01-09-202003-09-2020

Security daily (02-09-2020)

Deploying defense in depth using AWS Managed Rules for AWS WAF (part 2)

In this post, I show you how to use recent enhancements in AWS WAF to manage a multi-layer web application security enforcement policy. These enhancements will help you to maintain and deploy web application firewall configurations across deployment stages and across different types of applications. In part 1 of this post I describe the technologies […] (AWS Security Blog)

Defense in depth using AWS Managed Rules for AWS WAF (part 1)

In this post, I discuss how you can use recent enhancements in AWS WAF to manage a multi-layer web application security enforcement policy. These enhancements will help you to maintain and deploy web application firewall configurations across deployment stages and across different types of applications. The post is in two parts. This first part describes […] (AWS Security Blog)

NSA watchdog finds abusive behavior, grift at senior levels

The National Security Agency’s Office of the Inspector General determined that multiple senior executive leaders and top officials at the intelligence agency recently have engaged in abusive behavior, misusing their positions, and fudging timesheets. One senior executive “created a hostile work environment by using abusive and offensive language toward subordinate employees,” according to the NSA OIG’s semi-annual report to Congress, an unclassified version of which was published Wednesday. The same official also asked subordinates to bring in food such as donuts, to be paid for out of pocket, and urged subordinates to perform activities outside of their professional duties and complete tasks that weren’t “authorized in accordance with law or regulation,” the OIG said. The same executive, who went unnamed in the report, also “misused the NSA/[Central Security Service] information systems in a manner that served no legitimate public interest and which would reflect adversely on NSA, in violation of DoD Joint Ethics Regulation and Agency […] The post NSA watchdog finds abusive behavior, grift at senior levels appeared first on CyberScoop. (CyberScoop)

CISA orders agencies to set up vulnerability disclosure programs

Out of scores of federal civilian agencies, only a handful of them have official programs to work with outside security researchers to find and fix software bugs — a process that is commonplace in the private sector. Now, to put an end to the feet-dragging, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency is giving agencies six months to set up the programs, known as vulnerability disclosure policies (VDPs). CISA on Wednesday issued a directive requiring agencies to establish VDPs that foreswear legal action against researchers who act in good faith, allow participants to submit vulnerability reports anonymously and cover at least one internet-accessible system or service. It’s the latest sign that federal officials are warming to white-hat hackers from various walks of life. “We believe that better security of government computer systems can only be realized when the people are given the opportunity to help,” CISA Assistant Director […] The post CISA orders agencies to set up vulnerability disclosure programs appeared first on CyberScoop. (CyberScoop)

Router vendor has patched some zero-days, but leaves others wide open

In April, security researcher Rich Mirch got a text from a friend who had just switched to a new wireless router and was raving about its high-speed internet. You have to try it, the friend told Mirch. Curious, Mirch downloaded the router’s firmware and started picking it apart. He found that the device, made by an obscure Canada-based company called MoFi Network, had multiple password-related vulnerabilities packed into its code. But Mirch wanted to delve deeper. So the senior adversarial engineer at Texas-based security firm CriticalStart ordered the router online and rolled up his sleeves. He ended up finding 10 previously undisclosed vulnerabilities in the device that, if exploited, could allow attackers to steal passwords and data from networks running the vulnerable routers, including VPN credentials and API keys. “Some of these vulnerabilities have probably existed since 2015,” said Mirch, who published his findings on Wednesday. The research points to a longstanding […] The post Router vendor has patched some zero-days, but leaves others wide open appeared first on CyberScoop. (CyberScoop)

Phishing scam uses Sharepoint and One Note to go after passwords

Not all phishing links appear right in the email itself... (Naked Security)

How to Use Linux Smart Enumeration to Discover Paths to Privesc

Privilege escalation is the technique used to exploit certain flaws to obtain elevated permissions relative to the current user. There are a vast number of methods out there to go from user to root on Linux, and keeping track of them all can be difficult. This is where automation comes into play, and a privilege escalation script called Linux Smart Enumeration is one to take advantage of.

LSE vs LinEnum

Linux Smart Enumeration sets itself apart from other privilege escalation scripts because of the features it has. One of the most significant differences between it and other scripts like... more (Null Byte « WonderHowTo)

Master AWS with This Extensive $30 Training Bundle

Cloud computing has come a long way since the days of simple online storage and server networking. Virtually every major company in the world now relies on complex cloud computing infrastructures to reach customers, innovate products, and streamline communications. Their reliance on advanced cloud computing platforms is only going to grow in the coming years.

As one of the world's leading cloud computing platforms, Amazon Web Services (AWS) stands at the forefront of this increasingly powerful and important industry, and the Complete AWS eBook & Video Course Bundle will help you master it for... more (Null Byte « WonderHowTo)

Facebook Takes Down Network Of Fake Accounts Of Kremlin Trolls

(News ≈ Packet Storm)

Hackers Exploit WP File Manager Flaw Affecting Over 350,000 Sites

(News ≈ Packet Storm)

Six More Apps Containing Joker Malware Removed From The Google Play Store

(News ≈ Packet Storm)

Amazon Withdraws Job Adverts For Union Spies

(News ≈ Packet Storm)

Critical Vulnerability in File Manager Plugin Affecting 700k WordPress Websites

Yesterday, the WordPress plugin File Manager was updated, fixing a critical vulnerability allowing any website visitor to gain complete access to the website. Users of our WAF were never vulnerable to this exploit. The Sucuri firewall blocks malicious payloads by default using our generic exploitation rules. Technical Details The vulnerability originated from the remains of a development environment on version 6.4 nearly 4 months ago, where a file was renamed to test certain features. Continue reading Critical Vulnerability in File Manager Plugin Affecting 700k WordPress Websites at Sucuri Blog. (Sucuri Blog)

New Web-Based Credit Card Stealer Uses Telegram Messenger to Exfiltrate Data

Cybercriminal groups are constantly evolving to find new ways to pilfer financial information, and the latest trick in their arsenal is to leverage the messaging app Telegram to their benefit.

In what's a new tactic adopted by Magecart groups, the encrypted messaging service is being used to send stolen payment details from compromised websites back to the attackers.

"For threat actors, this (The Hacker News)

U.S. Agencies Must Adopt Vulnerability-Disclosure Policies by March 2021

U.S. agencies must implement vulnerability-disclosure policies by March 2021, according to a new CISA mandate. (Threatpost)

BEC Wire Transfers Average $80K Per Attack

That number represents a big uptick over Q1. (Threatpost)

Triple-Threat Cryptocurrency RAT Mines, Steals and Harvests

KryptoCibule spreads via pirated software and game torrents. (Threatpost)

Joker Spyware Plagues More Google Play Apps

The six malicious apps have been removed from Google Play, but could still threaten 200,000 installs. (Threatpost)

Live Webinar: XDR and Beyond

Next week, Senior Analyst Dave Gruber of ESG will join cybersecurity company Cynet for a webinar to help companies better understand the promise and realities of emerging XDR technologies. (Threatpost)

Cisco Warns of Active Exploitation of Flaw in Carrier-Grade Routers

Multiple flaws in system software that causes errors in packet handling could allow an attacker to consume memory and crash devices. (Threatpost)

01-09-202003-09-2020

/security-daily/ 03-09-2020 23:44:22