Security daily (08-12-2020)

How to protect a self-managed DNS service against DDoS attacks using AWS Global Accelerator and AWS Shield Advanced

In this blog post, I show you how to improve the distributed denial of service (DDoS) resilience of your self-managed Domain Name System (DNS) service by using AWS Global Accelerator and AWS Shield Advanced. You can use those services to incorporate some of the techniques used by Amazon Route 53 to protect against DDoS attacks. […] (AWS Security Blog)

FireEye says hackers stole its red-team tools, suggests state-sponsored group is to blame

FireEye, one of the most influential cybersecurity companies in the world, on Tuesday revealed that it had been breached by a suspected state-sponsored hacking group. FireEye CEO Kevin Mandia said that the FBI and security experts at Microsoft were helping investigate the incident, in which attackers accessed the tools FireEye uses to simulate attacks against clients. “Their initial analysis supports our conclusion that this was the work of a highly sophisticated state-sponsored attacker utilizing novel techniques,” Mandia said in a blog post. Attackers stole so-called red team tools, which security firms use to imitate real-world hacks on behalf of their clients. Such red team tools from a respected firm like FireEye would provide malicious attackers with a kind of roadmap on how to subvert defenses, and breach victims. The hackers who broke into FireEye’s network “primarily sought information related to certain government customers,” Mandia said. The FireEye chief executive said […] The post FireEye says hackers stole its red-team tools, suggests state-sponsored group is to blame appeared first on CyberScoop. (CyberScoop)

Bug could expose patient data from GE medical imaging devices, researchers warn

Security researchers have discovered a software vulnerability that could allow an attacker to steal sensitive patient data handled by X-ray, MRI machines and other medical devices made by General Electric. All told, the issue affects more than 100 models of devices, according to CyberMDX, the medical security company that publicly disclosed the vulnerability on Tuesday. While there is no evidence that hackers have exploited the vulnerability for their own gain, the flaw points to the recurring issue of health care devices using insecure communication channels and potentially exposing patient data to theft. In this case, the maintenance software for the GE medical devices used publicly-exposed login credentials, which could allow attackers to execute code on the devices. “The bigger picture here is authentication and it’s a problem that’s unfortunately typical for medical devices,” said Elad Luz, a researcher at CyberMDX. Using the vulnerability to steal patient data would require a […] The post Bug could expose patient data from GE medical imaging devices, researchers warn appeared first on CyberScoop. (CyberScoop)

Former CISA Director Chris Krebs sues Trump campaign, lawyer after death threats

Chris Krebs, a former U.S. cybersecurity official whom President Donald Trump fired for saying the 2020 election was secure, has sued the Trump campaign, one of its lawyers and the conservative media outlet Newsmax for defamation after the lawyer made violent threats against Krebs. The lawyer, Joe diGenova, said last week in a video on Newsmax that Krebs should be “taken out at dawn and shot” and “drawn and quartered” for contradicting Trump’s baseless claims of widespread fraud and saying the election was secure. Krebs filed suit in a Maryland court on Tuesday, asking for monetary damages and for Newsmax to remove any recording of the threatening video from its website. The lawsuit cites numerous death threats Krebs has received via text and email since. The filing also accuses Trump and his legal team of carrying out a “pernicious conspiracy” to defame other Republicans who have refuted the president’s claims […] The post Former CISA Director Chris Krebs sues Trump campaign, lawyer after death threats appeared first on CyberScoop. (CyberScoop)

Former NSA contractor Reality Winner loses appeal, will remain imprisoned

The former National Security Agency contractor convicted in 2018 of illegally leaking top secret information to a news organization will remain in federal prison after an appeals court upheld a ruling against a compassionate release amid the COVID-19 pandemic. The eight-page opinion Monday from the U.S. Court of Appeals for 11th Circuit backed an earlier ruling that lawyers for Reality Winner had not sufficiently shown that her medical conditions or prison conditions justified an early release. The appeals court didn’t rule on the merits of Winner’s argument — it simply said the lower court had considered her request properly. “After careful consideration and with the benefit of oral argument, we conclude that the District Court did not abuse its discretion in denying Ms. Winner’s motion,” Monday’s opinion says. “Because we resolve her appeal on this basis alone, we need not (and do not) address Ms. Winner’s other arguments.” In early […] The post Former NSA contractor Reality Winner loses appeal, will remain imprisoned appeared first on CyberScoop. (CyberScoop)

Norwegian police implicate Fancy Bear in parliament hack, describe ‘brute forcing’ of email accounts

Norwegian authorities on Tuesday got more specific in their accusation of Russian involvement in an August cyberattack on Norwegian parliament, implicating the same notorious group of suspected Russian military intelligence hackers accused of interfering in the 2016 U.S. election. Fancy Bear or APT28 — a group of hackers linked with Russia’s GRU military agency — was likely behind the breach, which resulted in the theft of “sensitive content” from some Norwegian lawmakers’ email accounts, Norway’s national police agency said in a statement. The attackers used a common technique called “brute forcing,” which bombards accounts with passwords until one works, to access the Norwegian parliament’s email system, according to the statement signed by Norwegian police attorney Anne Karoline Bakken Staff. The Fancy Bear operatives then tried to move further into parliament’s IT systems, according to the statement, but were unsuccessful. The intrusions were part of a broader suspected Fancy Bear campaign […] The post Norwegian police implicate Fancy Bear in parliament hack, describe ‘brute forcing’ of email accounts appeared first on CyberScoop. (CyberScoop)

Vishing criminals let rip with two scams at once

It would be funny if it weren't a crime. (Naked Security)

Norway Says Russian Hacking Group APT28 Is Behind August 2020 Parliament Hack

(News ≈ Packet Storm)

Iran To Issue License For National Bug Bounty Program

(News ≈ Packet Storm)

Police Officer Abused Vehicle Database To Track Down Women Drivers

(News ≈ Packet Storm)

Russian State Hackers Using VMware Flaw To Hack Networks

(News ≈ Packet Storm)

Fake WordPress Functions Conceal assert() Backdoor

A few weeks ago, I was manually inspecting some files on a compromised website. While checking on a specific WooCommerce file, I noticed something interesting. Among 246 other lines, this very specific part stood out to me: $config = wpdbaseconfiginit('assert'); For those readers familiar with PHP functions commonly misused by hackers, you may have already spotted _assert as something suspicious. Since it resembles the assert() function, let’s check the PHP definition of the function: bool assert ( mixed $assertion [, string $description ] ) assert() will check the given assertion and take appropriate action if its result is FALSE. Continue reading Fake WordPress Functions Conceal assert() Backdoor at Sucuri Blog. (Sucuri Blog)

Google Patches Critical Wi-Fi and Audio Bugs in Android Handsets

Google updates its mobile OS, fixing ten critical bugs, including one remote code execution flaw. (Threatpost)

FireEye Cyberattack Compromises Red-Team Security Tools

An attacker stole FireEye's Red Team assessment tools that the company uses to test its customers’ security. (Threatpost)

Divers Pull Rare Surviving WWII Enigma Cipher Machine from Bottom of the Baltic

This sealogged Nazi machine will undergo restoration. (Threatpost)

Microsoft Wraps Up a Lighter Patch Tuesday for the Holidays

Nine critical bugs and 58 overall fixes mark the last scheduled security advisory of 2020. (Threatpost)

Apple Manufacturer Foxconn Confirms Cyberattack

Manufacturing powerhouse confirmed North American operations impacted by November cyberattack. (Threatpost)

The Remote-Work Transition Shifts Demand for Cyber Skills

According to Cyberseek, an interactive mapping tool that tracks the current state of the security job market, there are more than half a million open cybersecurity positions available in the U.S. alone (522,000). (Threatpost)


/security-daily/ 09-12-2020 23:46:00