Security daily (09-11-2020)

AWS Security Profiles: Cassia Martin, Senior Security Solutions Architect

In the weeks leading up to re:Invent, we’ll share conversations we’ve had with people at AWS who will be presenting, and get a sneak peek at their work. How long have you been at AWS and what do you do in your current role? I’ve been at Amazon for nearly 4 years, and at AWS […] (AWS Security Blog)

European Parliament paves path for tighter spyware export controls

The European Parliament announced Monday that it is taking steps to curtail the exportation of surveillance technologies, including spyware, outside of the European Union. The action clears the path for the European Union to establish new ground rules for the export and sale of so-called dual-use technologies, which can be used in legitimate but also malicious ways that violate human rights. The premise of the new rules is to limit authoritarian regimes’ ability to “secretly get their hands on European cyber-surveillance,” Markéta Gregorovà, a member of European Parliament and a lead negotiator of the new scheme, said in a statement. The new guardrails will include an update to European export controls, such as inclusion of licensing criteria that more heavily emphasizes human rights, and an EU-wide scheme that dictates stricter export reporting requirements for member states. “Parliament’s perseverance and assertiveness against a blockade by some member states has paid off: respect for human […] The post European Parliament paves path for tighter spyware export controls appeared first on CyberScoop. (CyberScoop)

Cyberattack on U. of Vermont hospital IT network delays chemotherapy, mammogram appointments

A cyberattack at the University of Vermont Health Network has forced one of the network’s hospitals to delay chemotherapy and mammogram appointments, making it the latest example of how cybercriminals can impact patient care. The disruption of computer systems at the health network, which comprises six hospitals and more than 1,000 physicians, began the week of Oct. 25, the organization said. The attack made some of the data used to process appointments for cancer patients temporarily unavailable. And the health network said that as of Monday it was still unable to conduct mammograms, breast ultrasound screenings and biopsies because of a lack of access to patient data. The health network is nonetheless still treating cancer patients and is working to “expand our capacity” to provide chemotherapy seven days per week, the organization said in a statement on Saturday. The laborious recovery process is ongoing. “We are slowly and methodically restoring some systems,” […] The post Cyberattack on U. of Vermont hospital IT network delays chemotherapy, mammogram appointments appeared first on CyberScoop. (CyberScoop)

Crooks behind Ghimob banking trojan have ambitions far beyond Brazil, researchers say

Cybercriminals have used a new malicious software kit to target banking customers in Brazil, but harbor ambitions far beyond the Latin American country, security researchers said Monday. The data that anti-virus company Kaspersky released shows how an enterprising group of crooks has used Brazil to fine-tune their banking trojan, as the financially-focused malware is called. After successfully infecting numerous victims in Brazil, the campaign has expanded to target users in other Portuguese-speaking countries, from Angola to Mozambique to Portugal. Ghimob, as the newly discovered trojan is known, has a series of features that could make it more effective than previous attempts by Brazilian malware developers to target users abroad, according to the researchers. It is a “full-fledged spy in your pocket” that siphons off data through a number of means, Kaspersky researcher Fabio Assolini and his colleagues wrote in a blog post. It’s a fraudulent app, hosted outside of the Google Play Store, that once […] The post Crooks behind Ghimob banking trojan have ambitions far beyond Brazil, researchers say appeared first on CyberScoop. (CyberScoop)

Zoom settles charges with FTC over deceptive security practices

Zoom reached a deal with the Federal Trade Commission to settle allegations it misrepresented its security and privacy protections for users, the FTC announced Monday. In its action against Zoom, the FTC alleged Zoom “engaged in a series of deceptive and unfair practices that undermined the security of its users.” The FTC alleged that Zoom misled users when it claimed it offered end-to-end encryption — intended to protect user communications from external, unintended eavesdroppers — when Zoom actually didn’t offer that level of security, according to the complaint. The FTC also alleged Zoom informed users it would store recordings of Zoom meetings in an encrypted format, when in reality they were kept unencrypted up to 60 days, and eventually were encrypted later. Zoom compromised users’ security when it secretly installed ZoomOpener, software intended to help users join meetings more seamlessly, but which actually made users vulnerable to malware, according to the FTC. The FTC alleges […] The post Zoom settles charges with FTC over deceptive security practices appeared first on CyberScoop. (CyberScoop)

UK launches cyber-operation against Russian disinformation on COVID-19 vaccine, report says

The United Kingdom’s equivalent of the National Security Agency is actively trying to disrupt Russian attempts to cast doubt about attempts to develop a reliable coronavirus vaccine, the Times of London reported early Monday. The U.K.’s Government Communications Headquarters (GCHQ) is using digital tools originally developed to tackle online propaganda and recruitment material from the Islamic State, sources told the newspaper. GCHQ declined to confirm or deny the existence of the cyber-operation, the Times said. “GCHQ has been told to take out antivaxers online and on social media,” a government source told The Times. “There are ways they have used to monitor and disrupt terrorist propaganda.” The sources who spoke to the Times noted the GCHQ operation only has the authority to disrupt information “from state adversaries,” and not information posted online by ordinary people. It’s unclear whether the U.S. government is mounting similar campaigns against foreign disinformation related to […] The post UK launches cyber-operation against Russian disinformation on COVID-19 vaccine, report says appeared first on CyberScoop. (CyberScoop)

Naked Security Live – Shop safe online (you know why!)

Here's the latest Naked Security Live video - enjoy (and please share with your friends)! (Naked Security)

How to Bypass File Upload Restrictions on Web Apps to Get a Shell

One of the most promising avenues of attack in a web application is the file upload. With results ranging from XSS to full-blown code execution, file uploads are an attractive target for hackers. There are usually restrictions in place that can make it challenging to execute an attack, but there are various techniques a hacker could use to beat file upload restrictions to get a shell.

Video: .

Method 1: Bypassing Blacklists

The first method we'll explore is how to bypass blacklisting. Blacklisting is a type of protection where certain strings of data, in this case, specific extensions, are... more (Null Byte « WonderHowTo)

Microsoft Exchange Attack Exposes New xHunt Backdoors

(News ≈ Packet Storm)

Millions Of Hotel Guests Worldwide Caught Up In Massive Leak

(News ≈ Packet Storm)

Stolen Turing Items To Be Returned To UK From US

(News ≈ Packet Storm)

Chinese Hacking Competition Cracks Chrome, ESXi, Windows 10, iOS 14, Galaxy 20, Qemu, And More

(News ≈ Packet Storm)

New Malware Targets Linux Servers And IoT Devices For Botnet

(News ≈ Packet Storm)

Trump Site Alleging AZ Election Fraud Exposes Voter Data

Slapdash setup of Trump website collecting reports of Maricopa County in-person vote irregularities exposed 163,000 voter data records to fraud, via SQL injection. (Threatpost)

Cyberattack on UVM Health Network Impedes Chemotherapy Appointments

The cyberattack has halted chemotherapy, mammogram and screening appointments, and led to 300 staff being furloughed or reassigned. (Threatpost)

Ultimate Member Plugin for WordPress Allows Site Takeover

Three critical security bugs allow for easy privilege escalation to an administrator role. (Threatpost)

Microsoft Exchange Attack Exposes New xHunt Backdoors

An attack on the Microsoft Exchange server of an organization in Kuwait revealed two never-before-seen Powershell backdoors. (Threatpost)


/security-daily/ 10-11-2020 23:44:22