery service won’t be the first to know their data was stolen and put up for sale. Nearly two weeks after security researchers said they found usernames and passwords belonging to Home Chef users for sale, the Chicago-based company said a security incident has resulted in the compromise of information about an undisclosed number of its customers. The announcement confirms prior claims from a hacking group, known only at Shiny Hunters, which alleged it had breached a number of seemingly random companies, then posted the stolen data for sale on forums frequented by cybercriminals. “We recently learned of a data security incident impacting select customer information, including names and emails, as well as limited customer account information and encrypted passwords,” the company said in a statement. “We are taking action to investigate this situation and to strengthen our information security defenses to prevent similar incidents […] The post Home Chef food delivery service confirms breach, two weeks after stolen data went for sale appeared first on CyberScoop. (CyberScoop)

Beware of emails with “horrible charts” about Covid-19

These charts aren't "horrible" because of their coronavirus data - they're horrible because they could let criminals conquer your computer. (Naked Security)

Office 365 exposed some internal search results to other companies

It’s not clear how many accounts were involved, but Microsoft is said to have made URLs and metadata available so admins can investigate. (Naked Security)

FBI finally unlock shooter’s iPhones, Apple berated for not helping

The FBI's Apple problem. (Naked Security)

Bypass Antivirus Software by Obfuscating Your Payloads with Graffiti

It's exciting to get that reverse shell or execute a payload, but sometimes these things don't work as expected when there are certain defenses in play. One way to get around that issue is by obfuscating the payload, and encoding it using different techniques will usually bring varying degrees of success. Graffiti can make that happen.

Graffiti is a tool that can generate obfuscated payloads using a variety of different encoding techniques. It offers an array of one-liners and shells in languages such as Python, Perl, PHP, Batch, PowerShell, and Bash. Payloads can be encoded using base64, hex... more (Null Byte « WonderHowTo)

This $1,300 Ethical Hacking Bundle Is on Sale for $40 Today

There are countless ways in which you can turn your love of tech and coding into a full-fledged career — from developing apps and websites as a freelancer to working in the IT departments of small startups or major tech companies. But one of the best ways that you can put your programming skills to good use is to join the increasingly important world of cybersecurity.

As an unprecedented amount of information is being transferred and shared digitally across the globe, hackers and foreign governments are taking advantage of vulnerabilities that can bring down everything from corporate servers... more (Null Byte « WonderHowTo)

NSO Group Impersonated Facebook To Help Clients Hack Targets

(News ≈ Packet Storm)

Security Flaws Found In NHS COVID-19 Contact Tracing App

(News ≈ Packet Storm)

Rogue ADT Tech Spied On Hundreds Of Customers Via CCTV

(News ≈ Packet Storm)

Signal To Move Away From Using Phone Numbers As User IDs

(News ≈ Packet Storm)

Steam Phishing Campaign Uses CS:GO Skin Gambling Lure

Attackers regularly target online gaming accounts as they can quickly sell any transferable items along with account logins to a third party. This scenario has cropped up for years now, and has affected a growing number of popular online games ranging from Runescape to Fortnite. These games run on their own clients — so stealing logins will only give the attacker access to that specific game (sometimes a few others). To gain broader access, attackers are choosing to target digital distribution clients like Steam or Origin. Continue reading Steam Phishing Campaign Uses CS:GO Skin Gambling Lure at Sucuri Blog. (Sucuri Blog)

[Guide] Finding Best Security Outsourcing Alternative for Your Organization

As cyberattacks continue to proliferate in volume and increase in sophistication, many organizations acknowledge that some part of their breach protection must be outsourced, introducing a million-dollar question of what type of service to choose form.

Today, Cynet releases the Security Outsourcing Guide (download here), providing IT Security executives with clear and actionable guidance on (The Hacker News)

New DNS Vulnerability Lets Attackers Launch Large-Scale DDoS Attacks

Israeli cybersecurity researchers have disclosed details about a new flaw impacting DNS protocol that can be exploited to launch amplified, large-scale distributed denial-of-service (DDoS) attacks to takedown targeted websites.

Called NXNSAttack, the flaw hinges on the DNS delegation mechanism to force DNS resolvers to generate more DNS queries to authoritative servers of attacker's choice, (The Hacker News)

Ukrainian Police Arrest Hacker Who Tried Selling Billions of Stolen Records

The Ukrainian police have arrested a hacker who made headlines in January last year by posting a massive database containing some 773 million stolen email addresses and 21 million unique plaintext passwords for sale on various underground hacking forums.

In an official statement released on Tuesday, the Security Service of Ukraine (SBU) said it identified the hacker behind the pseudonym "Sanix (The Hacker News)

NetWalker Ransomware Gang Hunts for Top-Notch Affiliates

The operators behind the Toll Group attack are taking applications for technically advanced partners. (Threatpost)

Fraudulent Unemployment, COVID-19 Relief Claims Earn BEC Gang Millions

The business email compromise (BEC) gang Scattered Canary has filed more than 200 fraudulent claims for unemployment benefits and for COVID-19 relief funds. (Threatpost)

Verizon DBIR: Web App Attacks and Security Errors Surge

Threatpost talks to Verizon DBIR co-author Gabriel Bassett about the top takeaways from this year's Data Breach Investigations Report. (Threatpost)

Alleged Hacker Behind Massive ‘Collection 1’ Data Dump Arrested

The threat actor known as ‘Sanix’ had terabytes of stolen credentials at his residence, authorities said. (Threatpost)

19-05-202021-05-2020

/security-daily/ 21-05-2020 23:44:22