Security daily (05-03-2021)

Suspected Iranian hackers snooping on Middle Eastern targets anew

Hackers connected to Iran are on the loose again in the Middle East, instigating an apparent espionage campaign in five countries, Trend Micro said on Friday. The company concluded with moderate confidence that the MuddyWater hacking group, whose interests tend to align with the Iranian government’s, is behind the campaign. It’s an ongoing spearphishing effort aimed at government agencies, academia and the tourism industry in Azerbaijan, Bahrain, Israel, Saudi Arabia and the United Arab Emirates, according to Trend Micro. The research confirms research from Anomali in February, and expands the range of named targets. MuddyWater has a history of going after Middle Eastern government agencies and academia along with a range of industries, and it has a reputation for persistent spy work. What’s different about this campaign, though, is that it doesn’t exhibit the usual competence MuddyWater has demonstrated, Trend Micro said. “While it possesses remote access capabilities, the attackers […] The post Suspected Iranian hackers snooping on Middle Eastern targets anew appeared first on CyberScoop. (CyberScoop)

After SolarWinds breach, White House preps executive order on software security

The White House is moving forward with an executive order to encourage software developers to build more security into their products as the investigation of a suspected Russian supply chain compromise continues, a top security official said Friday. The upcoming directive “will focus on building in standards for software, particularly software that’s used in critical areas,” Anne Neuberger, the deputy national security adviser for cyber and emerging technology, said at the SANS Institute’s ICS Security Summit. “The level of trust we have in our systems has to be directly proportional to the visibility we have. And the level of visibility has to match the consequences of the failure of those systems.” Neuberger said the directive would be one of the Biden administration’s multiple responses to the alleged Russian spying operation that has exploited software made by federal contractor SolarWinds, among other vendors, and breached nine federal agencies and 100 companies. […] The post After SolarWinds breach, White House preps executive order on software security appeared first on CyberScoop. (CyberScoop)

Victims of Microsoft Exchange Server zero-days emerge

The list of victims potentially affected by Microsoft zero-day flaws is growing by the day. The email systems of the city of Prague and the Czech Republic’s Labour Ministry have been impacted in recent days in hacking incidents, government officials said Thursday. The Czech Office for Cyber and Information Security confirmed it is responding to attacks caused by the zero-days, while Norway’s National Security Authority also warned victims were cropping up in Norway earlier this week. The steady flow of announcements of email hacking should come as no surprise after the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) warned of the “likelihood of widespread exploitation” of vulnerabilities that Microsoft revealed earlier this week. The bugs were first exploited in an apparent espionage operation run by a Chinese state-sponsored group interested in accessing email accounts and targeting victims with malware in order to establish long-term data collection capabilities, according […] The post Victims of Microsoft Exchange Server zero-days emerge appeared first on CyberScoop. (CyberScoop)

Master the Internet of Things with This Certification Bundle

These days, everything is connected. No, really — we mean everything. Your phone, your smart speaker, and even appliances like stoves and refrigerators can be connected and communicate with one another. Welcome to the Internet of Things, the start of our interconnected future. It's projected by 2027 that there will be more than 41 million internet-connected devices in use around the world.

With all of those devices communicating across the web, we're going to need people who can keep them safe. That's where you come in. Learn how the Internet of Things works, how devices communicate with one... more (Null Byte « WonderHowTo)

There Are Hidden Wi-Fi Networks All Around You — These Attacks Will Find Them

There are hidden Wi-Fi networks all around you — networks that will never show up in the list of available unlocked and password-protected hotspots that your phone or computer can see — but are they more secure than regular networks that broadcast their name to any nearby device?

The short answer is no, and that could be for any number of reasons.

Hidden networks are actually the same as regular Wi-Fi networks; only they don't broadcast their names (ESSID) in the beacon frames that regular networks send out. If the name isn't included, your phone or computer will never find it just by... more (Null Byte « WonderHowTo)

FTC Joins 38 States Taking Down Massive Charity Robocall Operation

(News ≈ Packet Storm)

Malicious Code Bombs Target Amazon, Lyft, Slack, Zillow

(News ≈ Packet Storm)

Biden Administration Labels China Top Tech Threat, Promises Proportionate Responses To Cyberattacks

(News ≈ Packet Storm)

NSA, CISA, Issue Guidance On Protective DNS Services

(News ≈ Packet Storm)

U.S. DoD Weapons Programs Lack ‘Key’ Cybersecurity Measures

The lack of cybersecurity requirements in weapons contracts from the Department of Defense opens the door for dangerous cyberattacks. (Threatpost)

WordPress Injection Anchors Widespread Malware Campaign

Website admins should patch all plugins, WordPress itself and back-end servers as soon as possible. (Threatpost)

Massive Supply-Chain Cyberattack Breaches Several Airlines

The cyberattack on SITA, a nearly ubiquitous airline service provider, has compromised frequent-flyer data across many carriers. (Threatpost)

Critics Blast Google’s Aim to Replace Browser Cookie with ‘FLoC’

EFF worries that the Google's ‘privacy-first” vision for the future may pose new privacy risks. (Threatpost)

D-Link, IoT Devices Under Attack By Tor-Based Gafgyt Variant

A new variant of the Gafgyt botnet - that's actively targeting vulnerable D-Link and Internet of Things devices - is the first variant of the malware to rely on Tor communications, researchers say. (Threatpost)


/security-daily/ 06-03-2021 23:44:24