Security daily (10-03-2021)

Validate access to your S3 buckets before deploying permissions changes with IAM Access Analyzer

AWS Identity and Access Management (IAM) Access Analyzer helps you monitor and reduce access by using automated reasoning to generate comprehensive findings for resource access. Now, you can preview and validate public and cross-account access before deploying permission changes. For example, you can validate whether your S3 bucket would allow public access before deploying your […] (AWS Security Blog)

FBI alert warns of Russian, Chinese use of deepfake content

The FBI warned in an alert Wednesday that malicious actors “almost certainly” will be using deepfakes to advance their influence or cyber-operations in the coming weeks. The alert notes that foreign actors are already using deepfakes or synthetic media — manipulated digital content like video, audio, images and text — in their influence campaigns. “Foreign actors are currently using synthetic content in their influence campaigns, and the FBI anticipates it will be increasingly used by foreign and criminal cyber actors for spearphishing and social engineering in an evolution of cyber operational tradecraft,” states the alert obtained by CyberScoop. The warning comes amid concern that if manipulated media is allowed to proliferate unabated, conspiracy theories and maligned influence will become more and more mainstream. Lawmakers have recently enacted a series of laws that address deepfake technology, which frequently is used to harass women. The National Defense Authorization Act of 2021, for […] The post FBI alert warns of Russian, Chinese use of deepfake content appeared first on CyberScoop. (CyberScoop)

No signs yet of Exchange Server compromises at federal agencies, CISA says

U.S. officials have yet to find any signs that federal civilian agencies have been breached in recent widespread exploitation of Microsoft software, a senior Department of Homeland Security official told lawmakers Wednesday. The “vast majority” of civilian agencies have addressed vulnerabilities in the Exchange Server email software following an emergency directive from DHS’s Cybersecurity and Infrastructure Security Agency (CISA), said Eric Goldstein, the agency’s executive assistant director for cybersecurity. But Goldstein cautioned in  testimony before a House Appropriations subcommittee that the malicious cyber activity is “an evolving campaign, with new information coming in by the hour.” The news is a welcome reprieve for federal officials who have been consumed with responding to the critical Exchange Server flaws amid reports that tens of thousands of U.S. state and local government organizations and small businesses could be affected. Microsoft disclosed the vulnerabilities on March 2 while accusing a Chinese government-linked hacking group […] The post No signs yet of Exchange Server compromises at federal agencies, CISA says appeared first on CyberScoop. (CyberScoop)

F5 releases patches for nearly two dozen vulnerabilities, some critical

F5 Networks, a leading provider of enterprise networking equipment, disclosed four critical vulnerabilities and 17 others on Wednesday as the recent parade of major flaws needing patches marches ahead. Three of the vulnerabilities would allow hackers to remotely execute code on target networks. It’s the second time in in two years that F5 has disclosed such a flaw. In 2020, both Cyber Command and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency issued warnings about the earlier reported vulnerabilities. F5 joins Microsoft, SolarWinds and Accellion on the list of companies that have needed to release major patches in recent months. In the case of F5 so far, “We are not aware of any active exploits for these vulnerabilities,” spokesperson Rob Gruening said. The flaws affect both the F5 BIG-IP local traffic manager and BIG-IQ centralized management software. The company announced fixes for all of the vulnerabilities. Despite the […] The post F5 releases patches for nearly two dozen vulnerabilities, some critical appeared first on CyberScoop. (CyberScoop)

At least 10 APT hacking groups have exploited Exchange Server bugs, ESET warns

Critical vulnerabilities in Microsoft software have turned into a feeding frenzy for state-linked hackers. At least 10 such hacking groups have exploited the flaws in the Exchange Server email program in recent days in operations around the world, anti-virus firm ESET said Wednesday. Many of the groups have well-documented links to China. The surge in hacking suggests multiple sets of espionage groups had access to the software exploit before Microsoft released fixes for it on March 2. It also compounds the challenges facing incident responders who are rushing to deal with the breaches, and bracing for additional exploitation of the bugs by criminal hackers. “It is still unclear how the distribution of the exploit happened, but it is inevitable that more and more threat actors, including ransomware operators, will have access to it sooner or later,” ESET researchers wrote in a blog post Wednesday. The intrusions by advanced persistent threat […] The post At least 10 APT hacking groups have exploited Exchange Server bugs, ESET warns appeared first on CyberScoop. (CyberScoop)

FIN8 cybercrime group resurges with improved hacking tool

A financially-motivated hacking group that appeared to drop off the map a year-and-a-half ago is back with a new and improved backdoor, according to Bitdefender research published Wednesday. Over the last year the criminal hacking group, known as FIN8, has primarily targeted companies in retail, technology, chemical and insurance industries with its updated point-of-sale malware, and has compromised organizations in the U.S., Canada, South Africa, Puerto Rico, Panama and Italy, according to the research. FIN8, which FireEye researchers first observed in operation in 2016, has historically targeted organizations in the retail, restaurant and hospitality industries with emails containing malicious Microsoft Word documents. The updated backdoor, known as BADHATCH, has incorporated screen capturing, proxy tunneling and fileless execution, the researchers write. The backdoor has also likely added in credential-stealing capabilities, according to the research. Bitdefender does not identify which organizations have been compromised. An earlier version of BADHATCH, which researchers at […] The post FIN8 cybercrime group resurges with improved hacking tool appeared first on CyberScoop. (CyberScoop)

150,000 security cameras allegedly breached in “too much fun” hack

Cloud security cameras rained confidential customer data, says Bloomberg. (Naked Security)

Linux Foundation Lauches Software Signing Service

(News ≈ Packet Storm)

Microsoft Patch Tuesday Updates Fix 14 Critical Bugs

(News ≈ Packet Storm)

OVHcloud Data Centers Engulfed In Flames

(News ≈ Packet Storm)

Hack Of 150,000 Cameras Investigated By Verkada

(News ≈ Packet Storm)

Magento 2 PHP Credit Card Skimmer Saves to JPG

Bad actors often leverage creative techniques to conceal malicious behaviour and harvest sensitive information from ecommerce websites. A recent investigation for a compromised Magento 2 website revealed a malicious injection that was capturing POST request data from site visitors. Located on the checkout page, it was found to encode captured data before saving it to a .JPG file. Malicious Injection Behavior The following PHP code was found injected to the file ./vendor/magento/module-customer/Model/Session.php. Continue reading Magento 2 PHP Credit Card Skimmer Saves to JPG at Sucuri Blog. (Sucuri Blog)

SAP Stomps Out Critical RCE Flaw in Manufacturing Software

The remote code execution flaw could allow attackers to deploy malware, modify network configurations and view databases. (Threatpost)

Fake Ad Blocker Delivers Hybrid Cryptominer/Ransomware Infection

A hybrid Monero cryptominer and ransomware bug has hit 20,000 machines in 60 days. (Threatpost)

Cyberattackers Exploiting Critical WordPress Plugin Bug

The security hole in the Plus Addons for Elementor plugin was used in active zero-day attacks prior to a patch being issued. (Threatpost)


/security-daily/ 11-03-2021 23:44:23