01-02-202103-02-2021

Security daily (02-02-2021)

Over 40 services require TLS 1.2 minimum for AWS FIPS endpoints

In a March 2020 blog post, we told you about work Amazon Web Services (AWS) was undertaking to update all of our AWS Federal Information Processing Standard (FIPS) endpoints to a minimum of Transport Layer Security (TLS) 1.2 across all AWS Regions. Today, we’re happy to announce that over 40 services have been updated and […] (AWS Security Blog)

House Dems pressure tech giants over spread of COVID-19 vaccine misinformation

With reports of COVID-19 vaccine misinformation and disinformation proliferating on tech platforms, Democratic leaders of the House Energy and Commerce Committee on Tuesday said they want answers from the industry’s titans about what they’re doing to stop it. “As the country enters this next phase in its fight against the virus — the success of which is dependent on hundreds of millions of Americans trusting the science behind these vaccines — the Committee is deeply troubled by news reports of coronavirus vaccine misinformation on your platform,” wrote Democratic leaders of the panel, including Chairman Frank Pallone, D-N.J., to the CEOs of Facebook, Google and Twitter. It’s the latest application of pressure on tech companies from government officials to halt fake news about COVID-19. Just last week, the European Union said it expects Facebook, Google, Microsoft and Twitter to continue delivering monthly reports on the subject for another six months. There’s […] The post House Dems pressure tech giants over spread of COVID-19 vaccine misinformation appeared first on CyberScoop. (CyberScoop)

Senate confirms cybersecurity-focused Alejandro Mayorkas as DHS secretary

The Senate on Tuesday voted to confirm Alejandro Mayorkas as Homeland Security secretary, a post crucial to the U.S. response to a suspected Russian hacking campaign that has roiled Washington. A former No. 2 Department of Homeland Security official in the Obama administration, Mayorkas flatly told lawmakers last month that U.S. government defenses against hacking were out of step with the urgency of the threats. “The cybersecurity of our nation [will be] one of my highest priorities,” he said during a Senate confirmation hearing. Mayorkas has pledged to strengthen DHS’s cybersecurity work, including by reviewing two big-budget department programs that did not thwart the alleged Russian hack. The spying campaign has exploited software made by SolarWinds and other IT providers, and infiltrated multiple U.S. agencies. Mayorkas, who fled Cuba’s Castro regime as a child, now leads a vast DHS bureaucracy whose charges include defending civilian federal agencies from state-backed hackers and […] The post Senate confirms cybersecurity-focused Alejandro Mayorkas as DHS secretary appeared first on CyberScoop. (CyberScoop)

South Sudan worked with Israeli surveillance company to monitor citizens, Amnesty finds

The South Sudanese government obtained surveillance capabilities from an Israeli company between at least 2015 and 2017 in order to wiretap citizens’ phones, according to an Amnesty International investigation published Tuesday. The company, Verint Systems Ltd., a subsidiary of U.S.-based Verint Systems Inc., worked with the government of South Sudan to provide “communications interception equipment and annual support services,” according to documents reviewed by Amnesty International. As part of the arrangement, South Sudan required Vivacell, a telecommunications company, to pay Verint at least $762,236 in order to intercept citizens’ communications, according to Amnesty’s assessment. The reports of South Sudan’s National Security Service’s (NSS) intrusive surveillance meld into a pattern of dangerous human rights abuses in South Sudan, including prolonged detention, extrajudicial killings and the silencing of government critics, human rights activists and journalists, according to Amnesty. A United Nations Panel of Experts found in 2016 that NSS’ “ability to identify […] The post South Sudan worked with Israeli surveillance company to monitor citizens, Amnesty finds appeared first on CyberScoop. (CyberScoop)

China could add new sets of genome data to espionage treasure trove, US officials warn

With coronavirus testing offering new avenues for collecting sensitive health data, U.S. intelligence officials have issued a fresh warning about Chinese government operatives’ alleged longstanding practice of using medical information for espionage. The public advisory released Monday by the U.S. National Counterintelligence and Security Center cautions that Beijing could pair DNA datasets with the millions of records thought to be in the hands of Chinese spies from the 2015 hacks of health insurer Anthem and the Office of Personnel Management, and the 2017 breach of credit-monitoring firm Equifax. (Beijing has repeatedly denied using hacking to steal sensitive data.) The concern is that Chinese authorities could use the data trove to extort or manipulate U.S. government officials or corporate executives. For example, the NCSC worries that Beijing could use knowledge of someone’s genetic vulnerability to addiction or past bouts with mental illness to coerce them into handing over U.S. government secrets. […] The post China could add new sets of genome data to espionage treasure trove, US officials warn appeared first on CyberScoop. (CyberScoop)

White House must act now to boost trust in elections, experts say

There’s a brief window for the Biden administration to boost Americans’ trust in the voting process, and the White House must take steps now, according to a new report from election-integrity experts. President Joe Biden should form a Presidential Commission on Election Resilience and Trust that would spend six months studying the issue and report back before the end of 2021, says the report from the Alliance for Securing Democracy and the Center for Democracy and Technology. “Despite the absence of widespread voter fraud or major cyber attacks in the 2020 elections, false information ran rampant in the pre- and post-election periods,” write David Levine, an elections integrity fellow for the ASD, and William T. Adler, a senior technologist in elections and democracy for the CDT. “The Commission should study and make recommendations about efforts to counter election-related mis- and disinformation, which undermine confidence in our democracy.” The Washington Post […] The post White House must act now to boost trust in elections, experts say appeared first on CyberScoop. (CyberScoop)

Apple Face ID To Work For Mask Wearers

(News ≈ Packet Storm)

Hackers Are Exploiting A Critical Zero Day In Devices From SonicWall

(News ≈ Packet Storm)

SolarWinds Hack Prompts Congress To Put NSA In Encryption Hot Seat

(News ≈ Packet Storm)

Identity Theft Spikes Due To COVID-19 Relief

(News ≈ Packet Storm)

This Linux Malware Is Hijacking Supercomputers Globally

(News ≈ Packet Storm)

Whitespace Steganography Conceals Web Shell in PHP Malware

Last November, we wrote about how attackers are using JavaScript injections to load malicious code from legitimate CSS files. At first glance, these injections didn’t appear to contain anything except for some benign CSS rules. A more thorough analysis of the .CSS file revealed 56,964 seemingly empty lines containing combinations of invisible tab (0x09), space (0x20), and line feed (0x0A) characters, which were converted to binary representation of characters and then to the text of an executable JavaScript code. Continue reading Whitespace Steganography Conceals Web Shell in PHP Malware at Sucuri Blog. (Sucuri Blog)

TrickBot Continues Resurgence with Port-Scanning Module

The infamous malware has incorporated the legitimate Masscan tool, which looks for open TCP/IP ports with lightning-fast results. (Threatpost)

Crypto Crook Hired Steven Seagal to Promote Scam, Now Faces Charges

Feds charged California-based private detective for stealing $11M from investors, with help from actor Steven Seagal. (Threatpost)

Tiny Kobalos Malware Bedevils Supercomputers to Steal Logins

The sophisticated backdoor steals SSH credentials for servers in academic and scientific high-performance computing clusters. (Threatpost)

Magento Web Skimmers Piggyback in Ongoing Costway Website Compromise

An e-commerce credit-card skimmer is being used by a second skimmer to steal payment data - and both are on Costway's website. (Threatpost)

Agent Tesla Trojan ‘Kneecaps’ Microsoft’s Anti-Malware Interface

A new version of the Agent Tesla RAT can 'kneecap' endpoint protection software supported by Microsoft ASMI. (Threatpost)

01-02-202103-02-2021

/security-daily/ 03-02-2021 23:44:23