Security daily (08-07-2021)

Automate resolution for IAM Access Analyzer cross-account access findings on IAM roles

In this blog post, we show you how to automatically resolve AWS Identity and Access Management (IAM) Access Analyzer findings generated in response to unintended cross-account access for IAM roles. The solution automates the resolution by responding to the Amazon EventBridge event generated by IAM Access Analyzer for each active finding. You can use identity-based […] (AWS Security Blog)

Automatically update AWS WAF IP sets with AWS IP ranges

Note: This blog post describes how to automatically update AWS WAF IP sets with the most recent AWS IP ranges for AWS services. This related blog post describes how to perform a similar update for Amazon CloudFront IP ranges that are used in VPC Security Groups. You can use AWS Managed Rules for AWS WAF […] (AWS Security Blog)

Suspected Chinese hackers target telecoms, research in Taiwan, Recorded Future says

A suspected Chinese state-sponsored group is targeting telecommunications organizations in Taiwan, Nepal and the Philippines, researchers at Recorded Future’s Insikt Group said in a report Thursday. Researchers noticed intrusions from the group, which investigators called TAG-22, in June targeting telecommunications organizations including the Industrial Technology Research Institute in Taiwan, Nepal Telecom and the Department of Information and Communications Technology in the Philippines. Some of the activity appears to be ongoing as of press time, researchers said. The new findings play into a larger backdrop of apparent Chinese hackers snooping on global competition in the telecommunications space, which has become an arena of political and economic conflict between China and the United States. “In particular, the targeting of the ITRI is notable due to its role as a technology research and development institution that has set up and incubated multiple Taiwanese technology firms,” researchers wrote. They noted that the organization is […] The post Suspected Chinese hackers target telecoms, research in Taiwan, Recorded Future says appeared first on CyberScoop. (CyberScoop)

Houston man sentenced to 7 years for attempted $2 million romance scam

A U.S. federal judge sentenced a Nigerian national to 87 months in prison for his role in trying to steal more than $2 million from victims via romance scams and spoofed email requests for wire transfer payments. The judge on Wednesday also ordered Akhabue Ehis Onoimoimilin, who lives in Houston, to pay back nearly $900,000 to victims of the money laundering scheme to which he pleaded guilty. The indictment in the case indicates that Onoimoimilin and a co-defendant, whose name is redacted, caused $1.7 million in actual losses from the scheme. Onoimoimilin’s role involved opening bank accounts in the name of “David Harrison” to launder money for co-conspirators. Law enforcement identified more than $400,000 in attempted losses in the accounts, for which Onoimoimilin received 10 to 15% of the funds. Onoimoimilin opened the accounts in 2015, according to prosecutors. The indictment offers few details on the romance and business email […] The post Houston man sentenced to 7 years for attempted $2 million romance scam appeared first on CyberScoop. (CyberScoop)

How REvil evolved into a ransomware collective capable of extorting Kaseya, JBS

The Russian ransomware gang REvil is loud, ambitious and particularly nasty. Even by hackers’ standards. Before claiming responsibility for a breach at the software company Kaseya, which has resulted in breaches at perhaps thousands of other businesses and newfound attention from the White House, the group accounted for less than 10% of known ransomware victims, according to the threat intelligence firm Recorded Future. Now, it accounts for 42%. As U.S. national security officials and much of the cybersecurity community race to mitigate the fallout from the Kaseya incident, the incident serves as yet another reminder of how groups of scammers are making millions of dollars after years of honing their tradecraft. A “conservative estimate” by IBM placed REvil’s 2020 profits at $123 million, first among ransomware gangs, while multiple firms said the gang’s malware was the most common digital extortion tool. That was before the REvil group also struck the […] The post How REvil evolved into a ransomware collective capable of extorting Kaseya, JBS appeared first on CyberScoop. (CyberScoop)

S3 Ep40: Kaseya breach, PrintNightmare 0-day, and hacking versus the law [Podcast]

Latest episode - listen now! (Naked Security)

Microsoft's Emergency PrintNightmare Patch Fails

(News ≈ Packet Storm)

Coursera API Vulns Disclosed By Researchers

(News ≈ Packet Storm)

Singapore Sees Spikes In Ransomware, Botnet Attacks

(News ≈ Packet Storm)

Critical Sage X3 RCE Bug Allows Full System Takeovers

(News ≈ Packet Storm)

Phishing Campaign Looks To Leverage Kaseya VSA Fears

(News ≈ Packet Storm)

Critical Flaws Reported in Sage X3 Enterprise Management Software

Four security vulnerabilities have been uncovered in the Sage X3 enterprise resource planning (ERP) product, two of which could be chained together as part of an attack sequence to enable adversaries to execute malicious commands and take control of vulnerable systems. These issues were discovered by researchers from Rapid7, who notified Sage Group of their findings on Feb. 3, 2021. The vendor (The Hacker News)

Experts Uncover Malware Attacks Targeting Corporate Networks in Latin America

Cybersecurity researchers on Thursday took the wraps off a new, ongoing espionage campaign targeting corporate networks in Spanish-speaking countries, specifically Venezuela, to spy on its victims. Dubbed "Bandidos" by ESET owing to the use of an upgraded variant of Bandook malware, the primary targets of the threat actor are corporate networks in the South American country spanning across (The Hacker News)

Security Awareness Training is Broken. Human Risk Management (HRM) is the Fix

Humans are an organization's strongest defence against evolving cyber threats, but security awareness training alone often isn't enough to transform user behaviour. In this guide, usecure looks at why Human Risk Management (HRM) is the new fix for building a security-savvy workforce. Don't be fooled... Businesses are investing more than ever into strengthening their employee security awareness (The Hacker News)

How to Mitigate Microsoft Print Spooler Vulnerability – PrintNightmare

This week, PrintNightmare - Microsoft's Print Spooler vulnerability (CVE-2021-34527) was upgraded from a 'Low' criticality to a 'Critical' criticality. This is due to a Proof of Concept published on GitHub, which attackers could potentially leverage for gaining access to Domain Controllers. As we reported earlier, Microsoft already released a patch in June 2021, but it wasn't enough to stop (The Hacker News)

SideCopy Hackers Target Indian Government Officials With New Malware

A cyber-espionage group has been observed increasingly targeting Indian government personnel as part of a broad campaign to infect victims with as many as four new custom remote access trojans (RATs), signaling a "boost in their development operations." Attributed to a group tracked as SideCopy, the intrusions culminate in the deployment of a variety of modular plugins, ranging from file (The Hacker News)

WildPressure APT Emerges With New Malware Targeting Windows and macOS

A malicious campaign that has set its sights on industrial-related entities in the Middle East since 2019 has resurfaced with an upgraded malware toolset to strike both Windows and macOS operating systems, symbolizing an expansion in both its targets and its strategy around distributing threats. Russian cybersecurity firm attributed the attacks to an advanced persistent threat (APT) it tracks as (The Hacker News)

Dozens of Vulnerable NuGet Packages Allow Attackers to Target .NET Platform

An analysis of off-the-shelf packages hosted on the NuGet repository has revealed 51 unique software components to be vulnerable to actively exploited, high-severity vulnerabilities, once again underscoring the threat posed by third-party dependencies to the software development process. In light of the growing number of cyber incidents that target the software supply chain, there is an urgent (The Hacker News)

Interpol Arrests Moroccan Hacker Engaged in Nefarious Cyber Activities

Law enforcement authorities with the Interpol have apprehended a threat actor responsible for targeting thousands of unwitting victims over several years and staging malware attacks on telecom companies, major banks, and multinational corporations in France as part of a global phishing and credit card fraud scheme. The two-year investigation, dubbed Operation Lyrebird by the international, (The Hacker News)

Oil & Gas Targeted in Year-Long Cyber-Espionage Campaign

A global effort to steal information from energy companies is using sophisticated social engineering to deliver Agent Tesla and other RATs. (Threatpost)

Coursera Flunks API Security Test in Researchers’ Exam

The problem APIs included numero uno on the OWASP API Security Top 10: a Broken Object Level Authorization (BOLA) issue that could have exposed personal data. (Threatpost)

How Fake Accounts and Sneaker-Bots Took Over the Internet

Jason Kent, hacker-in-residence at Cequence Security, discusses fake online accounts, and the fraud they carry out on a daily basis. (Threatpost)


/security-daily/ 09-07-2021 23:44:22