STE WILLIAMS

Facebook has been accused of lying to a US court in its ongoing legal battle against government malware maker NSO Group.

A series of filings from NSO lawyers lay out the Israeli security company’s reasoning for its no-show in court on 2 March, including the accusation that Facebook never properly served its lawyers with legal papers, despite telling the court that it had.

The accusations were made in court documents [PDF] in which NSO has asked the court to vacate the earlier default judgement entered at the start of last week after the security shop’s lawyers failed to turn up at the California US District Court. NSO’s legal team now say the Israeli government had told Zuck Co’s lawyers that they had made a mistake with the necessary documents.

“Friday’s filing was necessary because Facebook lied to the court in its February 27 application for default, saying that service was complete under the treaty governing international service of judicial documents known as the Hague Convention,” NSO said of its request.

WhatsApp slaps app hacker chaps on the rack for booby-trapped chat: NSO Group accused of illegal hacking by Facebook

READ MORE

“In fact, Facebook and its lawyers had been told two days earlier (February 25) by the Government of Israel that service under the Hague Convention was not complete — a fact Facebook concealed from the court. Facebook’s underhanded tactics deceived the court into entering an improper default, and created a false narrative in the news media that unfairly described NSO Group as unresponsive to the case.”

In addition to throwing out the default judgement, NSO is asking the court to give it additional time (another 120 days) to respond to the suit.

Facebook did not respond to a request for comment on the accusations.

The Social Network is suing NSO Group over accusations the security company had helped governments hack a number of accounts and devices on Facebook’s WhatsApp messaging platform.

Facebook has alleged that NSO aided its government customers in hacking some 1,400 accounts including those of journalists and activists. Facebook claims NSO developed and equipped the customers with exploits for a remote code execution flaw in WhatsApp that was then used to put surveillance software on the targets’ mobile devices. ®

Sponsored:
Quit your addiction to storage

Article source: https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/03/09/nso_facebook_lied/

In the long term, Panda Security’s technologies will be integrated into the WatchGuard platform.

WatchGuard Technologies, a global provider of network security, Wi-Fi security, and multifactor authentication, today confirmed plans to acquire endpoint security provider Panda Security for an undisclosed amount. The deal is expected to close in the second quarter of this year.

Panda Security, founded in 1990 and headquartered in Bilbao, Spain, has spent the past 30 years developing endpoint detection and response (EDR) technologies. It recently launched a new threat hunting service available to direct enterprise customers and MSSPs selling its services.

Following the acquisition, WatchGuard plans to add Panda Security’s technology to its portfolio and offer a broader security platform that spans the network and user perimeter. In the short term, Panda Security’s EDR, threat hunting, endpoint antivirus, email security, and other tools will be made available to WatchGuard’s customer base through a vendor and their IT solution provider. In the long term, the solutions will be integrated into WatchGuard’s platform.

Today’s businesses prioritize investment in network security, endpoint protection, multifactor authentication, secure networking, and threat detection and response, said WatchGuard CEO Prakash Panjwani in a statement. This acquisition will “enable our current and future customers and partners to consolidate their fundamental security services under a single brand.”

Read more details here.  

Check out The Edge, Dark Reading’s new section for features, threat data, and in-depth perspectives. Today’s featured story: “Out at Sea, With No Way to Navigate: Admiral James Stavridis Talks Cybersecurity.”

Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Article source: https://www.darkreading.com/perimeter/watchguard-buys-panda-security-for-endpoint-security-tech/d/d-id/1337264?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

A new malware campaign that offers a “coronavirus map” delivers a well-known data-stealer.

Criminals are leveraging the Covid-19 epidemic to spread malware through a “Coronavirus Map” app that provides no useful information to victims but may provide the victims’ user names, passwords, credit card numbers, and other sensitive information to the attacker.

The new campaign, described in a blog post by researchers at Reason Labs, uses a strain of malware called AZORult. AZORult is a data-stealer first recognized in 2016.

In addition to scraping data out of victims’ Web browsers and applications, AZORult acts as a downloader, bringing additional malware onto an infected system. AZORult is commonly sold in online malware markets in Russia, and is one of the more commonly sold data-stealers in those forums.

For more, read here.

Check out The Edge, Dark Reading’s new section for features, threat data, and in-depth perspectives. Today’s featured story: “Out at Sea, With No Way to Navigate: Admiral James Stavridis Talks Cybersecurity.”

Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Article source: https://www.darkreading.com/attacks-breaches/malware-campaign-feeds-on-coronavirus-fears/d/d-id/1337265?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Today’s defenses must be creative in both isolating threats and segmenting environments to prevent attacks. Here’s why.

As more applications move to the cloud and hybrid cloud environments, so too do the threats and bad actors that permeate today’s businesses. Today, defending against such threats is only half the battle, and preventing against the vulnerabilities — specifically, complex chains of simple vulnerabilities — that we cannot see will separate thriving businesses from their counterparts. Organizations will be forced to either evolve their mentality — or lose out to evolving threats.  

Let’s begin with how cloud computing placed new pressures on the firewall. The firewall, like many businesses of the late 21st century, has had to evolve as cloud environments became the norm.

Originally introduced in the late ’80s, the first network firewalls were developed to protect private networks by securing gateway servers to external networks like the Internet. Generally speaking, firewalls were designed to block or allow “north/south” traffic according to rules that had been set up to define what was permissible and what’s not, thereby defining the “perimeter” for the enterprise. To this day, firewalls still continue to excel at solving this specific problem where it exists.

But cloud computing introduced a new wave of complex cloud and hybrid environments that changed what the “perimeter” looks like, causing the firewall to evolve. We have seen the introduction of virtual firewalls, intended for the public cloud, that provide some visibility around where connections come from or where they are going. However, that is only a minor evolution, and still relies upon a traditional way of thinking about the world at its core.

Enter the Agile Cloud
Today, the same evolution is needed in cybersecurity defense-in-depth. Strong perimeter defenses are still foundational but now are complemented with an “assume breach” mentality. This is a mere acknowledgment of what we know — a security incident will happen thanks to an employee clicking on a phishing link, a misconfiguration exposing a container to the Internet, or stolen credentials. Practically, we will evolve defense-in-depth to complement perimeter defenses with zero-trust dynamic and adaptive controls. This will ensure small security incidents remain just that by stopping unauthorized access to networks and applications or malicious lateral movement in data centers and clouds. 

This breach mentality is founded on a risk-based view of protecting your highest-value assets. This means focusing on bolstering your perimeter defenses as much as defenses that detain attackers who get inside. They will get in eventually; however, with the right approach, damage can be minimal.

Obviously, the assume breach mentality builds upon the single objective of your traditional firewall — keeping the bad guys out. But in 2020, new entry points will continue to emerge, bad actors will continue to implement more creative attacks, and threats will continue to evolve. Evolving defenses must be both creative in isolating those threats as well as in segmenting environments to prevent attacks to exterior defenses.

Planning for the Inevitable
Start by turning your focus on investing in your cyber resiliency. Cyber resiliency is your company’s ability to withstand a cyberattack and continue operations. It requires organizations to assume a breach will happen and also plan for what happens next. History shows that it’s not a question of if but when a breach will happen, so organizations need to invest to protect their most important, valuable data and prepare to withstand attacks.

The best and most effective security strategy for enterprises is what has been coined zero trust, a strategy by which organizations don’t trust anything inside or outside the network perimeters and instead verify anything and everything that’s trying to connect to the network before giving it access. Zero trust has become a model for effective security by localizing and isolating threats through microsegmentation technology that applies policies to individual workloads for greater attack resistance.

I like to use a submarine analogy when it comes to microsegmentation: Picture two submarines — one built with bulkheads or walls that create airtight compartments connected to a solid hull, and the other just a hull with no walls segmenting the interior. Both submarines have been breached and water is pouring in, but when the first submarine starts leaking, you quickly seal the compartment with the leak to contain it, and although that specific compartment floods, the rest of the ship stays safe and dry.

Unlike the firewall, this is an architecture that is built specifically for breaches. It is designed both for the intruders, and forthe “assume breach” thinkers. Although unconventional, if we learned anything in 2019, it’s that attackers are continuing to innovate, so our technology and our defense systems must do the same. In 2020, we can already assume that attacks will be plentiful and breaches will be many. But just because attackers get in doesn’t mean they need to get what they’re looking for.

Related Content:

• 10 Tips for Building Compliance by Design into Cloud Architecture
• Ensure Your Cloud Security Is as Modern as Your Business
• Solving the Cloud Data Security Conundrum
• How Enterprises Are Attacking the Cybersecurity Problem
• Online Malware and Threats: A Profile of Today’s Security Posture

 

Check out The Edge, Dark Reading’s new section for features, threat data, and in-depth perspectives. Today’s featured story: “The Perfect Travel Security Policy for a Globe-Trotting Laptop.”

As chief technology officer and founder, PJ is responsible for Illumio’s technology vision and platform architecture. PJ has 20 years of experience in engineering, with a focus on addressing the complexities of data centers. Prior to Illumio, PJ was CTO at Cymtec. He also … View Full Bio

Article source: https://www.darkreading.com/cloud/cyber-resiliency-cloud-and-the-evolving-role-of-the-firewall/a/d-id/1337206?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Cybercriminals compromise 0.5% of all Microsoft enterprise accounts every month because too few customers are using multi-factor authentication (MFA), the company has revealed.

In a presentation uploaded to YouTube from the recent RSA Security Conference, director of Identity Security Alex Weinert said 1.2 million accounts were compromised in January 2020 alone.

Of those compromised accounts, 99.9% were not using MFA.

Accounts lacking MFA had two characteristics: the use of legacy protocols and a tendency by users to reuse passwords.

The problem with legacy protocols – POP, SMTP, IMAP, and XML-Auth – is that they don’t offer a mechanism to include an MFA challenge or device verification, which made passwords a single point of failure.

During January, about 40% (480,000) of the compromised accounts had fallen foul to some pretty simple password spraying where attackers try to login to large numbers of accounts using a small collection of statistically likely passwords.

According to Weinert, 99% of password spray attacks targeted legacy protocols. Although only 0.5% of accounts were compromised each month, the probability of this happening rose to 7.2% for SMTP, and 4.3 for IMAP.

The second problem was password re-use, which allowed attackers to reuse credentials stolen from one site on multiple sites in the hope of finding a match, the so-called replay attack. Weinert said:

Don’t be confused. People do re-use their enterprise accounts in non-enterprise environments.

The solution to these problems should be turning off legacy protocols and mandating MFA in its place. And yet when the decision was made to turn off legacy protocol support within Microsoft in 2018, the company’s helpdesk was flooded with calls in the middle of the night as the sales platform went down.

The culprit? An old telesales application tied to a single account using legacy authentication.

Coincidentally, the following month, Microsoft’s MFA for Office 365 and Azure Active Directory went down twice in a week, leaving many customers around the world using unable to log on.

It’s an anecdote that explains the size of the problem – even Microsoft is struggling to wean itself from the past.

What to do

There are three simple steps to securing any online account:

Pick strong passwords. Watch our video to find out how to come up with a brute:

(No video? Watch on YouTube. No audio? Click on the [CC] icon for subtitles.)

Turn on 2FA or MFA. If a website gives you the option of using two-factor authentication (2FA or MFA), take them up on it. Here’s an informative podcast that tells you all about 2FA, if you’d like to learn more:

LISTEN NOW

(Audio player above not working? Download MP3 or listen on Soundcloud.)

Use a password manager. We know they’re not perfect, but we still highly recommend using one: they can generate strong, unique passwords for each site, and the store and auto-fill them so you have no excuse to re-use any password.

---

Latest podcast – special episode

LISTEN NOW

Click-and-drag on the soundwaves below to skip to any point in the podcast. You can also listen directly on Soundcloud.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/ZcoF_Qe_eWo/

The US government is tightening its rules around the registration of government web domains to stop fraudsters impersonating government sites, it emerged last week.

The Federal government’s General Service Administration (GSA) is responsible for the DotGov program, which handles registration of .gov domains. From tomorrow, 10 March 2020, the organisation will ask people to provide a notarized letter when applying for .gov domains.

A .gov domain is only supposed to be operated by US government entities, meaning that, in the GSA’s words, “it’s official”. If you go to a .gov site you should be able to trust it. For that reason, it has existing authentication measures in place. It requires an authorisation letter on the applying organisation’s official letterhead, with a signature from a person with sufficient authority there. The letter must include administration, billing, and technical contacts. A security contact is “recommended practice”, it says. Applicants must email or fax the authorisation letter to the GSA.

The problem, according to a Brian Krebs report last November, is that the registration process was too lax. A researcher told Krebs that he got a .gov domain by emailing an online form using a letterhead from a small American town’s homepage and impersonating its mayor. He did it with a throwaway Gmail and Google Voice account, and the GSA swallowed it, registering the .gov site for him.

A phony .gov domain is a potential phishing and malware-delivery goldmine for online criminals who might use them to impersonate entities at all three levels of government.

The GSA said:

Effective on March 10, 2020, the DotGov Program will begin requiring notarized signatures on all authorization letters when submitting a request for a new .gov domain.

This is a necessary security enhancement to prevent mail and wire fraud through signature forgery in obtaining a .gov domain.

This step will help maintain the integrity of .gov and ensure that .gov domains continue to be issued only to official U.S. government organizations.

This isn’t the only step the GSA has taken to tighten its security. In July 2019 it also introduced notification emails for changes made to DNS records for .gov domains to avoid DNS hijacking attacks.

The DOTGOV Online Trust in Government Act of 2019, introduced in October, would transfer management of the whole TLD to the Cybersecurity and Infrastructure Security Agency, which is part of the Department of Homeland Security.

---

Latest podcast – special episode

LISTEN NOW

Click-and-drag on the soundwaves below to skip to any point in the podcast. You can also listen directly on Soundcloud.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/vs7qfNMsOlM/

Microsoft has finally clarified how users can fix a Windows security measure that has been causing hardware problems: turn it off. The advice, issued last week, should bring relief to many users of Memory Integrity, a feature designed to protect Windows computers from badly behaved drivers.

Memory Integrity is a feature inside a broader set of protections called Core Isolation. It uses hardware virtualisation to protect sensitive processes from infection. These features are a subset of virtualisation-based security features that Microsoft has offered to enterprise users since Windows 10 shipped. It rolled out Core Isolation and Memory Integrity to all Windows editions in 2018.

Memory Integrity (also called hypervisor-protected code Integrity or HVCI), uses Microsoft’s Hyper-V hypervisor to virtualise the hardware running some Windows kernel-model processes, protecting them against the injection of malicious code.

One use case for Memory Integrity is to protect Windows from user-mode drivers and applications that misbehave, perhaps due to an exploited security flaw. Hardware drivers are pieces of software developed by the hardware vendors that enable devices to work with Windows. Even legitimate drivers can have bugs. An attacker could use those bugs to gain privileged access to the system. Memory Integrity walls off sensitive kernel processes from that software.

When Microsoft first shipped this feature as an upgrade, you had to enable it. In fresh installations of Windows, it was turned on by default.

This virtualisation-powered technology is great at protecting your system, but it isn’t without its drawbacks. Users have complained that they’re not compatible with different brands and builds of PCs, and that they don’t work with peripherals, including Microsoft’s own webcams.

Microsoft said early on that Memory Integrity might cause compatibility problems, and even silently switches it off when it gets in the way of boot-critical drivers. However, in some cases, users must take action themselves.

In a 5 March 2020 support bulletin, Microsoft addresses a specific error that Memory Integrity can trigger. If your computer tells you “A driver can’t load on this device”, then check this out.

The bulletin says:

You are receiving this message because the Memory integrity setting in Windows Security is preventing a driver from loading on your device.

And it advises you to get it sorted, quickly:

If you choose to continue using your device without addressing the driver problem, you might discover that the functionality the driver supports does not work any longer, which could have consequences ranging from negligible to severe.

But how? Here’s where the advice isn’t especially stellar. It tells you to look for an updated driver from the vendor, which will hopefully fix the problem. If not, then your best technical support option is to, um, turn Memory Integrity off.

The bulletin comes with clear instructions on how to do that:

1. Open the Core isolation page by selecting Start   Settings   Update Security   Windows Security   Device Security and then under Core isolation, selecting Core isolation details.
2. Turn the Memory integrity setting Off if it isn’t already. Restart your computer.

Being able to turn off Memory Integrity isn’t a new feature. Microsoft is just reminding you that it’s there. You should always keep all your drivers up to date to avoid any potential performance or security problems. This is a last resort to deal with any vendors that haven’t made their devices compatible with the security feature yet.

---

Latest podcast – special episode

LISTEN NOW

Click-and-drag on the soundwaves below to skip to any point in the podcast. You can also listen directly on Soundcloud.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/9a1P4D3aFeo/

How long do Android smartphones and tablets continue to receive security updates after they’re purchased?

The slightly shocking answer is barely two years, and that’s assuming you bought the handset when it was first released. Even Google’s own Pixel devices max out at three years.

Many millions of users hang on to their Android devices for much longer, which raises questions about their ongoing security as the number of serious vulnerabilities continues to grow.

Add up all the Android handsets no longer being updated and you get big numbers – according to Google’s developer dashboard last May, almost 40% of Android users still use handsets running versions 5.0 to version 7.0, which haven’t been updated for between one and four years. One in ten run something even older than that, equivalent to one billion devices.

The point is brought home by new testing from consumer group Which?, discovering that it was possible to infect popular older handsets mainly running Android 7.0 – the Motorola X, Samsung Galaxy A5, Sony Xperia Z2, Google Nexus 5 (LG), and the Samsung Galaxy S6 – with mobile malware.

All of the above were vulnerable to a recently discovered Bluetooth flaw known as BlueFrag, and to the Joker strain of malware from 2017. The older the device, the more easily it could be infected – Sony’s Xperia Z2, running Android 4.4.2, was vulnerable to the StageFright flaw from 2015.

Google recently had to remove 1,700 apps containing Joker (aka Bread) from its Play Store, only the latest in an increasingly desperate rearguard action against malware being hosted under its nose.

It’s not simply that these devices aren’t getting security fixes but older models also miss out on a bundle of security and privacy enhancements that Google has added to versions 9 and 10.

Kate Bevan, Which? Computing editor (and formerly of Naked Security), said:

It’s very concerning that expensive Android devices have such a short shelf life before they lose security support – leaving millions of users at risk of serious consequences if they fall victim to hackers.

Bevan raised the interesting point that the idea that a device might only get updates for two years will come as news to most Android users:

Google and phone manufacturers need to be upfront about security updates, with clear information about how long they will last and what customers should do when they run out.

Google has issued the same response to several media outlets in response to the report:

We’re dedicated to improving security for Android devices every day.

We provide security updates with bug fixes and other protections every month, and continually work with hardware and carrier partners to ensure that Android users have a fast, safe experience with their devices.

In truth, users are being squeezed between two forces. On the one hand, Google is determined to drive the evolution of Android for competitive reasons, releasing a new version every year.

On the other are manufacturers, eager to keep people upgrading to new models on the pretext that the older ones won’t run these updated versions (which is not always true).

Security sits somewhere between the two, and despite attempted reforms by Google in recent years to make security fixes happen on a monthly cycle, the reality is some way from that ideal.

Eventually, there comes a time to discard an old device, but for most users that will be longer than two years.

To ram home the point about flaws, the March 2020 Android security bulletin patched a MediaTek flaw, CVE-2020-0069, which has being actively exploited in the wild for several months.

And yet MediaTek thinks it had a fix for the flaw last May, but device makers didn’t apply it. Even now that it’s namechecked in Google’s update, it could take months to percolate through to devices because updates happen so slowly. And this is a flaw known to be exploited in the wild.

Android users can check their Android version and get security updates by following this advice from Google.

---

Latest podcast – special episode

LISTEN NOW

Click-and-drag on the soundwaves below to skip to any point in the podcast. You can also listen directly on Soundcloud.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/bcRoNnySlEA/

Interview “I don’t want to have a job any more,” said Check Point’s Dan Wiley, sitting in a fashionably nondescript London coffee shop. “I don’t want to have to do my job. It means that we failed.”

Far from being depressed, Wiley was expressing the forlorn hope that infosec as a field would be less dominated by malicious persons trying to make a fast buck by scamming honest folk and businesses out of their hard-earned money.

As Check Point’s incident response head honcho, Wiley has full visibility into what the infosec company’s operations involve. Increasingly, he said, it’s turning into staving off more of the same attacks against Check Point’s customers.

“Same attacks as 2019,” he said, referring to what he’s seen so far this year, “but the volume and the aggressiveness is increasing. Ransomware is still a very hot topic. BEC [business email compromise], equally hot, plus Office 365. Breaches of remote-access solutions. Citrix, RDP, Cisco VPN, Fortinet VPN, all of the remote-access systems are being fairly aggressively targeted.”

If the list of attack types and vectors sounds familiar, that’s because it is. Far from the olden days when script kiddies would pwn an unsecured server just to digitally graffiti over it, today’s crooks are out for one thing only: money. As Wiley told The Register, the range of attack types is decreasing while the number of attacks themselves is up.

I feel like Moses a little bit or Noah. ‘Yeah, the flood’s coming. Oh we’re in the flood, people!’

Check Point handled 2,000 incidents last year and based on January and February’s attack volumes, the incident response director expects that to double.

“Especially,” he said, “here in Europe for SMEs, it’s very clear that management has not invested in security and is hedging their bets, playing the odds or whatever term you want to use, on not getting breached. The reality is they will get breached. They’re not investing in the controls or systems or capabilities to be able to defend themselves.”

A senior exec at a security company that is stoking security fears to sell more security, who’s have thunk it. But he has a point.

Speaking of non-infosec-clued-up SMEs in general, Wiley elaborated: “They didn’t have security controls, couldn’t see the attack, didn’t know how to to respond. The vast majority fall into that camp over and over.”

What does he think about the most common attack vector of all? When El Reg asked him this, we didn’t quite expect the response.

“Email’s been around for 50 years,” he said, cheerfully cursing as he continued: “But it’s been around 50 years and we’re talking about the same attack vectors: phishing; malware; manipulations; and all other delivery mechanisms. Email makes it so easy to deliver. And we still haven’t dealt with it.”

Don’t click on shit

Surely he has some advice on how to get around the ancient problems email poses to security? Wiley reckons he does: “Don’t trust one vendor’s security controls. Start with that. Especially if you’re using Office 365. Turning on Office 365 and turning on E3 or E5 security, that’s not enough. You really need at least one or two different vendors to protect against the entire security landscape and we [vendors] have different approaches.”

How many vendors should a discerning, security-conscious business have on board? “When you have three vendors that provide security into Office 365,” opined Wiley, “you have a good fighting chance.”

Talking of bolstering your chances against the bad guys, what about cyber insurance? At this Wiley sat back and started relating a lightly fictionalised scenario:

“A firm buys cyber insurance and pays its premiums. One day they get ransomware. All systems encrypted. Let’s say they don’t have a backup. They call their insurance company. They say, how much to restore all your systems? Customer says 100 man years. Insurance company says how much is the ransom? They go $1m. Insurance company contacts a third-party provider that negotiates a rate, gets a discount: helluva lot cheaper to pay the ransom than restore, let’s just pay the ransom. They pay. Restore all their access, everybody’s happy. Insurance company met their obligation, the customer is back up and running. Incident over. Three months later it happens again.”

In Wiley’s view, not only should the paying of ransoms be outlawed to prevent exactly this scenario from occurring, but a lot more data also needs gathering so the insurance industry can start making realistic actuarial tables to help avoid situations like this from arising.

While this isn’t directly relevant to the kind of thing that makes panicky firms pick up the phone and call him, Wiley takes a wider view of the industry and the problems facing it. As plenty of others have told El Reg lately, until the underlying business models that power ransomware in particular are disrupted for good, there’s no end in sight any time soon. ®

Sponsored:
Quit your addiction to storage

Article source: https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/03/09/check_point_interview/

Roundup It’s that time again – the week’s security news in digestible chunks beyond what we’ve already covered. Let’s get into it.

NSO no-show in Facebook suit

The Social Network chalked up an easy win this week when a US court issued a default notice in its favor against Israeli spyware builder NSO group. This is after NSO and its lawyers failed to show at a California court for an early hearing in the case.

Facebook filed suit back in 2019, alleging NSO developed code for exploits in acquired crypto chat app WhatsApp. The default means that Facebook is one step closer to winning the case and collecting a hefty damages bill.

BoatsGroup springs a data leak

Leak hunter Bob Diachenko has dropped word of a breach affecting BoatsGroup, a recreational boat and yacht news publisher and advertising company. According to Diachenko, one million or so emails. The leak has since been plugged.

BoatsGroup (Boat Trader, YachtWorld, boats-com, Cosas De Barcos, YachtCloser) was quick in addressing database configuration issue that exposed almost 1M records from “Contact Us” pages of their sites: emails, phones, names and customers requests (some of which are very personal) pic.twitter.com/4eW8cc21VJ

— Bob Diachenko (@MayhemDayOne) March 3, 2020

Broadcom/Symantec tie-up hits turbulence

It seems the integration of the Norton LifeLock company formerly known as Symantec into its buyer Broadcom is not going particularly well.

Reports from admins in Europe are that a number of companies are having problems with licensing renewals.

Part of the problem, it is reported, stems from a shortage of staff after some Symantec employees in Europe were laid off during the merger. If you’re a user or an employee affected by these issues, please get in touch with us here.

Zoho patches RCE flaw

Admins running Zoho MangeEngine will want to make sure they have the latest version of its Desktop Central software.

Zoho announced it had patched a remote code execution vulnerability that was exploitable without authentication.

Though the bug has been mitigated by a temporary patch since January and version 10.0.474, admins will want to make sure they are running Desktop Central versions 10.0.479 to get the permanent fix.

WatchGuard Technologies to gobble Panda

Spanish antivirus and endpoint protection firm Panda Security has entered into a deal to be acquired by network security and authentication outfit WatchGuard Technologies, which sells into resellers and ISPs, among other clients. The value of the deal wasn’t made public but it is expected to close in Q2 2020. Panda is the Seattle, Washington firm’s seventh acquisition, and its second outside of the US after it snapped up Canadian web security folk BorderWare in 2009.

J Crew dressed down over data leak

High-end menswear company J Crew has found [PDF] a number of customer accounts being accessed by unauthorized parties. The attacker would have access to shipping information (i.e. home address) and partial credit card numbers.

From the sound of things, this was a credential-stuffing attack where a fraudster obtained leaked usernames and passwords from another site and then found accounts at J Crew that had reused those credentials.

“Through routine and proactive web scanning, we recently discovered information related to your jcrew.com account,” customers are being told.

“Based on our review, we believe your email address (used as your jcrew.com username) and password were obtained by an unauthorized party and in or around April 2019 used to log into your jcrew.com account.”

Anyone who gets a letter from the company will have already had their accounts frozen and will need to contact J Crew to reset their password. ®

Sponsored:
Quit your addiction to storage

Article source: https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/03/09/roundup_march6_2020/