05-07-202107-07-2021

Security daily (06-07-2021)

Build an end-to-end attribute-based access control strategy with AWS SSO and Okta

This blog post discusses the benefits of using an attribute-based access control (ABAC) strategy and also describes how to use ABAC with AWS Single Sign-On (AWS SSO) when you’re using Okta as an identity provider (IdP). Over the past two years, Amazon Web Services (AWS) has invested heavily in making ABAC available across the majority […] (AWS Security Blog)

Two cyber insurance industry initiatives grapple with rise of ransomware

Twice in the past few weeks, insurers have joined together in response to the spiraling ransomware attacks that have rocked their industry. In mid-June, seven top insurance companies formed CyberAcuView, a company to combine their data collection and analysis powers in a bid to strengthen risk mitigation in the cyber insurance industry. The chief executive officer of CyberAcuView told CyberScoop that ransomware was one of the factors that drove creation of the company. Then, last week, the American Property Casualty Insurance Association (APCIA) released its guiding principles on cyber extortion and ransomware, including its views on regulation. Both are signs of the cyber insurance world trying to wrap its arms around ransomware, a phenomenon that is leading to costlier payouts, prompting insurers to demand security improvements from policyholders and in some cases driving companies to step back from what they’re willing to cover. For instance, the annual growth rate in […] The post Two cyber insurance industry initiatives grapple with rise of ransomware appeared first on CyberScoop. (CyberScoop)

White House rebukes ransomware gang as number of apparent REvil victims remains uncertain

The White House responded to Russia-based ransomware group REvil’s most recent attack against a U.S. company with a promise to take on cybercriminals if the Kremlin will not. “As the president made clear to President Putin when they met, if the Russian government cannot or will not take action against criminal actors in Russia we will take action or reserve the right,” White House Press Secretary Jen Psaki said Tuesday when asked about a major data breach at Florida-based IT software firm Kaseya. Psaki noted that the U.S. intelligence community has not attributed the attack on Kaseya to the REvil group. However the recent hack — in which hundreds of businesses were affected, according to the company — adds to escalating tensions with Russia over its apparent willingness to tolerate ransomware gangs. Psaki said that the White House will meet with high-level Russian officials to discuss ransomware attacks next week. […] The post White House rebukes ransomware gang as number of apparent REvil victims remains uncertain appeared first on CyberScoop. (CyberScoop)

Kaseya says up to 1,500 victims affected by ransomware, as Biden directs 'full resources' to investigate

One of the largest mass ransomware attacks ever has compromised up to 1,500 businesses, according to a Tuesday update from the Florida IT company Kaseya, which the hackers used to spread their malicious software. The self-proclaimed culprit of the Friday outbreak, the Russia-based ransomware gang REvil, is seeking $70 million in cryptocurrency collectively from what it says are actually more than 1 million victims to unlock affected systems, reportedly ranging from Swedish supermarket chains to New Zealand kindergartens that were closed or knocked offline. It’s the latest of three recent huge ransomware incidents to draw White House attention, with President Joe Biden over the weekend directing “the full resources of the government to investigate this incident,” according to a statement by Deputy National Security Adviser for Cyber and Emerging Technology Anne Neuberger. Unlike the last two major incidents that affected single victims in fuel transporter Colonial Pipeline and meat supplier […] The post Kaseya says up to 1,500 victims affected by ransomware, as Biden directs 'full resources' to investigate appeared first on CyberScoop. (CyberScoop)

IoT/ICS Armageddon: Hacking Devices Like There's No Tomorrow Part 1

(News ≈ Packet Storm)

Website Of Mongolian Certificate Authority Served Backdoored Client Installer

(News ≈ Packet Storm)

Kaseya Ransomware Attack Affects 1,500 Companies

(News ≈ Packet Storm)

British Airways Data Breach Compensation Claim Settled

(News ≈ Packet Storm)

Pro-Trump Social Media Site Gettr Hacked

(News ≈ Packet Storm)

Microsoft Issues Emergency Patch for Critical Windows PrintNightmare Vulnerability

Microsoft has shipped an emergency out-of-band security update to address a critical zero-day vulnerability — known as "PrintNightmare" — that affects the Windows Print Spooler service and can permit remote threat actors to run arbitrary code and take over vulnerable systems. Tracked as CVE-2021-34527 (CVSS score: 8.8), the remote code execution flaw impacts all supported editions of Windows. (The Hacker News)

Interpol Arrests Moroccan Hacker Engaged in Nefarious Cyber Activities

Law enforcement authorities with the Interpol have apprehended a threat actor responsible for targeting thousands of unwitting victims over several years and staging malware attacks on telecom companies, major banks, and multinational corporations in France as part of a global phishing and credit card fraud scheme. The two-year investigation, dubbed Operation Lyrebird by the international, (The Hacker News)

Kaseya Rules Out Supply-Chain Attack; Says VSA 0-Day Hit Its Customers Directly

U.S. technology firm Kaseya, which is firefighting the largest ever supply-chain ransomware strike on its VSA on-premises product, ruled out the possibility that its codebase was unauthorizedly tampered with to distribute malware. While initial reports raised speculations that REvil, the ransomware gang behind the attack, might have gained access to Kaseya's backend infrastructure and abused it (The Hacker News)

Android Apps in Google Play Harvest Facebook Credentials

The apps all used an unusual tactic of loading a legitimate Facebook page as part of the data theft. (Threatpost)

Western Digital Users Face Another RCE

Say hello to one more zero-day and yet more potential remote data death for those who can’t/won’t upgrade their My Cloud storage devices. (Threatpost)

05-07-202107-07-2021

/security-daily/ 07-07-2021 23:44:22