02-12-202004-12-2020

Security daily (03-12-2020)

Congress set to establish White House national cyber director, enact other Solarium Commission recommendations

Congress is on the verge of creating a Senate-confirmed national cyber director within the White House who would advise the president on cybersecurity and coordinate the federal government’s related work. And supporters say it would improve on a White House czar position that President Donald Trump controversially eliminated: In addition to Senate confirmation, it would be housed outside of, rather than under, the National Security Council. Multiple sources familiar with negotiations on an annual must-pass defense policy bill say that the final agreement will include the national cyber director position. And it will largely reflect a proposal by the Cyberspace Solarium Commission, which earlier this year put together a comprehensive report that made sweeping recommendations. The Trump White House had opposed the creation of the position. It’s not the only major recommendation from the commission that was included in the legislation, either, according to those sources. Another provision would grant the Department of Homeland Security the power to issue […] The post Congress set to establish White House national cyber director, enact other Solarium Commission recommendations appeared first on CyberScoop. (CyberScoop)

Kaspersky catches hacker-for-hire group using 'PowerPepper' malware

The hack-for-hire business is thriving. Following the revelation in November that a new mercenary group had targeted organizations in South Asia, researchers on Thursday outlined how another suspected hack-for-hire shop has used malicious code to try to breach organizations in Europe and the Americas. It’s the latest innovation in a bustling market for buying access to government and corporate networks in a range of industries. The new code, uncovered by analysts at security firm Kaspersky, can be used to remotely take over victim devices, and it interacts with the attackers via a communications-concealing protocol. The group responsible for the malware, known theatrically as DeathStalker, has been around for at least eight years but has only drawn public scrutiny in recent months, according to Kaspersky. And researchers have more digging to do. “PowerPepper,” as the new malware is known, “is already the fourth malware strain affiliated with the actor, and we have discovered […] The post Kaspersky catches hacker-for-hire group using 'PowerPepper' malware appeared first on CyberScoop. (CyberScoop)

Cyber Command deployed personnel to Estonia to protect elections against Russian threat

Personnel from the U.S. Department of Defense’s Cyber Command deployed to Estonia in recent months as part of a broader effort to protect U.S. elections against foreign hacking, American and Estonian officials announced Thursday. The mission allowed personnel from U.S. Cyber Command and Estonia’s Defense Forces Cyber Command to collaborate on hunting for malicious hacking efforts on critical networks from adversaries, officials said. Estonia in particular could help the U.S. glean intelligence about Russian cyber-operations, as it has borne the brunt of Russian hacking in the past. Montenegro, a perennial target of Russian hacking, has also worked with Cyber Command on similar missions, known as “Hunt Forward” missions, to protect the 2020 presidential elections against foreign hacking. As the thinking goes, Cyber Command can run these kinds of operations to help protect a foreign ally against intrusions conducted by shared adversaries, while also obtaining information that could help protect U.S. […] The post Cyber Command deployed personnel to Estonia to protect elections against Russian threat appeared first on CyberScoop. (CyberScoop)

COVID-19 hacking extends to supply chain for controlling vaccine temperature, IBM says

As drug companies turn their attention from the development to the deployment of a coronavirus vaccine, well-resourced hackers are doing the same. IBM researchers on Thursday revealed a global spearphishing campaign they said was aimed at companies involved in the storage and transport of vaccines in temperature-controlled environments. Those controls allow the medicine to be sent to far-flung places. IBM suspects the attackers are tied to a government, but they said they didn’t have enough evidence to determine which one. The attackers’ goal may have been to steal login credentials from those companies in order to gain future access “to corporate networks and sensitive information relating to the COVID-19 vaccine distribution,” the researchers said. It’s unclear how successful the phishing has been. The findings illustrate how virtually every step of the months-long project by drug companies to produce a vaccine has been targeted by hackers. The U.S. government accused Chinese hackers of targeting […] The post COVID-19 hacking extends to supply chain for controlling vaccine temperature, IBM says appeared first on CyberScoop. (CyberScoop)

TrickBot adds firmware tool that researchers say could lead to 'bricking' devices

The malicious software known as TrickBot has morphed again, this time with a module that probes booting process firmware for vulnerabilities, possibly setting the stage for attacks that could ultimately destroy devices, researchers say. Two cybersecurity companies, Eclypsium and Advanced Intelligence (Advintel), dubbed the TrickBot add-on module “TrickBoot,” since it targets the UEFI/BIOS firmware. Firmware is permanent code programmed into a hardware device, while UEFI and BIOS are two kinds of specifications that manage a device’s start-up. TrickBoot, then, is a “significant step in the evolution of TrickBot,” the researchers say, that could make TrickBot especially pesty. “Since firmware is stored on the motherboard as opposed to the system drives, these threats can provide attackers with ongoing persistence even if a system is re-imaged or a hard drive is replaced,” they wrote.”Equally impactful, if firmware is used to brick a device, the recovery scenarios are markedly different (and more difficult) than recovery from […] The post TrickBot adds firmware tool that researchers say could lead to 'bricking' devices appeared first on CyberScoop. (CyberScoop)

S3 Ep9: Gift card hacks, dubious doorbells and Wi-Fi tips [Podcast]

Latest episode - listen now! (Naked Security)

Locking Down Linux: Using Ubuntu as Your Primary OS, Part 2 (Network Attack Defense)

After installing Ubuntu as your primary OS, you should have protected against USB Rubber Ducky payloads, defended against hard drive forensics, and reduced the overall attack surface against physical strikes. When defending against network-based attacks, you'll want to minimize hardware disclosures, prevent packet sniffers, harden firewall rules, and much more.

To be more specific, in this part of the mini-series for strengthening your primary Ubuntu installation, you'll learn to spoof your MAC address to trick passive attackers, disable unused networking services such as CUPS and Avahi... more (Null Byte « WonderHowTo)

Learn to Code with a Bundle That Fits Your Schedule

It can feel hard to find time for just about anything these days. But if you really sit down and think about it, you likely have a little more free time in your day than you might actually imagine. The average person has about 4.5 hours of total leisure time over the course of a week.

You can do a lot with 4.5 hours! You can even do a lot with just one hour when you have The Complete One-Hour Coder Bundle. This collection of six courses makes coding lessons more digestible than ever. They all offer one hour of instruction. That's enough for you to quickly brush up on a coding language you're... more (Null Byte « WonderHowTo)

Locking Down Linux: Using Ubuntu as Your Primary OS, Part 1 (Physical Attack Defense)

Windows 10 and macOS have poor reputations when it comes to customer privacy and user policies. Our hacking Windows 10 and hacking macOS articles might make it seem like a reasonably secure operating system doesn't exist. But I'm here to tell you that there is a viable alternative that could provide some sense of security and trust.

There are quite a few noteworthy Linux distributions with excellent development records and support communities to choose from. To name just a few, there's Manjaro, BlackArch, Parrot Security OS, and Kali, but I decided to feature Ubuntu for several reasons:... more (Null Byte « WonderHowTo)

Backdoor And Document Stealer Tied To Russia's Turla Group

(News ≈ Packet Storm)

Hackers Are Targeting The COVID Vaccine Cold Chain Supply Process

(News ≈ Packet Storm)

Google Play Apps Remain Vulnerable To High-Severity Flaw

(News ≈ Packet Storm)

Data Of 243 Million Brazilians Exposed Online

(News ≈ Packet Storm)

Kmart, Latest Victim of Egregor Ransomware – Report

The struggling retailer's back-end services have been impacted, according to a report, just in time for the holidays. (Threatpost)

TrickBot Returns with a Vengeance, Sporting Rare Bootkit Functions

A new "TrickBoot" module scans for vulnerable firmware and has the ability to read, write and erase it on devices. (Threatpost)

DeathStalker APT Spices Things Up with PowerPepper Malware

A raft of obfuscation techniques turn the heat up for the hacking-for-hire operation. (Threatpost)

Reverse Engineering Tools: Evaluating the True Cost

Breaking down the true cost of software tools in the context of reverse engineering and debugging may not be as clear-cut as it appears. (Threatpost)

Cyberattacks Target COVID-19 Vaccine ‘Cold-Chain’ Orgs

Cybercriminals try to steal the credentials of top companies associated with the COVID-19 vaccine supply chain in an espionage effort. (Threatpost)

02-12-202004-12-2020

/security-daily/ 04-12-2020 23:44:22