03-02-202105-02-2021

Security daily (04-02-2021)

New IRAP report is now available on AWS Artifact for Australian customers

We are excited to announce that a new Information Security Registered Assessors Program (IRAP) report is now available on AWS Artifact. The new IRAP documentation pack brings new services in scope, and includes a Cloud Security Control Matrix (CSCM) for specific information to help customers assess each applicable control that is required by the Australian […] (AWS Security Blog)

Biden says US will ‘raise the cost’ for Russian hackers after espionage campaign

President Joe Biden on Thursday said the days of the U.S. “rolling over in the face of Russia’s aggressive actions” in cyberspace were over as he pledged to make the U.S. government more resilient in the face of hacking. “We’re launching an urgent initiative to improve our capability, readiness and resilience in cyberspace,” Biden said in his first major foreign policy address as president. “We’ve elevated the status of cyber issues within our government,” Biden added, citing his appointment of National Security Agency veteran Anne Neuberger as deputy national security adviser for cyber and emerging technology.   Biden has made responding to a suspected Russian hacking operation against multiple U.S. government agencies a priority in the early days of his presidency. He has tasked U.S. intelligence agencies with assessing the damage from computer intrusions in which suspected Russian attackers exploited key technology providers to breach numerous Fortune 500 firms and […] The post Biden says US will ‘raise the cost’ for Russian hackers after espionage campaign appeared first on CyberScoop. (CyberScoop)

Facebook, TikTok, Twitter go after 'OGUsers' members who traffic hacked accounts

Facebook, TikTok and Twitter coordinated to banish hundreds of accounts on Thursday allegedly linked to OGUsers, a marketplace for hacked usernames that can fetch tens of thousands of dollars. Buyers use the simple, short usernames — such as @food — to obtain clout or make money. Facebook said it has cracked down on accounts affiliated with OGUsers before, but it is making its enforcement public in a bid to deter those who would harass or hack legitimate users to obtain those valuable accounts. “They harass, extort and cause harm to the Instagram community, and we will continue to do all we can to make it difficult for them to profit from Instagram usernames,” said a spokesperson for Facebook, which owns Instagram. In all, Facebook suspended around 400 accounts. Twitter said it suspended “a number” of them but didn’t elaborate upon request. TikTok did not immediately respond to a request for […] The post Facebook, TikTok, Twitter go after 'OGUsers' members who traffic hacked accounts appeared first on CyberScoop. (CyberScoop)

Meet Babuk, a ransomware attacker blamed for the Serco breach

It began with a laughable offer. Someone calling themselves “biba99” on a popular criminal forum claimed on Jan. 5 to provide “non-malicious” software to help organizations identify “security issues.” The author struggled to explain, in halting English, “why we are not … criminals” while assuring readers that the group would not hack hospitals or schools. A month later, the attacker behind what appeared to be a bumbling forum post is reportedly claiming responsibility for a ransomware attack on the multibillion-dollar outsourcing firm Serco. The ransomware gang, dubbed Babuk after the strain of code it uses, is a case study in how quickly crooks can learn the basics of digital extortion — and how that breeds ambition for big corporate scalps. It shows how even relatively unsophisticated criminals can bedevil major corporations. After claiming to only target companies that earn less than $4 million, the Babuk attacker went after Serco, Sky News […] The post Meet Babuk, a ransomware attacker blamed for the Serco breach appeared first on CyberScoop. (CyberScoop)

Geeni smart doorbells, cameras riddled with flaws, research finds

Walmart and Amazon are continuing to sell faulty smart doorbells and cameras filled with vulnerabilities that could expose customers’ sensitive information, according to research published Thursday. The vulnerabilities, found in Geeni- and Merkury-branded security cameras and smart doorbells, would allow attackers to take full control of devices and remotely disable cameras through a denial of service attack in some cases, according to the research. In others, the flaws could allow for the the disclosure of sensitive information and unauthenticated access. Some other exploits would allow attackers to gain remote access to a stream of one of the affected doorbell cameras. The flaws variously affect Merkury/Geeni doorbell models GNC-CW013, GNC-CW025 and MI-CW024 and camera models GNC-CW003, GNC-CW010, GNC-CW028 and MI-CW017, according to the research. Merkury is Geeni’s parent company. Security cameras and doorbells that connect to the internet have been plagued by flaws for years. Just last month a TechCrunch investigation […] The post Geeni smart doorbells, cameras riddled with flaws, research finds appeared first on CyberScoop. (CyberScoop)

SonicWall issues patch for firmware zero-day used to attack the company and its customers

Network security company SonicWall is offering a patch for a serious bug in one of its product lines that had attracted public warnings from cybersecurity researchers over the past week. The patch fixes a flaw that had put the Silicon Valley firm in the headlines of late. SonicWall on Jan. 22 said attackers had exploited a zero-day vulnerability in its own products to gain access to its corporate network. Then, on Jan. 31, researchers from NCC Group then said the bug was being exploited elsewhere in the wild. The bug is in SonicWall’s line of SMA 100 mobile networking gear, which is designed to add a layer of security for companies that allow employees to use their own devices to access corporate networks. SonicWall said the vulnerability allowed hackers to gain administrator-level privileges and then subsequently use a remote-code execution (RCE) on networks. The patch, posted Wednesday, applies to the […] The post SonicWall issues patch for firmware zero-day used to attack the company and its customers appeared first on CyberScoop. (CyberScoop)

Pro-China influence campaign claiming ‘hypocrisy’ of American democracy gains traction

A clumsy social media influence operation that aligns itself with Chinese government interests has started gaining traction online, according to Graphika research published Thursday. Social media activity associated with the campaign, known as Spamouflage Dragon, has typically failed to attract many eyeballs. Some recent tweets, though, have attracted attention from Chinese diplomats, prominent politicians in Venezuela and Pakistan, a senior figure at Huawei Europe and a commentator in the U.K. The campaign’s YouTube following has grown as well in recent months, according to the social media analysis firm Graphika. Spamouflage Dragon, a cross-platform social media influence campaign, has been working for years to spread pro-Chinese government propaganda online, is one of many influence operations that seizes on news of the day to peddle its narratives. While it appears to have significant resourcing, it has largely failed to gain amplification due to its overtly spammy behavior and rudimentary execution. Many of […] The post Pro-China influence campaign claiming ‘hypocrisy’ of American democracy gains traction appeared first on CyberScoop. (CyberScoop)

S3 Ep18: Apple emergency, crypto blunder and botnet takedown [Podcast]

New episode - listen now! (Naked Security)

Free coffee! Belgian researcher hacks prepaid vending machines

Only try this at home, folks! As easy as it might look, it's illegal in the wild, with good reason. (Naked Security)

Bug Bounty Failure Stories To Learn From

(News ≈ Packet Storm)

Nespresso Smart Cards Hacked To Provide Infinite Coffee After Someone Wasn't Too Perky About Security

(News ≈ Packet Storm)

Discord Servers Targeted In Cryptocurrency Exchange Scam Wave

(News ≈ Packet Storm)

Security Firm Stormshield Discloses Data Breach, Theft Of Source Code

(News ≈ Packet Storm)

Clearview Facial Recognition Technology Ruled Illegal In Canada

(News ≈ Packet Storm)

Android Devices Prone to Botnet’s DDoS Onslaught

A new DDoS botnet propagates via the Android Debug Bridge and uses Tor to hide its activity. (Threatpost)

Spotify Suffers Second Credential-Stuffing Cyberattack in 3 Months

As many as 100,000 of the music streaming service's customers could face account takeover. (Threatpost)

Critical Cisco Flaws Open VPN Routers Up to RCE Attacks

The vulnerabilities exist in Cisco's RV160, RV160W, RV260, RV260P, and RV260W VPN routers for small businesses. (Threatpost)

Microsoft Office 365 Attacks Sparked from Google Firebase

A savvy phishing campaign manages to evade native Microsoft security defenses, looking to steal O365 credentials. (Threatpost)

Clearview Facial-Recognition Technology Ruled Illegal in Canada

The company’s controversial practice of collecting and selling billions of faceprints was dealt a heavy blow by the Privacy Commissioner that could set a precedent in other legal challenges. (Threatpost)

03-02-202105-02-2021

/security-daily/ 05-02-2021 23:44:24