Security daily (07-05-2020)

AWS Foundational Security Best Practices standard now available in Security Hub

AWS Security Hub offers a new security standard, AWS Foundational Security Best Practices This week AWS Security Hub launched a new security standard called AWS Foundational Security Best Practices. This standard implements security controls that detect when your AWS accounts and deployed resources do not align with the security best practices defined by AWS security […] (AWS Security Blog)

When hacker code collides: A discovered malware sample uses tools from the NSA and a Chinese group

Good hackers steal, great hackers borrow. According to new research from ESET, a code obfuscation tool that’s been linked to Chinese-based hackers has been used in tandem with an implant that has been attributed to Equation Group, a hacking faction that is broadly believed to have ties to the National Security Agency. ESET says the obfuscation tool is linked with Winnti Group, while the implant, known as PeddleCheap, appeared in an April 2017 leak from the mysterious group known as the Shadow Brokers. It’s unclear if the sample was used in a malicious campaign or if it’s the product of a security researcher experimenting with different tools, according to Marc-Étienne Léveillé, a malware researcher at ESET. It was uploaded to malware-sharing repository VirusTotal in 2017, according to Léveillé. The Winnti-linked packer was used in a series of intrusions at gaming organizations in 2018, which ESET has previously documented. ESET published its findings […] The post When hacker code collides: A discovered malware sample uses tools from the NSA and a Chinese group appeared first on CyberScoop. (CyberScoop)

Chinese spies hop from one hacked government network to another in Asia Pacific, researchers say

Nearly five years ago, researchers unmasked a Chinese hacking group, pinpointing the unit of the People’s Liberation Army that was allegedly sponsoring it. The so-called Naikon group was key to China’s spying efforts in the South China Sea, targeting government agencies from the Philippines to Vietnam, said the report from companies ThreatConnect and Defense Group Inc. Since then, there has been relatively little public documentation of Naikon as other China-linked groups — including one targeted by a U.S. Department of Justice indictment — have taken the limelight. But on Thursday, analysts with Israeli cybersecurity company Check Point said that Naikon has been far from idle in recent months, trying to hack familiar government organizations in Australia, Indonesia, the Philippines, Vietnam, and other Southeast Asian countries. The espionage campaign, which has also hit state-owned companies in the region, accelerated in the last half of 2019 and into the first quarter of 2020. Naikon has looked […] The post Chinese spies hop from one hacked government network to another in Asia Pacific, researchers say appeared first on CyberScoop. (CyberScoop)

Zoom acquires Keybase to beef up encryption, ease security questions

It looks like Zoom is putting some money behind its plans to quickly upgrade its security measures. The San Jose-based company behind the now-popular videoconferencing software announced Thursday it has acquired Keybase, known for its secure messaging and file-sharing services. The plan, Zoom says, is to integrate Keybase’s personnel to build end-to-end encryption throughout the service. Terms of the deal were not disclosed. “Our goal is to provide the most privacy possible for every user case, while also balancing the needs of our users and our commitment to preventing harmful behavior on our platform,” Zoom said in a statement. “Keybase’s experienced team will be a key part of this mission.” The deal comes after Zoom chief executive Eric Yuan said the company had failed to prioritize data protection during a period when its number of daily users skyrocketed to 200 million, up from roughly 10 million users prior to the coronavirus […] The post Zoom acquires Keybase to beef up encryption, ease security questions appeared first on CyberScoop. (CyberScoop)

Over 300 websites taken down in just two weeks as UK public report suspicious emails

The National Cyber Security Centre (NCSC), which tasks itself with “helping to make the UK the safest place to live and do business online,” is making impressive inroads against scam websites. (Graham Cluley)

For six years Samsung smartphone users have been at risk from critical security bug. Patch now

Samsung has released a security update for its popular Android smartphones which includes a critical fix for a vulnerability that affects all devices sold by the manufacturer since 2014. Read more in my article on the Tripwire State of Security blog. (Graham Cluley)

Smashing Security #177: Elon Musk, Roblox, and Love Bug author found

What can X Æ A-12 Musk teach us about passwords? How did our guest finally hunt down in Manila the author of one of history’s biggest virus outbreaks? And what on earth is a hacker doing breaching Roblox security? All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by technology journalist Geoff White. (Graham Cluley)

Vcrypt ransomware brings along a buddy to do the encryption

Here's a ransomware story with a difference. Some of your files can be recovered without paying, while others get wiped out forever. (Naked Security)

S2 Ep38: Crashing iPhones, ransomware tales and human chatbots – Naked Security Podcast

Get the latest cybersecurity news, opinion and advice. (Naked Security)

Fake news Facebook accounts used coronavirus to attract followers

In April, the company yanked 1,887 misleading accounts, pages and groups tied to eight influencer networks building fake engagement.

(Naked Security)

Police nab InfinityBlack hackers

Five alleged members of hacking group InfinityBlack got some unexpected visitors last week when Polish law enforcement arrested them. (Naked Security)

Scam Coronavirus Sites Selling Fake Cures Taken Down

(News ≈ Packet Storm)

GitHub Blasts Code-Scanning Tool Into All Open-Source Projects

(News ≈ Packet Storm)

900,000 WordPress Sites Attacked Via XSS Vulnerabilities

(News ≈ Packet Storm)

Major European Private Hospital Operator Struck By Ransomware

(News ≈ Packet Storm)

New Drupal Website Security Best Practices Guide

When it comes to content management systems (CMS) for websites, Drupal is a highly flexible and extendible open-source solution. It is often preferred by technical developers and large government and educational websites. Because of this, the Drupal community is strongly committed to keeping the software secure. But no software can be completely immune from vulnerabilities and attacks. Drupal is no exception, coming in as the third most-infected CMS in Sucuri’s 2019 Website Threat Research Report. Continue reading New Drupal Website Security Best Practices Guide at Sucuri Blog. (Sucuri Blog)

This Asia-Pacific Cyber Espionage Campaign Went Undetected for 5 Years

An advanced group of Chinese hackers has recently been spotted to be behind a sustained cyber espionage campaign targeting government entities in Australia, Indonesia, Philippines, Vietnam, Thailand, Myanmar, and Brunei—which went undetected for at least five years and is still an ongoing threat.

The group, named 'Naikon APT,' once known as one of the most active APTs in Asia until 2015, (The Hacker News)

Blue Mockingbird Monero-Mining Campaign Exploits Web Apps

The cybercriminals are using a deserialization vulnerability, CVE-2019-18935, to achieve remote code execution before moving laterally through the enterprise. (Threatpost)

Cisco Fixes High-Severity Flaws In Firepower Security Software, ASA

Cisco has fixed 12 high-severity flaws in its Adaptive Security Appliance software and Firepower Threat Defense software. (Threatpost)

Zoom Beefs Up End-to-End Encryption to Thwart ‘Zoombombers’

As the company continues to battle security woes, it has acquired Keybase to boost security and privacy. A full cryptographic draft architecture will be available on May 22. (Threatpost)

Hackers Dumpster Dive for Taxpayer Data in COVID-19 Relief Money Scams

Threat actors are buying and selling taxpayer data on hacker forums as well as using phishing and other campaigns to steal various U.S. government payouts. (Threatpost)

Naikon APT Hid Five-Year Espionage Attack Under Radar

The Chinese APT has been discovered behind a five-year espionage campaign that compromises government servers - and uses that as leverage for other attacks. (Threatpost)


/security-daily/ 08-05-2020 23:44:23