Security daily (01-10-2020)

How to get read-only visibility into the AWS Control Tower console

When you audit an environment governed by AWS Control Tower, having visibility into the AWS Control Tower console allows you to collect important configuration information, but currently there isn’t a read-only role installed by AWS Control Tower. In this post, I will show you how to create a custom permission set by using both a […] (AWS Security Blog)

How hackers took over Facebook accounts to steal $4 million, promote scams

Facebook has fended off plenty of phony, pill-pushing ad campaigns over the years, but the company disrupted one effort last year that was particularly pernicious, and effective. Hackers defrauded Facebook users out of more than $4 million in a scheme that security staffers have connected to a cybercrime network in China. The details, revealed Thursday, demonstrate how attackers breached hundreds of thousands of Facebook accounts, scouring for users with payment methods attached to their profile, such as PayPal. The attackers would disable users’ notifications, and abuse their access to the victim account to place advertisements for diet pills and counterfeit products. The hackers delivered their malware, dubbed SilentFade, through web browsers, rather than Facebook itself, making it more difficult to detect and root out. “We anticipate more platform-specific malware to appear for platforms serving large and growing audiences, as the evolving ecosystem targeting Facebook demonstrates,” Facebook researchers Sanchit Karve and Jennifer Urgilez wrote in a […] The post How hackers took over Facebook accounts to steal $4 million, promote scams appeared first on CyberScoop. (CyberScoop)

DOD, DHS expose hacking campaign in Russia, Ukraine, India, Malaysia

The Department of Defense and the Department of Homeland Security are calling out an unspecified “sophisticated cyber actor” Thursday for using malware to launch cyberattacks against targets in India, Kazakhstan, Kyrgyzstan, Malaysia, Russia and Ukraine. The malware, which the military’s Cyber Command has dubbed “SlothfulMedia,” is an information-stealer capable of logging keystrokes of victims and modifying files, according to an analysis shared early with CyberScoop. The agencies shared the malware sample on the malware-sharing repository on VirusTotal Thursday afternoon. The malware “is in use in successful ongoing campaigns,” a Cyber Command spokesperson told CyberScoop. The DOD and DHS did not say what threat group or nation-state might be running the malware campaign. The report does not mention specific targets, either. It’s the latest Pentagon effort to expose malware used by well-resourced hackers around the world. Cyber Command, which first began exposing state-backed hacking campaigns by sharing malware samples with the public in 2018, has previously exposed foreign […] The post DOD, DHS expose hacking campaign in Russia, Ukraine, India, Malaysia appeared first on CyberScoop. (CyberScoop)

Helping to pay off ransomware hackers could draw big penalties from the feds

Anyone who helps ransomware victims pay off hackers who are under U.S. sanctions could face stiff punishment themselves, the Treasury Department said Thursday. The advisory from Treasury’s Office of Foreign Assets Control served notice to financial institutions and cyber insurance companies — as well as cybersecurity firms that help ransomware victims identify and respond to attacks — that they could suffer fines if they aided payments to attackers from places like Russia, North Korea or Iran that are on the U.S. sanctions list. And OFAC indicated it would be inclined to be strict about it: Those civil penalties could be levied against companies that didn’t know they were facilitating ransom payments to hackers on its sanctions list. “OFAC may impose civil penalties for sanctions violations based on strict liability, meaning that a person subject to U.S. jurisdiction may be held civilly liable even if it did not know or have reason […] The post Helping to pay off ransomware hackers could draw big penalties from the feds appeared first on CyberScoop. (CyberScoop)

Twitter says FBI tip prompted takedown of 130 fake accounts during debate

Intelligence from the FBI prompted Twitter to take down roughly 130 accounts that “appeared to originate in Iran,” and were trying to generate conflict during the presidential debate Tuesday, the social media company reported. In its announcement Wednesday, Twitter did not offer more details about the origin of the accounts or the extent of the FBI’s tip, but said it would publish the results of its full investigation later. The takedowns are the latest in a series of announcements from U.S. social media giants about their efforts to block foreign information operations and other inauthentic behavior ahead of the 2020 elections. Russia, China and Iran are considered to be the primary sources of such activity, each with its own distinct set of interests. Federal officials have said Iran generally seeks to increase divisions in the U.S. electorate. An operation that spread racist disinformation about coronavirus vaccine tests during the summer resembled the behavior of an Iran-linked group that security researchers called Endless Mayfly. Twitter’s security […] The post Twitter says FBI tip prompted takedown of 130 fake accounts during debate appeared first on CyberScoop. (CyberScoop)

Why professional and managed security services make increasing economic sense for the public sector

The growing complexity of IT systems and a shortage of talent make managed and professional services a smart choice for enterprise IT operations. The post Why professional and managed security services make increasing economic sense for the public sector appeared first on CyberScoop. (CyberScoop)

#BeCyberSmart – why friends don’t let friends get scammed

Friends don't let friends get scammed. Because cybercrime hurts us all. (Naked Security)

Explore Data Analysis & Deep Learning with This $40 Training Bundle

Data makes the world go round. It has gotten to the point that it's considered the most valuable resource, perhaps even more important than oil. Businesses use data to collect critical information about their users and improve their services; governments utilize it to improve things like public transportation; doctors analyze data to find more ways to save lives.

If you're fascinated by the many ways data is used in various industries and are interested in making a career of it, the Deep Learning & Data Analysis Certification Bundle is here to help. It offers premium content covering data... more (Null Byte « WonderHowTo)

How to Escape Restricted Shell Environments on Linux

The moment arrives when you finally pop a shell on the web server you've been working on, only you find yourself in a strange environment with limited functionality. Restricted shells are often used as an additional line of defense and can be frustrating for an attacker to stumble upon. But with enough patience and persistence, it is possible to escape these restricted environments.

What Are Restricted Shells?

Restricted shells are simply shells with restricted permissions, features, or commands. They are primarily used to ensure that users can perform the minimum operations necessary for... more (Null Byte « WonderHowTo)

Germany Fines H&M 35 Million Euros For Data Protection Breaches

(News ≈ Packet Storm)

New Report Suggests That Bug Bounty Business Is Recession-Proof

(News ≈ Packet Storm)

Bank Details Exposed In Blackbaud Charities Hack

(News ≈ Packet Storm)

Charges Filed In NFL Nude Picture Hack

(News ≈ Packet Storm)

GFX Xsender Hack Tool: A Spam Mailer

PHP hack tools are created and used by attackers to help automate frequent or tedious tasks. During a recent investigation, we came across a hack tool used to simplify the process of sending predefined HTML emails to a list of email addresses. The tool runs on top of PHPMailer’s library, which handles the connection and sending of the malicious emails.

The hack tool also grants the ability to authenticate to an email address on a remote server. Continue reading GFX Xsender Hack Tool: A Spam Mailer at Sucuri Blog. (Sucuri Blog)

Beware: New Android Spyware Found Posing as Telegram and Threema Apps

A hacking group known for its attacks in the Middle East, at least since 2017, has recently been found impersonating legitimate messaging apps such as Telegram and Threema to infect Android devices with a new, previously undocumented malware. "Compared to the versions documented in 2017, Android/SpyC23.A has extended spying functionality, including reading notifications from messaging apps, call (The Hacker News)

Russian Who Hacked LinkedIn, Dropbox Sentenced to 7 Years in Prison

A Russian hacker who was found guilty of hacking LinkedIn, Dropbox, and Formspring over eight years ago has finally been sentenced to 88 months in United States prison, that's more than seven years by a federal court in San Francisco this week. Yevgeniy Aleksandrovich Nikulin, 32, of Moscow hacked into servers belonging to three American social media firms, including LinkedIn, Dropbox, and (The Hacker News)

Critical Flaws Discovered in Popular Industrial Remote Access Systems

Cybersecurity researchers have found critical security flaws in two popular industrial remote access systems that can be exploited to ban access to industrial production floors, hack into company networks, tamper with data, and even steal sensitive business secrets. The flaws, discovered by Tel Aviv-based OTORIO, were identified in B&R Automation's SiteManager and GateManager, and MB Connect (The Hacker News)

Emotet Emails Strike Thousands of DNC Volunteers

Hundreds of U.S. organizations on Thursday received emails purporting to come from the Democratic National Committee, in a new politically charged Emotet spear-phishing attack. (Threatpost)

QR Codes: A Sneaky Security Threat

What to watch out for, and how to protect yourself from malicious versions of these mobile shortcuts. (Threatpost)

Microsoft Office 365 Phishing Attack Uses Multiple CAPTCHAs

Cybercriminals set up three different CAPTCHAs that Office 365 targets must click through before the final phishing page. (Threatpost)


/security-daily/ 02-10-2020 23:44:23