05-10-202107-10-2021

Security daily (06-10-2021)

Spies used Android malware to try collecting intelligence from a Togolese activist, Amnesty says

A threat group known for using Android-based malware to target victims in Southeast Asia has been detected in Africa for the first time, according to Amnesty International research released Wednesday. Attackers tried to trick a Togolese activist into installing Android spyware via a series of WhatsApp messages and emails. The spyware would have allowed attackers to access a wealth of information including files stored on the device, WhatsApp messages as well as access to the phone’s camera and microphone. Spies targeted the human rights advocate, who Amnesty refused to name as a security precaution, between December 2019 and January 2020 during the lead-up to the country’s presidential election. Human rights experts and opposition leaders accused incumbent president Faure Gnassingbé of using police force to silence and brutalize protestors, disrupting election results. Groups including Amnesty International and the United Nations have called for a moratorium on the sale of surveillance technology, […] The post Spies used Android malware to try collecting intelligence from a Togolese activist, Amnesty says appeared first on CyberScoop. (CyberScoop)

US to increase scrutiny on cryptocurrency, federal contractors in effort to slow hacking

U.S. officials unveiled a suite of cybersecurity initiatives Wednesday, from cracking down on illicit cryptocurrency usages to increasing transparency about data breaches, as part of an ongoing White House effort to slow rampant cybercrime. The Justice Department signaled it will increase its focus on illicit use of virtual money, which is frequently used in ransomware attacks, and move to punish federal contractors that hide security incidents. In a separate plan, the Transportation Security Administration this year will require top air and rail transportation companies to report cyberattacks to the government, name an internal cyber chief capable of corresponding about cyber incidents and develop a plan for recovering from attacks. Deputy Attorney General Lisa Monaco unveiled two initiatives: a national cryptocurrency enforcement team and a civil cyber fraud initiative. Ransomware and cryptocurrency are “inexorably linked” because of the anonymity that cryptocurrency payments help afford, Monaco said at the Aspen Cyber Summit. […] The post US to increase scrutiny on cryptocurrency, federal contractors in effort to slow hacking appeared first on CyberScoop. (CyberScoop)

Stolen Twitch source code, creator payment data revealed in apparent data leak

Source code underpinning the live streaming service Twitch has reportedly leaked, exposing information about some company plans and payment data from popular accounts on the service. Twitch, a subsidiary of Amazon, is a popular service that broadcasts esports, live music and other events to audiences that have numbered millions at a time. An anonymous user of the message board 4chan — home to hackers and trolls alike — posted a 125-gigabyte torrent file that they allege includes all of Twitch’s code, including information about internal security tools, three years of payment history to Twitch “creators” and data related to proprietary software. The poster hinted that more details would be forthcoming, with the stated goal of “foster[ing] more user disruption and competition in the online video streaming space,” as the Video Game Chronicle first reported on Wednesday. In a statement, Twitch confirmed a breach had occurred. “Our teams are working with […] The post Stolen Twitch source code, creator payment data revealed in apparent data leak appeared first on CyberScoop. (CyberScoop)

Apache web server zero-day bug is easy to exploit – patch now!

Some of us have Apache as our primary web server. But lots of us may have Apache without knowing it, as part of another product. (Naked Security)

Ransomware Law Requires Quick Payment Disclosure

(News ≈ Packet Storm)

Major SMS Routing Carrier Was Hacked For Five Years

(News ≈ Packet Storm)

Twitch Source Code Leaked Online Along With Streamer Payout Data

(News ≈ Packet Storm)

Tools To Explore BGP Routes

(News ≈ Packet Storm)

5 Tips for Long-Term Remote Workers

  If you’ve just started remote working, are remote-curious, or are transitioning into a permanently remote position, these tips can help you find success working from home. If you are a remote-work veteran, you might learn a thing or two as well. Why This Trend will Outlive the Pandemic Because of the COVID-19 pandemic, many companies have found themselves in the middle of an involuntary experiment with remote work. What was not expected were the results.  Continue reading 5 Tips for Long-Term Remote Workers at Sucuri Blog. (Sucuri Blog)

Cyber Security WEBINAR — How to Ace Your InfoSec Board Deck

Communication is a vital skill for any leader at an organization, regardless of seniority. For security leaders, this goes double. Communicating clearly works on multiple levels. On the one hand, security leaders and CISOs must be able to communicate strategies clearly – instructions, incident response plans, and security policies. On the other, they must be able to communicate the importance of (The Hacker News)

Iranian Hackers Abuse Dropbox in Cyberattacks Against Aerospace and Telecom Firms

Details have emerged about a new cyber espionage campaign directed against the aerospace and telecommunications industries, primarily in the Middle East, with the goal of stealing sensitive information about critical assets, organizations' infrastructure, and technology while remaining in the dark and successfully evading security solutions. Boston-based cybersecurity company Cybereason dubbed (The Hacker News)

Google to turn on 2-factor authentication by default for 150 million users

Google has announced plans to automatically enroll about 150 million users into its two-factor authentication scheme by the end of the year as part of its ongoing efforts to prevent unauthorized access to accounts and improve security. In addition, the internet giant said it also intends to require 2 million YouTube creators to switch on the setting, which it calls two-step verification (2SV), (The Hacker News)

Multiple Critical Flaws Discovered in Honeywell Experion PKS and ACE Controllers

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday released an advisory regarding multiple security vulnerabilities affecting all versions of Honeywell Experion Process Knowledge System C200, C200E, C300, and ACE controllers that could be exploited to achieve remote code execution and denial-of-service (DoS) conditions. "A Control Component Library (CCL) may be modified (The Hacker News)

Apache Warns of Zero-Day Exploit in the Wild — Patch Your Web Servers Now!

Apache has issued patches to address two security vulnerabilities, including a path traversal and file disclosure flaw in its HTTP server that it said is being actively exploited in the wild. "A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the expected document root," the open-source (The Hacker News)

Canopy Parental Control App Wide Open to Unpatched XSS Bugs

The possible cyberattacks include disabling monitoring, location-tracking of children and malicious redirects of parent-console users. (Threatpost)

VMware ESXi Servers Encrypted by Lightning-Fast Python Script

The little snippet of Python code strikes fast and nasty, taking less than three hours to complete a ransomware attack from initial breach to encryption. (Threatpost)

ESPecter Bootkit Malware Haunts Victims with Persistent Espionage

The rare UEFI bootkit drops a fully featured backdoor on PCs and gains the ultimate persistence by modifying the Windows Boot Manager. (Threatpost)

Twitch Gets Gutted: All Source Code Leaked

An anonymous user posted a link to a 125GB torrent to 4chan yesterday, containing all of Twitch's source code, comments going back to its inception and more. (Threatpost)

05-10-202107-10-2021

/security-daily/ 07-10-2021 23:44:23