05-04-202107-04-2021

Security daily (06-04-2021)

Audit companion for the AWS PCI DSS Quick Start

If you’ve supported a Payment Card Industry Data Security Standard (PCI DSS) assessment as a Qualified Security Assessor (QSA) or as a technical team facing an assessment, it’s likely that you spent a lot of time collecting and analyzing evidence against PCI DSS requirements. In this blog post, I show you how to use automation […] (AWS Security Blog)

052| Challenges in Cloud Security

Cloud computing was one of the last decade's most transformative technologies. It helped organizations launch exciting new applications and services, as well as innovate the way they operate. However, moving critical parts of IT infrastructure and operations outside of organizations' perimeters has significant security implications. The cloud is definitely here to stay, so security consultants Laura Kankaala and Nick Jones join Janne to talk about the cloud security challenges organizations are facing and will continue to face.   Links: Episode 52 transcript (Cyber Security Sauna)

EU investigating ‘IT security incident’ involving multiple agencies

Cybersecurity experts at the European Union are investigating an “IT security incident” involving multiple institutions, though “no major information breach” has been detected, EU officials said Tuesday. The scope and nature of the incident were not immediately clear, but a spokesperson for the European Commission, the EU’s executive branch, said the commission had set up a “24/7 monitoring service” in response to the incident. “The European Commission and other EU institutions, bodies or agencies have experienced an IT security incident in their IT infrastructure,” the commission spokesperson said in an email. A spokesperson for the European Parliament said the parliament and other EU bodies had “received an alert on [a] possible vulnerability in its IT infrastructure.” The parliament “took immediate measures to check and protect its servers against this vulnerability,” the spokesperson said. As a 27-country bloc that affects trade and foreign policy on the continent, EU institutions are natural […] The post EU investigating ‘IT security incident’ involving multiple agencies appeared first on CyberScoop. (CyberScoop)

Crooks are getting smarter about exploiting SAP software, study finds

Security researchers on Tuesday warned of the unrelenting interest that cybercriminals have in exploiting applications made by software giant SAP to defraud or disrupt big businesses that rely on SAP products. A months-long study by Boston-based security firm Onapsis found that malicious hackers are growing more knowledgeable of SAP software and the potential impact that compromises could have on customers. In one case, an unidentified attacker managed to chain together multiple software exploits to target an SAP “credential store,” which stores login details for an organization’s high-value SAP users. Access to the credential store could give a hacker the ability to exploit other applications that interact with those credentials. SAP has 400,000 customers worldwide, including more than half of NATO members. A big swath of the world’ largest public companies use the software to manage their business processes. A critical bug in SAP software could be a ticket for a […] The post Crooks are getting smarter about exploiting SAP software, study finds appeared first on CyberScoop. (CyberScoop)

Emerging hacking tool 'EtterSilent' mimics DocuSign, researchers find

Hackers are using a new, malleable malicious document builder to run their criminal schemes, according to Intel 471 research published Tuesday. The document builder, known as EtterSilent, has been advertised in a Russian cybercrime forum and comes in two versions, according to the research. One exploits a vulnerability in Microsoft Office, CVE-2017-8570, and one uses a malicious macro. One version of EtterSilent imitates the digital signature product DocuSign, though when targets click through to electronically sign documents, they are prompted to enable macros. This allows the attackers to target victims with malware. EtterSilent also offers another benefit for criminals looking for the latest tools to run their schemes — the malicious document builder has been crafted to conceal the activities of its operators, and has been constantly updated in recent months to avoid detection, according to Intel 471. “The widespread use of EtterSilent shows how commoditization is a big part of […] The post Emerging hacking tool 'EtterSilent' mimics DocuSign, researchers find appeared first on CyberScoop. (CyberScoop)

Too slow! Booking.com fined for not reporting data breach fast enough

It's not just the breach, it's the speed of the breach response... (Naked Security)

SAP Issues Advisory On Old Vulns Being Exploited

(News ≈ Packet Storm)

LinkedIn Spear-Phishing Campaign Targets Job Hunters

(News ≈ Packet Storm)

Fifteen Cybersecurity Pitfalls And Fixes For SMBs

(News ≈ Packet Storm)

Encryption Debate Could Have Enterprise Security Implications

(News ≈ Packet Storm)

Experts uncover a new Banking Trojan targeting Latin American users

Researchers on Tuesday revealed details of a new banking trojan targeting corporate users in Brazil at least since 2019 across various sectors such as engineering, healthcare, retail, manufacturing, finance, transportation, and government. Dubbed "Janeleiro" by Slovak cybersecurity firm ESET, the malware aims to disguise its true intent via lookalike pop-up windows that are designed to resemble (The Hacker News)

Watch Out! Mission Critical SAP Applications Are Under Active Attack

Cyber attackers are actively setting their sights on unsecured SAP applications in an attempt to steal information and sabotage critical processes, according to new research. "Observed exploitation could lead in many cases to full control of the unsecured SAP application, bypassing common security and compliance controls, and enabling attackers to steal sensitive information, perform financial (The Hacker News)

MITRE Madness: A Guide to Weathering the Upcoming Vendor Positioning Storm

April is usually a whirlwind month for the cybersecurity industry as it coincides with the release of the highly regarded and influential MITRE ATT&CK test results. The ATT&CK test measures cybersecurity platforms' abilities to detect and react to emulated, multistep attacks that can be used as a barometer of platform effectiveness.  This means that every cybersecurity vendor will be tripping (The Hacker News)

Hackers From China Target Vietnamese Military and Government

A hacking group related to a Chinese-speaking threat actor has been linked to an advanced cyberespionage campaign targeting government and military organizations in Vietnam. The attacks have been attributed with low confidence to the advanced persistent threat (APT) called Cycldek (or Goblin Panda, Hellsing, APT 27, and Conimes), which is known for using spear-phishing techniques to compromise (The Hacker News)

Hackers Targeting professionals With 'more_eggs' Malware via LinkedIn Job Offers

A new spear-phishing campaign is targeting professionals on LinkedIn with weaponized job offers in an attempt to infect targets with a sophisticated backdoor trojan called "more_eggs." To increase the odds of success, the phishing lures take advantage of malicious ZIP archive files that have the same name as that of the victims' job titles taken from their LinkedIn profiles. "For example, if the (The Hacker News)

533 Million Facebook Users' Phone Numbers and Personal Data Leaked Online

In what's likely to be a goldmine for bad actors, personal information associated with approximately 533 million Facebook users worldwide has been leaked on a popular cybercrime forum for free—which was harvested by hackers in 2019 using a Facebook vulnerability. The leaked data includes full names, Facebook IDs, mobile numbers, locations, email addresses, gender, occupation, city, country, (The Hacker News)

Critical Cloud Bug in VMWare Carbon Black Allows Takeover

CVE-2021-21982 affects a platform designed to secure private clouds, and the virtual servers and workloads that they contain. (Threatpost)

Chinese Hackers Selling Intimate Stolen Camera Footage

A massive operation offers access to hacked camera feeds in bedrooms and at hotels. (Threatpost)

SAP Bugs Under Active Cyberattack, Causing Widespread Compromise

Cyberattackers are actively exploiting known security vulnerabilities in widely deployed, mission-critical SAP applications, allowing for full takeover and the ability to infest an organization further. (Threatpost)

Conti Gang Demands $40M Ransom from Florida School District

New details of negotiation between attackers and officials from Broward County Public Schools emerge after a ransomware attack early last month. (Threatpost)

05-04-202107-04-2021

/security-daily/ 07-04-2021 23:44:22