04-10-202106-10-2021

Security daily (05-10-2021)

Enabling data classification for Amazon RDS database with Macie

Customers have been asking us about ways to use Amazon Macie data discovery on their Amazon Relational Database Service (Amazon RDS) instances. This post presents how to do so using AWS Database Migration Service (AWS DMS) to extract data from Amazon RDS, store it on Amazon Simple Storage Service (Amazon S3), and then classify the […] (AWS Security Blog)

A new bill would require ransomware victims to report payments within 48 hours

Democrats introduced legislation in the House and Senate Tuesday requiring ransomware victims who pay hackers to notify the Department of Homeland Security within 48 hours of payment. The bill would also require DHS to release a report publicly disclosing information about payments from the prior year. The report would not include identifying information about victims. The legislation, which was introduced in the Senate by Elizabeth Warren, D-Mass, also directs DHS to study the role cryptocurrency plays in ransomware attacks and produce recommendations for improving cybersecurity. “The U.S. cannot continue to fight ransomware attacks with one hand tied behind our back,” said Rep. Deborah Ross, D-N.C., who introduced the legislation in the House. “The data that this legislation provides will ensure both the federal government and private sector are equipped to combat the threats that cybercriminals pose to our nation.” The bill is the most recent in a collection of cybersecurity […] The post A new bill would require ransomware victims to report payments within 48 hours appeared first on CyberScoop. (CyberScoop)

Suspected Chinese hackers masqueraded as Indian government to send COVID-19 phishing emails

An increasingly active Chinese government-linked hacking group impersonated Indian government agencies with phishing lures related to COVID-19 statistics and tax legislation, researchers say. It was the continuation of a campaign that dates to the earliest days of the pandemic, BlackBerry said in a blog post Tuesday. The company tied together several threads of operations by APT41, a joint cyber-espionage and cybercrime organization that investigators have repeatedly tied to Beijing and that BlackBerry said was responsible for the India-themed phishing lures. The permutation targeting India preyed on the same fears that hacking groups began seizing on in after the coronavirus outbreak. BlackBerry on Monday didn’t answer questions about the timeframe in which APT41 sent the India-themed lures, what its possible motives were and what industries the emails targeted. “The image we uncovered was that of a state-sponsored campaign that plays on people’s hopes for a swift end to the pandemic as […] The post Suspected Chinese hackers masqueraded as Indian government to send COVID-19 phishing emails appeared first on CyberScoop. (CyberScoop)

Facebook blames networking issues, not a cyberattack, for long downtime

Facebook, Instagram and WhatsApp largely returned to the internet late Monday following a six hour-long outage that outsiders suggested, without evidence, was the result of a cyberattack. In an Oct. 4 statement, the company apologized for the long downtime, blaming the matter on networking issues. Configuration changes “on the backbone routers that coordinate network traffic between our data centers” interrupted communication, Facebook said, causing a “cascading effect” that disrupted the flow of communication. The same issue also halted Facebook’s internal systems, further delaying the recovery process. Independent security experts suggested from the beginning that the company’s Domain Name System, the technological protocol by which connected devices locate one another on the internet, was somehow to blame. “We want to make clear at this time we believe the root cause of this outage was a faulty configuration change,” Santosh Janarhan, vice president of Facebook Infrastructure, said in a statement. “We also […] The post Facebook blames networking issues, not a cyberattack, for long downtime appeared first on CyberScoop. (CyberScoop)

Rep. Katko introduces bill that would prioritize security for key US critical infrastructure

The top Republican on the House Homeland Security Committee introduced legislation Tuesday directing the Homeland Security Department’s cyber wing to identify U.S. digital infrastructure that, if attacked, would severely debilitate national security, economic security or public safety. Under the legislation from Rep. John Katko, R-N.Y., DHS’ Cybersecurity and Infrastructure Security Agency would designate the nation’s “systemically important critical infrastructure” (or “SICI”). The legislation also would make it a priority for CISA to lend its protective services, such as continuous monitoring and detection of cybersecurity risks, to the identified owners and operators. It’s an attempt, Katko said, identify which of the 16 sectors currently labeled as critical infrastructure are truly essential. “To mitigate risks to our economic and national security going forward, we need a clear process for identifying which infrastructure constitutes systemically important critical infrastructure,” Katko said in announcing the legislation. “Disruption to this infrastructure — ranging from pipelines to […] The post Rep. Katko introduces bill that would prioritize security for key US critical infrastructure appeared first on CyberScoop. (CyberScoop)

Europol announces two more ransomware busts in Ukraine

"Two in custody," as they say. Cars, cash and cryptocoins nabbed as well. (Naked Security)

Apache Fixes Actively Exploited Zero-Day Vulnerability, Patch Now

(News ≈ Packet Storm)

Senate Committee Drops New FISMA Reform Bill

(News ≈ Packet Storm)

Telegraph Newspaper Bares 10TB Of Subscriber Data And Server Logs To World+Dog

(News ≈ Packet Storm)

New Python Ransomware Targets VMs, ESXi Hypervisors

(News ≈ Packet Storm)

Atom Silo Ransomware Targets Confluence Servers

(News ≈ Packet Storm)

Researchers Discover UEFI Bootkit Targeting Windows Computers Since 2012

Cybersecurity researchers on Tuesday revealed details of a previously undocumented UEFI (Unified Extensible Firmware Interface) bootkit that has been put to use by threat actors to backdoor Windows systems as early as 2012 by modifying a legitimate Windows Boot Manager binary to achieve persistence, once again demonstrating how technology meant to secure the environment prior to loading the (The Hacker News)

Apache Warns of Zero-Day Exploit in the Wild — Patch Your Web Servers Now!

Apache has issued patches to address two security vulnerabilities, including a path traversal and file disclosure flaw in its HTTP server that it said is being actively exploited in the wild. "A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the expected document root," the open-source (The Hacker News)

New Study Links Seemingly Disparate Malware Attacks to Chinese Hackers

Chinese cyber espionage group APT41 has been linked to seemingly disparate malware campaigns, according to fresh research that has mapped together additional parts of the group's network infrastructure to hit upon a state-sponsored campaign that takes advantage of COVID-themed phishing lures to target victims in India.  "The image we uncovered was that of a state-sponsored campaign that plays on (The Hacker News)

Ransomware Hackers Who Attacked Over 100 Companies Arrested in Ukraine

Law enforcement agencies have announced the arrest of two "prolific ransomware operators" in Ukraine who allegedly conducted a string of targeted attacks against large industrial entities in Europe and North America since at least April 2020, marking the latest step in combating ransomware incidents. The joint exercise was undertaken on September 28 by officials from the French National (The Hacker News)

Poorly Configured Apache Airflow Instances Leak Credentials for Popular Services

Cybersecurity researchers on Monday discovered misconfigurations across older versions of Apache Airflow instances belonging to a number of high-profile companies across various sectors, resulting in the exposure of sensitive credentials for popular platforms and services such as Amazon Web Services (AWS), Binance, Google Cloud Platform (GCP), PayPal, Slack, and Stripe. "These unsecured (The Hacker News)

Incentivizing Developers is the Key to Better Security Practices

Professional developers want to embrace DevSecOps and write secure code, but their organizations need to support this seachange if they want that effort to grow. The cyber threat landscape is becoming more complex by the day. Attackers are constantly scanning networks for vulnerable applications, programs, cloud instances, and the latest flavor of the month is APIs, widely considered an easy win (The Hacker News)

IP Surveillance Bugs in Axis Gear Allow RCE, Data Theft

Three security vulnerabilities in Axis video products could open up the door to a bevy of different cyberattacks on businesses. (Threatpost)

Apache Web Server Zero-Day Exposes Sensitive Data

The open-source project has rolled out a security fix for CVE-2021-41773, for which public cyberattack exploit code is circulating. (Threatpost)

How to Build an Incident-Response Plan, Before Security Disaster Strikes

Joseph Carson, Chief Security Scientist at ThycoticCentrify, offers a 7-step practical IR checklist for ensuring a swift recovery from a cyberattack. (Threatpost)

Facebook Blames Outage on Faulty Router Configuration

One easily disproved conspiracy theory linked the ~six-hour outage to a supposed data breach tied to a Sept. 22 hacker forum ad for 1.5B Facebook user records. (Threatpost)

Oops! Compound DeFi Platform Gives Out $90M, Would Like it Back, Please

The Compound cryptocurrency exchange accidentally botched a platform upgrade and distributed millions in free COMP tokens to users - then threatened to dox the recipients. (Threatpost)

04-10-202106-10-2021

/security-daily/ 06-10-2021 23:44:22