Security daily (03-03-2021)

How to delegate management of identity in AWS Single Sign-On

In this blog post, I show how you can use AWS Single Sign-On (AWS SSO) to delegate administration of user identities. Delegation is the process of providing your teams permissions to manage accounts and identities associated with their teams. You can achieve this by using the existing integration that AWS SSO has with AWS Organizations, […] (AWS Security Blog)

C5 Type 2 attestation report now available with one new Region and 123 services in scope

Amazon Web Services (AWS) is pleased to announce the issuance of the 2020 Cloud Computing Compliance Controls Catalogue (C5) Type 2 attestation report. We added one new AWS Region (Europe-Milan) and 21 additional services and service features to the scope of the 2020 report. Germany’s national cybersecurity authority, Bundesamt für Sicherheit in der Informationstechnik (BSI), […] (AWS Security Blog)

How (NOT?!) to jailbreak your iPhone

We're sticking to our "patch early, peath often" mantra, although in this case it means you can't jailbreak. (Naked Security)

I see you: your home-working photos reveal more than you think!

Beware of sensitive data lurking in the background of your video calls and social pictures. (Naked Security)

Ursnif Trojan Has Targeted Over 100 Italian Banks

(News ≈ Packet Storm)

Google Says They Won't Use Other Web Tracking Tools After Phasing Out Cookies

(News ≈ Packet Storm)

Microsoft Accuses China Over Email Cyber-Attacks

(News ≈ Packet Storm)

MS Account Hijacking Vuln Earns Bug Bounty Hunter $50,000

(News ≈ Packet Storm)

Unpatched Bug in WiFi Mouse App Opens PCs to Attack

Wireless mouse-utility lacks proper authentication and opens Windows systems to attack. (Threatpost)

Google Patches Actively Exploited Flaw in Chrome Browser

A flaw (CVE-2021-21166) in the Audio component of Google Chrome is fixed in a new update being pushed out to Windows, Mac and Linux users. (Threatpost)

Malaysia Air Downplays Frequent-Flyer Program Data Breach

A third-party IT provider exposed valuable airline data that experts say could be a goldmine for cybercriminals.  (Threatpost)

Home-Office Photos: A Ripe Cyberattack Vector

Threat actors can use personal information gleaned from images to craft targeted scams, putting personal and corporate data at risk. (Threatpost)

RTM Cybergang Adds New Quoter Ransomware to Crime Spree

The Russian-speaking RTM threat group is targeting organizations in an ongoing campaign that leverages a well-known banking trojan, brand new ransomware strain and extortion tactics. (Threatpost)


/security-daily/ 04-03-2021 23:44:25