09-06-202011-06-2020

Security daily (10-06-2020)

Tighten S3 permissions for your IAM users and roles using access history of S3 actions

Customers tell us that when their teams and projects are just getting started, administrators may grant broad access to inspire innovation and agility. Over time administrators need to restrict access to only the permissions required and achieve least privilege. Some customers have told us they need information to help them determine the permissions an application […] (AWS Security Blog)

Hackers use fake contact tracing apps in attempt to install banking malware on Android phones

Twelve applications posing as coronavirus contact tracing apps available outside mainstream marketplaces are designed to steal personal and financial information from unwitting Android users. Apps meant to impersonate official government tracing apps from countries including Italy, Russia and Singapore trigger malicious software capable of collecting a range of data from user’s devices, the threat intelligence firm Anomali found in research shared with CyberScoop prior to its publication. It’s the latest example of hackers and scammers exploiting global events to try stealing from anxious smartphone users who, in this case, would have believed they were downloading an app designed to measure the prevalence of COVID-19 in their community. None of the apps were included in the Google Play Store at press time. Anomali determined that apps were available on suspicious websites and in third-party app markets. Researchers were unable to determine how many people downloaded the suspicious apps, and the distinct […] The post Hackers use fake contact tracing apps in attempt to install banking malware on Android phones appeared first on CyberScoop. (CyberScoop)

This was inevitable: 'Thanos' ransomware weaponizes research tool against Microsoft Windows users

Hackers have converted software initially created as a testing tool into a destructive strain of ransomware, weaponizing inside knowledge about digital fortifications at a time when internet extortion only is accelerating. Scammers on cybercriminal forums are marketing a new strain of ransomware, dubbed “Thanos,” to other attackers aiming to infiltrate computers running Microsoft Windows, according to research published Wednesday by threat intelligence firm Recorded Future. Thanos operates much like similar hacking tools — encrypting victims’ files until they pay a shakedown fee — except that it’s the first ransomware built, in part, based on a proof-of-concept from security researchers who previously marketed their computer code as a way to bypass Windows 10 security protocols as part of otherwise legitimate tests. The discovery of the Thanos malware family coincided with a 25% uptick in overall ransomware attacks during the first three months of this year, compared to the final three months of […] The post This was inevitable: 'Thanos' ransomware weaponizes research tool against Microsoft Windows users appeared first on CyberScoop. (CyberScoop)

Password security is critical in a remote work environment – see where businesses are putting themselves at risk

Graham Cluley Security News is sponsored this week by the folks at LastPass. Thanks to the great team there for their support! LastPass has analyzed over 47,000 businesses to bring you insights into security behavior worldwide. The takeaway is clear: Many businesses are making significant strides in some areas of password and access security – […] (Graham Cluley)

Nintendo warns 300,000 accounts have been hacked since early April

Video gaming firm Nintendo has warned customers to not reuse passwords on different services after releasing an increased tally of compromised accounts since April. (Graham Cluley)

‘Bot or Not?’ – a game to train us to spot chatbots faking it as humans

Can you tell whether you're talking to a human or AI? (Naked Security)

Babylon mobile health app mixes up patient consultation videos

A heatlh care app user found 50 "consultation replay" videos in his personal profile - but they weren't his. (Naked Security)

Billions of devices affected by UPnP vulnerability

Stop us if you’ve heard this before but a researcher has uncovered a new security vulnerability affecting many devices running the Universal Plug and Play (UPnP) protocol. (Naked Security)

Lock Down Your DNS with a Pi-Hole to Avoid Trackers, Phishing Sites & More

The Pi-hole project is a popular DNS-level ad blocker, but it can be much more than that. Its DNS-level filtering can also be used as a firewall of sorts to prevent malicious websites from resolving, as well as to keep privacy-killing trackers such as Google Analytics from ever loading in the browser. Let's take a look at setting a Pi-hole up and customizing a blacklist to suit your needs.

If you're not familiar with what DNS is, let's start there.

A domain name server, or DNS, is the equivalent of the internet's address book. It's what translates between human-readable websites such as... more (Null Byte « WonderHowTo)

Jenkins Team Avoids Security Disaster After Partial User Database Loss

(News ≈ Packet Storm)

Microsoft June Patch Tuesday Fixes 129 Flaws In Largest-Ever Update

(News ≈ Packet Storm)

Congress Seeks Answers On Juniper Breach Amid Encryption Fight

(News ≈ Packet Storm)

LAPD Got Tech Demos From Israeli Phone Hacking Firm NSO Group

(News ≈ Packet Storm)

Intel CPUs Vulnerable to New 'SGAxe' and 'CrossTalk' Side-Channel Attacks

Cybersecurity researchers have discovered two distinct attacks that could be exploited against modern Intel processors to leak sensitive information from the CPU's trusted execution environments (TEE).

Called SGAxe, the first of the flaws is an evolution of the previously uncovered CacheOut attack (CVE-2020-0549) earlier this year that allows an attacker to retrieve the contents from the CPU's (The Hacker News)

MSPs and MSSPs Can Increase Profit Margins With Cynet 360 Platform

As cyber threats keep on increasing in volume and sophistication, more and more organizations acknowledge that outsourcing their security operations to a 3rd-party service provider is a practice that makes the most sense.

To address this demand, managed security services providers (MSSPs) and managed service providers (MSPs) continuously search for the right products that would empower their (The Hacker News)

Microsoft Releases June 2020 Security Patches For 129 Vulnerabilities

Microsoft today released its June 2020 batch of software security updates that patches a total of 129 newly discovered vulnerabilities affecting various versions of Windows operating systems and related products.

This is the third Patch Tuesday update since the beginning of the global Covid-19 outbreak, putting some extra pressure on security teams struggling to keep up with patch management (The Hacker News)

Security Drift – The Silent Killer

Global spending on cybersecurity products and services is predicted to exceed $1 trillion during the period of five years, between 2017 to 2021, with different analysts predicting the Compound Annual Growth Rate (CAGR) at anywhere between 8 to 15%.

It is not surprising to see this growth in spending, which is primarily driven by the evolving sophistication and volume of attacks as well as the (The Hacker News)

Helping Remote Workers Overcome Remote Attacks

Because remote workers' devices are all connected to a home network, they don’t even need to be attacked directly. Instead, attackers have multiple avenues of attack that can be exploited. (Threatpost)

Snake Ransomware Delivers Double-Strike on Honda, Energy Co.

The ICS/SCADA-focused malware is likely behind a duo of attacks this week, on Honda and a South American energy company, researchers said. (Threatpost)

Critical Intel Flaws Fixed in Active Management Technology

Two critical flaws in Intel AMT, which could enable privilege escalation, were patched along with 20 other bugs in its June security update. (Threatpost)

Encryption Utility Firm Accused of Bundling Malware Functions in Product

The increasingly prevalent GuLoader malware has been traced back to a far-reaching encryption service that attempts to pass as above-board. (Threatpost)

Thanos Ransomware First to Weaponize RIPlace Tactic

Thanos is the first ransomware family to feature the weaponized RIPlace tactic, enabling it to bypass ransomware protections. (Threatpost)

09-06-202011-06-2020

/security-daily/ 11-06-2020 23:44:23