08-06-202110-06-2021

Security daily (09-06-2021)

How to implement SaaS tenant isolation with ABAC and AWS IAM

Multi-tenant applications must be architected so that the resources of each tenant are isolated and cannot be accessed by other tenants in the system. AWS Identity and Access Management (IAM) is often a key element in achieving this goal. One of the challenges with using IAM, however, is that the number and complexity of IAM […] (AWS Security Blog)

Congress pummels Colonial Pipeline CEO over government coordination after disruptive ransomware incident

Lawmakers repeatedly challenged Colonial Pipeline CEO Joseph Blount on Wednesday about the steps it took to work with the government after a May ransomware attack, often suggesting the company fell short. A long string of House Homeland Security Committee members questioned Blount about his assertion that Colonial had not, as reported, refused voluntary Transportation Security Administration cybersecurity reviews. Instead, the company delayed them due to COVID-19 restrictions and a physical move to a new building, he said. “Delaying these assessments for so long amounts to declining them, sir,” said Rep. Bonnie Watson Coleman, D-N.J., citing communications that began in March of 2020. “It raises serious questions,” she said, while noting that her information says that Colonial turned down even a virtual assessment offer before the ransomware attack that led to fuel delivery slowdowns last month. Colonial has now scheduled a TSA review for late July, Blount said. Blount’s answers about government […] The post Congress pummels Colonial Pipeline CEO over government coordination after disruptive ransomware incident appeared first on CyberScoop. (CyberScoop)

Amazon's Sidewalk, a neighborhood device network, is 'uncharted territory' for data privacy, watchdogs say

A new Amazon feature aimed at keeping users’ home devices connected to the internet by using a friendly slice of neighborhood broadband is already raising concerns about unintended privacy consequences. Amazon’s Sidewalk network pulls slivers of broadband from its users to create a larger network to extend the range for devices further from a users’ home, such as the tracking device Tile or smart lighting at the edge of a users’ property. Benefits of such technology include helping a user find a lost dog or car keys, Amazon touts. It could also keep devices online if the internet of an individual user goes out. Concerns about the expansion of existing home devices’ reach draws on lingering anxieties about internet-connected home devices. Amazon, Google, and other major home security devices have all suffered significant hacks in recent years, while some have collected an alarming amount of users’ private data. Ring’s doorbell […] The post Amazon's Sidewalk, a neighborhood device network, is 'uncharted territory' for data privacy, watchdogs say appeared first on CyberScoop. (CyberScoop)

Biden revokes TikTok ban, issues new guidance for evaluating foreign apps

President Joe Biden on Wednesday issued an executive order that overturns Trump-era efforts to ban Chinese applications TikTok and WeChat while offering new guidelines for federal agencies to assess the national security risks of such software. The order emphasizes additional criteria for the Commerce Department to use in assessing whether to restrict U.S. use of foreign software apps. Those criteria include whether the technology is connected to foreign military or intelligence agencies, or involved in malicious cyber activity or the collection of sensitive personal data. The order is a reprieve for TikTok, a popular video-sharing app owned by Beijing-based firm ByteDance. Then-President Donald Trump issued an order that sought to ban U.S. companies from providing internet and content delivery services to TikTok, citing concerns that Chinese spies could exploit that data. But implementation of that order has been held up by legal challenges waged by TikTok, which has denied improper […] The post Biden revokes TikTok ban, issues new guidance for evaluating foreign apps appeared first on CyberScoop. (CyberScoop)

Emerging 'Prometheus' ransomware claims 30 victims in a dozen countries, Palo Alto Networks says

A new ransomware group claims to have breached 30 organizations in government, financial services, health care services, and energy firms in the United States, United Kingdom, and a dozen more countries, according to Palo Alto Networks research published Wednesday. The group, which Palo Alto researchers have dubbed “Prometheus,” most frequently targets the manufacturing industry. The activity comes amid ongoing concern about the effect of ransomware on national security and global supply chains after incidents at Colonial Pipeline and the meat-processing corporation JBS. “The Prometheus ransomware gang has the potential to target organizations that would lead to national concerns,” Doel Santos, threat intelligence analyst at Palo Alto Networks’ Unit 42, wrote in an email. “These threat actors are opportunistic. They are willing to target any organization.” The group has also targeted victims in manufacturing, logistics, consulting, agriculture, insurance, and legal industries. Prometheus claims to be affiliated with REvil, a Russia-based hacking […] The post Emerging 'Prometheus' ransomware claims 30 victims in a dozen countries, Palo Alto Networks says appeared first on CyberScoop. (CyberScoop)

How could the FBI recover BTC from Colonial’s ransomware payment?

But Bitcoins are anonymous! However could they get refunded? (Naked Security)

Phil Zimmerman Looks Back On 30 Years Of PGP

(News ≈ Packet Storm)

An0m Encrypted-Chat Sting Leads To Arrest Of 800

(News ≈ Packet Storm)

DHS Chooses Companies To Run Civilian Agency Vulnerability Disclosure Programs

(News ≈ Packet Storm)

One Fastly Customer Triggered Internet Meltdown

(News ≈ Packet Storm)

New TLS Attack Lets Attackers Launch Cross-Protocol Attacks Against Secure Sites

Researchers have disclosed a new type of attack that exploits misconfigurations in transport layer security (TLS) servers to redirect HTTPS traffic from a victim's web browser to a different TLS service endpoint located on another IP address to steal sensitive information. The attacks have been dubbed ALPACA, short for "Application Layer Protocol Confusion - Analyzing and mitigating Cracks in (The Hacker News)

Crypto-Mining Attacks Targeting Kubernetes Clusters via Kubeflow Instances

Cybersecurity researchers on Tuesday disclosed a new large-scale campaign targeting Kubeflow deployments to run malicious cryptocurrency mining containers. The campaign involved deploying TensorFlow pods on Kubernetes clusters, with the pods running legitimate TensorFlow images from the official Docker Hub account. However, the container images were configured to execute rogue commands that mine (The Hacker News)

EBook – Creating a Large Company Security Stack on a Lean Company Budget

The speed at which malicious actors have improved their attack tactics and continue to penetrate security systems has made going bigger the major trend in cybersecurity. Facing an evolving threat landscape, organizations have responded by building bigger security stacks, adding more tools and platforms, and making their defenses more complex—a new eBook from XDR provider Cynet (read it here). (The Hacker News)

Update Your Windows Computers to Patch 6 New In-the-Wild Zero-Day Bugs

Microsoft on Tuesday released another round of security updates for Windows operating system and other supported software, squashing 50 vulnerabilities, including six zero-days that are said to be under active attack. The flaws were identified and resolved in Microsoft Windows, .NET Core and Visual Studio, Microsoft Office, Microsoft Edge (Chromium-based and EdgeHTML), SharePoint Server, Hyper-V (The Hacker News)

Feds Secretly Ran a Fake Encrypted Chat App and Busted Over 800 Criminals

In an unprecedented sting operation, the U.S. Federal Bureau of Investigation (FBI) and Australian Federal Police (AFP) ran an encrypted chat service called ANoM for nearly three years to intercept 27 million messages exchanged between criminal gang members globally. Dubbed Operation Ironside (AFP), Operation Greenlight (Europol), and Operation Trojan Shield (FBI), the long-term covert probe (The Hacker News)

Mysterious Custom Malware Collects Billions of Stolen Data Points

A nameless malware resulted in a huge data heist of files, credentials, cookies and more that researchers found collected into a cloud database. (Threatpost)

Intel Plugs 29 Holes in CPUs, Bluetooth, Security

The higher-rated advisories focus on privilege-escalation bugs in CPU firmware: Tough to patch, hard to exploit, tempting to a savvy attacker. (Threatpost)

DarkSide Pwned Colonial With Old VPN Password

Attackers accessed a VPN account that was no longer in use to freeze the company’s network in a ransomware attack whose repercussions are still vibrating. (Threatpost)

08-06-202110-06-2021

/security-daily/ 10-06-2021 23:44:24