06-07-202008-07-2020

Security daily (07-07-2020)

New PCI DSS on AWS Compliance Guide provides essential information for implementing compliant applications

Our mission in AWS Security Assurance Services is to ease Payment Card Industry Data Security Standard (PCI DSS) compliance for all Amazon Web Services (AWS) customers. We work closely with the AWS audit team to answer customer questions about understanding their compliance, finding and implementing solutions, and optimizing their controls and assessments. The most frequent […] (AWS Security Blog)

Feds indict 'fxmsp' in connection with million-dollar hacking operation

The U.S. Department of Justice has charged a man with hacking-related crimes as part of an investigation into a group of foreign scammers accused of targeting more than 300 organizations throughout the world. Prosecutors in the Western District of Washington charged Andrey Turchin, who resides in Kazakhstan, with five felony counts in connection with a year-long fraud effort. Last known to be in Kazakhstan, Turchin allegedly sold remote access hacking tools on cybercriminal forums, typically charging tens of thousands of dollars for access to data that would cost victims tens of millions of dollars. Turchin went by a series of aliases, including “fxmsp,” according to the Justice Department. He was initially charged in December 2018, though the indictment was kept under seal until Tuesday, one month after security vendor Group-IB released its own research documenting the work of a hacker known by the “fxmsp” alias. “U.S. authorities have reason to […] The post Feds indict 'fxmsp' in connection with million-dollar hacking operation appeared first on CyberScoop. (CyberScoop)

New round of bugs found in Citrix software, but this time a patch is ready

Six months ago, a critical vulnerability found in software made by Citrix set off an uncomfortable few weeks for the virtual private networking vendor and the Fortune 500 companies that rely on its products. It took Citrix a month to release a software fix, well after researchers were warning that malicious hackers were actively exploiting the vulnerability. Even with a fix available, Chinese spies conducted a sweeping operation that took advantage of the software flaw in critical infrastructure sectors. On Tuesday, Citrix revealed 11 new vulnerabilities in those same cloud-based and remote access products. This time, the Florida-based VPN service provider is hoping to head off attacks by having patches available immediately. The vulnerabilities, under certain conditions, could allow an attacker to inject malicious code into a network running Citrix software, or conduct a denial-of service attack on virtual servers. Citrix urged customers to install the fixes. There haven’t been […] The post New round of bugs found in Citrix software, but this time a patch is ready appeared first on CyberScoop. (CyberScoop)

German police seize DDoSecrets server distributing 'BlueLeaks' files

German law enforcement officials have seized a server belonging to an anti-secrecy organization that recently published a trove of data stolen from U.S. police agencies, the group’s co-founder says. Emma Best, who helps lead the Distributed Denial of Secrets group, said in a tweet Tuesday that prosecutors in the municipality of Zwickau have taken the group’s “primary public download server.” In an advisory that Best tweeted, police said the server was seized by the department of public prosecution. “Please understand that we are not allowed to provide any further information regarding this case,” the note states. The move comes weeks after DDoSecrets published the BlueLeaks files, a 269 GB collection of materials taken from U.S. law enforcement bodies, including police training materials, safety guides and instructions on how to contain demonstrations. DDoSecrets published BlueLeaks amid ongoing U.S. protests following the police killing of George Floyd and other unarmed Black Americans. […] The post German police seize DDoSecrets server distributing 'BlueLeaks' files appeared first on CyberScoop. (CyberScoop)

Magecart-related group hits 570 websites, taking 184,000 card numbers

Hackers who targeted 570 e-commerce sites to steal customer financial information compromised more than 180,000 payment cards as part of a covert fraud effort, according to new research analysis. The group, known as “Keeper,” inserted malicious computer code onto the sites, typically by exploiting weaknesses in technology provided by the sites’ third-party software suppliers. The attack technique, broadly known as Magecart, has struck many thousands of merchants in recent years, ranging from British Airways and NurtiBullet to smaller stores. Gemini Advisory, a threat intelligence startup that investigates fraud and cybercriminal activity, announced the latest campaign in a report published Tuesday. Since April 2017, the Keeper group has aimed to infect 570 websites based in 55 countries, most often in the U.S., U.K. and the Netherlands. Researchers found an unsecured access log belonging to the Keeper group containing 184,000 compromised payment cards from between July 2018 until April 2019, a stash […] The post Magecart-related group hits 570 websites, taking 184,000 card numbers appeared first on CyberScoop. (CyberScoop)

Researchers tie email fraud campaign aimed at Fortune 500 firms to Russian scammers

An emerging group of scammers masquerading as legitimate business executives is behind more than 200 email-based attacks that aim to swindle hundreds of thousands of dollars from companies, according to new findings. Dubbed “Cosmic Lynx” in research published Tuesday by the email security firm Agari, the group has targeted individuals in 46 countries since July 2019, often victimizing senior leaders in Fortune 500 or Global 2000 firms. It’s the latest in a long line of business email compromise (BEC) gangs, which impersonate trusted associates to request wire transfers or other payments. Unlike alleged operators often identified in U.S. indictments, the Cosmic Lynx group is likely made up of attackers based in Russia, researchers said, in what Agari described as the first-ever Russian crime ring of this kind. More often, prosecutions of accused BEC scammers are against suspects with roots in Nigeria. American victims reported $1.7 billion in BEC-related losses to the FBI last […] The post Researchers tie email fraud campaign aimed at Fortune 500 firms to Russian scammers appeared first on CyberScoop. (CyberScoop)

Password security is critical in a remote work environment – see where businesses are putting themselves at risk

Graham Cluley Security News is sponsored this week by the folks at LastPass. Thanks to the great team there for their support! LastPass has analyzed over 47,000 businesses to bring you insights into security behavior worldwide. The takeaway is clear: Many businesses are making significant strides in some areas of password and access security – […] (Graham Cluley)

Company web names hijacked via outdated cloud DNS records

Why hack into a server when you can just send vistors to a fake alternative instead? (Naked Security)

Flashy Nigerian Instagram star extradited to US to face BEC charges

It's a short jump from a Rolls Royce ride to extradition from the UAE. Goodbye, Dubai, goodbye, Palazzo Versace, hello, Chicago jail cell. (Naked Security)

In Hong Kong National Security Law, Echoes Of China's Own Cyber Crackdown

(News ≈ Packet Storm)

Keeper Hacking Group Behind Hacks At 570 Online Stores

(News ≈ Packet Storm)

Citrix Bugs Allow Unauthenticated Code Injection, Data Theft

(News ≈ Packet Storm)

Hidden Cobra Built Global Exfil Network For MageCart Scheme

(News ≈ Packet Storm)

Microsoft Launches Free Linux Forensics and Rootkit Malware Detection Service

Microsoft has announced a new free-to-use initiative aimed at uncovering forensic evidence of sabotage on Linux systems, including rootkits and intrusive malware that may otherwise go undetected.

The cloud offering, dubbed Project Freta, is a snapshot-based memory forensic mechanism that aims to provide automated full-system volatile memory inspection of virtual machine (VM) snapshots, with (The Hacker News)

BEC Hotshot with Opulent Social Media Presence to Face U.S. Charges

The Nigerian native has been extradited from Dubai after a string of over-the-top Instagram posts. (Threatpost)

Keeper Threat Group Rakes in $7M from Hundreds of Compromised E-Commerce Sites

Researchers warn that Keeper, using Magecart code, will launch increasingly sophisticated attacks against online merchants worldwide in the coming months. (Threatpost)

Cerberus Banking Trojan Unleashed on Google Play

The Cerberus malware can steal banking credentials, bypass security measures and access text messages. (Threatpost)

Citrix Bugs Allow Unauthenticated Code Injection, Data Theft

Admins should patch their Citrix ADC and Gateway installs immediately. (Threatpost)

Credit-Card Skimmer Has Unlikely Target: Microsoft ASP.NET Sites

A campaign discovered by Malwarebytes Labs in mid-April has lifted credentials from a number of e-commerce portals. (Threatpost)

First-Ever Russian BEC Gang, Cosmic Lynx, Uncovered

Researchers warn that Cosmic Lynx targets firms that don't use DMARC and uses a "mergers and acquisitions" pretext that can lead to large sums of money being stolen. (Threatpost)

06-07-202008-07-2020

/security-daily/ 08-07-2020 23:44:23