Security daily (02-10-2020)

Enable Office 365 with AWS Managed Microsoft AD without user password synchronization

In this post, we explain how you can use AWS Directory Service for Microsoft Active Directory (AWS Managed Microsoft AD) to enable your users to access Microsoft Office 365 without synchronizing passwords using Azure Active Directory (Azure AD) Pass-through Authentication (PTA). This makes it easier to configure Microsoft Office 365 with AWS Managed Microsoft AD. […] (AWS Security Blog)

Before targeting Belarus, Eastern Europe-focused hackers flew under the radar

A mysterious cyber-espionage group, active for nearly a decade but documented in detail by private researchers for the first time Friday, has been hacking into government organizations in Eastern Europe in search of secrets. The hacking group has targeted military organizations, foreign ministries and private firms in Russia, Ukraine, Belarus and the Balkans with pinpoint espionage. Researchers from the anti-virus firm ESET, which claimed the discovery and christened the group “XDSpy,” said the attackers have been scouring a few dozen computers in search of sensitive PDF and Microsoft Word documents. One of the few other public indicators that XDSpy was on the prowl came from a February advisory from the Belarusian government’s National Computer Emergency Response Team. That statement listed four Belarusian government email accounts that had been compromised by the attackers, but warned that various government officials had been targeted. The broader region has long been subject to cyber-espionage activity, as hackers from […] The post Before targeting Belarus, Eastern Europe-focused hackers flew under the radar appeared first on CyberScoop. (CyberScoop)

Emotet hackers are using Democratic Party content in email scam

A global spike in the spread of Emotet malware now includes phishing messages geared toward potential Democratic Party volunteers at hundreds of U.S. organizations, according to security researchers. Attackers behind the Emotet hacking tool have referred to current events in their email lures before, but “historically they have not directly leveraged political themes in their messaging,” reports email security company Proofpoint. The body of this particular email is taken directly from a page on the Democratic National Committee’s website, the researchers say, and attached is a malicious Word document titled “Team Blue Take Action.” The thousands of emails sent to U.S. targets came in the same week that interest spiked in the U.S. presidential campaign as President Donald Trump and Democratic challenger Joe Biden met in their first debate. (Trump’s announcement early Friday of a positive coronavirus test probably will not dampen Democrats’ interest in the race.) Proofpoint stresses that despite the political content of […] The post Emotet hackers are using Democratic Party content in email scam appeared first on CyberScoop. (CyberScoop)

Serious Security: Phishing without links – when phishers bring along their own web pages

How do you "check the URL before you click" if the web page you're visiting is already on your own computer? (Naked Security)

DHS Found Disinformation Efforts Mirror Trump Attacks On Mail-In Voting, Senators Say

(News ≈ Packet Storm)

Nintendo Wins $2 Million In Switch Hacking Case

(News ≈ Packet Storm)

Researchers Track Hacking Fingerprints On LPE Exploits

(News ≈ Packet Storm)

Google Is Creating A Special Android Security Team

(News ≈ Packet Storm)

Researchers Fingerprint Exploit Developers Who Help Several Malware Authors

Writing advanced malware for a threat actor requires different groups of people with diverse technical expertise to put them all together. But can the code leave enough clues to reveal the person behind it? To this effect, cybersecurity researchers on Friday detailed a new methodology to identify exploit authors that use their unique characteristics as a fingerprint to track down other exploits (The Hacker News)

Egregor Ransomware Threatens ‘Mass-Media’ Release of Corporate Data

The newly discovered ransomware is hitting companies worldwide, including the GEFCO global logistics company. (Threatpost)

Voter Registration ‘Error’ Phish Hits During U.S. Election Frenzy

Phishing emails tell recipients that their voter's registration applications are incomplete - but instead steal their social security numbers, license data and more. (Threatpost)

Account Takeover Fraud Losses Total Billions Across Online Retailers

Account takeover fraud (ATO) attacks are on the rise, up nearly 300 percent since last year. (Threatpost)

Researchers Mixed on Sanctions for Ransomware Negotiators

Financial institutions, cyber-insurance firms, and security firms have all been put on notice by the U.S. Department of the Treasury. (Threatpost)

LatAm Banking Trojans Collaborate in Never-Before-Seen Effort

Eleven different malware families are coordinating on distribution, features, geo-targeting and more. (Threatpost)

Years-Long ‘SilentFade’ Attack Drained Facebook Victims of $4M

Facebook detailed an ad-fraud cyberattack that's been ongoing since 2016, stealing Facebook credentials and browser cookies. (Threatpost)

305 CVEs and Counting: Bug-Hunting Stories From a Security Engineer

Larry Cashdollar, senior security response engineer at Akamai, talks about the craziest stories he's faced, reporting CVEs since 1994. (Threatpost)


/security-daily/ 03-10-2020 23:45:52