09-09-202011-09-2020

Security daily (10-09-2020)

State-backed hackers targeted Biden and Trump campaign associates, Microsoft says

Hackers linked with the Chinese government tried to breach associates of the Joe Biden campaign, while hackers with reported connections to the Iranian government targeted President Donald Trump’s reelection campaign, Microsoft warned Thursday. In addition, the same Russian military hackers that interfered in the 2016 U.S. election targeted a range of political and policy consultants in the U.S. and Europe, the software giant said. The hacking attempts against the Biden and Trump campaigns were unsuccessful, Microsoft said, but they offered another example of foreign espionage efforts weeks before the presidential election. U.S. intelligence officials said last month that Russia was using a “range of measures” to try to undermine Biden’s candidacy, while the Chinese government had expanded its influence operations and doesn’t want Trump to win a second term. “We have directly notified those who were targeted or compromised so they can take action to protect themselves,” Tom Burt, a Microsoft corporate vice president, wrote […] The post State-backed hackers targeted Biden and Trump campaign associates, Microsoft says appeared first on CyberScoop. (CyberScoop)

Twitter plans to remove false election tweets, setting up clash with Trump

Just wait until the president hears about this one. Twitter announced on Thursday that it will label or remove false or misleading information that could cause confusion about an election, or is meant to undermine confidence in civic processes. The update includes enforcement against unverified claims of election rigging, ballot tampering, claiming a political victory before election results are certified and inciting unlawful conduct to prevent a peaceful transfer of power or orderly succession. The announcement does not mention President Donald Trump by name. It does, however, signal that the company will be more aggressive in checking the president’s claims as Election Day approaches. For months, Trump has used his Twitter feed to amplify unfounded claims that mail-in voting enables widespread fraud, and this month urged his supporters to vote twice. “The goal is to further protect against content that could suppress the vote and help stop the spread of harmful misinformation […] The post Twitter plans to remove false election tweets, setting up clash with Trump appeared first on CyberScoop. (CyberScoop)

NSA's Cybersecurity Directorate is still figuring out how to measure success

Since the National Security Agency established a new directorate focused on cybersecurity, the organization once known as “No Such Agency” has engaged in some behavior that would have seemed revolutionary a decade ago: publicly sharing information about several large-scale hacking threats, including Russian hacking incidents, as well as information about a critical Microsoft vulnerability. How successful the agency considers that behavior is still something it’s examining. The NSA’s Cybersecurity Directorate, which was established last October in part to share more threat intelligence with the public and the private sector, has been examining the impact of its Cybersecurity Advisories in a variety of ways, the NSA’s Executive Director, Wendy Noble, said during a virtual Billington CyberSecurity Summit Wednesday. “The more important thing to track is how [CSD information gets] used, the operational outcome,” Noble said. “We are working to develop those metrics to make sure we understand the value proposition … […] The post NSA's Cybersecurity Directorate is still figuring out how to measure success appeared first on CyberScoop. (CyberScoop)

Multibillion-dollar Equinix is the latest data-center firm to face ransomware incident

Equinix, a multibillion-dollar data center company, is grappling with a ransomware incident affecting its internal computer systems, the company announced late Wednesday. The California-based company, which claims nearly 10,000 clients and has offices around the world, said the incident hadn’t impacted its support for customers, and that its data centers “remain fully operational.” Law enforcement officials are investigating the Equinix incident, the company said without elaborating. Data-hosting firms are a recurring target for ransomware gangs that figure the threat to customer data helps their chances of a payout. In December, Texas-based data center company CyrusOne said that at least six of its customers were affected by a ransomware attack. There is much at stake for Equinix in guarding its data centers. The company reported $5.5 billion in revenue last year, and recently announced the acquisition of two big data centers in India for $161 million. Central to Equinix’s response to the […] The post Multibillion-dollar Equinix is the latest data-center firm to face ransomware incident appeared first on CyberScoop. (CyberScoop)

US sanctions Russian agent for 2020 election interference efforts, alleged IRA trolls

The Trump administration sanctioned four Russia-linked individuals for their efforts to interfere in the 2020 U.S. elections, the Treasury Department announced Thursday. The Department of Justice has also charged one of the sanctioned individuals in relation to his alleged involvement in a Russian political interference operation. The Treasury’s Office of Foreign Assets Control (OFAC) is specifically sanctioning Andriy Derkach, a Ukrainian politician who has been an “active Russian agent for over a decade,” for his efforts to interfere in the 2020 U.S. presidential elections in the U.S., it said in a release. Derkach waged a covert influence campaign that relied on edited audio taps and other materials meant to discredit U.S. officials, and sway public opinion, prior to Election Day, according to the Treasury Department. “Derkach has directly or indirectly engaged in, sponsored, concealed, or otherwise been complicit in foreign interference in an attempt to undermine the upcoming 2020 U.S. presidential […] The post US sanctions Russian agent for 2020 election interference efforts, alleged IRA trolls appeared first on CyberScoop. (CyberScoop)

PAN-OS vulnerabilities add to a torrid year for enterprise software bugs

Cybersecurity researchers on Wednesday revealed four new vulnerabilities in enterprise software used by thousands of companies around the world that, if exploited, could be used to steal data from internal networks. The bugs in the PAN operating system (PAN-OS) made by Palo Alto Networks add to a growing list of vulnerabilities in widely used corporate software that researchers have uncovered in 2020. Some of those vulnerabilities, such as a flaw in software made by Citrix, have been used in espionage and other hacking operations. In the case of the PAN-OS flaws, which security firm Positive Technologies found, CyberScoop has not seen evidence that hackers have successfully exploited them. Palo Alto Networks released fixes for all of the vulnerabilities and told customers to apply them. One of the more critical vulnerabilities could allow a hacker who first accesses the software’s management interface to plant malicious code in the operating system and obtain […] The post PAN-OS vulnerabilities add to a torrid year for enterprise software bugs appeared first on CyberScoop. (CyberScoop)

Become a Data-Driven Leader with This Certification Bundle

If you're interested in becoming an in-demand project manager or leader in today's data-driven world, you need to know more than just a few generic management strategies to lead teams and companies successfully.

To land the best and most respected positions in the field, you're going to have to have an in-depth understanding of the latest analytical methods that are used to streamline innovation and eliminate wasteful spending. And you're going to need to have the certifications to boot.

The Ultimate PMP, Six Sigma & Minitab Certification Bundle will give you the skills you need to become a... more (Null Byte « WonderHowTo)

Assange Doesn't Understand How Court Works

(News ≈ Packet Storm)

TeamTNT Gains Full Remote Takeover Of Cloud Instances

(News ≈ Packet Storm)

CDRThief Malware Targets VoIP Gear In Carrier Networks

(News ≈ Packet Storm)

Portland Adopts Strictest Facial Recognition Ban In Nation To Date

(News ≈ Packet Storm)

Here's How Police Request Data From WhatsApp And Facebook

(News ≈ Packet Storm)

WordPress Malware Disables Security Plugins to Avoid Detection

An alarm or monitoring system is a great tool that can be used to improve the security of a home or website, but what if an attacker can easily disable it? I’ve previously written about malware that reverses security hardening measures enacted either manually by the owner, or through the use of a security plugin installed in WordPress. What attackers may find problematic with reverse security hardening is that a security plugin that monitors files can detect any changes and alert the owner via email notification or within the WordPress dashboard. Continue reading WordPress Malware Disables Security Plugins to Avoid Detection at Sucuri Blog. (Sucuri Blog)

New Unpatched Bluetooth Flaw Lets Hackers Easily Target Nearby Devices

Bluetooth SIG—an organization that oversees the development of Bluetooth standards—today issued a statement informing users and vendors of a newly reported unpatched vulnerability that potentially affects hundreds of millions of devices worldwide.

Discovered independently by two separate teams of academic researchers, the flaw resides in the Cross-Transport Key Derivation (CTKD) of devices (The Hacker News)

Hackers Stole $5.4 Million From Eterbase Cryptocurrency Exchange

Cybercriminals successfully plundered another digital cryptocurrency exchange.

European cryptocurrency exchange Eterbase this week disclosed a massive breach of its network by an unknown group of hackers who stole cryptocurrencies worth 5.4 million dollars.

Eterbase, which has now entered maintenance mode until the security issue is resolved, described itself as Europe's Premier Digital Asset (The Hacker News)

A Successful Self-Service Password Reset (SSPR) Project Requires User Adoption

IT help desks everywhere are having to adjust to the 'new normal' of supporting mainly remote workers. This is a major shift away from visiting desks across the office and helping ones with traditional IT support processes.

Many reasons end-users may contact the helpdesk. However, password related issues are arguably the most common.

Since the onset of the global pandemic that began earlier (The Hacker News)

New Raccoon Attack Could Let Attackers Break SSL/TLS Encryption

A group of researchers has detailed a new timing vulnerability in Transport Layer Security (TLS) protocol that could potentially allow an attacker to break the encryption and read sensitive communication under specific conditions.

Dubbed "Raccoon Attack," the server-side attack exploits a side-channel in the cryptographic protocol (versions 1.2 and lower) to extract the shared secret key used (The Hacker News)

Microsoft Warns of Cyberattacks on Trump, Biden Election Campaigns

Just months before the U.S. presidential election, hackers from Russia, China and Iran are ramping up phishing and malware attacks against campaign staffers. (Threatpost)

Razer Gaming Fans Caught Up in Data Leak

A cloud misconfiguration at the gaming-gear merchant potentially exposed 100,000 customers to phishing and fraud. (Threatpost)

Bluetooth Bug Opens Devices to Man-in-the-Middle Attacks

The "BLURtooth" flaw allows attackers within wireless range to bypass authentication keys and snoop on devices utilizing implementations of Bluetooth 4.0 through 5.0. (Threatpost)

Ransomware And Zoom-Bombing: Cyberattacks Disrupt Back-to-School Plans

Cyberattacks have caused several school systems to delay students' first day back - and experts warn that new COVID-related delays could be the new "snow days." (Threatpost)

Govt.-Backed Contact-Tracing Apps Raise Privacy Hackles

New opt-in COVID-19 Exposure Notifications Express systems baked into Apple’s iOS and available on Android need privacy guardrails, say privacy advocates. (Threatpost)

Product Overview: Cynet Takes Cyber Threat Protection Automation to the Next Level with Incident Engine

The Cynet 360 platform is built on three pillars; Extended Detection and Response (XDR), Response Automation, and Managed Detection and Response (MDR). (Threatpost)

09-09-202011-09-2020

/security-daily/ 11-09-2020 23:44:22