Security daily (08-06-2021)

Chinese hackers implicated in breach of Russian government agencies

Chinese hackers were likely behind a series of intrusions at Russian government agencies last year, security firm SentinelOne said Tuesday. Malicious code used in the breaches is similar to hacking tools associated with a broad set of suspected Chinese spies that have also targeted Asian governments in recent years, SentinelOne researchers said. SentinelOne’s research builds on a report released last month by the Federal Security Service (FSB), one of Russia’s main spy agencies, and the cyber unit of telecom firm Rostelecom. It said Russian government agencies had been targeted by “cyber mercenaries pursuing the interests of the foreign state.” The attackers collected stolen data using top Russian technology providers Yandex and Mail.Ru, according to the report, which did not name a culprit in the breaches. SentinelOne’s findings point to a reality that is often overlooked in U.S.-centric cybersecurity discussions: that the Russian and Chinese governments conduct plenty of cyber-espionage against each […] The post Chinese hackers implicated in breach of Russian government agencies appeared first on CyberScoop. (CyberScoop)

Colonial Pipeline CEO says company didn't have plan for potential ransomware attack

Colonial Pipeline did not have guidance in place on how to handle a ransom demand from cybercriminals who locked up its systems, its CEO testified in a hearing before the Senate Homeland Security and Governmental Affairs Committee Tuesday. The company’s failure to prepare explicitly for a ransomware attack — despite warnings from Homeland Security Department’s Cybersecurity and Infrastructure Security Agency as early as February 2020 about the risk of such attacks against the pipeline industry — underscores growing concerns from lawmakers that the critical sector needs tighter regulations when it comes to cybersecurity. “We have an emergency response process: See the threat, contain the threat, remediate the threat, and restore,” Colonial Pipeline CEO Joseph Blount said in response to a question from Sen. Maggie Hassan, D-N.H. about ransomware-specific guidance. “So in this case, you use the same process, but you use a different set of experts.” Hassan chastized Blount’s response, […] The post Colonial Pipeline CEO says company didn't have plan for potential ransomware attack appeared first on CyberScoop. (CyberScoop)

Ransomware hits iConstituent, a service lawmakers use to communicate with voters

The scourge of ransomware has now hit closer to home for U.S. politicians. Ransomware has impacted the newsletter service of iConstituent, a firm that U.S. lawmakers use to contact constituents, the House of Representatives’ Chief Administrative Officer (CAO) said Tuesday. Individual offices choose to buy iConstituent services, which include virtual town halls, email and texting, and other data services. “At this time, the CAO is not aware of any impact to House data,” the CAO office said in an emailed statement. “The CAO is coordinating with the impacted offices supported by iConstituent and has taken measures to ensure that the attack does not affect the House network and offices’ data.” iConstituent boasts that its software “supports millions of digital interactions between people and their governments each year.” It was unclear Tuesday morning how broadly the incident would impact House legislators’ communication with constituents. The Washington-based firm did not immediately respond […] The post Ransomware hits iConstituent, a service lawmakers use to communicate with voters appeared first on CyberScoop. (CyberScoop)

Trickbot indictment demonstrates how one hacking tool built on older malware

More than five years ago, Russian authorities reportedly raided a Moscow-based film company affiliated with the scammers behind Dyre, a notorious piece of malicious software linked with tens of millions of dollars in losses. No charges against the hackers were made public, but scams using the Dyre banking trojans seemed to abruptly disappear. A U.S. indictment unsealed last week confirmed what security researchers had long suspected: From the ashes of Dyre sprung TrickBot, a piece of malicious code that has caused untold financial costs by infecting tens of millions of computers worldwide and playing a part in a series of ransomware attacks. TrickBot rose to such prominence, and menace, that U.S. military hackers took aim at its infrastructure ahead of the 2020 election to reduce the potential for ransomware attacks that could disrupt the vote. The episode exemplifies how cybercriminal groups can evolve and, drawing on old hacking tools, haunt […] The post Trickbot indictment demonstrates how one hacking tool built on older malware appeared first on CyberScoop. (CyberScoop)

These High-Quality Courses Are Only $49.99

Project managers — and those hoping to become one — should rejoice at this killer deal. The Project Manager's Essential Certification Bundle Ft. Scrum, Agile & PMP usually runs for $1,990 but is only $49.99 for a limited time.

The bundle features training on all the essential tools highly efficient program managers should know. This includes Scrum, Agile, and PMP.

Scrum is most common in software development, but it also lends itself well to professionals in the marketing world. As for Agile, it's supposed to help keep you self-organized and find the proper solutions to serve your customer... more (Null Byte « WonderHowTo)

How to Perform Advanced Man-in-the-Middle Attacks with Xerosploit

A man-in-the-middle attack, or MitM attack, is when a hacker gets on a network and forces all nearby devices to connect to their machine directly. This lets them spy on traffic and even modify certain things. Bettercap is one tool that can be used for these types of MitM attacks, but Xerosploit can automate high-level functions that would normally take more configuration work in Bettercap.

Xerosploit rides on top of a few other tools, namely, Bettercap and Nmap, automating them to the extent that you can accomplish these higher-level concepts in just a couple of commands.

However, Xerosploit... more (Null Byte « WonderHowTo)

Windows Container Malware Targets Kubernetes Clusters

(News ≈ Packet Storm)

Apple Continues Privacy War With App Tracker Reports

(News ≈ Packet Storm)

Majority Of Ransom Paid By Colonial Pipeline Seized By DOJ

(News ≈ Packet Storm)

How The FBI And AFP Accessed Encrypted Messages In TrojanShield Investigation

(News ≈ Packet Storm)

New UAF Vulnerability Affecting Microsoft Office to be Patched Today

Four security vulnerabilities discovered in the Microsoft Office suite, including Excel and Office online, could be potentially abused by bad actors to deliver attack code via Word and Excel documents. "Rooted from legacy code, the vulnerabilities could have granted an attacker the ability to execute code on targets via malicious Office documents, such as Word, Excel and Outlook," researchers (The Hacker News)

Top 10 Privacy and Security Features Apple Announced at WWDC 2021

Apple on Monday announced a number of privacy and security-centric features to its upcoming versions of iOS and macOS at its all-online Worldwide Developers Conference. Here is a quick look at some of the big-ticket changes that are expected to debut later this fall: 1 — Decouple Security Patches from Feature Updates: As rumored before, users now have a choice between two software update (The Hacker News)

U.S. Recovers $2.3 Million Ransom Paid to Colonial Pipeline Hackers

In a major blow, the U.S. Department of Justice on Monday said it has recovered 63.7 bitcoins (currently valued at $2.3 million) paid by Colonial Pipeline to the DarkSide ransomware extortionists on May 8, pursuant to a seizure warrant that was authorized by the Northern District of California. The ransomware attack also hobbled the pipeline company's fuel supply, prompting the government to (The Hacker News)

Shifting the focus from reactive to proactive, with human-led secure coding

The same 10 software vulnerabilities have caused more security breaches in the last 20+ years than any others. And yet, many businesses still opt for post-breach, post-event remediation, muddling through the human and business ramifications of it all. But now, a new research study points to a new, human-led direction. ‍The following discusses insights derived from a study conducted by Secure (The Hacker News)

Hackers Breached Colonial Pipeline Using Compromised VPN Password

The ransomware cartel that masterminded the Colonial Pipeline attack early last month crippled the pipeline operator's network using a compromised virtual private network (VPN) account password, the latest investigation into the incident has revealed. The development, which was reported by Bloomberg on Friday, involved gaining an initial foothold into the networks as early as April 29 through (The Hacker News)

Microsoft Patch Tuesday Fixes 6 In-The-Wild Exploits, 50 Flaws

Researchers discovered a highly targeted malware campaign launched in April, in which a new, unknown threat actor used two of the vulnerabilities that Microsoft said are under active attack. (Threatpost)

Lewd Phishing Lures Aimed at Business Explode

Socially engineered BEC attacks using X-rated material spike 974 percent. (Threatpost)

TrickBot Coder Faces Decades in Prison

A Latvian malware developer known as "Max" has been arraigned on 19 counts related to fraud, identity theft, information theft and money laundering. (Threatpost)

Google Patches Critical Android RCE Bug

Google's June security bulletin addresses 90+ bugs in Android and Pixel devices. (Threatpost)

‘An0m’ Encrypted-Chat Sting Leads to Arrest of 800

The FBI and Australian law enforcement set up the encrypted chat service and ran it for over 3 years, seizing weapons, drugs and over $48m in cash. (Threatpost)

Billions of Compromised Records and Counting: Why the Application Layer is Still the Front Door for Data Breaches

Security teams should brace for an unsettling and unprecedented year, as we’re on pace to see 40 billion records compromised by the end of 2021. Imperva’s Terry Ray explains what security teams need to do to bolster their defenses. (Threatpost)

Evil Corp Impersonates PayloadBin Group to Avoid Federal Sanctions

The cybercriminals try to pin new ransomware on Babuk Locker in an effort to fly under the radar of an ongoing FBI investigation. (Threatpost)


/security-daily/ 09-06-2021 23:44:23