Tag Archives: after

Dell confirms a possible VMware spinoff

After weeks of speculation, Dell Technologies confirmed reports that it is exploring a potential spinoff of VMware next year. Company officials said if it does so, it will continue to have a strategic relationship with VMware.

Hoping to assure VMware users, Dell chairman and CEO Michael Dell said in a prepared statement that “the strategic relationship between Dell Technologies and VMware has never been stronger.” He added that despite the options being explored, the two companies will accelerate their current strategies, including jointly creating a number of integrated products.

Dell gained an 80% stake in VMware when it acquired EMC in 2015. EMC acquired VMware in 2004.

Possible Dell-VMware spinoff at least a year off

Dell also confirmed what analysts have said over the past few weeks: that any spinoff would not happen until September of 2021 so the company can sidestep the heavy federal taxes associated with the deal.

Dell said if it decides to follow through on a spinoff, it will agree to specific terms and conditions under the auspices of a special committee made up of the Board of Directors of VMware and Dell. Dell said it would also negotiate the payment of a special cash dividend by VMware to be paid on a pro rata basis to all VMware shareholders.

With its commanding position in virtualization and concentrated focus on hybrid clouds and containers, most analysts believe a spinoff provides VMware with more competitive advantage than it has with Dell, which is traditionally a hardware-oriented company. But some believe the economic advantages Dell would gain through a spinoff outweigh any strategic technology disadvantages. Wall Street doesn’t like the capitalization structure between Dell and VMware, which investors believe has held down the market value of Dell.

“The crazy thing is, Dell has a market worth of around $30-something billion, but they own 81% of VMware, which should make their value about $50 billion,” said Patrick Moorhead, president and principal analyst at Moor Insights and Strategy. “It almost forces [Dell’s] hand to sell VMware,” he said.

While many IT market analysts favored VMware, investors were encouraged by Dell’s confirmation of a potential spinoff sending the company’s stock up 17% the day of the announcement on Thursday.

Even with the financial upside to a spinoff, Dell would still need to find another software partner, or multiple software partners, to replace VMware, Moorhead said, which could prove difficult.

“They certainly aren’t going to go out and buy another company because the capitalization doesn’t work out there,” Moorhead said. “The other route is to do what HP did and pull together various pieces and build their own stack, but I don’t see them pulling that off.”

Another analyst believes Dell, in part, is exploring a spinoff is to gain more freedom to cozy up to other top-tier cloud providers.

“The only possible reason [Dell] would float this out there is because of two possible suitors; namely Google and Amazon,” said Dana Gardner, principal analyst at Interarbor Solutions, LLC. “Those two would like the chance to take that installed VMware base across, but neither one of them would see Dell as that strategic.”

Go to Original Article
Author:

‘SigRed’ alert: Experts urge action on Windows DNS vulnerability

Experts are urging organizations to immediately patch a dangerous DNS vulnerability known as SigRed after proof-of-concept exploits have emerged on the internet.

SigRed, a 17-year-old Windows DNS server vulnerability that was assigned a CVSS score of 10.0 was discovered by Check Point Research. In response, Microsoft released a patch Tuesday.

“SigRed (CVE-2020-1350) is a wormable, critical vulnerability (CVSS base score of 10.0) in the Windows DNS server that affects Windows Server versions 2003 to 2019, and can be triggered by a malicious DNS response,” Check Point’s blog post on the vulnerability reads. “As the service is running in elevated privileges (SYSTEM), if exploited successfully, an attacker is granted Domain Administrator rights, effectively compromising the entire corporate infrastructure.”

The Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency (CISA) released an advisory Thursday directing users and administrators to “review Microsoft’s Security Advisory and Blog for more information, and apply the necessary update and workaround” by 2 p.m. EST Friday.

CISA director Christopher Krebs said in a blog post Thursday that it was critical for agencies to patch SigRed or implement a mitigation within 24 hours. “Though we are not aware of active exploitation, it is only a matter of time for an exploit to be created for this vulnerability,” he wrote.

Johannes Ullrich of the SANS Institute’s Internet Storm Center noted Thursday that there is at least one “real” proof-of-concept (PoC) exploit for SigRed available online, and while it doesn’t execute code on target systems, he said it could cause DNS servers to crash. Additional PoC exploits have been discovered online, though their effectiveness has not been verified.

Ullrich told SearchSecurity that this vulnerability offers the potential to break entire network architectures.

“The problem is that it potentially allows a remote code execution on the DNS server, which is in itself bad but often the DNS server in the Windows architecture is running on your domain controller, which is the keys to the kingdom, so owning the domain server often means owning of the network,” he said. ” This vulnerability can potentially break entire network architectures that are built around the standard Windows setup.”

Paul Vixie, developer of the DNS protocol and founder and CEO at Farsight Security, argued that the level of attention CVE-2020-1350 received is appropriate because of the nature of DNS architecture and the wormable capability of the flaw.

“When you’re talking about remote code execution and you’re talking about elevated privilege, that gives you a CVSS score of a perfect 10. It is not possible to measure the risk of a vulnerability as being higher than this,” Vixie said, adding that entire network infrastructure can be disrupted by infecting one PC inside an environment. “Once you can do that, you can cause the Sig query to be made and then you can cause an adjacent infection in addition to the one you entered the network with,” he said. “So, this is important.”

However, Vixie added that the “true importance” of SigRed probably won’t be known for a while.

Go to Original Article
Author:

Identity theft subscription services uncovered on dark web

After movies, music and television, identity theft has become the newest type of subscription service available to a paying audience.

Identity theft subscription services have been discovered on the dark web by VMware Carbon Black’s Threat Analysis Unit (TAU) in a recent blog post titled “Tax Day Fraud: ‘Identity Theft Subscriptions’ in High Demand on the Dark Web.” The post touched on the various types of fraud cybercriminals are engaging in ahead of Tax Day, as well as how criminals have more time to enact such fraud in the wake of COVID-19’s delay of the original 2020 Tax Day, April 15, to July 15. The research also reveals the rise of identity theft subscriptions being offered on the dark web.

In the blog post, Greg Foss, a senior threat researcher from VMware Carbon Black’s TAU, said the vendor “uncovered hundreds of newly published identity information packages” on dark web marketplaces that included personal data such as Social Security numbers, addresses, dates of birth, email addresses, passwords and more, costing anywhere between $50 and $10,000.

“Perhaps most notable is the massive number of malicious actors bidding to buy this content, with many interested in ‘identity theft subscriptions,’ requesting and committing to purchasing stolen data weekly, monthly, and even on a daily basis,” Foss wrote.

While identity theft has typically been a threat to consumers, stolen personally identifiable information (PII) including tax information and W-2 forms have become a hallmark of enterprise security threats such as business email compromise (BEC), which led to $26 billion in losses across the globe between 2016 and 2019, according to the FBI. BEC attacks make fraudulent email requests to enterprises for employee tax information, for example, and the threat actors can then sell that data on the dark web or use it to construct more convincing scams for fake invoices or wire transfers to bank accounts that are controlled by the attackers.

Foss told SearchSecurity that PII and tax information can be also used by cybercriminals for “carding” schemes for payment card fraud. “A lot of this information would be used in carding operations, generating new accounts under different people.”

Foss added that a lot of the information at play is related to “fullz” — full packages of PII including social security numbers, full names, emails, companies the individual is working for or has worked for in the past, and health record data.

While he said that some of the data packages will be sold for the intention of scamming the buyer and not all of it will be high-quality, TAU is also seeing are escrow services where the buyer puts currency in an account for the seller, and once the deal is confirmed to be legitimate, the buyer releases the funds to the seller.

“Criminals seize on every opportunity to exploit bad situations. 2020 has presented unlimited opportunities to profit, increasing the demand for identity packages,” Foss wrote. “It has also shifted the buying frequency with hackers looking to purchase data on a subscription basis. These criminals run the gamut from script kiddies to seasoned hackers and scammers.”

Go to Original Article
Author:

Advent, Forescout bury the hatchet with new acquisition deal

After a contentious legal dispute that involved allegations of channel stuffing, Advent International’s proposed acquisition of Forescout Technologies is back on.

Forescout announced Wednesday that the vendor’s board approved a revised acquisition agreement in which the private equity firm will purchase all outstanding Forescout shares at $29 per share. The original Forescout acquisition agreement, which was announced in February, was for $1.9 billion, or $33 per share, approximately 30% higher than the vendor’s closing price of $25.45 on Oct. 18, 2019.

But in May, Advent called off the acquisition just three days before the deal was scheduled to close, claiming the security vendor experienced a “material adverse effect” that prevented it from meeting the closing conditions. Forescout disputed the claim, saying the acquisition agreement explicitly covered any risks associated with the COVID-19 pandemic, and filed a lawsuit against Advent in the Delaware Court of Chancery for violating the terms of the agreement.

‘Channel stuffing’ alleged

Following Forescout’s lawsuit, Advent accused Forescout of channel stuffing — an unethical and potentially illegal practice in which a company sells more products to a distribution channel partner than the partner is reasonably able to resell. Channel stuffing is used by companies to inflate their sales and revenue numbers for a given reporting period, which can lead to false SEC filings; in 2006, McAfee paid a $50 million fine for engaging in channel stuffing that overstated the vendor’s revenue by 131% during a three-year span.

In June, Advent took legal action of its own; in the same Delaware court, Advent subpoenaed documents from Merlin International, a Forescout reseller partner based in Vienna, Va. Advent said it received an email from an alleged whistleblower who accused Forescout of engaging in a channel stuffing scheme during the fourth quarter of 2019 with Merlin.

Advent’s complaint claimed Forescout’s fourth-quarter revenue was inflated by “an abnormal transaction” with Merlin. In a statement to CRN, Merlin denied the allegations and said it had been dragged into the middle of the legal dispute between Forescout and Advent. Forescout also denied the allegations.

The details of the alleged channel stuffing scheme, as well as the identity of the whistleblower, remain unclear. However, in May SearchSecurity received a statement from Ben Axler, founder and chief investment officer at investment firm Spruce Point Capital Management, regarding the allegation:

“In light of Forescout’s disappointing Q1 2020 results, and evidence that suggests the possibility of channel stuffing by selling hardware at negative margin, we continue to believe it’s in the best interest of the buyers to terminate the purchase agreement rather than reward management with any takeover premium for its failures,” Axler wrote via email.

When asked for evidence of the allegation, Axler emailed a link to a Spruce Point report that speculated the vendor’s “deeply discounted” sales in the first quarter this year were evidence of channel stuffing. SearchSecurity did not publish that portion of Axler’s statement in its article because at the time there was no evidence supporting the allegation, and Advent had not yet taken legal action against Forescout.

Spruce Point had publicly criticized the Forescout acquisition when it was first announced, and released a statement in April urging Advent to abandon the deal.

SearchSecurity contacted Advent regarding the channel stuffing accusation and the status of its probe. The company did not respond at press time.

Revised agreement ‘best path forward’ for Forescout acquisition

Despite the allegation and contentious legal disputes, Advent and Forescout buried their swords. As part of the new acquisition agreement, the two companies reached a settlement for the pending litigation in the Delaware Court of Chancery.

Despite a reduction in the sale price by $4 per share, Theresia Gouw, chair of Forescout’s board of directors, said the board unanimously approved the revised agreement and recommended it to shareholders. “We believe revising the terms of the previously announced transaction is the best path forward for Forescout because it removes the significant ongoing distraction of the pending litigation and delivers immediate and certain value to Forescout’s shareholders,” she said in a statement.

Advent and Forescout worked in good faith to reach a solution that could benefit all stakeholders.
Bryan TaylorManaging partner, Advent

Advent partnered with private equity firm Crosspoint Capital Partners as an advisor on the deal. Under the agreement, Greg Clark, managing partner of Crosspoint Capital Partners and former CEO of Symantec, will join Forescout’s board and Nicholas Noviello, former vice president and CFO of Symantec, will join Forescout as COO.

“Advent and Forescout worked in good faith to reach a solution that could benefit all stakeholders,” Bryan Taylor, managing partner and head of Advent’s technology investment team, said in a statement. “We look forward to helping Forescout continue to deliver world-class cybersecurity solutions to customers for years to come.”

The revised acquisition is expected to close in the third quarter.

Security news writer Arielle Waldman contributed to this report.

Go to Original Article
Author:

For Sale – EVGA GTX 1080 SC

Hi all, on behalf of a friend, I am selling some components from his old PC after an upgrade. These parts have all been tested by myself and it has all checked out well with no issues found. These are all parts from a Chillblast pre built (sorry lol) as he doesn’t feel comfortable building his own, so the Motherboard splash screen is a Chillblast splash screen, I could probably change this, but I have no real reason to do so as it works fine as is and I don’t want to mess anything up. The comonents and prices are as follows;

Intel Core i7 6700k CPU – £SOLD (I will do my best to clear the thermal paste from around the edges of the CPU, Chillblast were pretty generous)
Gigabyte Z170XP-SLI Motherboard with IO Shield – £SOLD
2 x 8GB Goldkey 2133Mhz DDR4 Ram – £SOLD
EVGA GTX 1080 SC (There is a small, lets say dint on the GPU back plate, was there when removed from the PC so my assumption is there was a minor mishap during the build, doesn’t effect use in any way) – £300 (warranty for 106 days checked on 05/06/2020)
Integral M Series 256GB NVMe SSD (M.2 2280) Brand New – £SOLD
Corsair CX750 80+ Bronze PSU (Non Modular) – £SOLD
Noctua NH-D15 Air Cooler (Intel attachments only due to being a pre built) – £SOLD

All prices are negotiable and include the cost of shipping (I’m dreading the PSU and that behemoth of a cooler ). Please do note, that I have none of the original boxes, but each item will arrive in some form of box with adequate packaging (this will likely be old component boxes of mine, so nothing will be packaged badly).

I would like to see this go as a bundle and will be shipped via DPD insured delivery and packaged as boxes within a box for the maximum protection fo the components I can get should it go all together.

This would make an ideal PC for those looking to get in to PC gaming at just about any resolution (pretty sure the 1080 can handle 4k with some reduced settings on a good majority of games).

I do have a boxed 1080p AOC IPS 21.5 inch monitor (I2267FWH) I can include in the sale, brilliant condition other than a small white dot on the screen, the screen still works great, it just has a white dot at the top of the display, some people wont mind it, otherwise will be driven crazy by it. Pictures will be uploaded of this later when I get it out. I was after £40 on this due to the screen issue, but I’m again, open to offers.

Sorry for the lengthy post, and if you have any questions please do ask.

Payment would have to be via Bank Transfer please.

Go to Original Article
Author:

Snowflake files for IPO after months of speculation

After months of speculation, fast-growing cloud data warehouse vendor Snowflake has filed for an IPO.

“All our sources have confirmed that they filed using the JOBS Act approach,” said R “Ray” Wang, founder and CEO of Constellation Research.

The Jumpstart Our Business Act was signed into law by President Barack Obama in 2012 and is intended to help fund small businesses by easing securities regulations, including allowing smaller firms to file for IPOs confidentially while testing the market.

“They have ramped up their sales and marketing to match the IPO projections and they’ve made substantial customer progress,” Wang added.

Snowflake, meanwhile, has not yet confirmed that its IPO is now officially in the works.

“No comment” was the official response from the vendor when reached for comment.

Snowflake, founded in 2012 and based in San Mateo, Calif., has appeared to be aiming at an IPO for more than a year.

All our sources have confirmed that they filed using the JOBS Act approach. They have ramped up their sales and marketing to match the IPO projections and they’ve made substantial customer progress.
R ‘Ray’ WangFounder and CEO, Constellation Research

The vendor is in a competitive market that includes Amazon Redshift, Google BigQuery, Microsoft Azure SQL Data Warehouse and SAP Data Warehouse, among others. Snowflake, however, has established a niche in the market and been able to grow from 80 customers when it released its first platform in 2015 to more than 3,400.

“Unlike other cloud data warehouses, Snowflake uses a SQL database engine designed for the cloud, and scales storage and compute independently,” said Noel Yuhanna, analyst at Forrester Research. “Customers like its ease of use, lower cost, scalability and performance capabilities.”

He added that unlike other cloud data warehouses, Snowflake can help customers avoid vendor lock-in by running on multiple cloud providers.

“If the IPO comes through, it will definitely put pressure on the big cloud vendors Amazon, Google and Microsoft who have been expanding their data warehouse solutions in the cloud,” Yuhanna said.

Snowflake has been able to increase its valuation from under $100 million when it emerged from stealth to more than $12 billion by growing its customer base and raising investor capital through eight funding rounds. An IPO has the potential to infuse the company with even more capital, and fundraising is often the chief reason a company goes public.

Other advantages include an exit opportunity for investors, publicity and credibility, a reduced overall cost of capital since private companies often pay higher interest rates to receive bank loans, and the ability to use stock as a means of payment.

Speculation that Snowflake was on a path toward going public gained momentum when Bob Muglia, who took over as CEO of Snowflake in 2014 just before it emerged from stealth, abruptly left the company in April 2019 and was replaced by Frank Slootman.

Before joining Snowflake, Slootman had led ServiceNow and Data Domain through their IPOs, and in October 2019 told an audience in London that Snowflake could pursue an IPO as early as summer 2020.

Three months later, in February 2020, Snowflake raised $479 million in venture capital funding led by Dragoneer Investment Group and Salesforce Ventures, which marked the vendor’s eighth fundraising round and raised the its valuation to more than $12.4 billion.

Even eight funding rounds are rare, and in order to increase valuation beyond venture capital investments, companies are generally left with the option of either going public or getting acquired.

Meanwhile, last week at its virtual user conference Snowflake revealed expanded cloud data warehouse capabilities that included a new integration with Salesforce that will enable Snowflake to more easily connect to different data sources. And the more capabilities Snowflake has, the more attractive it would be to potential investors in an IPO.

“Snowflake, I believe, has been looking at an IPO for a few years now,” Yuhanna said. “They have had a steady revenue streamline for a while, and many large Fortune companies have been using it for critical analytical deployments. Based on our inquiries, it’s the top data warehouse that customers have been asking about besides Amazon Redshift.”

While Snowflake has finally filed for an IPO, the filing is just one step in the process of going public and it’s not certain the vendor will go through with a public offering.

The IPO market, however, has remained active despite the COVID-19 pandemic.

Go to Original Article
Author:

For Sale – Entry level upgradable gaming PC – GTX670, i3 3225, 8GB, 128SSD&320HHD – £200 delivered

Hi, selling my daughters PC after she’s had an upgrade (well technically my eldest son upgraded, sold his old one to my younger son and the ripple effect is she’s got this to sell!). Condition is a bit tatty (pictures in link below), has side window with blue LED lighting everything up. Also comes with CD ROM and ye olde floppy disk (which is not plugged in – more being used as a blanking plate lol). She mainly used it for Fortnite, Minecraft, SIMS4, Overwatch and CSGO…never had any issues…this is a great entry gaming machine and is easily upgradable to the amazing i5 2500K and something like a GTX 970/1060 which would be good level and get you into VR.

So specs are:

GTX670 GPU Gigabyte OC Edition
i3 3225 CPU Stock h/s & fan
Asus P8H61-M socket 1155 Motherboard
8GB RAM Corsair 2x4GB 1600Mhz DDR3
128 SSD Samsung
320 HHD WD Scorpio Blue
500W PSU OCZ

Anyway, really not sure on value – was thinking £200 inc. based on a basic value of each part if I sold seperately.

More pictures; Album — Postimage.org

Go to Original Article
Author:

For Sale – Entry level upgradable gaming PC – GTX670, i3 3225, 8GB, 128SSD&320HHD – £200 delivered

Hi, selling my daughters PC after she’s had an upgrade (well technically my eldest son upgraded, sold his old one to my younger son and the ripple effect is she’s got this to sell!). Condition is a bit tatty (pictures in link below), has side window with blue LED lighting everything up. Also comes with CD ROM and ye olde floppy disk (which is not plugged in – more being used as a blanking plate lol). She mainly used it for Minecraft, SIMS4 and CSGO…never had any issues…this is a great entry gaming machine and is easily upgradable to the amazing i5 2500K and something like a GTX 970/1060 which would be good level and get you into VR.

So specs are:

GTX670 GPU Gigabyte OC Edition
i3 3225 CPU Stock h/s & fan
Asus P8H61-M socket 1155 Motherboard
8GB RAM Corsair 2x4GB 1600Mhz DDR3
128 SSD Samsung
320 HHD WD Scorpio Blue
500W PSU OCZ

Anyway, really not sure on value – was thinking £200 inc. based on a basic value of each part if I sold seperately.

More pictures; Album — Postimage.org

Go to Original Article
Author:

For Sale – Entry level upgradable gaming PC – GTX670, i3 3225, 8GB, 128SSD&320HHD – £200 delivered

Hi, selling my daughters PC after she’s had an upgrade (well technically my eldest son upgraded, sold his old one to my younger son and the ripple effect is she’s got this to sell!). Condition is a bit tatty (pictures in link below), has side window with blue LED lighting everything up. Also comes with CD ROM and ye olde floppy disk (which is not plugged in – more being used as a blanking plate lol). She mainly used it for Minecraft, SIMS4 and CSGO…never had any issues…this is a great entry gaming machine and is easily upgradable to the amazing i5 2500K and something like a GTX 970/1060 which would be good level and get you into VR.

So specs are:

GTX670 GPU Gigabyte OC Edition
i3 3225 CPU Stock h/s & fan
8GB RAM Corsair 2x4GB 1600Mhz DDR3
128 SSD Samsung
320 HHD WD Scorpio Blue
500W PSU OCZ

Anyway, really not sure on value – was thinking £200 inc. based on a basic value of each part if I sold seperately.

More pictures; Album — Postimage.org

Go to Original Article
Author: