Monitoring AWS Certificate Manager Private CA with AWS Security Hub
Certificates are a vital part of any security infrastructure because they allow a company’s internal or external facing products, like websites and devices, to be trusted. To deploy certificates successfully and at scale, you need to set up a certificate authority hierarchy that provisions and issues certificates. You also need to monitor this hierarchy closely, […]
(AWS Security Blog)
The Senate Judiciary Committee on Thursday unanimously advanced a bill that would combat child pornography, but which technologists say risks weakening encryption for average internet users by exposing tech companies to lawsuits. The Eliminating Abusive and Rampant Neglect of Interactive Technologies Act (EARN IT Act) would remove liability protections for companies like Facebook when users share child pornography on their platforms. The bill is the latest front in a long-running struggle between lawmakers who see end-to-end encryption as shielding criminality, and civil liberties advocates and technologists who say weakening encryption could make swaths of the internet less secure. Lawmakers responded to criticism of earlier versions of the bill by making the standards that tech companies have to meet to receive liability protection voluntary. The bill also now states that tech providers won’t be targeted under federal law simply for providing encryption technology, thanks to an amendment from Sen. Patrick Leahy, D-Vt. […] The post Senate panel advances bill to combat child exploitation, but critics fear it could weaken encryption appeared first on CyberScoop.
Law enforcement agencies in France, the Netherlands and the United Kingdom on Thursday announced hundreds of arrests of alleged drug dealers and other criminals in a major bust made possible by cracking an encrypted phone network. European police officials said they broke into the platform of EncroChat, a bespoke encrypted messaging service, in April and had been quietly reading the messages ever since. They did not reveal the technique they used to breach EncroChat. The operation is nonetheless a significant breakthrough for law enforcement agencies that often say encrypted messaging apps stymie criminal and national security investigations. Andy Kraag, head of the Netherlands’ National Criminal Investigation Service, said investigators exploited “state-of-the-art cyber technology” to break EncroChat’s encryption, taking advantage of the alleged criminals’ trust in the encrypted platform. French authorities were involved in cracking EncroChat’s network and deployed a monitoring tool, Vice News reported. The Dutch police claimed they were able […] The post European police crack encrypted phone network, arrest hundreds of alleged criminals appeared first on CyberScoop.
After a months-long court battle, Facebook has reinstated four accounts of people employed by Israeli software surveillance firm NSO Group, according to Israeli news outlet CTech. NSO Group employees had alleged in a suit filed last November that Facebook had unfairly blocked them from their personal accounts when Facebook’s WhatsApp sued the surveillance firm in October. An Israeli court had previously ordered Facebook to unblock the accounts in February. Last month, the court rejected Facebook’s appeal, according to CTech. It’s the latest legal scuffle between the social media giant and NSO Group, which is being sued in California over allegations its software was used to spy on thousands of WhatsApp users. In a statement to CTech, Facebook indicated the decision to reinstate the accounts would not affect the lawsuit. “Throughout the entire proceedings in Israel, NSO Group operated behind the scenes to sabotage our efforts to make it admit its responsibility for attacks […] The post Facebook reinstates NSO Group employee accounts amid ongoing lawsuit appeared first on CyberScoop.
Beware if you’re paying your bills for local government services – the payment information you type into that web form may be heading straight to cybercriminals.
Hackers are once again finding unsecured MongoDB databases, wiping their contents, and leaving ransom demands. So far, so normal. But what’s different this time is that they’re also threatening to report their victims for violating GDPR. Read more in my article on the Tripwire State of Security blog.
Who’s been dressing Robox players up in red baseball caps? Which ransomware victim’s negotations got spied on by the media? And should Jason Bieber think twice before touching his hat? Oh, and we need to talk about squirrels… All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast.
Still thinking "the crooks probably won't find me if I make a security blunder"?
Databases can be had for as little as $100, on up to $1,100. Most, if not all, are being sold by the hacking group Shiny Hunters.
It's no secret that learning how to code is one of the best things you can do if you want to land a high-paying career in a world that's heavily reliant on web and app development.
But if you're new to the field, deciding which programming languages to learn and where to learn them can seem like an insurmountable task. There are numerous languages to choose from and a variety of overpriced training resources that peddle subpar instruction.
Enter the How to Become a Programmer in One Course bundle. This comprehensive and invaluable resource will introduce you to some of the most important and... more
(Null Byte « WonderHowTo)
(News ≈ Packet Storm)
(News ≈ Packet Storm)
(News ≈ Packet Storm)
(News ≈ Packet Storm)
It’s a well-known fact that website backups are important for mitigating a plethora of site issues. They can help restore a site after a compromise or even facilitate the investigative process by providing a clean code base to compare the current site state to. However, if a backup is not set up correctly, it can have the opposite effect — and may instead impose a security threat to your website. For example, we often find webmasters maintaining old copies of a site within a subdirectory of their main site. Continue reading Dangerous Website Backups at Sucuri Blog.
A new research has uncovered multiple critical reverse RDP vulnerabilities in Apache Guacamole, a popular remote desktop application used by system administrators to access and manage Windows and Linux machines remotely.
The reported flaws could potentially let bad actors achieve full control over the Guacamole server, intercept, and control all other connected sessions.
According to a
(The Hacker News)
Even so, backdoors and droppers are rare in the wild.
Several vulnerabilities can be chained together for a full exploit.
Facebook has fixed a privacy issue that gave developers access to user data long after the 90-day "expiration" date.
New ‘smishing’ campaigns from the Roaming Mantis threat group infect Android users with the FakeSpy infostealer.
/security-daily/ 03-07-2020 23:44:21