Security daily (01-06-2020)

How to perform automated incident response in a multi-account environment

How quickly you respond to security incidents is key to minimizing their impacts. Automating incident response helps you scale your capabilities, rapidly reduce the scope of compromised resources, and reduce repetitive work by security teams. But when you use automation, you also must manage exceptions to standard response procedures. In this post, I provide a […] (AWS Security Blog)

The governor's office says the NSA isn't involved in the response to Minnesota's protests. But here's how it could be.

The office of Minnesota Gov. Tim Walz says the National Security Agency did not provide the state with signals intelligence as its law enforcement agencies responded to protests against the killing of George Floyd. For awhile this weekend, though, the governor stirred up some confusion about whether the intelligence agency could do so. “No NSA involvement,” a Walz spokesperson told CyberScoop. The Democratic governor was mistaken in suggesting Saturday during a press conference that the U.S. military had provided the state with signals intelligence collected by the NSA, the spokesperson said. CyberScoop could not independently verify the spokesman’s comment. The NSA deferred comment to the governor’s office. Generally speaking, the NSA, the Pentagon’s foreign signals intelligence agency, does not target U.S. citizens to collect electronic communications information. But there are specific times when it can. Walz’s comments — combined with speculation about how those legal circumstances might apply to the protests — were enough to fuel questions about the NSA’s involvement. Walz said Saturday that he had […] The post The governor's office says the NSA isn't involved in the response to Minnesota's protests. But here's how it could be. appeared first on CyberScoop. (CyberScoop)

Anonymous, aiming for relevance, spins old data as new hacks

Anonymous, the once-formidable hacking collective, continued its transformation into a cohort of social media opportunists over the weekend by claiming to “leak” files and personal information that, in some cases, has been available for years. Anonymous said it retaliated against the Minneapolis police department for the May 25th killing of George Floyd by publishing email addresses and passwords apparently stolen from a police website. The information was previously taken in prior data breaches, then re-packaged to appear to be a new batch, according to Troy Hunt, owner of Have I Been Pwned, which tracks stolen credentials. Of the 798 email addresses included in the Anonymous database, 689 are unique, the rest being duplicates. Of that 689, 659 were already available in the Have I Been Pwned database, Hunt said in his analysis, and those email addresses were leaked an average of 5.5 times. Many seem to have originated in the […] The post Anonymous, aiming for relevance, spins old data as new hacks appeared first on CyberScoop. (CyberScoop)

Researcher claims $100,000 for ‘Sign in with Apple’ hack

The same login feature that Apple introduced last year to protect privacy could have been abused to hack into third-party applications on an iPhone, a security researcher has found. The discovery earned New Delhi-based programmer Bhavuk Jain $100,000, he said, highlighting the critical nature of the flaw and the big payouts Apple has been offering through a bug bounty program it expanded last year. Jain figured out how to generate a login token for an Apple ID and use it to access third-party apps with lax security. Manipulating the tokens at their source was all Jain needed to access the apps. The research comes a year after Apple unveiled the “Sign in with Apple” feature, which authenticates users on apps without disclosing their Apple IDs. Apple has touted it as a more privacy-conscious alternative to requiring users to log in to apps through their social media accounts. Jain did not detail […] The post Researcher claims $100,000 for ‘Sign in with Apple’ hack appeared first on CyberScoop. (CyberScoop)

North Korea issues blanket denial to US hacking accusations

The North Korean government issued a statement denying U.S. allegations that hackers used cyberattacks to raise money on Pyongyang’s behalf. U.S. and international cybersecurity officials, along with private sector specialists, have accused North Korean hackers of infiltrating global financial networks, stealing from ATMs, and demanding ransoms in bitcoin as part of a wider effort to help the government evade sanctions. The FBI, along with the departments of Homeland Security, Treasury and State, issued an advisory in May warning that North Korean hackers had used an array of malicious software tools to continue their operations. “We know well that the ulterior intention of the United States is to tarnish the image of our state and create a moment for provoking us by employing a new leverage called ‘cyber threat’ together with the issues of nuke, missiles, ‘human rights,’ ‘sponsoring of terrorism’ and ‘money laundering,’” North Korea’s Ministry of Foreign Affairs said […] The post North Korea issues blanket denial to US hacking accusations appeared first on CyberScoop. (CyberScoop)

Rod Rosenstein is working with NSO Group, the Israeli firm accused of spying on dissidents

Rod Rosenstein, a former deputy attorney general at the Department of Justice, has been providing counsel on cybersecurity and national security to NSO Group, the Israeli software surveillance firm accused of spying on human rights activists and journalists, according to court documents obtained by CyberScoop. Rosenstein’s work with NSO Group was revealed in court documents in relation to a lawsuit WhatsApp filed against the company, accusing them of surveilling over 1,000 WhatsApp users. “I have counseled NSO about cyber and national security issues and assisted the defense team” in the WhatsApp v. NSO Group case, Rosenstein said in the signed declaration. Rosenstein has been employed by King & Spalding, the firm representing NSO Group, since January of this year. He previously served as deputy attorney general from 2017 through May 2019. The filing is an attempt to rebut WhatsApp’s claims that King & Spalding has a conflict of interest in the case because it has […] The post Rod Rosenstein is working with NSO Group, the Israeli firm accused of spying on dissidents appeared first on CyberScoop. (CyberScoop)

What the NHS Test and Trace scheme could learn from banks about stopping scams

I’m concerned that fraudsters will disguise themselves as the NHS Test and Trace Service, and trick people into giving over sensitive personal information – and maybe even some money. Maybe something could be learnt from the banks? (Graham Cluley)

Prioritize alerts and jump-start your investigations with Recorded Future’s free browser extension. Sign up now.

Graham Cluley Security News is sponsored this week by the folks at Recorded Future. Thanks to the great team there for their support! Drowning in alerts from many different sources and systems? Spending too much valuable time researching potential threats and vulnerabilities? You need Recorded Future Express, a new browser extension from the experts at […] (Graham Cluley)

Apparently Coronavirus-tracing scammers won’t sound professional… (Yeah, right!)

Some members of the UK public will soon start receiving text messages and emails claiming to come from the NHS Test and Trace Service, as part of the country’s fight against the Coronavirus pandemic. The problem is that many of them won’t know if the communication is genuine, or from a scammer. And the UK Government’s advice isn’t helping. (Graham Cluley)

No password required! “Sign in with Apple” account takeover flaw patched

A bug bounty hunter found a way to login using "Sign in with Apple"... but without the part where you have to put in a password. (Naked Security)

Github uncovers malicious ‘Octopus Scanner’ targeting developers

GitHub has uncovered a form of malware that spreads via infected repositories on its system. (Naked Security)

Facebook to verify identities on accounts that churn out viral posts

Hopefully it's a COVID-19 version of what it did post-2016 elections, when it required verification of those buying political or issue ads. (Naked Security)

Monday review – the hot 15 stories of the week

From iPhone jailbreaks to questions about the dark web, and everything in between. It's weekly roundup time! (Naked Security)

How to Find Exploits & Get Root with Linux Exploit Suggester

Privilege escalation is one of the essential skills a hacker can have and often separates the newbies from the pros. With a continually changing landscape and a plethora of exploits out there, it can be a problematic aspect of any attack. Luckily, some tools can help expedite the process. Linux Exploit Suggester is just one of many to help you get root.

Privilege escalation is the act of gaining access to the privileges of another user on the system. It comes in two flavors: horizontal and vertical privilege escalation.

Horizontal privilege escalation is when an attacker gains access to... more (Null Byte « WonderHowTo)

Provider's Database Of Crooked Customers Leaked

(News ≈ Packet Storm)

FB Employees Revolt Over Zuckerberg's Stance On Trump

(News ≈ Packet Storm)

Anonymous Hackers Re-Emerge Amid US Unrest

(News ≈ Packet Storm)

Researcher Lands $100,000 Bounty For Apple Login Bypass

(News ≈ Packet Storm)

How to Find & Fix WordPress Pharma Hack

It’s hard for any website owner to discover pharmaceutical spam. Finding bogus content for prescription drugs on a website you watched grow from a tiny blog can be heartbreaking. But don’t blame your website: it just got caught up in a bad crowd of SEO spammers. SEO spam occurs when bad actors inject a website with keywords. Their end goal is to use an innocent site’s good reputation to lure traffic to a scam. Continue reading How to Find & Fix WordPress Pharma Hack at Sucuri Blog. (Sucuri Blog)

Critical VMware Cloud Director Flaw Lets Hackers Take Over Corporate Servers

Cybersecurity researchers today disclosed details for a new vulnerability in VMware's Cloud Director platform that could potentially allow an attacker to gain access to sensitive information and control private clouds within an entire infrastructure.

Tracked as CVE-2020-3956, the code injection flaw stems from an improper input handling that could be abused by an authenticated attacker to (The Hacker News)

How to Create a Culture of Kick-Ass DevSecOps Engineers

Much like technology itself, the tools, techniques, and optimum processes for developing code evolve quickly. We humans have an insatiable need for more software, more features, more functionality… and we want it faster than ever before, more qualitative, and on top of that: Secure.

With an estimated 68% of organizations experiencing zero-day attacks from undisclosed/unknown vulnerabilities (The Hacker News)

Joomla Resources Directory (JRD) Portal Suffers Data Breach

Joomla, one of the most popular Open-source content management systems (CMS), last week announced a new data breach impacting 2,700 users who have an account with its resources directory (JRD) website, i.e., resources.joomla.org.

The breach exposed affected users' personal information, such as full names, business addresses, email addresses, phone numbers, and encrypted passwords.

The (The Hacker News)

Apple Pays $100K Bounty for Critical ‘Sign in With Apple’ Flaw

Apple has fixed a critical flaw in its Sign in with Apple feature, which could have been abused by attackers to takeover victims' third-party applications. (Threatpost)

Minneapolis Police Department Hack Likely Fake, Says Researcher

Troy Hunt said that the supposed data breach perpetrated by Anonymous is most likely a hoax. (Threatpost)

Hosting Provider’s Database of Crooked Customers Leaked

Database of sensitive info, including emails and passwords, from owners of Daniel’s Hosting portals could be incriminating. (Threatpost)


/security-daily/ 02-06-2020 23:44:21