David’s Take

Normally we cover both M&A and funding events of the past week in our Monday newsletter. But there is so much news that we are splitting the topic, today we’ll cover the mergers, tomorrow the funding news. Several years ago when I was in Israel I had the opportunity to meet Erel Margalit and was very impressed with the then-legislator. Since then he has returned to private life as a VC. Last week he gave one of the keynotes at the annual Cybertech conference in Tel Aviv where he called for the creation of a cyber-protection alliance modeled after NATO. He rightly claims that inter-country cooperation and collaboration on cyber matters isn’t sufficient and that countries need to be talking more. While many countries have their own computer response teams, we need to establish regional teams too. Borders aren’t relevant anymore when hackers can attack anyone anywhere. The Times of Israel interviewed him after his speech, and he has a lot of interesting things to say.  

--David Strom, editor of Inside Security

Top Story

Dutch banks experienced a major set of DDoS attacks last week targeting some of the nation’s largest institutions, including ABN, ING and Rabobank. The attacks succeeded in shutting down various networks and blocked customer access. The origins of the attacks weren’t clear. The websites for the Dutch Revenue Services and Dutch online signature systems went down for about ten minutes as part of this attack series. Central bank chief Klaas Knot said that "our own website is being attacked thousands of times per day. That is the reality in 2018," – CHANNEL NEWS ASIA
 

Beginner’s Corner

If you aren’t familiar with the wealth of command-line Windows tools that can help you understand how to navigate around the computer, figure out its vulnerabilities, and understand its connections, apps, and processes, this tutorial is a good place to start. The tutorial is more of a question-and-answer format, as shown in the screencap below. – SPLOITSPREN (Ryan McFarland)

Merger news of the week

Relx Group in the UK will acquire San Jose-based ThreatMetrix in a cash transaction of £580 million. The digital identity firm will become part of Relx's Risk & Business Analytics under the LexisNexis Risk Solutions division. ThreatMetrix’s Digital Identity Network analyzes more than 100 million transactions per day, covering 35,000 websites from 5,000 customers.

Lieberman Software has been acquired by Bomgar. With the acquisition, Bomgar will now offer a comprehensive Privileged Access Management platform that provides protection against the most pervasive and dangerous cyber threats. Terms were not disclosed.

Mavenir announced it has acquired Argyle Data, a machine learning security platform that delivers real-time anomaly detection and predictive analytics for mobile service providers and IoT networks. Pardeep Kohli is the CEO of Mavenir, based outside of Dallas. Terms were not disclosed.

Attacks and vulnerabilities

Yet another Flash vulnerability was found and will be patched this week that can affect Desktop. MS Edge and Chrome-based players. The flaw is being used sparsely (most notably by North Korean hackers who have crafted this malicious Excel file) and can allow attackers remote control. Versions 28.0.0.137 and earlier are at risk.  The vulnerability came to light last week when South Korea's CERT issued an advisory warning. -- ARS

Additional NSA “Eternal” exploits have been modified from their original Shadow Brokers release last spring so they now work across a wide range of Windows versions, going back to XP and Win2000. The new attack code has been incorporated into the Metasploit framework. The three exploits are EternalChampion, EternalRomance, and EternalSynergy. The trio can overwrite SMB connection sessions to gain admin access. As you probably know, Eternal Blue was at the heart of Petya and other attacks last year. – BLEEPING COMPUTER

Reports

A survey of the world’s countries and how they rank in terms of data privacy is illuminating. At the bottom are Russia, Singapore and Malaysia, not surprisingly since none of them have any constitutional privacy safeguards. All three have no laws to prevent interception of private communications, and no warrants are needed either.  At the top of the list are Canada, Romania and Hungary, which have these protections and then some. – BESTVPN

This 30-minute video presentation is of Jordan Rabet, who does browser security for Microsoft. He shows how Chrome’s sandbox technology works and how it can be circumvented for remote code execution. He gave the presentation at a very rapid clip at a recent “BlueHat” security conference. -- YOUTUBE

Also from the same conference, here is a deep dive into the DCShadow attack that leverage Active Directory flaws. It allows an attacker having the appropriate rights to create a rogue domain controller able to replicate malicious objects into an AD store. – ALSID BLOG

The Docket

Australia has new regulations for data breach disclosures that go into effect at the end of the month. Civil penalties for not compiling can be more than AU$1M for corporations. The government’s website linked above has lots of specifics, and companies have had the past year to prepare for these new rules to take effect.

Just for fun

The real story about that Hawaii air raid false alert. -- XKCD