Inside Security - November 27th, 2019

Inside Security (Nov 27th, 2019)

Subscribe | View in browser

1. Dell Technologies could be looking to sell its RSA cybersecurity business for at least $1 billion including debt, Bloomberg reports, citing sources familiar with the discussions. Dell acquired RSA when it bought RSA's parent company EMC for  $67 billion in 2016. With more than 30,000 customers, RSA provides digital risk management and cybersecurity products and sponsors the industry-leading RSA security conferences. -- BLOOMBERG

2. Four million credit card numbers stolen from four U.S. restaurant chains are up for sale on one of the cybercrime underground's largest bazaars. New York-based fraud intelligence firm Gemini Advisory said in an analysis supplied to security researcher Brian Krebs that the restaurant chains involved were Krystal, Moe's, McAlister's Deli, and Schlotzsky's. "Of the 1,750+ locations belonging to these restaurants, nearly 50% were breached and had customer payment card data exposed," the Gemini analysis stated. -- KREBS ON SECURITY

3. The Stantinko botnet operators are adding cryptomining capabilities to the computers under their control, according to ESET researchers. The botnet, which controls around a half-million computers, mainly targets users in Russia, Ukraine, Belarus, and Kazakhstan. It is using Mining Minero as its monetizing functionality to thwart analysis and avoid detection. Previously, the botnet operators focused on click fraud, ad injections, social network fraud, and password-stealing attacks. -- WE LIVE SECURITY

4. The Czech intelligence service (BIS) warned in a new report that the country is being targeted by Russia and China with cyberattacks and disinformation campaigns. The BIS report concluded that Russia was likely behind a cyberattack on the Czech foreign ministry's unclassified computer network and that China was likely the source of a malware attack on the same network. "The intelligence services of the Russian Federation and the People's Republic of China carry out the most active and most aggressive activities," said the BIS. "Russian and Chinese intelligence activities affected the sectors of politics, diplomacy, espionage, economy and information struggle" last year, it added. -- AFP

5. Palo Alto Networks has agreed to acquire cloud security startup Aporeto for $150 million in cash. San Jose, California-based Aporeto provides a zero-trust cloud security platform that uses a whitelist-based approach. So far, Aporeto has raised $34.5 million in venture capital funding from the likes of Norwest Venture Partners, Data Collective, Telia Ventures, National Grid Partners, Comcast Ventures, and Wing Venture Capital. The deal, which is expected to close in Palo Alto's fiscal second quarter, will boost its Prisma Cloud security suite of products. -- SILICON ANGLE

6. Two third-party software development kit (SDK) providers are being investigated by Twitter and Facebook for allegedly harvesting user data. Twitter said it had received a report about a data harvesting SDK made by OneAudience, a data analytics platform that collects data on app users to provide insights for app makers. Facebook also flagged the OneAudience SDK for its data harvesting activity, as well as an SDK provided by data monetization platform MobiBurn. Twitter informed Google and Apple so they could take action on their app stores, and Facebook removed the SDKs from its platform. OneAudience and MobiBurn denied wrongdoing, saying mobile app developers abused their SDKs to surreptitiously collect personal data. -- ZDNET

7. The Full(z) House cybercrime group is leveraging tactics used in its phishing campaigns to expand the lucrative credit card skimming effort, observed RiskIQ researchers. "By combining tactics, this group was playing with a full deck when it came to stealing financial data," RiskIQ's Yonathan Klijnsma observed. The group operates the BlueMagicStore that sells "fullz," a slang term that means full packages of personal information, and CardHouse that sells skimmed credit card data. The group has created a new skimming/phishing hybrid scheme that expands their potential attack victims, including stores that send customers to external payment processors. -- RISKIQ

8. The new Android banking trojan Ginp targetting Spanish banks can steal both login credentials and credit card data using code copied from the Anubis banking trojan, ThreatFabric researchers have found. By abusing the accessibility service, Ginp is able to perform overlay attacks and set itself as the default SMS app. The most recent version of the trojan includes a new endpoint related to downloading a module, possibly with new features and configurations. It is believed that the Ginp author is planning to expand attacks to additional regions. -- SECURITYWEEK

9. The number of e-commerce phishing websites accessed during the online shopping season has more than doubled since November 2018, according to recent analysis by Check Point. Cybercriminals use two primary methods for stealing payment information: lookalike domain names designed to impersonate well-known sites and phishing messages promoting discounts on popular products. Links to bogus websites are distributed via email, in the hopes of slipping through undetected amid the many legitimate discount offers. Check Point recommends that online shoppers verify that they are ordering from an authentic source, be careful around "special" offers, and watch for lookalike domains. -- CHECK POINT

10. The UK government is looking for bids from vendors to create a centralized cybersecurity log collection platform for the Ministry of Justice. The ministry wants the platform to provide log collection, aggregation, storage, analysis, and targeted forwarding capabilities. "The [MoJ] team lacks a single, centralized store of logs that can be queried to help correlate cross-system attacks and track adversarial actors' behaviors," the ministry explained. Bids are due Dec. 2, 2019. Vendors must be able to begin implementation Jan. 1, 2020, and take less than 12 weeks, with a possible 12-week extension. -- INFOSECURITY MAGAZINE

Fred Donovan is a professional writer, editor, and content specialist with decades of experience, most recently in the areas of information technology and cybersecurity. He has written for such publications as, FierceITSecurity, InfoSecurity Magazine, Report on Patient Privacy, TechGenix, and NetDefense. Fred has a B.A. from Harvard University in government and an M.S. in national security from Georgetown University.

Copyright © 2020, All rights reserved.

Our mailing address is:
767 Bryant St. #203
San Francisco, CA 94107

Did someone forward this email to you? Head over to to get your very own free subscription!

You received this email because you subscribed to Inside Security. Click here to unsubscribe from Inside Security list or manage your subscriptions.

Subscribe to Inside Security