Security daily (09-12-2020)

Use Macie to discover sensitive data as part of automated data pipelines

Data is a crucial part of every business and is used for strategic decision making at all levels of an organization. To extract value from their data more quickly, Amazon Web Services (AWS) customers are building automated data pipelines—from data ingestion to transformation and analytics. As part of this process, my customers often ask how […] (AWS Security Blog)

Get started with fine-grained access control in Amazon Elasticsearch Service

Amazon Elasticsearch Service (Amazon ES) provides fine-grained access control, powered by the Open Distro for Elasticsearch security plugin. The security plugin adds Kibana authentication and access control at the cluster, index, document, and field levels that can help you secure your data. You now have many different ways to configure your Amazon ES domain to […] (AWS Security Blog)

047| The Tangled Web of ID Theft

With the holiday season upon us, the already accelerated pace of online shopping is picking up even more. And more online transactions means more reasons to be careful about protecting your data from fraud like identity theft and account takeover. ID theft claims millions of victims per year, but how does it happen and how can you avoid being a victim in a world where everything's online? Olli Bliss of F-Secure joins the show with answers. Also in this episode: How attackers get your data, how they crack passwords and break into accounts, what's happening to your data on the dark web, the new trend in credit card fraud, and more. Links: Episode 47 transcript (Cyber Security Sauna)

Suspect in case of Mirai botnet, which knocked major sites offline in 2016, pleads guilty

The U.S. Department of Justice on Wednesday announced that an unnamed defendant has pleaded guilty in connection with a cyberattack that rocked the internet in 2016. The October 2016 distributed denial-of-service attack affected Dyn, an internet infrastructure company, before rippling out to cause outages for sites including Twitter, Netflix, Spotify, AirBnb and Reddit, among others. DDoS attacks typically occur when attackers access a network of hacked computers, then direct those connections to a single point on the web, overwhelming the target with traffic and knocking it offline. In this case, the defendant in question conspired with others in September and October 2016 to leverage an offshoot of an army of hackers computers known as the Mirai botnet, the Justice Department said Wednesday. The malicious tool relied on connected video cameras, recorders and other devices to carry out the incident. Authorities withheld the name of the defendant because they were a […] The post Suspect in case of Mirai botnet, which knocked major sites offline in 2016, pleads guilty appeared first on CyberScoop. (CyberScoop)

Hackers breach European agency to access BioNTech, Pfizer COVID-19 vaccine files

The European Medicines Agency, which is currently helping to roll out two coronavirus vaccines, has been hit by hackers, the agency announced Wednesday. Attackers successfully accessed “some documents relating to the regulatory submission for Pfizer and BioNTech’s COVID-19 vaccine candidate” that were stored on a European Medicines Agency (EMA) server, according to a statement BioNTech released on its investors’ website. The intruders did not breach any BioNTech or Pfizer systems, according to BioNTech’s statement. BioNTech said it is unaware if any study volunteers had been identified in the course of the attack. A spokesperson for Moderna, another company working with the EMA on a vaccine candidate, told CyberScoop the firm had not been informed it was affected by the breach. “We have not received notification of Moderna experiencing this specific data violation from the European Medicines Agency, but we are engaged with them and monitoring the situation,” the spokesperson said. […] The post Hackers breach European agency to access BioNTech, Pfizer COVID-19 vaccine files appeared first on CyberScoop. (CyberScoop)

Hackers leverage Facebook, Dropbox to spy on Egypt, Palestinians

An Arabic-speaking hacking group that’s used phishing emails laden with sensational headlines focused on the Middle East to spy on government officials is leveraging recent diplomatic activity to conduct espionage. Operatives with the group, known as MoleRATs, used mainstream technology services like Facebook and Dropbox to obscure their malicious activity and exfiltrate data, according Cybereason, the security company that published details on the activity on Wednesday.  It’s the latest example of a savvy hacking group turning to popular technology platforms to dupe their targets, or cover their tracks. This MoleRATs espionage campaign, which occurred in October and November, was aimed at political and government officials in Egypt, the Palestinian territories, the United Arab Emirates and Turkey, according to Cybereason. Its phishing emails referenced a reported secret meeting between Saudi Crown Prince Mohammed bin Salman, Israeli Prime Minister Benjamin Netanyahu and U.S. Secretary of State Mike Pompeo. Hackers used Facebook accounts […] The post Hackers leverage Facebook, Dropbox to spy on Egypt, Palestinians appeared first on CyberScoop. (CyberScoop)

German court forces encrypted email provider Tutanota to provide messages in blackmail case

A regional court in Germany has ordered the end-to-end encrypted email provider Tutanota to monitor an account belonging to a user under suspicion in a blackmail case. It’s the latest surveillance-related court decision the email provider is fighting in court, and comes amid a broader, protracted campaign from governments around the world to weaken encryption. The U.S. Department of Justice, for instance, has coordinated with Australia and other nations in recent years to try giving law enforcement more access to encrypted data. Tutanota said it plans to appeal the November ruling from a regional court in Cologne, arguing that it contradicts an earlier decision from another German court. That first court, the Hanover Regional Court, determined earlier this year that Tutanota does not provide telecommunications services, suggesting it cannot be forced to monitor them under German law. The latest ruling from Cologne also could contradict a 2019 ruling by the […] The post German court forces encrypted email provider Tutanota to provide messages in blackmail case appeared first on CyberScoop. (CyberScoop)

‘Immense’ synergies to be gained between TIC 3.0 and CDM

TIC 3.0 and CDM — both developed by DHS’s CISA — are meant to work hand-in-hand in giving agencies visibility into their IT networks and securing them. The post ‘Immense’ synergies to be gained between TIC 3.0 and CDM appeared first on CyberScoop. (CyberScoop)

D-Link Zero Days Allow For Remote Takeover

(News ≈ Packet Storm)

Hackers Hide Web Skimmer Inside A Website's CSS Files

(News ≈ Packet Storm)

FireEye Says It Was Breached By Nation State Hackers

(News ≈ Packet Storm)

Microsoft December 2020 Patch Tuesday Fixes 58 Vulnerabilities

(News ≈ Packet Storm)

Record Levels of Software Bugs Plague Short-Staffed IT Teams in 2020

As just one symptom, 83 percent of the Top 30 U.S. retailers have vulnerabilities which pose an “imminent” cyber-threat, including Amazon, Costco, Kroger and Walmart. (Threatpost)

SideWinder APT Targets Nepal, Afghanistan in Wide-Ranging Spy Campaign

Convincing email-credentials phishing, emailed backdoors and mobile apps are all part of the groups latest effort against military and government targets. (Threatpost)


/security-daily/ 10-12-2020 23:44:23