02-09-202004-09-2020

Security daily (03-09-2020)

TISAX scope broadened

The Trusted Information Security Assessment Exchange (TISAX) provides automotive industry organizations the assurance needed to build secure applications and services on the cloud. In late June, AWS achieved the assessment objectives required for data with a very high need for protection according to TISAX criteria. We’re happy to announce this broadened scope of our TISAX […] (AWS Security Blog)

As Trump rails against mail-in voting, DHS warns Russia is doing the same

The Russian government will continue to use its media mouthpieces to attack mail-in voting and sow divisions among voters just weeks before the U.S. election, the Department of Homeland Security warned state and local election officials on Thursday. “We assess that Russia is likely to continue amplifying criticism of vote-by-mail and shifting voting processes amidst the COVID-19 pandemic to undermine public trust in the electoral process,” reads a DHS bulletin, which CyberScoop reviewed. “Since at least March 2020, Russian malign influence actors have been amplifying allegations of election integrity issues in new voting processes and vote-by-mail programs,” the memo says. Moscow’s reported denigration of the vote-by-mail process mirrors the criticisms leveled by President Donald Trump, who for weeks has baselessly claimed that mail-in voting can lead to widespread fraud. In reality, mail-in ballot fraud is exceptionally rare. On Wednesday, Trump suggested that voters should try voting twice in North Carolina, […] The post As Trump rails against mail-in voting, DHS warns Russia is doing the same appeared first on CyberScoop. (CyberScoop)

TikTok scrubs ads promoting diet pills, fake apps after Tenable report

Silly scammers, TikTok is for kids. The video-sharing app, which claims some 49 million daily active users in the U.S., said Thursday it removed an array of advertisements from its central #ForYou page that marketed suspicious diet pills, fake mobile apps and other inauthentic services. The removal came after researchers from the security firm Tenable alerted TikTok about an ecosystem of promotions that aim to defraud users out of money, trick them into downloading shady apps or collect their personally identifiable information. Some ads promise to compensate users who download mobile apps and run those programs for three minutes, a tactic that allows attackers to subvert security controls. Other messaging masquerades as news articles, apparently from CNN or Fox News, that include celebrities marketing “free” weight loss pills. “Scammers see [TikTok] users as a means to an end – the goal is to prey on consumer insecurities and desires to […] The post TikTok scrubs ads promoting diet pills, fake apps after Tenable report appeared first on CyberScoop. (CyberScoop)

Trump administration urged to sanction Russian individuals and groups for election meddling

A group of Democratic senators is urging the U.S. Treasury Department to impose sanctions on those involved in efforts to interfere in the 2020 elections so far, including those from Russia. “We write to urge you immediately to impose sanctions on individuals, entities and governmental actors seeking to interfere in the 2020 U.S. elections,” the 11 lawmakers, including Intelligence Committee Vice Chairman Mark Warner, wrote in a letter Thursday to Treasury Secretary Steven Mnuchin. “Congress mandated a broad range of sanctions tools, and it is long past time for the administration to send a direct message to President Putin: the U.S. will respond immediately and forcefully to continuing election interference by the government of the Russian Federation and its surrogates, to punish, deter and substantially increase the economic and political costs of such interference.” The U.S. intelligence community has assessed Russia is currently working to “publicly denigrate” Democratic presidential candidate Joe Biden, according to a statement the Office […] The post Trump administration urged to sanction Russian individuals and groups for election meddling appeared first on CyberScoop. (CyberScoop)

Vishing scams use Amazon and Prime as lures – don’t get caught!

How do you deal with scam calls on a phone number you keep for emergencies? (Naked Security)

BEC Wire Transfers Average $80K Per Attack

(News ≈ Packet Storm)

NSA Surveillance Exposed By Snowden Ruled Unlawful

(News ≈ Packet Storm)

Feds Can't Ask Google For Every Phone In A 100-Meter Radius, Court Says

(News ≈ Packet Storm)

New Python Scripted Trojan Malware Targets Fintech Companies

(News ≈ Packet Storm)

(Live) Webinar – XDR and Beyond with Autonomous Breach Protection

Anyone paying attention to the cybersecurity technology market has heard the term XDR - Extended Detection and Response.

XDR is a new technology approach that combines multiple protection technologies into a single platform. All the analyst firms are writing about it, and many of the top cybersecurity companies are actively moving into this space.

Why is XDR receiving all the buzz? Combining (The Hacker News)

Cisco Jabber Bug Could Let Hackers Target Windows Systems Remotely

Networking equipment maker Cisco has released a new version of its Jabber video conferencing and messaging app for Windows that includes patches for multiple vulnerabilities—which, if exploited, could allow an authenticated, remote attacker to execute arbitrary code.

The flaws, which were uncovered by Norwegian cybersecurity firm Watchcom during a pentest, affect all currently supported (The Hacker News)

Attackers Can Exploit Critical Cisco Jabber Flaw With One Message

An attacker can execute remote code with no user interaction, thanks to CVE-2020-3495. (Threatpost)

Google Ups Product-Abuse Bug Bounties

The top award for flaws that allow cybercriminals to abuse legitimate services has increased by 166 percent. (Threatpost)

Python-based Spy RAT Emerges to Target FinTech

The Evilnum APT has added the RAT to its arsenal as part of a big change-up in its TTPs. (Threatpost)

NSA Mass Surveillance Program Illegal, U.S. Court Rules

The NSA argued its mass surveillance program stopped terrorist attacks - but a new U.S. court ruling found that this is not, and may have even been unconstitutional. (Threatpost)

India Blocks High-Profile Chinese Apps on Political, Privacy Concerns

Technology minister bans, Baidu, WeChat Work, AliPay and 115 others for capturing using data and transmitting it to servers outside of the country without authorization. (Threatpost)

02-09-202004-09-2020

/security-daily/ 04-09-2020 23:44:23