Security daily (01-03-2021)

Automate Amazon EC2 instance isolation by using tags

Containment is a crucial part of an overall Incident Response Strategy, as this practice allows time for responders to perform forensics, eradication and recovery during an Incident. There are many different approaches to containment. In this post, we will be focusing on isolation—the ability to keep multiple targets separated so that each target only sees […] (AWS Security Blog)

TLS 1.2 will be required for all AWS FIPS endpoints beginning March 31, 2021

To help you meet your compliance needs, we’re updating all AWS Federal Information Processing Standard (FIPS) endpoints to a minimum of Transport Layer Security (TLS) 1.2. We have already updated over 40 services to require TLS 1.2, removing support for TLS 1.0 and TLS 1.1. Beginning March 31, 2021, if your client application cannot support […] (AWS Security Blog)

Naked Security Live – Beware copyright scams

Here's the latest Naked Security Live talk - watch now! (Naked Security)

Hackers Improve SEO Before Deploying Malware

(News ≈ Packet Storm)

Spyware Fan MBS Accused By US Intel Of Khashoggi Death

(News ≈ Packet Storm)

Clubhouse's Security And Privacy Lag Behind Its Quick Growth

(News ≈ Packet Storm)

Judge Approves $650 Million Settlement Of Privacy Lawsuit Against Facebook

(News ≈ Packet Storm)

Mobile Adware Booms, Online Banks Become Prime Target for Attacks

A snapshot of the 2020 mobile threat landscape reveals major shifts toward adware and threats to online banks. (Threatpost)

Malware Loader Abuses Google SEO to Expand Payload Delivery

Gootloader has expanded its payloads beyond the Gootkit malware family, using Google SEO poisoning to gain traction. (Threatpost)

Passwords, Private Posts Exposed in Hack of Gab Social Network

The Distributed Denial of Secrets group claim they have received more than 70 gigabytes of data exfiltrated from social media platform Gab. (Threatpost)

Firewall Vendor Patches Critical Auth Bypass Flaw

Cybersecurity firm Genua fixes a critical flaw in its GenuGate High Resistance Firewall, allowing attackers to log in as root users. (Threatpost)


/security-daily/ 02-03-2021 23:44:24