Security daily (02-07-2021)

How to monitor and track failed logins for your AWS Managed Microsoft AD

AWS Directory Service for Microsoft Active Directory provides customers with the ability to review security logs on their AWS Managed Microsoft AD domain controllers by either using a domain management Amazon Elastic Compute Cloud (Amazon EC2) instance or by forwarding domain controller security event logs to Amazon CloudWatch Logs. You can further improve visibility by […] (AWS Security Blog)

Kaseya hit with suspected cyberattack, raising fears of major supply chain incident

IT and security management services company Kaseya reported an attack against a “small number” of customers Friday afternoon, but a bigger supply chain incident might be afoot heading into the July 4 holiday weekend. The attack, which some researchers believe to be the work of ransomware group REvil or one of its affiliates, could be the beginning of a mass ransomware event with the potential to strike a wide swath of industry and local government. The FBI in June blamed the Russia-based group for a ransomware attack against global meat supplier JBS. Vaseya said the incident is affecting its VSA software platform used by managed services providers. “We are investigating a potential attack against the VSA that indicates to have been limited to a small number of our on-premises customers only. We have proactively shut down our SaaS [software as a service] servers out of an abundance of caution,” Dana […] The post Kaseya hit with suspected cyberattack, raising fears of major supply chain incident appeared first on CyberScoop. (CyberScoop)

DHS hails cybersecurity hiring blitz that puts dent in thousands of vacancies

The Department of Homeland Security is touting its “most successful cybersecurity hiring initiative” ever after bringing on nearly 300 pros, with job offers extended to 500 more. It’s a figure significantly higher than the goal of 200 hires established under a two-month “Cybersecurity Workforce Sprint.” But it’s also still just a dent, going 12% of the way toward filling the more than 2,000 vacancies, by DHS’s own accounting. “DHS is dedicating significant energy toward exceeding our cybersecurity hiring goal by recruiting talented experts, investing in diverse talent pipelines, and ensuring equitable access to professional development opportunities at every level,” DHS Secretary Alejandro Mayorkas said in a news release late Thursday. “While I am proud of the progress we have made to date, we still have more work to do.” It’s been a long, slow climb for DHS to bring on cyber personnel, but the “sprint” is the latest sign of […] The post DHS hails cybersecurity hiring blitz that puts dent in thousands of vacancies appeared first on CyberScoop. (CyberScoop)

US email hacker gets his “computer trespass” conviction reversed

Court says that we need to "avoid a construction that makes some language mere surplusage." (Naked Security)

Ransomware Gangs Taking Aim At Soft Target Industrial Control Systems

(News ≈ Packet Storm)

Hacked Data For 69K LimeVPN Users Up For Sale On Dark Web

(News ≈ Packet Storm)

Feds File New Charges For Amazon Employee That Leveraged Server Access To Hack Capital One

(News ≈ Packet Storm)

China Investigates Didi Over Cyber Security Days After Its IPO

(News ≈ Packet Storm)

Russian Military Hackers Have Been On A Worldwide Password Guessing Spree

(News ≈ Packet Storm)

Mongolian Certificate Authority Hacked to Distribute Backdoored CA Software

In yet another instance of software supply chain attack, unidentified hackers breached the website of MonPass, one of Mongolia's major certificate authorities, to backdoor its installer software with Cobalt Strike binaries. The trojanized client was available for download between February 8, 2021, and March 3, 2021, said Czech cybersecurity software company Avast in a report published Thursday. (The Hacker News)

New Google Scorecards Tool Scans Open-Source Software for More Security Risks

Google has launched an updated version of Scorecards, its automated security tool that produces a "risk score" for open source initiatives, with improved checks and capabilities to make the data generated by the utility accessible for analysis. "With so much software today relying on open-source projects, consumers need an easy way to judge whether their dependencies are safe," Google's Open (The Hacker News)

TrickBot Spruces Up Its Banking Trojan Module

After focusing almost exclusively on delivering ransomware for the past year, the code changes could indicate that TrickBot is getting back into the bank-fraud game. (Threatpost)

Widespread Brute-Force Attacks Tied to Russia’s APT28

The ongoing attacks are targeting cloud services such as Office 365 to steal passwords and password-spray a vast range of targets, including in U.S. and European governments and military. (Threatpost)

Why Healthcare Keeps Falling Prey to Ransomware and Other Cyberattacks

Nate Warfield, CTO of Prevailion and former Microsoft security researcher, discusses the many security challenges and failings plaguing this industry. (Threatpost)

CISA Offers New Mitigation for PrintNightmare Bug

CERT urges administrators to disable the Windows Print spooler service in Domain Controllers and systems that don’t print, while Microsoft attempts to clarify RCE flaw with a new CVE assignment. (Threatpost)


/security-daily/ 03-07-2021 23:44:23