30-11-202002-12-2020

Security daily (01-12-2020)

Configuring AWS VPN for UK public sector use

In this post, we explain the United Kingdom (UK) National Cyber Security Centre (NCSC)’s guidance on VPN profiles configuration, and how the configuration parameters for the AWS Virtual Private Network (AWS VPN) align with the NCSC guidance. At the end of the post, there are links to code to deploy the AWS VPN in line […] (AWS Security Blog)

Announcing Cloud Audit Academy AWS-specific for audit and compliance teams

Today, I’m pleased to announce the launch of Cloud Audit Academy AWS-specific (CAA AWS-specific). This is a new, accelerated training program for auditing AWS Cloud implementations, and is designed for auditors, regulators, or anyone working within a control framework. Over the past few years, auditing security in the cloud has become one of the fastest […] (AWS Security Blog)

California man gets 3 years in prison for hacking Nintendo, collecting child pornography

A 21-year-old California man has been sentenced to three years in prison and seven years of supervised release for a hacking scheme that stole proprietary Nintendo information, and for possessing child pornography. The defendant, Ryan Hernandez, will also have to pay more than $259,000 to remediate damages he allegedly caused Nintendo, U.S. prosecutors in the Western District of Washington announced Tuesday. The sentencing comes four years after Hernandez first got in trouble with the law for alleged hacking. In 2016, as a teenager, Hernandez and an unnamed associate stole login credentials from a Nintendo employee that were used to access files on Nintendo consoles and games, according to prosecutors. FBI agents visited Hernandez and his parents, and Hernandez pledged not to engage in anymore malicious online activity, the Justice Department said in a press release. But Hernandez went on to hack multiple Nintendo servers and steal internal data on popular […] The post California man gets 3 years in prison for hacking Nintendo, collecting child pornography appeared first on CyberScoop. (CyberScoop)

Researchers suggest 25 countries are using a kind of mobile spyware that monitors texts, location

A private surveillance firm that exploits mobile network vulnerabilities to spy on calls, texts and location data is doing business with at least 25 governments around the globe, including some with histories of human rights abuses, concludes a report released Tuesday. The findings from the University of Toronto’s Citizen Lab scrutinize the work of the company Circles, which is a sister firm of the Israeli software surveillance broker NSO Group. Human rights activists frequently criticize NSO Group for selling its equipment to repressive regimes, a charge it rejects, even as it is the subject of a lawsuit from Facebook, which alleges that attackers used NSO Group tech to spy on thousands of WhatsApp users. The countries Citizen Lab identified as “likely” customers of Circles: Australia, Belgium, Botswana, Chile, Denmark, Ecuador, El Salvador, Estonia, Equatorial Guinea, Guatemala, Honduras, Indonesia, Israel, Kenya, Malaysia, Mexico, Morocco, Nigeria, Peru, Serbia, Thailand, the United Arab Emirates, Vietnam, Zambia and Zimbabwe. […] The post Researchers suggest 25 countries are using a kind of mobile spyware that monitors texts, location appeared first on CyberScoop. (CyberScoop)

Former CISA deputy details ouster, condemns violent threat from Trump campaign

The former deputy of the U.S. Cybersecurity and Infrastructure Security Agency on Tuesday faulted the Trump campaign for politicizing election security and condemned a violent threat from a campaign lawyer toward his former boss, Chris Krebs, in some of his first public comments since leaving the agency. “I have yet to see a partisan issue within securing America’s infrastructure that warrants politicizing what we do,” Matt Travis, former deputy CISA director, said during a virtual event hosted by the Aspen Institute. “And what we were hearing from the Trump campaign was in effect politicizing the security of a sub-sector of infrastructure, namely the election system.” President Donald Trump on Nov. 17 fired Krebs as CISA director after Krebs and his agency repeatedly debunked the president’s baseless claims of electoral fraud. Travis resigned later that evening after, he said, the White House made clear that he would not succeed Krebs as head […] The post Former CISA deputy details ouster, condemns violent threat from Trump campaign appeared first on CyberScoop. (CyberScoop)

Manchester United attack illuminates the cyberthreats facing an overlooked sports sector

Manchester United, one of the wealthiest and most decorated soccer clubs in the word, is still recovering from a disruption of its computer systems that it revealed 11 days ago. Beyond a statement blaming “organized cybercriminals” for the incident, the club has declined to comment on who was behind the breach or whether it involved ransomware. The club said it took “swift action to contain the attack” and worked with outside security experts to minimize disruption to its IT systems. But the incident speaks for itself in some ways. It’s a stark reminder that major sports franchises have a target on their backs from cybercriminals, even if regulators and the press don’t apply the same amount of scrutiny to data protection strategies in athletics as in other sectors, like energy and finance. “We’ve seen more and more football clubs and other high-profile sporting businesses targeted by things like ransomware,” said Ciaran Martin, who until August headed the […] The post Manchester United attack illuminates the cyberthreats facing an overlooked sports sector appeared first on CyberScoop. (CyberScoop)

Cryptocurrency miners were 'distraction technique' in APT's espionage campaigns, Microsoft says

Sometimes a sneaky Monero miner is more than just a sign of a crook. Cyber-espionage campaigns this summer in France and Vietnam deployed cryptocurrency mining software on victims’ networks to help draw attention away from the hackers’ spying tools, Microsoft says in a new report. The company’s threat intelligence unit has pinned the activity on an advanced persistent threat (APT) group it calls Bismuth, more commonly known as APT32 or OceanLotus. “Recent campaigns from the nation-state actor BISMUTH take advantage of the low-priority alerts coin miners cause to try and fly under the radar and establish persistence,” the researchers say in a report released Monday. In this case, the coin miners collected Monero, a cryptocurrency with a reputation for being harder to trace than other digital coins. The hacking group — which other cybersecurity researchers have linked to the Vietnamese government — has been developing new techniques to break into […] The post Cryptocurrency miners were 'distraction technique' in APT's espionage campaigns, Microsoft says appeared first on CyberScoop. (CyberScoop)

The Biggest Hacks, Data Breaches Of 2020

(News ≈ Packet Storm)

Bitcoin Peaks At Record High Close To $20,000

(News ≈ Packet Storm)

Magecart Attack Convincingly Hijacks PayPal Transactions At Checkout

(News ≈ Packet Storm)

Trump Attorney Calls For Execution Of Former DHS Official

(News ≈ Packet Storm)

“Free” Symchanger Malware Tricks Users Into Installing Backdoor

In a previous post, I discussed how attackers can trick website owners into installing malware onto a website — granting the attacker the same unauthorized access as if they had exploited a vulnerability or compromised login details for the website. But did you know attackers use the same tactic against other bad actors? They do this by offering free malware, even going to great lengths to include a guide on how to use it. Continue reading “Free” Symchanger Malware Tricks Users Into Installing Backdoor at Sucuri Blog. (Sucuri Blog)

Misconfigured Docker Servers Under Attack by Xanthe Malware

The never-before-seen Xanthe cryptomining botnet has been targeting misconfigured Docker APIs. (Threatpost)

Android Messenger App Still Leaking Photos, Videos

The GO SMS Pro app has been downloaded 100 million times; now, underground forums are actively sharing images stolen from GO SMS servers. (Threatpost)

30-11-202002-12-2020

/security-daily/ 02-12-2020 23:44:23