Security daily (05-04-2021)

AWS Verified, episode 4: How Lockheed Martin embeds security

Last year Amazon Web Services (AWS) launched a new video series, AWS Verified, where we talk to global cybersecurity leaders about important issues, such as how the pandemic is impacting cloud security, how to create a culture of security, and emerging security trends. Today I’m happy to share the latest episode of AWS Verified, an […] (AWS Security Blog)

Suspected Chinese spies cover tracks in efforts to breach Vietnamese government

A previously undocumented group of Chinese-speaking spies conducted a months-long campaign to infect the computers of government agencies in Vietnam and other Asian countries, researchers from the antivirus firm Kaspersky said Monday. The findings point to how alleged Chinese hacking groups overlap —  and may collaborate — in their longstanding efforts to infiltrate the Southeast Asian governments with which China quarrels over territory. For example, the hackers’ techniques bear some similarities to that of a Chinese-speaking group called Cycldek that has been around eight years. But they’re also notably more advanced than Cycldek, leaving the Kaspersky researchers struggling to trace the specific origins of the group. The attackers executed code capable of taking full control of target computers, but they also stripped the code of digital clues that would make them easier to track. “One hypothesis we have is that one or several former Cycldek operators could have joined another […] The post Suspected Chinese spies cover tracks in efforts to breach Vietnamese government appeared first on CyberScoop. (CyberScoop)

533 million Facebook users’ personal data leaked online

Information belonging to approximately 533 million Facebook users has leaked online in recent days, according to security researcher Alon Gal, raising concerns about a spike in scams targeting vulnerable Facebook users. The data, which comes from people from over 100 countries, includes users’ phone numbers, email addresses, full names, birthdates and location, among other identifiers, according to Insider, which first reported the news. The dataset includes 32 million records for users in the U.S. The existence of the leak was first reported by Motherboard in January. Facebook users’ personal data was available for sale online then — criminals could pay a couple of dollars to a Telegram bot in order to gain access to Facebook users’ phone numbers. Now, a suspected cybercriminal has posted the data to a hacking forum, free of charge. Facebook said in a comment that the information leaked due to a vulnerability that had been fixed in […] The post 533 million Facebook users’ personal data leaked online appeared first on CyberScoop. (CyberScoop)

The Cesspool Of The Internet Is To Be Found In A Village In North Holland

(News ≈ Packet Storm)

Facebook Data For Over 500M Users Reportedly Leaks Online

(News ≈ Packet Storm)

Technology Could Make Fighting COVID Less Restrictive But Privacy Will Take A Hit

(News ≈ Packet Storm)

FBI: APTs Actively Exploiting Fortinet VPN Security Holes

(News ≈ Packet Storm)

How To Check If Your Phone Number Is In The Huge Facebook Leak

(News ≈ Packet Storm)

How the Work-From-Home Shift Impacts SaaS Security

The data is in. According to IBM Security's 2020 Cost of a Data Breach Report, there is a 50% increase in cloud usage for enterprises across all industries. The number of threats targeting cloud services, predominantly collaboration services like Office 365, has increased 630%. Moreover, 75% of respondents report that discovery and recovery time from data breaches has significantly increased due (The Hacker News)

533M Facebook Accounts Leaked Online: Check if You Are Exposed

An estimated 32 million, of the half-billion of Facebook account details posted online, were tied to US-based accounts. (Threatpost)

Spy Operations Target Vietnam with Sophisticated RAT

Researchers said the FoundCore malware represents a big step forward when it comes to evasion. (Threatpost)

LinkedIn Spear-Phishing Campaign Targets Job Hunters

Fake job offers lure professionals into downloading the more_eggs backdoor trojan. (Threatpost)

Apple Mail Zero-Click Security Vulnerability Allows Email Snooping

The researcher is offering details on CVE-2020-9922, which can be triggered just by sending a target an email with two .ZIP files attached. (Threatpost)

How To Defend the Extended Network Against Web Risks

Aamir Lakhani, cybersecurity researcher for Fortinet’s FortiGuard Labs, discusses criminals flocking to web server and browser attacks, and what to do about it. (Threatpost)

15 Cybersecurity Pitfalls and Fixes for SMBs

In this roundtable, security experts focus on smaller businesses offer real-world advice for actionable ways to shore up defenses using fewer resources. (Threatpost)


/security-daily/ 06-04-2021 23:44:22