05-05-202107-05-2021

Security daily (06-05-2021)

Nine additional AWS cloud service offerings authorized by DISA

I’m excited to share that the Defense Information Systems Agency (DISA) has authorized three additional Amazon Web Services (AWS) services at Impact Level (IL) 4 and IL 5 in the AWS GovCloud (US) Regions, as well as five additional AWS services and one feature at IL 6 in the AWS Secret Region, under the Department […] (AWS Security Blog)

US spy agencies review software suppliers' ties to Russia following SolarWinds hack

U.S. intelligence agencies have begun a review of supply chain risks emanating from Russia in light of the far-reaching hacking campaign that exploited software made by SolarWinds and other vendors, a top Justice Department official said Thursday. The review will focus on any supply chain vulnerabilities stemming from Russian companies — or U.S. companies that do business in Russia, according to John Demers, the assistant attorney general for national security. “If there’s back-end software design and coding being done in a country where we know that they’ve used sophisticated cyber means to do intrusions into U.S. companies, then maybe … U.S. companies shouldn’t be doing work with those companies from Russia or other untrusted countries,” Demers said during a Justice Department-hosted cybersecurity conference. Demers said that the FBI and other intelligence agencies will pass any information obtained from the review to the Commerce Department to decide if further action to exclude […] The post US spy agencies review software suppliers' ties to Russia following SolarWinds hack appeared first on CyberScoop. (CyberScoop)

As Methbot trial gets underway, prosecutors say a former scammer will testify against alleged ringleader

Nearly three years after he was arrested in a Belgium apartment, Aleksander Zhukov was seated in a Brooklyn courtroom this week to face charges of running a complex fraud scheme that netted millions of dollars.  Zhukov, a Russian national, allegedly functioned as the ringleader of a scheme to use traditional cybercrime techniques to carry out a larger advertising fraud conspiracy, known as Methbot, that the U.S. Department of Justice says netted some $7 million between 2014 and 2016. The trial, scheduled to take place in the coming weeks in a Brooklen federal courtroom, is slated to include testimony from a range of FBI agents, cybersecurity executives and, as the prosecution said on Wednesday, a cooperating witness who worked with Zhukov to carry out the work.  The ruse involved Zhukov’s use of a fake advertising company, which he used to charge marketing firms to run ads, prosecutors said during their opening […] The post As Methbot trial gets underway, prosecutors say a former scammer will testify against alleged ringleader appeared first on CyberScoop. (CyberScoop)

Google to make multi-factor authentication its default mode

Google will soon enroll users into multi-factor authentication by default, the technology giant said on Thursday. In a blog post commemorating World Password Day, the company announced the move to make users sign in via a second step after entering a password, such as a phone app. “Today we ask people who have enrolled in two-step verification (2SV) to confirm it’s really them with a simple tap via a Google prompt on their phone whenever they sign in. Soon we’ll start automatically enrolling users in 2SV if their accounts are appropriately configured,” wrote Mark Risher, director of product management, identity and user security. “Using their mobile device to sign in gives people a safer and more secure authentication experience than passwords alone.” While multi-factor authentication isn’t entirely foolproof, and users will be allowed to opt out, Google’s embrace of automatically enrollment could be a big security boon. Microsoft said its […] The post Google to make multi-factor authentication its default mode appeared first on CyberScoop. (CyberScoop)

Russian agent accused of interfering in US elections is back meddling online, Facebook says

A man the U.S. intelligence community has assessed is an active Russian agent who interfered in U.S. elections is back stirring the pot on Facebook, the company announced Thursday. But this time, Andriy Derkach and associates appear to have been running influence operations targeted at Ukraine, not the U.S., Facebook said. The Treasury Department previously sanctioned Derkach, whom Treasury identified as being an “active Russian agent for over a decade,” for his alleged interference in U.S. elections. Facebook said it removed the Ukraine-targeted campaign, which used fake accounts and its own websites to amplify its messaging, for violating its coordinated inauthentic behavior policy last month. The campaign, which Facebook first caught onto following a tip from the FBI, focused on Ukraine politics and anti-Russia content. It’s not clear why a reputed Russian agent would circulate anti-Russia materials. The operators used multiple social media platforms and seemingly independent media websites and social […] The post Russian agent accused of interfering in US elections is back meddling online, Facebook says appeared first on CyberScoop. (CyberScoop)

DHS to hire 200 more cyber pros as Biden administration grapples with hacking threats

The Department of Homeland Security announced on Wednesday that it intends to hire 200 new cybersecurity professionals by July as the Biden administration aims to curb ransomware attacks affecting U.S. corporations, as well as foreign espionage operations. In a speech Wednesday, Homeland Security Secretary Alejandro Mayorkas said the cyber recruiting was part of “the most significant hiring initiative” that DHS has undertaken in its 18-year history. “We are going to be recruiting talent that is already developed, we’re going to be helping develop the talent that is just about to bloom and we’re going to be investing in the seeds to grow the talent of the future,” Mayorkas said at a U.S. Chamber of Commerce event. Half of the new jobs will be with DHS’s Cybersecurity and Infrastructure Security Agency and the other half will be with other DHS agencies that work on cybersecurity, the department said in a press […] The post DHS to hire 200 more cyber pros as Biden administration grapples with hacking threats appeared first on CyberScoop. (CyberScoop)

Intrusion Truth details work of suspected Chinese hackers who are under indictment in US

Intrusion Truth, a mysterious group known for exposing suspected Chinese cyber-espionage operations, on Thursday published a new investigation that traced front companies allegedly used by two Chinese men whom a U.S. grand jury indicted last year. The findings shed light on a dynamic that U.S. law enforcement officials say is increasingly common: foreign intelligence services’ use of front companies to try to conceal their hacking operations. The details also come at a time when Biden administration officials are dealing with the fallout of another suspected Chinese hacking campaign in which attackers leveraged widely used Microsoft software. The Justice Department has alleged that the two suspects, Li Xiaoyu and Dong Jiazhi, met at university before embarking on a decade of malicious cyber activity, sometimes for personal financial gain and other times on behalf of the Ministry of State Security, China’s civilian intelligence agency. In some cases, the men allegedly probed the […] The post Intrusion Truth details work of suspected Chinese hackers who are under indictment in US appeared first on CyberScoop. (CyberScoop)

S3 Ep31: Apple zero-days, Flubot scammers and PHP supply chain bug [Podcast]

Latest episode - listen now! (And please share with your friends.) (Naked Security)

Firefox for Android gets critical update to block cookie-stealing hole

This browser update is for everyone, but it's for Android users particularly. (Naked Security)

Your Own Phone Number Can Be Used To Hack You, Study Finds

(News ≈ Packet Storm)

Dogecoin Has To Be Taken Seriously Now

(News ≈ Packet Storm)

New Crypto Stealer Panda Spread Via Discord

(News ≈ Packet Storm)

JET Engine Flaws Can Crash Microsoft IIS And SQL Servers

(News ≈ Packet Storm)

Data Leak Makes Peloton's Horrible, No-Good, Really Bad Day Even Worse

(News ≈ Packet Storm)

Americans Turn To VPNs To Prevent Online Fraud And Hacking

(News ≈ Packet Storm)

Scammer Used Fake Court Order To Take Over Dark Web Drug Market Directory

(News ≈ Packet Storm)

Qualys Puts 21 Nails Into Exim Mail Server

(News ≈ Packet Storm)

CISO Challenge: Check Your Cybersecurity Skills On This New Competition Site

InfoSec leaders tend to be a specific type. Their jobs require them to think of possible threats, take actions that may not pay immediate results, plan for unknown security risks, and react quickly when emergencies arise, often before the morning's first coffee. The high-stakes position also means that CISOs need to keep their knowledge and skills sharp – you can never really know what's around (The Hacker News)

Critical Flaws Hit Cisco SD-WAN vManage and HyperFlex Software

Networking equipment major Cisco has rolled out software updates to address multiple critical vulnerabilities impacting HyperFlex HX and SD-WAN vManage Software that could allow an attacker to perform command injection attacks, execute arbitrary code, and gain access to sensitive information. In a series of advisories published on May 5, the company said there are no workarounds that remediate (The Hacker News)

New Qualcomm Chip Bug Could Let Hackers Spy On Android Devices

Cybersecurity researchers have disclosed a new security vulnerability in Qualcomm's mobile station modems (MSM) that could potentially allow an attacker to leverage the underlying Android operating system to slip malicious code into mobile phones, undetected. "If exploited, the vulnerability would have allowed an attacker to use Android OS itself as an entry point to inject malicious and (The Hacker News)

New Study Warns of Security Threats Linked to Recycled Phone Numbers

A new academic study has highlighted a number of privacy and security pitfalls associated with recycling mobile phone numbers that could be abused to stage a variety of exploits, including account takeovers, conduct phishing and spam attacks, and even prevent victims from signing up for online services. Nearly 66% of the recycled numbers that were sampled were found to be tied to previous owners (The Hacker News)

Qualcomm Chip Bug Opens Android Fans to Eavesdropping

A malicious app can exploit the issue, which could affect up to 30 percent of Android phones. (Threatpost)

Critical Cisco SD-WAN, HyperFlex Bugs Threaten Corporate Networks

The networking giant has rolled out patches for remote code-execution and command-injection security holes that could give attackers keys to the kingdom. (Threatpost)

Ryuk Ransomware Attack Sprung by Frugal Student

The student opted for “free” software packed with a keylogger that grabbed credentials later used by "Totoro" to get into a biomolecular institute.  (Threatpost)

Massive DDoS Attack Disrupts Belgium Parliament

A large-scale incident earlier this week against Belnet and other ISPs has sent a wave of internet disruption across numerous Belgian government, scientific and educational institutions. (Threatpost)

05-05-202107-05-2021

/security-daily/ 07-05-2021 23:44:24