Cybersecurity M&A Report, Vol. 4, No. 1: Five Deals Worth $1 Billion+ Each Recorded In Early 2020

Tracking F5 Networks, Raytheon, Palo Alto Networks, LexisNexis, Accenture, and NSO – John P. Mello Jr. Northport, N.Y. – April 6, 2020 Cybersecurity Ventures tracks M&A deal flow covering startups, emerging players, and the largest tech vendors. Read on for activity in the most recent quarter. March Mar. 31. Defiance Ventures, of Charlotte, N.C., a venture…

Fingerprint cloning: Myth or reality? PHONE, COMPUTER FINGERPRINT SCANNERS CAN BE DEFEATED WITH 3-D PRINTING

Fingerprint cloning: Myth or reality?

Phone, computer fingerprint scanners can be defeated with 3-D printing By Paul Rascagneres and Vitor Ventura. Executive summaryPasswords are the traditional authentication methods for computers and networks. But passwords can be stolen. Biometric authentication seems the perfect solution for that problem. There are several kinds of biometric authentication, including retina scanning, facial recognition and fingerprint…

Threat Analysis Unit (TAU) Threat Intelligence Notification: CoronaVirus Ransomware

“CoronaVirus” Ransomware has been found distributed via a phishing website. The malicious website will distribute a trojan downloader which then leads to downloading additional malicious payloads: the Kpot InfoStealer and Coronavirus Ransomware. “CoronaVirus” Ransomware will perform the deletion of volume shadow copies and overwrite the Master Boot Record (MBR) of the hard disk. It will…

TP-Link RE200 aka AC750: Unpack, repack, validate image by md5 hashing and upload YOUR OWN version!

This article demonstrates how “easy” may be build a potentially malicious firmware. This way should be valid for EVERY TP-Link firmware header version 1 (identified by the very first 4 bytes in the header, in little endian!) A TP-Link RE200 is a widespread cheap Range Extender.I love having root shell on my devices, so long story…

Users Have Risky Security Habits, but Security Pros Aren’t Much Better

Researchers spot gaps in users’ and IT practitioners’ security habits, and between security tools and user preferences. Cybersecurity professionals, and the employees and consumers they serve, all engage in risky security practices. Data shows password issues continue to plague users of all experience levels, two-factor authentication adoption is lagging, and mobile devices are introducing new…

EC-Council Announces Free Phishing-Protection Solution Amid The COVID-19 Outbreak

OhPhish Helps Remote Workers and Businesses Fight Phishing Attacks – From the Editors at Cybercrime Magazine ALBUQUERQUE, N.M., March 23, 2020 /ECCouncil.org/ As the novel coronavirus (COVID-19) pandemic progresses across the world, cybercriminals are taking advantage of the situation resulting in a spike of phishing scams on remote workforce and corporate systems. While working from…

Emotet Malware Rears Its Ugly Head Again

Enterprise VulnerabilitiesFrom DHS/US-CERT’s National Vulnerability Database CVE-2020-9327PUBLISHED: 2020-02-21 In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations. CVE-2020-9329PUBLISHED: 2020-02-21 Gogs through 0.11.91 allows attackers to violate the admin-specified repo-creation policy due to an internal/db/repo.go race condition. CVE-2020-7907PUBLISHED: 2020-02-21 In the JetBrains Scala plugin before…

OpenSMTPD Vulnerability (CVE-2020-8794) Can Lead to Root Privilege Escalation and Remote Code Execution

By Alexander Elkholy (Threats Analyst) A root privilege escalation and remote execution vulnerability (designated as CVE-2020-8794) has been discovered in the free and open-source Unix Daemon, OpenSMTPD. The flaw originates from an out-of-bounds read, which attackers can take advantage of to execute arbitrary code on vulnerable systems. What is the vulnerability about? Discovered by Qualys…

What’s The Difference Between An Incident And An Actual Loss Of Protected Data?

Information loss leads to devastating financial repercussions and brand reputation – Robert Johnson, III, President & CEO at Cimcor, Inc Chicago, Ill. – Feb. 20, 2020 Inadequate and ineffective technologies are often the culprit behind the failure of compliance mandates and initiatives for many organizations. Vulnerabilities can be a challenge for organizations to manage but…