Security daily (01-07-2021)

AWS achieves Spain’s ENS High certification across 149 services

Gaining and maintaining customer trust is an ongoing commitment at Amazon Web Services (AWS). We continually add more services to our ENS certification scope. This helps to assure public sector organizations in Spain that want to build secure applications and services on AWS that the expected ENS certification security standards are being met. ENS certification […] (AWS Security Blog)

How to integrate third-party IdP using developer authenticated identities

Amazon Cognito identity pools enable you to create and manage unique identifiers for your users and provide temporary, limited-privilege credentials to your application to access AWS resources. Currently, there are several out of the box external identity providers (IdPs) to integrate with Amazon Cognito identity pools, including Facebook, Google, and Apple. If your application’s primary […] (AWS Security Blog)

US, UK accuse Russian military hackers of battering-ram password attacks against hundreds of targets

For two years, Russian military hackers have been bombarding hundreds of targets worldwide with passwords to gain access to their networks, making use of a popular open-source tool for managing application workloads, U.S. and U.K. agencies warned in an advisory Thursday. The Russian agency deploys a Kubernetes cluster — a set of worker machines — to conduct their brute force “password spray” attacks that guess commonly-used passwords to get into target networks, according to the advisory from the National Security Agency, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, the FBI and the U.K.’s National Cyber Security Centre. It’s the alleged handiwork of Russia’s General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center, military unit 26165. The hackers, often described as Fancy Bear or APT28, have been blamed for a number of high profile intrustions, most prominently for interference in the 2016 U.S. presidential election. The […] The post US, UK accuse Russian military hackers of battering-ram password attacks against hundreds of targets appeared first on CyberScoop. (CyberScoop)

Chinese hackers suspected of using Dropbox to snoop on Afghan officials

Hackers with ties to China have been targeting the emails of Afghan security officials with malware meant to scoop up everything on their desktop, according to a Thursday report from researchers at Check Point. In an example shared by researchers, a hacker sent a malicious file to an official at the Afghanistan National Security Council posing as someone from the administrative office of the president of Afghanistan. The email requested the recipient review an attachment that was purportedly about an upcoming press conference. Once clicked, that attachment opened the first file on the victim’s desktop while simultaneously opening a backdoor onto the computer, Check Point said. From there, hackers had access to victim’s files and executed a scanner tool popular with multiple hacking groups, including the Chinese government-linked group APT10. Based on the malware used by hackers, though, researchers believe with medium to high confidence that the attack was executed […] The post Chinese hackers suspected of using Dropbox to snoop on Afghan officials appeared first on CyberScoop. (CyberScoop)

S3 Ep39: Paying the date, #SocialMediaDay tips, and a special splintersode [Podcast]

Latest episode - listen now! (Naked Security)

Colombia Police Collar Suspected Gozi Trojan Distributor

(News ≈ Packet Storm)

XKEYSCORE Spy Program Revealed By Snowden Still A Problem

(News ≈ Packet Storm)

Netgear Authentication Bypass Allows Router Takeover

(News ≈ Packet Storm)

Lorenz Ransomware Victims Can Recover Files With Free Tool

(News ≈ Packet Storm)

Chinese Hacking Group Impersonates Afghan President To Infiltrate Government Agencies

(News ≈ Packet Storm)

IndigoZebra APT Hacking Campaign Targets the Afghan Government

Cybersecurity researchers are warning of ongoing attacks coordinated by a suspected Chinese-speaking threat actor targeting the Afghanistan government as part of an espionage campaign that may have had its provenance as far back as 2014. Israeli cybersecurity firm Check Point Research attributed the intrusions to a hacking group tracked under the moniker "IndigoZebra," with past activity aimed (The Hacker News)

Rethinking Application Security in the API-First Era

Securing applications it the API-first era can be an uphill battle. As development accelerates, accountability becomes unclear, and getting controls to operate becomes a challenge in itself. It's time that we rethink our application security strategies to reflect new priorities, principles and processes in the API-first era. Securing tomorrow's applications begins with assessing the business (The Hacker News)

Facebook Sues 4 Vietnamese for Hacking Accounts and $36 Million Ad Fraud

Facebook on Tuesday revealed it filed two separate legal actions against perpetrators who abused its ad platform to run deceptive advertisements in violation of the company's Terms and Advertising Policies.  "In the first case, the defendants are a California marketing company and its agents responsible for a bait-and-switch advertising scheme on Facebook," the social media giant's Director of (The Hacker News)

3 Steps to Strengthen Your Ransomware Defenses

The recent tsunami of ransomware has brought to life the fears of downtime and data loss cybersecurity pros have warned about, as attacks on the energy sector, food supply chain, healthcare industry, and other critical infrastructure have grabbed headlines. For the industry experts who track the evolution of this threat, the increased frequency, sophistication, and destructiveness of ransomware (The Hacker News)

Hacker Wanted in the U.S. for Spreading Gozi Virus Arrested in Colombia

Colombian authorities on Wednesday said they have arrested a Romanian hacker who is wanted in the U.S. for distributing a virus that infected more than a million computers from 2007 to 2012. Mihai Ionut Paunescu (aka "Virus"), the individual in question, was detained at the El Dorado airport in Bogotá, the Office of the Attorney General of Colombia said. <!--adsense--> Paunescu was previously (The Hacker News)

Researchers Leak PoC Exploit for a Critical Windows RCE Vulnerability

A proof-of-concept (PoC) exploit related to a remote code execution vulnerability affecting Windows Print Spooler and patched by Microsoft earlier this month was briefly published online before being taken down. Identified as CVE-2021-1675, the security issue could grant remote attackers full control of vulnerable systems. Print Spooler manages the printing process in Windows, including loading (The Hacker News)

Linux Variant of REvil Ransomware Targets VMware’s ESXi, NAS Devices

Criminals behind the potent REvil ransomware have ported the malware to Linux for targeted attacks. (Threatpost)

Defeating Ransomware-as-a-Service? Think Intel-Sharing

Aamir Lakhani, cybersecurity researcher and practitioner at FortiGuard Labs, explains the rise of RaaS and the critical role of threat intel in effectively defending against it. (Threatpost)

Hacked Data for 69K LimeVPN Users Up for Sale on Dark Web

LimeVPN has confirmed a data incident, and meanwhile its website has been knocked offline. (Threatpost)

Babuk Ransomware Builder Mysteriously Appears in VirusTotal

The gang's source code is now available to rivals and security researchers alike - and a decryptor likely is not far behind. (Threatpost)

Data Exfiltration: What You Should Know to Prevent It

Data leaks are a serious concern for companies of all sizes; if one occurs, it may put them out of business permanently. Here's how you can protect your organization from data theft. (Threatpost)

LinkedIn’s 1.2B Data-Scrape Victims Already Being Targeted by Attackers

A refined database of 88K U.S. business owners on LinkedIn has been posted in a hacker forum. (Threatpost)


/security-daily/ 02-07-2021 23:44:24