Security daily (04-12-2020)

Enforce your AWS Network Firewall protections at scale with AWS Firewall Manager

As you look to manage network security on Amazon Web Services (AWS), there are multiple tools you can use to protect your resources and keep your data safe. Amazon Virtual Private Cloud (Amazon VPC), security groups (SGs), network access control lists (network ACLs), AWS WAF, and the recently launched AWS Network Firewall all offer points […] (AWS Security Blog)

Ransomware gang Egregor publishes details from HR firm Randstand following hack

A cybercriminal group breached the IT systems of Randstad, one of the largest head-hunting companies in the world, and published some internal corporate data in an apparent extortion attempt, the firm said Thursday. Netherlands-based Randstad pointed the finger at the criminal gang behind Egregor, a nascent type of ransomware that’s struck multiple organizations in recent weeks. The attackers gained access “to our global IT environment and to certain data, in particular related to our operations in the US, Poland, Italy and France,” Randstad said in a press release. “A limited number of servers were impacted.” Randstad, which employed more than 38,000 people last year and reported more than $28 billion in revenue, said it was still identifying what data had been accessed. Law enforcement and third-party investigators are also involved in the matter, the company said. “We believe the incident started with a phishing email that initiated malicious software to […] The post Ransomware gang Egregor publishes details from HR firm Randstand following hack appeared first on CyberScoop. (CyberScoop)

Hacker who sent information on US personnel to Islamic State is freed by judge

A foreign hacker sentenced to 20 years in U.S. prison for giving the Islamic State the personal information of about 1,300 U.S. military and government personnel has been given a compassionate release by a federal judge due to the coronavirus pandemic. Ardit Ferizi, who was arrested in 2015 at age 19 in Malaysia and later extradited to the U.S., must spend two weeks in quarantine before deportation by U.S. Immigrations and Customs Enforcement, according to the order from Judge Leonie M. Brinkema of the Eastern District of Virginia. Brinkema agreed with a request from Ferizi saying that his asthma and obesity put him at greater risk for contracting COVID-19. Ferizi will be deported to his home country of Kosovo, where he has a support network of family, the judge said. The judge expressed confidence that U.S. officials will be able to monitor his conduct online, given how quickly he was […] The post Hacker who sent information on US personnel to Islamic State is freed by judge appeared first on CyberScoop. (CyberScoop)

Locking Down Linux: Using Ubuntu as Your Primary OS, Part 3 (Application Hardening & Sandboxing)

Once you've installed Ubuntu with security in mind and reduced the possibility of network attacks on your system, you can start thinking about security on an application level. If a malicious file is opened on your system, will an attacker be able to access every file on the computer? The chances are much slimmer if you put the proper defenses in place.

In this third part of our mini-series on strengthening your primary Ubuntu installation, you'll learn how Ubuntu package repositories work, which repos you should avoid, and how to update. You'll also see how to import additional AppArmor... more (Null Byte « WonderHowTo)

CBP's Warrantless Use Of Cell Location Data Is Under Investigation

(News ≈ Packet Storm)

UK Cyber-Warning For Festive Shoppers

(News ≈ Packet Storm)

Kmart, Latest Victim Of Egregor Ransomware

(News ≈ Packet Storm)

Google Illegally Spied On And Retaliated Against Workers, Feds Say

(News ≈ Packet Storm)

Obfuscation Techniques in MARIJUANA Shell “Bypass”

Attackers are always trying to come up with new ways to evade detection from the wide range of security controls available for web applications. This also extends to malware like PHP shells, which are typically left on compromised websites as a backdoor to maintain unauthorized access.

MARIJUANA is the name of a PHP shell that we have been tracking since last year. The author has a GitHub page which promotes a claim that the shell possesses a “stealth” mode, which can be used to bypass website security services like web application firewalls (WAFs). Continue reading Obfuscation Techniques in MARIJUANA Shell “Bypass” at Sucuri Blog. (Sucuri Blog)

Making Sense of the Security Sensor Landscape

Chris Calvert of Respond Software (now part of FireEye) outlines the challenges that reduce the efficacy of network security sensors. (Threatpost)

High-Severity Chrome Bugs Allow Browser Hacks

Desktop versions of the browser received a total of eight fixes, half rated high-severity. (Threatpost)

Novel Online Shopping Malware Hides in Social-Media Buttons

The skimmer steals credit-card data, using steganography to hide in plain sight in seemingly benign images. (Threatpost)

VMware Rolls a Fix for Formerly Critical Zero-Day Bug

VMware has issued a full patch and revised the severity level of the NSA-reported vulnerability to "important." (Threatpost)

Vancouver Metro Disrupted by Egregor Ransomware

The attack, which prevented Translink users from using their metro cards or buying tickets at kiosks, is the second from the prolific threat group just this week. (Threatpost)


/security-daily/ 05-12-2020 23:44:22