08-04-202110-04-2021

Security daily (09-04-2021)

How to set up a two-way integration between AWS Security Hub and ServiceNow

If you use both AWS Security Hub and ServiceNow, the new AWS Service Management Connector for ServiceNow integration enables you to provision, manage, and operate your AWS resources natively through ServiceNow. In this blog post, I’ll show you how to set up the new two-way integration of Security Hub and ServiceNow by using the AWS […] (AWS Security Blog)

Financial industry preps for proposal that would require 36-hour breach notification

A milestone date for an ambitious federal banking industry cybersecurity regulation that debuted at the tail end of the Trump administration has nearly arrived. Monday, April 12 marks the deadline for comments on an initial proposal that would mandate how a wide range of financial firms would need to report more kinds of cyber incidents to regulators within 36 hours. That’s a more stringent timeline that many comparable regulations; Europe’s General Data Protection Regulation notification window is twice as long, at 72 hours. The relatively quick notification requirement generated most of the attention when the Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation, and Treasury’s Office of the Comptroller of the Currency announced the rule in December. It’s expected to receive significant blowback from the financial services industry as an overly aggressive demand. Some analysts, though, cite the types of incident reports that need to be […] The post Financial industry preps for proposal that would require 36-hour breach notification appeared first on CyberScoop. (CyberScoop)

White House asks for additional $110 million in CISA funding to address cyber threats

The White House on Friday asked Congress for $110 million in additional funding in 2022 to help the Department of Homeland Security shore up federal and state defenses in the wake of high-profile hacking operations.  The money would allow DHS’s Cybersecurity and Infrastructure Security Agency to improve its defensive tools, hire more experts and “obtain support services to protect and defend federal information technology systems,” Shalanda Young, the acting director of the Office of Management and Budget, wrote in an April 9 letter to congressional appropriators. It would add to a recent $650 million funding boost for CISA that was part of the coronavirus relief package cleared by Congress. The White House’s discretionary funding request for CISA in fiscal 2022 totals $2.1 billion, or $110 million more than Congress allotted the agency the previous fiscal year. Discretionary budgets are those that Congress can alter with appropriations bills, in contrast to the […] The post White House asks for additional $110 million in CISA funding to address cyber threats appeared first on CyberScoop. (CyberScoop)

Online testing firm agrees to security audit after inquiry from senator

A company whose software has been widely used to administer law school entrance exams during the coronavirus pandemic has agreed to an independent audit of the software after a U.S. senator raised cybersecurity concerns about the product. Alabama-based ProctorU’s web-browser extension software has allowed people across the U.S. to take the LSAT exam from home during the pandemic. But Sen. Ron Wyden, D-Ore., worried that that same accessibility, if left unsecured, could give cybercriminals a foothold onto test-takers’ devices. And so, after inquiries from Wyden, ProctorU has hired outside security experts to review its software and the tool it uses for remote troubleshooting, according to the Law School Admissions Council (LSAC), which administers the LSAT. More than 145,000 LSAT exams were administered online from May 2020 to February 2021, and ProctorU appears to be the main contractor for doing so. It’s another case of privacy and security risks emerging in […] The post Online testing firm agrees to security audit after inquiry from senator appeared first on CyberScoop. (CyberScoop)

Pwn2Own 2021: Zoom, Teams, Exchange, Chrome and Edge “fully owned”

Two lucky winners scooped $200k for just 20 minutes' work - if you don't count the days, weeks and months of meticulous effort beforehand (Naked Security)

Windows And Linux Devices Are Under Attack By A New Cryptomining Worm

(News ≈ Packet Storm)

Facebook Says Data From 530M Users Was Obtained By Scraping

(News ≈ Packet Storm)

Hackers Hit 9 Countries, Expose 623,036 Payment Card Records

(News ≈ Packet Storm)

How Your Phone Can Be Hacked For $16

(News ≈ Packet Storm)

Data From 500M LinkedIn Users Posted For Sale Online

(News ≈ Packet Storm)

Critical Zoom Vulnerability Triggers Remote Code Execution Without User Input

(News ≈ Packet Storm)

Hackers Tampered With APKPure Store to Distribute Malware Apps

APKPure, one of the largest alternative app stores outside of the Google Play Store, was infected with malware this week, allowing threat actors to distribute Trojans to Android devices. In an incident that's similar to that of German telecommunications equipment manufacturer Gigaset, the APKPure client version 3.17.18 is said to have been tampered with in an attempt to trick unsuspecting users (The Hacker News)

Alert — There's A New Malware Out There Snatching Users' Passwords

A previously undocumented malware downloader has been spotted in the wild in phishing attacks to deploy credential stealers and other malicious payloads. Dubbed "Saint Bot," the malware is said to have first appeared on the scene in January 2021, with indications that it's under active development. "Saint Bot is a downloader that appeared quite recently, and slowly is getting momentum. It was (The Hacker News)

[WHITEPAPER] How to Achieve CMMC Security Compliance for Your Business

For organizations that deal with the defense infrastructure – cybersecurity is more than just a buzzword. Recently the US Department of Defense (DoD) created a new certification process – the Cybersecurity Maturity Model Certificate (CMMC) – to ensure that all its vendors and contractors follow established best cybersecurity practices. For organizations that work along the DoD supply chain, this (The Hacker News)

Cisco Will Not Patch Critical RCE Flaw Affecting End-of-Life Business Routers

Networking equipment major Cisco Systems has said it does not plan to fix a critical security vulnerability affecting some of its Small Business routers, instead urging users to replace the devices. The bug, tracked as CVE-2021-1459, is rated with a CVSS score of 9.8 out of 10, and affects RV110W VPN firewall and Small Business RV130, RV130W, and RV215W routers, allowing an unauthenticated, (The Hacker News)

Gigaset Android Update Server Hacked to Install Malware on Users' Devices

Gigaset has revealed a malware infection discovered in its Android devices was the result of a compromise of a server belonging to an external update service provider. Impacting older smartphone models — GS100, GS160, GS170, GS180, GS270 (plus), and GS370 (plus) series — the malware took the form of multiple unwanted apps that were downloaded and installed through a pre-installed system update (The Hacker News)

Researchers uncover a new Iranian malware used in recent cyberattacks

An Iranian threat actor has unleashed a new cyberespionage campaign against a possible Lebanese target with a backdoor capable of exfiltrating sensitive information from compromised systems. Cybersecurity firm Check Point attributed the operation to APT34, citing similarities with previous techniques used by the threat actor as well as based on its pattern of victimology. APT34 (aka OilRig) is (The Hacker News)

DOJ: Creep Coach Finagles Nude Athlete Photos

Allegedly perv college coach charged with cyberstalking and extorting nudes from his female athletes. (Threatpost)

623M Payment Cards Stolen from Cybercrime Forum

The database was subsequently leaked elsewhere, imperiling consumers from the U.S. and around the world. (Threatpost)

Network Detection & Response: The Next Frontier in Fighting the Human Problem

Justin Jett, director of audit and compliance for Plixer, discusses the transformation of network-traffic analytics and what it means for cybersecurity now. (Threatpost)

Data from 500M LinkedIn Users Posted for Sale Online

Like the Facebook incident earlier this week, the information — including user profile IDs, email addresses and other PII -- was scraped from the social-media platform. (Threatpost)

08-04-202110-04-2021

/security-daily/ 10-04-2021 23:44:22