06-04-202108-04-2021

Security daily (07-04-2021)

IAM Access Analyzer makes it easier to implement least privilege permissions by generating IAM policies based on access activity

In 2019, AWS Identity and Access Management (IAM) Access Analyzer was launched to help you remove unintended public and cross account access by analyzing your existing permissions. In March 2021, IAM Access Analyzer added policy validation to help you set secure and functional permissions during policy authoring. Now, IAM Access Analyzer takes that a step […] (AWS Security Blog)

What gets lost in ‘cyber Pearl Harbor'-style rhetoric

Over a year into the coronavirus pandemic, more people have become accustomed to doomsday talk. Americans following public officials’ remarks about cybersecurity, though, may have been expecting a kind of digital apocalypse for decades.  Phrases like “cyberbombs” and “cyber 9/11” have for years served as rhetorical catchphrases for national security officials trying to amplify their messaging or secure cyber-related funding from Capitol Hill. In 2012, then-Defense Secretary Leon Panetta warned the U.S. was under threat from a “cyber Pearl Harbor” that could involve foreign hackers derailing trains carrying lethal chemicals. While the use of dire language might be helpful in generating attention, some former Western intelligence officials now are wondering whether the use of fear-inducing language has had its intended effect.  In recent weeks, the U.K. issued its Integrated Defense Review, a strategic national security document which describes how the government might use nuclear weapons in the event that an adversary […] The post What gets lost in ‘cyber Pearl Harbor'-style rhetoric appeared first on CyberScoop. (CyberScoop)

Ransomware disrupted production at two manufacturing sites in Italy, investigators say

A ransomware incident earlier this year temporarily shut down production for two days at a pair of manufacturing facilities in Italy, incident responders at security firm Kaspersky said Wednesday. Kaspersky did not publicly identify the victim organization. But Vyacheslav Kopeytsev, a researcher with the firm’s ICS-CERT unit, said in an email that the victim was a multinational firm headquartered in Germany that has factories in Italy. “The servers with the databases required for production were encrypted,” he added. The hackers disguised a nascent strain of ransomware called Cring as the victim organization’s anti-virus product before encrypting the computer servers that would cause the organization the greatest damage, Kopeytsev and his colleagues said in a report. The attackers catered their hacking tools to the victim’s infrastructure, the researchers said. It is only the latest example of how ransomware incidents are increasingly affecting the operations of industrial suppliers. Of 500 manufacturing sector […] The post Ransomware disrupted production at two manufacturing sites in Italy, investigators say appeared first on CyberScoop. (CyberScoop)

Wine scams spiked during COVID-19 lockdown

Absolute monsters. Wine-themed domain registrations rose once COVID-19 lockdowns took hold, some of them malicious and used in phishing campaigns, Recorded Future and Area 1 Security said in a joint report out Wednesday. “As the interest in virtual happy hours and get-togethers increased so did the increase in wine-themed domain registrations,” the report states. Amid the COVID outbreak, alcohol has proven itself a target for hackers — but it hasn’t been clear before that scammers were trying to exploit people who were staying home and imbibing more. Alcohol delivery service Drizly, for instance, suffered a breach in July, while ransomware hit liquor and wine maker Brown-Forman around the same time. Recorded Future observed a mild jump in wine domain registrations in March of 2020, from the usual 3,000 to 4,000 per month up to nearly 5,500. April saw a bigger leap, to almost 7,200, and the numbers took off in […] The post Wine scams spiked during COVID-19 lockdown appeared first on CyberScoop. (CyberScoop)

Hackers are abusing Discord, Slack file-sharing to distribute malware

Hackers are increasingly using Slack and Discord to distribute malware to unsuspecting victims, according to Cisco Talos research published Wednesday.  Suspected cybercriminals have been uploading files to the platforms, which are then stored within the apps’ content delivery networks, resulting in a link to malicious content. Attackers then share the links outside of Slack and Discord — over email or on other chat applications, for instance — allowing hackers to share the link wherever they want. It’s the kind of workaround that could allows hackers to meet targets where they already are — on platforms they trust and need to conduct business or socialize — which could allow them to boost the success of any social engineering efforts.  Hackers have long abused people’s trust in chat applications to deliver malware to targets. Hackers previously used Discord to distribute Thanatos ransomware, according to Talos. In recent months, a hacking group that targets victims in […] The post Hackers are abusing Discord, Slack file-sharing to distribute malware appeared first on CyberScoop. (CyberScoop)

How NIST hopes network defenders will stop ransomware

Networks defenders in the U.S. and beyond are struggling to keep pace with scale and intensity of ransomware attacks, particularly as the issue has emerged as a subject of concern during the coronavirus pandemic.  Organizations ranging from the Department of Homeland Security to the Federal Bureau of Investigation have warned that government agencies of all sizes and private companies can take basic steps to avoid hacking groups. The U.S. National Institute of Standards and Technology also has published a number of updates aimed at helping cyber staffers safeguard data. The larger issue is about protecting data integrity, Bill Fisher, security engineer at NIST’s National Cybersecurity Center for Excellence (NCCoE), explained during a Q&A session with CyberScoop. There’s a range of tactics that organizations can deploy to protect their information, he said, including the use of blocking technology and stronger authentication techniques that provide dynamic risk assessments.  CyberScoop: Should security personnel trying […] The post How NIST hopes network defenders will stop ransomware appeared first on CyberScoop. (CyberScoop)

Update On PHP Code Compromise: User Database Leak Suspected

(News ≈ Packet Storm)

Apple Looking To Close Gap Between Web And App Privacy

(News ≈ Packet Storm)

New Wormable Android Malware Poses As Netflix To Hijack WhatsApp Sessions

(News ≈ Packet Storm)

San Jose Easter Church Service Hacked By Racist Hackers

(News ≈ Packet Storm)

How to Know If You Are Under DDoS Attack

Nowadays, the term DDoS probably raises the heart rate of most webmasters. Though many don’t know exactly what a DDoS attack is, they do know the effect: an extremely sluggish or shut-down website.  In this article, we’ll focus on how to know if your website is under attack and how to protect it.   Hopefully, we can help you handle DDoS attacks without having a full blown meltdown.  What is a DDoS Attack?  Continue reading How to Know If You Are Under DDoS Attack at Sucuri Blog. (Sucuri Blog)

PHP Site's User Database Was Hacked In Recent Source Code Backdoor Attack

The maintainers of the PHP programming language have issued an update regarding the security incident that came to light late last month, stating that the actors may have gotten hold of a user database containing their passwords to make unauthorized changes to the repository. "We no longer believe the git.php.net server has been compromised. However, it is possible that the master.php.net user (The Hacker News)

Android to Support Rust Programming Language to Prevent Memory Flaws

Google on Tuesday announced that its open source version of the Android operating system will add support for Rust programming language in a bid to prevent memory safety bugs. To that end, the company has been building parts of the Android Open Source Project (AOSP) with Rust for the past 18 months, with plans in the pipeline to scale this initiative to cover more aspects of the operating system (The Hacker News)

WhatsApp-based wormable Android malware spotted on the Google Play Store

Cybersecurity researchers have discovered yet another piece of wormable Android malware—but this time downloadable directly from the official Google Play Store—that's capable of propagating via WhatsApp messages. Disguised as a rogue Netflix app under the name of "FlixOnline," the malware comes with features that allow it to automatically reply to a victim's incoming WhatsApp messages with a (The Hacker News)

11 Useful Security Tips for Securing Your AWS Environment

Want to take advantage of excellent cloud services? Amazon Web Services may be the perfect solution, but don't forget about AWS security. Whether you want to use AWS for a few things or everything, you need to protect access to it. Then you can make sure your business can run smoothly. Read on to learn some important AWS security tips. Use Multi-Factor authentication When setting up your AWS (The Hacker News)

Critical Auth Bypass Bug Found in VMware Data Center Security Product

A critical vulnerability in the VMware Carbon Black Cloud Workload appliance could be exploited to bypass authentication and take control of vulnerable systems. Tracked as CVE-2021-21982, the flaw is rated 9.1 out of a maximum of 10 in the CVSS scoring system and affects all versions of the product prior to 1.0.1.  Carbon Black Cloud Workload is a data center security product from VMware that (The Hacker News)

Pre-Installed Malware Dropper Found On German Gigaset Android Phones

In what appears to be a fresh twist in Android malware, users of Gigaset mobile devices are encountering unwanted apps that are being downloaded and installed through a pre-installed system update app. "The culprit installing these malware apps is the Update app, package name com.redstone.ota.ui, which is a pre-installed system app," Malwarebytes researcher Nathan Collier said. "This app is not (The Hacker News)

Attackers Blowing Up Discord, Slack with Malware  

One Discord network search turned up 20,000 virus results, researchers found.   (Threatpost)

Crossing the Line: When Cyberattacks Become Acts of War

Saryu Nayyar, CEO at Gurucul, discusses the new Cold War and the potential for a cyberattack to prompt military action. (Threatpost)

Fake Netflix App on Google Play Spreads Malware Via WhatsApp

The wormable malware spread from Android to Android by sending messages offering free Netflix Premium for 60 days. (Threatpost)

Facebook: Stolen Data Scraped from Platform in 2019

The flaw that caused the leak of personal data of more than 533 million users over the weekend no longer exists; however, the social media giant still faces an investigation by EU regulators. (Threatpost)

06-04-202108-04-2021

/security-daily/ 08-04-2021 23:44:22