Security daily (08-10-2020)

Architecting for database encryption on AWS

In this post, I review the options you have to protect your customer data when migrating or building new databases in Amazon Web Services (AWS). I focus on how you can support sensitive workloads in ways that help you maintain compliance and regulatory obligations, and meet security objectives. Understanding transparent data encryption I commonly see […] (AWS Security Blog)

Android ransomware authors have a new trick to go with an old shakedown technique

Mobile ransomware scams — in which crooks lock your phone and demand money — are nothing new. But they are getting more clever as cybercriminals find new ways to circumvent security. The latest example is a ransomware scheme targeting Android phones that Microsoft made public Thursday. According to the research, the malicious code gets around security checks that Google, which owns Android, has instituted against previous ransomware kits. Instead of abusing a permission feature that controls what apps can do on the phone, as other mobile ransomware scams have, this one triggers an incoming call notice to display the ransom note. It’s “the latest variant of a ransomware family that’s been in the wild for a while but has been evolving non-stop,” Dinesh Venkatesan, a Microsoft researcher, wrote in a blog. Mobile ransomware generally isn’t as profitable as ransomware attacks on PCs or enterprise networks. But Allan Liska, an analyst at threat […] The post Android ransomware authors have a new trick to go with an old shakedown technique appeared first on CyberScoop. (CyberScoop)

Facebook removes fake accounts it linked to Turning Point

Facebook said it removed hundreds of fake accounts and pages on Thursday that had denigrated Democratic presidential candidate Joe Biden while boosting GOP President Donald Trump. The company also said it had banned a marketing agency as part of the influence operation that it linked to prominent, youth-driven conservative organization Turning Point USA. The marketing firm, Rally Forge, also worked to undermine mail-in voting with comments on news stories posted to its platform, Facebook said. In all, the social media giant took down 200 Facebook accounts and 55 pages, as well as 76 Instagram accounts. The removal is a reminder that, with just weeks before Election Day, social media companies still are contending with the deliberate spread of misinformation from both foreign and domestic sources. Facebook in recent months has taken action against networks of white supremacists, and alleged Russian propagandists, among other networks. Other Silicon Valley firms, such as Twitter, also have taken […] The post Facebook removes fake accounts it linked to Turning Point appeared first on CyberScoop. (CyberScoop)

Takedown of 92 Iran-owned domains includes 4 used for disinformation in US, feds say

The U.S. government says it seized 92 internet domains used “to spread pro-Iranian disinformation around the globe,” including four that directly targeted U.S. audiences. Iran’s Islamic Revolutionary Guard Corps operated the domains in violation of U.S. sanctions, according to a Justice Department announcement Wednesday. The department said the operation was based on intelligence provided by Google, and was a collaborative effort between the FBI and Google, Facebook and Twitter. The other 88 domains “targeted audiences in Western Europe, the Middle East, and South East Asia and masqueraded as genuine news outlets,” the department said. The feds claimed jurisdiction over all 92 domains because the government of Iran and the IRGC ran them through “website and domain services in the United States without a license from OFAC,” the Treasury’s Office of Foreign Assets Control. The announcement is the latest in a steady stream of news about attempts by U.S. agencies or Silicon Valley giants to monitor […] The post Takedown of 92 Iran-owned domains includes 4 used for disinformation in US, feds say appeared first on CyberScoop. (CyberScoop)

Russian-speaking hackers target Russian organizations with industrial spying tools

A previously undisclosed, Russian-speaking hacking group has for the last two years been conducting targeted espionage against Russian-speaking organizations, researchers said Thursday. The type of tailored malicious code that Russian security company Kaspersky uncovered is often reserved for spying on diplomats or infiltrating telecom firms rather than corporations, researchers asserted. But these attackers have been stalking unnamed corporations, looking to siphon off certain Microsoft Office and Adobe documents. The discovery adds to a growing body of public reporting on corporate hacking that has often focused on Chinese-speaking hackers. U.S. government officials and security researchers have accused China of economic espionage for years — a charge Beijing denies. In this case, however, the hackers may be pretending to be Chinese but are really Russian speakers, according to Kaspersky. They set up online accounts for communicating with cloud computing infrastructure that “pretend to be of Chinese origin,” the researchers said. To try to ensnare their […] The post Russian-speaking hackers target Russian organizations with industrial spying tools appeared first on CyberScoop. (CyberScoop)

8 tips to tighten up your work‑from‑home network

You don't have to be an IT guru to beef up your cybersecurity at home. Sometimes it's enough to ask yourself, "Which bits can I turn off?" (Naked Security)

How to Brute-Force FTP Credentials & Get Server Access

Hackers often find fascinating files in the most ordinary of places, one of those being FTP servers. Sometimes, luck will prevail, and anonymous logins will be enabled, meaning anyone can just log in. But more often than not, a valid username and password will be required. But there are several methods to brute-force FTP credentials and gain server access.

File Transfer Protocol is a network protocol used to transfer files. It uses a client-server model in which users can connect to a server using an FTP client. Authentication takes place with a username and password, typically transmitted in... more (Null Byte « WonderHowTo)

Learn to Code for Work or Play with This Informative & Fun Bundle

There's never been a better time to learn to code. If picking up this crucial skill has been on your bucket list, the Interactive Learn to Code Bundle can get you up to speed.

Whether you want to learn to code for fun or you're eyeing a career change, these 9 courses available in this bundle make sure you know the ins and outs of SQL, JavaScript, PHP, jQuery, BootStrap, and more. And though they'd usually all retail for $112, they're available now at 73% off for only $29.99.

With courses geared toward beginners, you don't need any prior coding knowledge to jump right in and get started. Pick... more (Null Byte « WonderHowTo)

Microsoft Azure Flaws Open Admins Servers To Takeover

(News ≈ Packet Storm)

Amazon Prime Day Spurs Spike In Phishing, Fraud Attacks

(News ≈ Packet Storm)

Facebook, Twitter Dismantle Global Array Of Disinformation Networks

(News ≈ Packet Storm)

Cellmate Chastity Gadget Hack Thwarted By Screwdriver Trick

(News ≈ Packet Storm)

Researchers Find Vulnerabilities in Microsoft Azure Cloud Service

As businesses are increasingly migrating to the cloud, securing the infrastructure has never been more important. Now according to the latest research, two security flaws in Microsoft's Azure App Services could have enabled a bad actor to carry out server-side request forgery (SSRF) attacks or execute arbitrary code and take over the administration server. "This enables an attacker to quietly (The Hacker News)

RAINBOWMIX Apps in Google Play Serve Up Millions of Ad Fraud Victims

Collectively, 240 fraudulent Android apps -- masquerading as retro game emulators -- account for 14 million installs. (Threatpost)

Cisco Fixes High-Severity Webex, Security Camera Flaws

Three high-severity flaws exist in Cisco's Webex video conferencing system, Cisco’s Video Surveillance 8000 Series IP Cameras and Identity Services Engine. (Threatpost)

HEH P2P Botnet Sports Dangerous Wiper Function

The P2P malware is infecting any and all types of endpoints via brute-forcing, with 10 versions targeting desktops, laptops, mobile and IoT devices. (Threatpost)

Microsoft Azure Flaws Open Admin Servers to Takeover

Two flaws in Microsoft's cloud-based Azure App Services could have allowed server-side forgery request (SSFR) and remote code-execution attacks. (Threatpost)

Amazon Prime Day Spurs Spike in Phishing, Fraud Attacks

A spike in phishing and malicious websites aimed at defrauding Amazon.com customers aim to make Prime Day a field day for hackers. (Threatpost)

MontysThree APT Takes Unusual Aim at Industrial Targets

The newly discovered APT specializes in espionage campaigns against industrial holdings -- a rare target for spyware. (Threatpost)


/security-daily/ 09-10-2020 23:44:24