Security daily (02-07-2020)

Monitoring AWS Certificate Manager Private CA with AWS Security Hub

Certificates are a vital part of any security infrastructure because they allow a company’s internal or external facing products, like websites and devices, to be trusted. To deploy certificates successfully and at scale, you need to set up a certificate authority hierarchy that provisions and issues certificates. You also need to monitor this hierarchy closely, […] (AWS Security Blog)

Senate panel advances bill to combat child exploitation, but critics fear it could weaken encryption

The Senate Judiciary Committee on Thursday unanimously advanced a bill that would combat child pornography, but which technologists say risks weakening encryption for average internet users by exposing tech companies to lawsuits. The Eliminating Abusive and Rampant Neglect of Interactive Technologies Act (EARN IT Act) would remove liability protections for companies like Facebook when users share child pornography on their platforms. The bill is the latest front in a long-running struggle between lawmakers who see end-to-end encryption as shielding criminality, and civil liberties advocates and technologists who say weakening encryption could make swaths of the internet less secure. Lawmakers responded to criticism of earlier versions of the bill by making the standards that tech companies have to meet to receive liability protection voluntary. The bill also now states that tech providers won’t be targeted under federal law simply for providing encryption technology, thanks to an amendment from Sen. Patrick Leahy, D-Vt. […] The post Senate panel advances bill to combat child exploitation, but critics fear it could weaken encryption appeared first on CyberScoop. (CyberScoop)

European police crack encrypted phone network, arrest hundreds of alleged criminals

Law enforcement agencies in France, the Netherlands and the United Kingdom on Thursday announced hundreds of arrests of alleged drug dealers and other criminals in a major bust made possible by cracking an encrypted phone network. European police officials said they broke into the platform of EncroChat, a bespoke encrypted messaging service, in April and had been quietly reading the messages ever since. They did not reveal the technique they used to breach EncroChat. The operation is nonetheless a significant breakthrough for law enforcement agencies that often say encrypted messaging apps stymie criminal and national security investigations. Andy Kraag, head of the Netherlands’ National Criminal Investigation Service, said investigators exploited “state-of-the-art cyber technology” to break EncroChat’s encryption, taking advantage of the alleged criminals’ trust in the encrypted platform. French authorities were involved in cracking EncroChat’s network and deployed a monitoring tool, Vice News reported. The Dutch police claimed they were able […] The post European police crack encrypted phone network, arrest hundreds of alleged criminals appeared first on CyberScoop. (CyberScoop)

Facebook reinstates NSO Group employee accounts amid ongoing lawsuit

After a months-long court battle, Facebook has reinstated four accounts of people employed by Israeli software surveillance firm NSO Group, according to Israeli news outlet CTech. NSO Group employees had alleged in a suit filed last November that Facebook had unfairly blocked them from their personal accounts when Facebook’s WhatsApp sued the surveillance firm in October. An Israeli court had previously ordered Facebook to unblock the accounts in February. Last month, the court rejected Facebook’s appeal, according to CTech. It’s the latest legal scuffle between the social media giant and NSO Group, which is being sued in California over allegations its software was used to spy on thousands of WhatsApp users. In a statement to CTech, Facebook indicated the decision to reinstate the accounts would not affect the lawsuit. “Throughout the entire proceedings in Israel, NSO Group operated behind the scenes to sabotage our efforts to make it admit its responsibility for attacks […] The post Facebook reinstates NSO Group employee accounts amid ongoing lawsuit appeared first on CyberScoop. (CyberScoop)

Websites of eight US cities poisoned by malware skimming the credit card details of residents

Beware if you’re paying your bills for local government services – the payment information you type into that web form may be heading straight to cybercriminals. (Graham Cluley)

22,900 MongoDB databases held to ransom by hacker threatening to report firms for GDPR violations

Hackers are once again finding unsecured MongoDB databases, wiping their contents, and leaving ransom demands. So far, so normal. But what’s different this time is that they’re also threatening to report their victims for violating GDPR. Read more in my article on the Tripwire State of Security blog. (Graham Cluley)

Smashing Security podcast #185: Bieber fever, Roblox, and ransomware

Who’s been dressing Robox players up in red baseball caps? Which ransomware victim’s negotations got spied on by the media? And should Jason Bieber think twice before touching his hat? Oh, and we need to talk about squirrels… All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast. (Graham Cluley)

MongoDB ransom threats step up from blackmail to full-on wiping

Still thinking "the crooks probably won't find me if I make a security blunder"? (Naked Security)

133m records for sale as fruits of data breach spree keep raining down

Databases can be had for as little as $100, on up to $1,100. Most, if not all, are being sold by the hacking group Shiny Hunters. (Naked Security)

Learn HTML, CSS, JavaScript & More for Just $14

It's no secret that learning how to code is one of the best things you can do if you want to land a high-paying career in a world that's heavily reliant on web and app development.

But if you're new to the field, deciding which programming languages to learn and where to learn them can seem like an insurmountable task. There are numerous languages to choose from and a variety of overpriced training resources that peddle subpar instruction.

Enter the How to Become a Programmer in One Course bundle. This comprehensive and invaluable resource will introduce you to some of the most important and... more (Null Byte « WonderHowTo)

V Shred Leaks PII, Sensitive Photos Of Fitness Customers

(News ≈ Packet Storm)

FakeSpy Android Malware Spread Via Postal Service Apps

(News ≈ Packet Storm)

Hundreds Arrested As Crime Chat Network Cracked

(News ≈ Packet Storm)

After Six Months Of Stonewalling By Apple, App Dev Goes Public With macOS Privacy Protection Bypass

(News ≈ Packet Storm)

Dangerous Website Backups

It’s a well-known fact that website backups are important for mitigating a plethora of site issues. They can help restore a site after a compromise or even facilitate the investigative process by providing a clean code base to compare the current site state to. However, if a backup is not set up correctly, it can have the opposite effect — and may instead impose a security threat to your website. For example, we often find webmasters maintaining old copies of a site within a subdirectory of their main site. Continue reading Dangerous Website Backups at Sucuri Blog. (Sucuri Blog)

Critical Apache Guacamole Flaws Put Remote Desktops at Risk of Hacking

A new research has uncovered multiple critical reverse RDP vulnerabilities in Apache Guacamole, a popular remote desktop application used by system administrators to access and manage Windows and Linux machines remotely.

The reported flaws could potentially let bad actors achieve full control over the Guacamole server, intercept, and control all other connected sessions.

According to a (The Hacker News)

Trojans, Backdoors and Droppers: The Most-Analyzed Malware

Even so, backdoors and droppers are rare in the wild. (Threatpost)

Apache Guacamole Opens Door for Total Control of Remote Footprint

Several vulnerabilities can be chained together for a full exploit. (Threatpost)

Facebook Privacy Glitch Gave 5K Developers Access to ‘Expired’ Data

Facebook has fixed a privacy issue that gave developers access to user data long after the 90-day "expiration" date. (Threatpost)

FakeSpy Android Malware Spread Via ‘Postal-Service’ Apps

New ‘smishing’ campaigns from the Roaming Mantis threat group infect Android users with the FakeSpy infostealer. (Threatpost)


/security-daily/ 03-07-2020 23:44:21