Security daily (02-11-2020)

Aligning IAM policies to user personas for AWS Security Hub

AWS Security Hub provides you with a comprehensive view of your security posture across your accounts in Amazon Web Services (AWS) and gives you the ability to take action on your high-priority security alerts. There are several different user personas that use Security Hub, and they typically require different AWS Identity and Access Management (IAM) […] (AWS Security Blog)

Election security pros focus on effective partnerships

Trust the process. That’s the message from a group of election security experts who, during a virtual panel discussion at CyberTalks, said they are working to safeguard the 2020 election from an array of cybersecurity threats. Benjamin Hovland, a commissioner on the U.S. Election Assistance Commission, Jack Cable, an election security technical adviser at the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, and Matt Masterson, a senior cybersecurity adviser at CISA, explained that the goal isn’t only to protect the Nov. 3 election, but also to ensure that the American people can trust the results. The CyberTalks panel was led by John DeSimone, vice president of cybersecurity, training and services at Raytheon Intelligence and Space. In a series of questions, DeSimone, probed the election security experts on the ways that U.S. government entities and the defense industrial base are working together “from a mission assurance perspective” to protect […] The post Election security pros focus on effective partnerships appeared first on CyberScoop. (CyberScoop)

How Twitter, Facebook say they will treat premature claims of electoral victory

With less than 24 hours before Election Day in the United States, social media platforms were still announcing plans about how they intend to flag premature and unfounded claims of victory in the event that a candidate tries to seize on a moment of global anxiety for their own gain. While Twitter previously said it would flag misleading claims about election results, the company on Monday clarified the criteria on which it will base its decisions. President Trump has told several close associates that he plans to declare victory on election night if he looks like he’s “ahead,” regardless of the official tally, according to Axios. Twitter, meanwhile, has made it clear that it will consider such claims premature if they come before at least two outlets from a pool including ABC News, the Associated Press, CBS News, CNN, Decision Desk HQ, Fox News, and NBC News publicly share their projections or election results. Twitter has also said […] The post How Twitter, Facebook say they will treat premature claims of electoral victory appeared first on CyberScoop. (CyberScoop)

Last-minute court rulings on election go against GOP, voting restrictions

A federal judge on Monday rejected a Texas GOP bid to throw out approximately 127,000 ballots in largely Democratic Harris County, saying the Republicans failed to demonstrate that they were harmed by the votes cast at extra drive-through locations. It was one of two major election cases to see action on Monday. In both cases, courts sided against conservative challenges over voting in Democrat-friendly jurisdictions. But it might only foreshadow more legal challenges ahead, after the election. In Texas, GOP activist Steven Hotze brought the case alongside Harris County Republicans state Rep. Steve Toth, congressional candidate Wendell Champion and judicial candidate Sharon Hemphill. They contended the extra 10 drive-through stations violated state election law, in an argument that centered on the definition of curbside voting. The clerk for Harris County, Houston’s home, rebutted the conservatives’ argument on several fronts. but the issue of whether they had standing to sue apparently caught the attention of U.S. District Judge Hanen. […] The post Last-minute court rulings on election go against GOP, voting restrictions appeared first on CyberScoop. (CyberScoop)

$100 million botnet scheme earns Russian man 8 years in prison

A U.S. judge sentenced a Russian national to eight years in prison over his role in stealing personal and financial information via a botnet conspiracy that aimed to generate an estimated $100 million. Prosecutors announced the sentence Monday for Aleksandr Brovko, who pleaded guilty in February to conspiracy to commit bank and wire fraud. From 2007 to 2019, according to the Department of Justice, Brovko collaborated with other cybercriminals to turn data troves harvested by botnets — networks of infected computers — into cash. Brovko’s role was to write software scripts to go through botnet logs and conduct data searches to extract highly sensitive personal information and online banking credentials, as well as scout out the value of compromised accounts to determine whether they’d be worth using to conduct fraud. In all, prosecutors said, Brovko possessed and trafficked more than 200,000 “unauthorized access devices,” a term for credit cards, mobile identification […] The post $100 million botnet scheme earns Russian man 8 years in prison appeared first on CyberScoop. (CyberScoop)

More suspected North Korean malware identified after US alert on Kimsuky hackers

Security researchers say they uncovered more tools associated with a North Korea-linked cyber-espionage group that was the subject of a U.S. government alert last week. The previously undocumented malware and server infrastructure appear to be the work of Kimsuky, an advanced persistent threat (APT) group, according to the researchers with Boston-based Cybereason. U.S. military and civilian agencies issued a joint warning about the APT on Oct. 27, saying the current threat was greatest for “commercial sector businesses,” although Kimsuky has often targeted government agencies, think tanks and other organizations connected to geopolitics. Organizations in the U.S., Europe, Japan, South Korea and Russia appear to be the targets, Cybereason says. Kimsuky also has a history of trying to gather intelligence about sanctions, nuclear policy and other issues salient to the Korean Peninsula. A U.N. Security Council report earlier this year said Kimsuky appeared to be behind hacking attempts against the international body. Kimsuky typically […] The post More suspected North Korean malware identified after US alert on Kimsuky hackers appeared first on CyberScoop. (CyberScoop)

Naked Security Live – Ransomware: what to do?

Here's the latest Naked Security Live video - enjoy (and please share with your friends)! (Naked Security)

Wroba Mobile Banking Trojan Targets US Smartphones

(News ≈ Packet Storm)

US Cyber Command Exposes New Russian Malware

(News ≈ Packet Storm)

Google reCAPTCHA Service Under The Privacy Microscope

(News ≈ Packet Storm)

CERT/CC Launches Twitter Bot To Give Security Bugs Names

(News ≈ Packet Storm)

CSS-JS Steganography in Fake Flash Player Update Malware

This summer, MalwareBytes researcher Jérôme Segura wrote an article about how criminals use image files (.ico) to hide JavaScript credit card stealers on compromised e-commerce sites. In a tweet, Affable Kraut also reported another similar obfuscation technique using .ico files to conceal JavaScript skimmers. Just something I’ve noticed more recently with digital skimmers/#magecart. Obfuscated code that has a weird google-analytics[.]com URL in it, which is the proper Google controlled domain. Continue reading CSS-JS Steganography in Fake Flash Player Update Malware at Sucuri Blog. (Sucuri Blog)

$100M Botnet Scheme Lands Cybercriminal 8 Years in Jail

Aleksandr Brovko faces jail time after stealing $100 million worth of personal identifiable information (PII) and financial data over the course of more than 10 years. (Threatpost)

Survey: Cybersecurity Skills Shortage is ‘Bad,’ But There’s Hope

Automation, strategic process design and an investment in training are the keys to managing the cybersecurity skills gap, according to a recent survey from Trustwave. (Threatpost)

WordPress Pushes Out Multiple Flawed Security Updates

WordPress bungles critical security 5.5.2 fix and saves face next day with 5.5.3 update. (Threatpost)


/security-daily/ 03-11-2020 23:44:23