09-08-202011-08-2020

Security daily (10-08-2020)

Automate Amazon Athena queries for PCI DSS log review using AWS Lambda

In this post, I will show you how to use AWS Lambda to automate PCI DSS (v3.2.1) evidence generation, and daily log review to assist with your ongoing PCI DSS activities. We will specifically be looking at AWS CloudTrail Logs stored centrally in Amazon Simple Storage Service (Amazon S3) (which is also a Well-Architected Security […] (AWS Security Blog)

Twitter, VPN services in Belarus disrupted during violent crackdown

Belarus’ crackdown on protests following the re-election of an authoritarian leader also appears to include widespread internet blackouts and traffic throttling on major websites. Twitter confirmed Monday it was experiencing blocking and throttling in Belarus amid ongoing protests disputing the results of the presidential election. The company didn’t specifically attribute the disruptions to the government, though it said “Internet shutdowns are hugely harmful. They fundamentally violate basic human rights & the principles of the #OpenInternet.” The statement from Twitter comes after a number of journalists and demonstrators in the region reported that virtual private networks appeared to be blocked, and NetBlocks.org, which tracks digital disruptions, said shutdowns had stretched for nearly 24 hours at press time. Independent media sites, alternative voting resources and roughly half the foreign traffic typically entering the country also had been blocked, according to Access Now, a digital rights organization. Update: It has been almost 24 […] The post Twitter, VPN services in Belarus disrupted during violent crackdown appeared first on CyberScoop. (CyberScoop)

2020 is misinformation's tipping point

Millions of Americans who already struggle to keep pace with the daily barrage of news are now becoming accustomed to another challenge that’s only becoming more complicated: weaponized misinformation. Misinformation, which has existed for centuries, has emerged as a major theme of the current moment, though, as conspiracy theories, propaganda and disinformation, or the intentional spread of deceptive material, thrive on social media. Now, as Americans contend with fallout from the coronavirus pandemic and growing suspicion in societal institutions, false and fabricated narratives have become attached to essentially every major news story. It’s part of the new reality, complicated by the fact that users on Facebook, Twitter and elsewhere re-post sensational material, believing they’re acting in good faith. “A lot of people seem to be sincere believers in the content they’re spreading, even if it’s not real,” said Kate Starbird, an associate professor at the University of Washington focused on […] The post 2020 is misinformation's tipping point appeared first on CyberScoop. (CyberScoop)

Monday review – catch up with the latest articles

The latest articles and the latest Naked Security Live video - all in one place. Enjoy. (Naked Security)

China Is Now Blocking All Encrypted HTTPS Traffic That Uses TLS 1.3 And ESNI

(News ≈ Packet Storm)

FBI Says Iranian Hackers Are Attacking F5 Networking Devices

(News ≈ Packet Storm)

Qualcomm Bugs Open 40 Percent Of Android Handsets To Attack

(News ≈ Packet Storm)

Taiwan's Semiconductor Industry Hacked By China

(News ≈ Packet Storm)

TeamViewer Flaw Could Let Hackers Steal System Password Remotely

If you are using TeamViewer, then beware and make sure you're running the latest version of the popular remote desktop connection software for Windows.

TeamViewer team recently released a new version of its software that includes a patch for a severe vulnerability (CVE 2020-13699), which, if exploited, could let remote attackers steal your system password and eventually compromise it.

What's (The Hacker News)

Researcher Demonstrates Several Zoom Vulnerabilities at DEF CON 28

Popular video conferencing app Zoom has addressed several security vulnerabilities, two of which affect its Linux client that could have allowed an attacker with access to a compromised system to read and exfiltrate Zoom user data—and even run stealthy malware as a sub-process of a trusted application.

According to cybersecurity researcher Mazin Ahmed, who presented his findings at DEF CON (The Hacker News)

Google Fixes Mysterious Audio Recording Blip in Smart Speakers

Google Home devices reportedly recorded noises even without the "Hey Google" prompt due to the inadvertent rollout of a home security system feature. (Threatpost)

Google Chrome Browser Bug Exposes Billions of Users to Data Theft

The vulnerability allows attackers to bypass Content Security Policy (CSP) protections and steal data from website visitors. (Threatpost)

DDoS Attacks Cresting Amid Pandemic

Attacks were way up year-over-year in the second quarter as people continue to work from home. (Threatpost)

TeamViewer Flaw in Windows App Allows Password-Cracking

Remote, unauthenticated attackers could exploit the TeamViewer flaw to execute code and crack victims' passwords. (Threatpost)

09-08-202011-08-2020

/security-daily/ 11-08-2020 23:44:23