Security daily (09-06-2020)

AWS achieves its first PCI 3DS attestation

We are pleased to announce that Amazon Web Services (AWS) has achieved its first PCI 3-D Secure (3DS) certification. Financial institutions and payment providers are implementing EMV 3-D Secure services to support application-based authentication, integration with digital wallets, and browser-based e-commerce transactions. Although AWS doesn’t perform 3DS functions directly, the AWS PCI 3DS attestation of […] (AWS Security Blog)

Shoddy US government review of Chinese telcos endangered national security, Senate panel finds

For decades, the U.S. government’s process for reviewing the cybersecurity risks of Chinese telecommunications companies operating in the U.S. has been so haphazard that it has “endangered our national security,” a bipartisan Senate review released Tuesday found. The Senate Permanent Subcommittee on Investigations said that the group responsible for these kinds of reviews, made up of national security officials from the Departments of Defense, Homeland Security, and Justice, largely failed to rein in Chinese telecommunications companies because of an “informal” process, insufficient resourcing, and a lack of statutory authority. Federal Communications Commission commissioners have likened the group’s review to an “inextricable black hole,” the report said. As a result of minimal oversight from the group, known as “Team Telecom,” Chinese state-owned telecommunications companies have been able to operate with relative impunity, even as concerns have mounted that Chinese state-owned companies could be enabling espionage backed by the Chinese government within the […] The post Shoddy US government review of Chinese telcos endangered national security, Senate panel finds appeared first on CyberScoop. (CyberScoop)

DHS’s cyber wing pledges to invest more in industrial control systems security

The Department of Homeland Security’s cybersecurity division on Tuesday unveiled a strategy to help protect industrial control systems that support energy, transportation, and other critical sectors from being hacked. The goal is to use data analytics, enhanced training, and better technology to help guard U.S. critical infrastructure operators from foreign hacking groups that have shown a steady interest in their networks. “We’re going to ask more of the ICS community, but we’re also going to deliver more to you,” Chris Krebs, head of DHS’s Cybersecurity and Infrastructure Security Agency, said at a virtual meeting of the ICS Joint Working Group, a government-industry initative. A better understanding of cybersecurity risk in the industrial space can lead to “being out in front of the adversary…putting friction into their plans so that they have to…develop new capabilities,” Krebs said. “We’re going to develop deep data capabilities to analyze and deliver information the community […] The post DHS’s cyber wing pledges to invest more in industrial control systems security appeared first on CyberScoop. (CyberScoop)

Computer network ‘disruption’ forces Honda to cancel some production

A “disruption” to Japanese carmaker Honda’s computer network forced the company to cancel some production operations on Monday, according to a company spokesperson. The incident occurred Sunday and Honda’s IT personnel are still responding to the situation, Honda spokesman Chris Abbruzzese told CyberScoop. He declined to answer questions on the cause of the incident or where it was affecting the company geographically. But another statement from Honda to the BBC said the incident has “also [had] an impact on production systems outside of Japan.” Cybersecurity researchers said that malicious software samples associated with the incident suggested a ransomware attack had occurred. Vitali Kremez, a strategic adviser to cybersecurity company SentinelOne, said he suspected a strain of ransomware known as Snake or EKANS was the cause of the incident. The ransomware appears to have been coded to check that it was on Honda’s networks before executing, Kremez said. EKANS ransomware emerged last […] The post Computer network ‘disruption’ forces Honda to cancel some production appeared first on CyberScoop. (CyberScoop)

Vast hack-for-hire scheme against activists, corporate targets tied to Indian IT firm

An Indian cybersecurity firm operated a widespread hack-for-hire scheme that, for a span of seven years, aimed to steal passwords from journalists, advocacy groups, investment firms and an array of other targets, according to new research. Since 2013, thousands of people throughout the world have been targeted with phishing emails that appeared to come from friends, co-workers, Facebook, pornography websites and other sources. In fact, the emails aimed to trick recipients into providing their username and password to BellTroX InfoTech Services, an Indian security firm that aimed to hack organizations on behalf of its clients, according to the internet watchdog group Citizen Lab, a research group affiliated with the University of Toronto. Citizen Lab did not provide details on the company’s clients, but did count the net neutrality advocacy groups Fight for the Future and the Electronic Frontier Foundation among the intended victims. Environmental groups working on the #ExxonKnew campaign, which […] The post Vast hack-for-hire scheme against activists, corporate targets tied to Indian IT firm appeared first on CyberScoop. (CyberScoop)

After threatening me with legal action, Keepnet Labs finally issues statement over data breach

UK security company Keepnet Labs has finally publicly confirmed that a database it had collated containing more than five billion records from past data breaches was “briefly exposed” on the internet. (Graham Cluley)

Cryptomining criminals under the spotlight – a SophosLabs report

A new SophosLabs report takes you inside a cryptomining gang. (Naked Security)

Facebook labels ‘state-controlled’ Russian, Chinese, Iranian media

Facebook users will see notices labeling "state-controlled media", based on criteria such as funding, editorial independence, ownership structure and more. (Naked Security)

Brave CEO apologises for adding affiliate links to URLs

The Brave browser has provoked unhappiness among some of its users after being caught redirecting searches to affiliate links that earned it commission. (Naked Security)

Adobe Warns Of Critical Flaws In Flash Player, Framemaker

(News ≈ Packet Storm)

Dark Basin Hack-For-Hire Group Targeted Thousands

(News ≈ Packet Storm)

IBM Quits Facial Recognition Market Over Police Racial Profiling Concerns

(News ≈ Packet Storm)

Honda Confirms Its Network Has Been Hit By A Cyber Attack

(News ≈ Packet Storm)

What is a Website Defacement?

Website defacement is the most obvious sign of a hack. In these cases, bad actors who have gained access to an environment leave their mark through digital vandalism. For website owners, it means trying to access your homepage, only to find all of the code and content you’ve worked on replaced with something like this:

While many website hacks are designed for financial gain, website defacements are a different kind of hack. Continue reading What is a Website Defacement? at Sucuri Blog. (Sucuri Blog)

Indian IT Company Was Hired to Hack Politicians, Investors, Journalists Worldwide

A team of cybersecurity researchers today outed a little-known Indian IT firm that has secretly been operating as a global hackers-for-hire service or hacking-as-a-service platform.

Based in Delhi, BellTroX InfoTech allegedly targeted thousands of high-profile individuals and hundreds of organizations across six continents in the last seven years.

Hack-for-hire services do not operate as a (The Hacker News)

SMBleed: A New Critical Vulnerability Affects Windows SMB Protocol

Cybersecurity researchers today uncovered a new critical vulnerability affecting the Server Message Block (SMB) protocol that could allow attackers to leak kernel memory remotely, and when combined with a previously disclosed "wormable" bug, the flaw can be exploited to achieve remote code execution attacks.

Dubbed "SMBleed" (CVE-2020-1206) by cybersecurity firm ZecOps, the flaw resides in (The Hacker News)

Magecart Targets Emergency Services-related Sites via Insecure S3 Buckets

Hacking groups are continuing to leverage misconfigured AWS S3 data storage buckets to insert malicious code into websites in an attempt to swipe credit card information and carry out malvertising campaigns.

In a new report shared with The Hacker News, cybersecurity firm RiskIQ said it identified three compromised websites belonging to Endeavor Business Media last month that are still hosting (The Hacker News)

Microsoft June Patch Tuesday Fixes 129 Flaws in Largest-Ever Update

The June Patch Tuesday update included CVEs for 11 critical remote code-execution vulnerabilities and concerning SMB bugs. (Threatpost)

Espionage Group Hits U.S. Utilities with Sophisticated Spy Tool

The FlowCloud modular remote-access trojan (RAT) has overlaps with the LookBack malware. (Threatpost)

Adobe Warns of Critical Flaws in Flash Player, Framemaker

Critical Adobe Flash Player and Framemaker flaws could enable arbitrary code execution. (Threatpost)

Dark Basin Hack-For-Hire Group Targeted Thousands Over 7 Years

Thousands of journalists, advocacy groups and politicians worldwide were targeted by Dark Basin. (Threatpost)


/security-daily/ 10-06-2020 23:44:21