06-10-202108-10-2021

Security daily (07-10-2021)

Update the alternate security contact across your AWS accounts for timely security notifications

Amazon Web Services (AWS) will send you important security notifications from time to time related to your account. From a security perspective, the ability for AWS Security to reach you in a timely manner is important whether you have one AWS account or thousands. These notifications could include alerts from AWS Security for potentially fraudulent activity […] (AWS Security Blog)

Google blames suspected Russian hacking group for targeting 14,000 Gmail users

Russian hackers targeted approximately 14,000 Gmail users last month, according to the company’s Threat Analysis Group. While 100% of the emails were blocked by spam, Google TAG director Shane Huntley characterized the batch as “above average” on Twitter. The campaign from the group known at APT28 made up 86% of Google’s recent alerts to users about government-backed attackers, Huntley said in an email. Google batches these kinds of alerts to users rather than during the moment of detection to help keep attackers from figuring out their defense strategies, he explained. Several Gmail users reported on Twitter receiving the alert, including several researchers and journalists. Huntley said the campaign was targeted “across a wide variety of industries.” APT28, also known as Fancy Bear, is best known for hacking the Democratic Party ahead of the 2016 U.S. election. The group has received less attention in recent months in comparison to sweeping hacking […] The post Google blames suspected Russian hacking group for targeting 14,000 Gmail users appeared first on CyberScoop. (CyberScoop)

Emergent ransomware gang FIN12 strikes hospitals, moves quickly against big targets

A Russian-speaking ransomware gang in recent months has aggressively targeted North American organizations with more than $300 million in revenue, with a ruthless focus on the health care sector amid the COVID-19 pandemic, according to new findings. The threat intelligence firm Mandiant published details Thursday about a group it calls FIN12, a gang that moves quickly and uses an array of established hacking tools to infiltrate its targets. Over the past year, hackers have kept investigators busy, accounting for 20% of the ransomware incidents that Mandiant has responded to, with the next highest attackers at 5%, according to Kimberly Goody, the company’s director of cyber crime analysis. “They have a significantly higher cadence of attacks from our perspective,” she said. “We also see that, unlike other threat actors, this group has also aggressively pursued victims in critical sectors like health care, even during the pandemic, which had resulted in several actors saying that […] The post Emergent ransomware gang FIN12 strikes hospitals, moves quickly against big targets appeared first on CyberScoop. (CyberScoop)

S3 Ep53: Apple Pay, giftcards, cybermonth, and ransomware busts [Podcast]

Latest episode - listen now! (Naked Security)

The Twitch Hack Is Worse For Streamers Than For Twitch

(News ≈ Packet Storm)

Dubai Ruler Hacked Ex-Wife Using NSO Pegasus Spyware, High Court Finds

(News ≈ Packet Storm)

The Justice Department Has A New Team Of Crypto Cops

(News ≈ Packet Storm)

Canopy Parental Control App Wide Open To Unpatched XSS Bugs

(News ≈ Packet Storm)

New Cybersecurity Regulations Released By TSA For Trains And Planes

(News ≈ Packet Storm)

New Patch Released for Actively Exploited 0-Day Apache Path Traversal to RCE Attacks

The Apache Software Foundation on Thursday released additional security updates for its HTTP Server product to remediate what it says is an "incomplete fix" for an actively exploited path traversal and remote code execution flaw that it patched earlier this week. CVE-2021-42013, as the new vulnerability is identified as, builds upon CVE-2021-41773, a flaw that impacted Apache web servers running (The Hacker News)

Code Execution Bug Affects Yamale Python Package — Used by Over 200 Projects

A high-severity code injection vulnerability has been disclosed in 23andMe's Yamale, a schema and validator for YAML, that could be trivially exploited by adversaries to execute arbitrary Python code. The flaw, tracked as CVE-2021-38305 (CVSS score: 7.8), involves manipulating the schema file provided as input to the tool to circumvent protections and achieve code execution. Particularly, the  (The Hacker News)

Penetration Testing Your AWS Environment - A CTO's Guide

So, you've been thinking about getting a Penetration Test done on your Amazon Web Services (AWS) environment. Great! What should that involve exactly?  There are many options available, and knowing what you need will help you make your often limited security budget go as far as possible. Broadly, the key focus areas for most penetration tests involving AWS:

Your externally accessible cloud (The Hacker News)

New U.S. Government Initiative Holds Contractors Accountable for Cybersecurity

The U.S. government on Wednesday announced the formation of a new Civil Cyber-Fraud Initiative that aims to hold contractors accountable for failing to meet required cybersecurity requirements in order to safeguard public sector information and infrastructure. "For too long, companies have chosen silence under the mistaken belief that it is less risky to hide a breach than to bring it forward (The Hacker News)

Apple now requires all apps to make it easy for users to delete their accounts

All third-party iOS, iPadOS, and macOS apps that allow users to create an account should also provide a method for terminating their accounts from within the apps beginning next year, Apple said on Wednesday. "This requirement applies to all app submissions starting January 31, 2022," the iPhone maker said, urging developers to "review any laws that may require you to maintain certain types of (The Hacker News)

Twitch Suffers Massive 125GB Data and Source Code Leak Due to Server Misconfiguration

Interactive livestreaming platform Twitch acknowledged a "breach" after an anonymous poster on the 4chan messaging board leaked its source code, an unreleased Steam competitor from Amazon Game Studios, details of creator payouts, proprietary software development kits, and other internal tools. The Amazon-owned service said it's "working with urgency to understand the extent of this," adding the (The Hacker News)

Poorly Configured Apache Airflow Instances Leak Credentials for Popular Services

Cybersecurity researchers on Monday discovered misconfigurations across older versions of Apache Airflow instances belonging to a number of high-profile companies across various sectors, resulting in the exposure of sensitive credentials for popular platforms and services such as Amazon Web Services (AWS), Binance, Google Cloud Platform (GCP), PayPal, Slack, and Stripe. "These unsecured (The Hacker News)

Navy Warship’s Facebook Page Hacked to Stream ‘Age of Empires’ Gaming

The destroyer-class USS Kidd streamed hours of game play in a funny incident that has serious cybersecurity ramifications. (Threatpost)

Twitch Leak Included Emails, Passwords in Clear Text: Researcher

A researcher combed through the Twitch leak and found what they said was evidence of PayPal chargebacks with names and emails; employees' emails; and more. (Threatpost)

4 Key Questions for Zero-Trust Success

Anurag Kahol, CTO & co-founder at Bitglass, offers tips for avoiding implementation pitfalls for zero trust. (Threatpost)

06-10-202108-10-2021

/security-daily/ 08-10-2021 23:44:22