04-01-202106-01-2021

Security daily (05-01-2021)

Deploy an automated ChatOps solution for remediating Amazon Macie findings

The amount of data being collected, stored, and processed by Amazon Web Services (AWS) customers is growing at an exponential rate. In order to keep pace with this growth, customers are turning to scalable cloud storage services like Amazon Simple Storage Service (Amazon S3) to build data lakes at the petabyte scale. Customers are looking […] (AWS Security Blog)

US investigators say SolarWinds hack is ‘likely Russian in origin’

U.S. government agencies investigating a sophisticated espionage operation that uses tampered software made by SolarWinds said for the first time Tuesday that the hacking is “likely Russian in origin,” calling it “a serious compromise that will require a sustained and dedicated effort to remediate.” The statement from multiple federal agencies — one of the most detailed official comments yet from investigators — also indicated that the espionage operation was targeted. While the malicious software update went to some 18,000 government and private-sector customers, U.S. officials said “a much smaller number have been compromised by follow-on activity on their systems.” That includes “fewer than” 10 U.S. government agencies, said the statement from the FBI, the Cybersecurity and Infrastructure Security Agency, Office of the Director of National Intelligence and the National Security Agency. The alleged Russian hacking operation has roiled Washington, prompting investigations on Capitol Hill and federal cybersecurity officials to work over […] The post US investigators say SolarWinds hack is ‘likely Russian in origin’ appeared first on CyberScoop. (CyberScoop)

White House releases maritime cybersecurity update

The National Security Council is planning to issue a cybersecurity update to the U.S. government’s national maritime security strategy Tuesday, multiple senior administration officials tell CyberScoop. The update, which administration officials first teased last September, will prompt federal agencies to develop more streamlined cybersecurity standards for organizations in the maritime transportation system (MTS), which includes seaports, vessel owners and operators and terminal operators, according to administration strategy documents obtained by CyberScoop. The update from the White House also is aimed at promoting more information-sharing on maritime cyberthreats with the private sector, streamlining the information-sharing process and prompting the U.S. government to establish maritime cybersecurity-focused workforce programs. The NSC is releasing the National Maritime Cybersecurity Plan as part of a recognition that there are gaps in U.S. maritime security, officials said. A chief concern is that disruptions to ports and shipping could send shockwaves through the U.S. economy. More directly for […] The post White House releases maritime cybersecurity update appeared first on CyberScoop. (CyberScoop)

Chrome browser has a New Year’s resolution: HTTPS by default

If snooping and falsifying web traffic is so easy when plain old HTTP is used, why do we still have HTTP at all? (Naked Security)

Malware Uses WiFi BSSID For Victim Identification

(News ≈ Packet Storm)

SolarWinds, Top Executives Hit With Class Action Lawsuit Over Orion Software Breach

(News ≈ Packet Storm)

Criminals Are Going To Great Lengths To Steal Bitcoin

(News ≈ Packet Storm)

Data From August Breach Of Amazon Partner Juspay Dumped Online

(News ≈ Packet Storm)

Bogus CSS Injection Leads to Stolen Credit Card Details

A client recently reported their customers were receiving antivirus warnings when trying to access and purchase products from a Magento ecommerce website. This is almost always a telltale sign that something is amiss, and so I began my investigation. Malware in Database Tables As is pretty common with Magento credit card swiper investigations, my initial scans came up clean. Attackers are writing new pieces of malware like it’s going out of style, so there are very frequently new injections to track down and remove. Continue reading Bogus CSS Injection Leads to Stolen Credit Card Details at Sucuri Blog. (Sucuri Blog)

RCE ‘Bug’ Found and Disputed in Popular PHP Scripting Framework

Impacted are PHP-based websites running a vulnerable version of the web-app creation tool Zend Framework and some Laminas Project releases. (Threatpost)

Cyberattacks on Healthcare Spike 45% Since November

The relentless rise in COVID-19 cases is battering already frayed healthcare systems — and ransomware criminals are using the opportunity to strike. (Threatpost)

Telegram Triangulation Pinpoints Users’ Exact Locations

The "People Nearby" feature in the secure messaging app can be abused to unmask a user's precise location, a researcher said. (Threatpost)

Google Warns of Critical Android Remote Code Execution Bug

Google's Android security update addressed 43 bugs overall affecting Android handsets, including Samsung phones. (Threatpost)

Major Gaming Companies Hit with Ransomware Linked to APT27

Researchers say a recent attack targeting videogaming developers has 'strong links' to the infamous APT27 threat group. (Threatpost)

04-01-202106-01-2021

/security-daily/ 06-01-2021 23:44:24