03-05-202105-05-2021

Security daily (04-05-2021)

IAM makes it easier for you to manage permissions for AWS services accessing your resources

Amazon Web Services (AWS) customers are storing an unprecedented amount of data on AWS for a range of use cases, including data lakes and analytics, machine learning, and enterprise applications. Customers secure their data by implementing data security controls including identity and access management, network security, and encryption. For non-public, sensitive data, customers want to […] (AWS Security Blog)

Florida homecoming queen faces up to 16 years after alleged scheme to hack high school contest

A teenager accused of gaining unauthorized access to school computer systems in order to rig a homecoming queen contest with her mother will stand trial as an adult, and could spend 16 years in prison if convicted. Emily Grover, who turned 18 in April but who was arrested in March, when she was 17, faces four charges alongside her mother, Laura Carroll. Carroll was an assistant principal at Bellview Elementary School, while her daughter attended Tate High School. The pair allegedly schemed to cast hundreds of fraudulent votes in the homecoming contest, an election that Grover ultimately won. A Florida State Department of Law Enforcement investigation concluded that phones and computers from their Pensacola suburb household were used to access student records. “The primary reason for the decision is, she was almost 18 years of age and would age out of the juvenile system in a very short period of […] The post Florida homecoming queen faces up to 16 years after alleged scheme to hack high school contest appeared first on CyberScoop. (CyberScoop)

Twitter restricts account of Intrusion Truth, which doxxes suspected Chinese hackers

Twitter on Tuesday moved to restrict the account of a mysterious group that has published details on suspected state-sponsored hackers from China. The group, Intrusion Truth, had spent recent days hinting that it would go public with new allegations against possible hackers, teasing followers with messages like “Watch this space” and “Who’s excited? We are.” The identity of the person or group behind Intrusion Truth has remained elusive since it started publishing information in 2017, including missives about how Chinese technology companies allegedly supported espionage on Beijing’s behalf. Intrusion Truth’s Twitter account suggested it would publish new information on Wednesday about “hackers based in Chengdu,” a city in southwestern China. Twitter, though, plastered a warning on the account, saying that the account was “temporarily restricted” because “there has been some unusual activity.” Users still could access the page at press time Tuesday, though they would need to click through to […] The post Twitter restricts account of Intrusion Truth, which doxxes suspected Chinese hackers appeared first on CyberScoop. (CyberScoop)

Qualys researchers uncover 21 bugs in Exim mail servers

Researchers have found 21 unique vulnerabilities in Exim, a popular mail transfer agent, some of which would allow hackers to run full remote unauthenticated code execution against targets, the Qualys Research Team announced Tuesday. If used properly, attackers could execute commands to install programs, manipulate data, create new accounts or change settings on the mail servers, according to the research. CVE-2020-28017, one of the vulnerabilities, dates as far back as 2004, according to the findings. Qualys and Exim recommend users apply the patches immediately. The Exim Mail Transfer Agent (MTA) vulnerabilities, which Qualys is referring to collectively as 21Nails, affect all versions before Exim-4.94.1. Ten of the flaws can be executed to gain root privileges, while 11 of them can be used to exploit victim systems locally. Hackers could link several of the vulnerabilities together in an attack to run full remote unauthenticated code execution against vulnerable mail servers, Qualys […] The post Qualys researchers uncover 21 bugs in Exim mail servers appeared first on CyberScoop. (CyberScoop)

Hackers disrupt networks at San Diego medical provider, Kansas organ transplant facilitator

A pair of hacks at health care organizations revealed in recent days highlights the enduring cybercriminal threat to the sector as the U.S. makes progress in fighting the coronavirus pandemic. Scripps Health, a San Diego-based nonprofit system with five hospital campuses, on May 1 said that it had suspended access to IT applications that support its health care facilities following a “security incident.” The incident forced Scripps to reschedule some patient appointments for Saturday and Monday, but “patient care continues to be delivered safely and effectively at our facilities,” the nonprofit said in a statement on its Facebook page. (Scripps’ website was still down by press time on Tuesday morning.) Meanwhile, Midwest Transplant Network, a Kansas-based organization that connects organ donors with recipients, said it had been working to determine if patients’ personal health data had been affected by a recent breach. NPR affiliate KCUR reported that some 17,000 people […] The post Hackers disrupt networks at San Diego medical provider, Kansas organ transplant facilitator appeared first on CyberScoop. (CyberScoop)

After more than a decade, SentinelOne researchers weed out Dell vulnerabilities

Since 2009, vulnerabilities have lurked in Dell drivers that potentially affect hundreds of millions of machines, SentinelOne researchers said on Tuesday. Hackers could use the vulnerabilities to instigate a range of attacks, from ransomware to wipers that can erase hard drives, said J.A. Guerrero-Saade, principle threat researcher at the security firm. “They can basically do whatever they want,” Guerrero-Saade told CyberScoop. Dell released mitigation steps on Tuesday in advance of SentinelOne publishing its research. Those flaws sitting undiscovered for 12 years is not unheard of, despite a whole industry of security researchers dedicated to weeding out bugs that could abet cyberattacks. A 2017 study found that a quarter of zero-day vulnerabilities remain hidden for more than nine and a half years. In the case of the Dell flaws, Guerrero-Saade said their dormant nature reflects a “target-rich environment,” especially as it pertains to drivers that allow computers to communicate with hardware. […] The post After more than a decade, SentinelOne researchers weed out Dell vulnerabilities appeared first on CyberScoop. (CyberScoop)

Apple products hit by fourfecta of zero-day exploits – patch now!

Don't delay. Get these updates today. (Naked Security)

Dell Patches Vulnerable Driver For Over A Decade Of Products

(News ≈ Packet Storm)

Deepfake Attacks Are About To Surge, Experts Warn

(News ≈ Packet Storm)

4,700 Amazon Employees Had Unauthorized Access To Private Seller Data

(News ≈ Packet Storm)

Three New Malware Families Found In Global Finance Phish

(News ≈ Packet Storm)

New Pingback Malware Using ICMP Tunneling to Evade C&C Detection

Researchers on Tuesday disclosed a novel malware that uses a variety of tricks to stay under the radar and evade detection, while stealthily capable of executing arbitrary commands on infected systems. Called 'Pingback,' the Windows malware leverages Internet Control Message Protocol (ICMP) tunneling for covert bot communications, allowing the adversary to utilize ICMP packets to piggyback (The Hacker News)

How Should the Service Desk Reset Passwords?

Ask the average helpdesk technician what they do all day, and they will probably answer by saying that they reset passwords. Sure, helpdesk technicians do plenty of other things too, but in many organizations, a disproportionate number of helpdesk calls are tied to password resets. On the surface, having a helpdesk technician reset a user’s password probably doesn’t seem like a big deal. After (The Hacker News)

Critical Patch Out for Critical Pulse Secure VPN 0-Day Under Attack

Ivanti, the company behind Pulse Secure VPN appliances, has released a security patch to remediate a critical security vulnerability that was found being actively exploited in the wild by at least two different threat actors. Tracked as CVE-2021-22893 (CVSS score 10), the flaw concerns "multiple use after free" issues in Pulse Connect Secure that could allow a remote unauthenticated attacker to (The Hacker News)

Apple Releases Urgent Security Patches For Zero‑Day Bugs Under Active Attacks

Apple on Monday released security updates for iOS, macOS, and watchOS to address three zero-day flaws and expand patches for a fourth vulnerability that the company said might have been exploited in the wild. <!--adsense--> The weaknesses all concern WebKit, the browser engine which powers Safari and other third-party web browsers in iOS, allowing an adversary to execute arbitrary code on target (The Hacker News)

Researchers Uncover Iranian State-Sponsored Ransomware Operation

Iran has been linked to yet another state-sponsored ransomware operation through a contracting company based in the country, according to new analysis. "Iran's Islamic Revolutionary Guard Corps (IRGC) was operating a state-sponsored ransomware campaign through an Iranian contracting company called 'Emen Net Pasargard' (ENP)," cybersecurity firm Flashpoint said in its findings summarizing three (The Hacker News)

LuckyMouse Hackers Target Banks, Companies and Governments in 2020

An adversary known for its watering hole attacks against government entities has been linked to a slew of newly detected intrusions targeting various organizations in Central Asia and the Middle East. The malicious activity, collectively named "EmissarySoldier," has been attributed to a threat actor called LuckyMouse, and is said to have happened in 2020 with the goal of obtaining geopolitical (The Hacker News)

Global Phishing Attacks Spawn Three New Malware Strains

The never-seen malware strains have "professionally coded sophistication" and were launched by a well-resourced APT using nearly 50 domains, one hijacked. (Threatpost)

Pulse Secure VPNs Get a Fix for Critical Zero-Day Bugs

The security flaw tracked as CVE-2021-22893 is being used by at least two APTs likely linked to China, to attack U.S. defense targets among others. (Threatpost)

Apple Fixes Zero‑Day Security Bugs Under Active Attack

On Monday, Apple released a quartet of unscheduled updates for iOS, macOS, and watchOS, slapping security patches on flaws in its WebKit browser engine. (Threatpost)

Hundreds of Millions of Dell Users at Risk from Kernel-Privilege Bugs

The privilege-escalation bug remained hidden for 12 years and has been present in all Dell PCs, tablets and notebooks shipped since 2009. (Threatpost)

Sneakers, Gaming, Nvidia Cards: Retailers Can Stop Shopping Bots

Jason Kent, hacker in residence at Cequence Security, says most retailers are applying 1970s solutions to the modern (and out-of-control) shopping-bot problem, and offers alternative ideas. (Threatpost)

03-05-202105-05-2021

/security-daily/ 05-05-2021 23:44:23