03-03-202105-03-2021

Security daily (04-03-2021)

How to replicate secrets in AWS Secrets Manager to multiple Regions

On March 3, 2021, we launched a new feature for AWS Secrets Manager that makes it possible for you to replicate secrets across multiple AWS Regions. You can give your multi-Region applications access to replicated secrets in the required Regions and rely on Secrets Manager to keep the replicas in sync with the primary secret. […] (AWS Security Blog)

Using TikTok? Check out these six security tips

Practical advice on how to maximize your security and privacy on TikTok. (Naked Security)

S3 Ep22: Cryptographic escapes and social media scams [Podcast]

Lastest episode - listen now. (And tell your friends!) (Naked Security)

Another Chrome zero-day exploit – so get that update done!

It's déjà vu all over again! New month, new Chrome zero-day bug being exploited in the wild. (Naked Security)

Accellion Zero Day Claims A New Victim In Qualys

(News ≈ Packet Storm)

Microsoft Exchange Zero-Day Attackers Spy On U.S. Targets

(News ≈ Packet Storm)

Researcher Finds 5 Privilege Escalation Vulns In Linux Kernel

(News ≈ Packet Storm)

Maza Russian Cybercriminal Forum Suffers Data Breach

(News ≈ Packet Storm)

Trojan Spyware and BEC Attacks

When it comes to an organization’s security, business email compromise (BEC) attacks are a big problem. One primary reason impacts are so significant is that attacks often use a human victim to authorize a fraudulent transaction to bypass existing security controls that would normally be used to prevent fraud. Another reason is that social engineering lures may be expertly crafted by the attacker after they have been monitoring a victim’s activity for some time, resulting in more effective phishing campaigns with serious security implications. Continue reading Trojan Spyware and BEC Attacks at Sucuri Blog. (Sucuri Blog)

Microsoft, FireEye Unmask More Malware Linked to SolarWinds Attackers

Researchers with Microsoft and FireEye found three new malware families, which they said are used by the threat group behind the SolarWinds attack. (Threatpost)

Cyberattackers Target Top Russian Cybercrime Forums

Elite Russian forums for cybercriminals have been hacked in a string of breaches, leaving hackers edgy and worried about law enforcement.   (Threatpost)

National Surveillance Camera Rollout Roils Privacy Activists

TALON, a network of smart, connected security cameras developed by the Atlanta-based startup and installed by law enforcement around the country, raises surveillance-related privacy concerns. (Threatpost)

CISA Orders Federal Agencies to Patch Exchange Servers

Espionage attacks exploiting the just-patched remote code-execution security bugs in Microsoft Exchange servers are quickly spreading. (Threatpost)

COVID-19 Vaccine Spear-Phishing Attacks Jump 26 Percent

Cybercriminals are using the COVID-19 vaccine to steal Microsoft credentials, infect systems with malware and bilk victims out of hundreds of dollars. (Threatpost)

03-03-202105-03-2021

/security-daily/ 05-03-2021 23:44:24