Security daily (10-09-2021)

How US federal agencies can use AWS to encrypt data at rest and in transit

This post is part of a series about how Amazon Web Services (AWS) can help your US federal agency meet the requirements of the President’s Executive Order on Improving the Nation’s Cybersecurity. You will learn how you can use AWS information security practices to meet the requirement to encrypt your data at rest and in […] (AWS Security Blog)

WhatsApp adds end-to-end encryption to chat backups, locking up data in the cloud

WhatsApp will add a feature that allows users to turn on end-t0-end encryption for messages they back up to cloud providers, the Facebook-owned company announced Friday. Since 2016, WhatsApp has offered end-to-end encryption, meaning messages are only accessible for the sender and the recipient. End-to-end encryption does not mean those messages can’t be revealed by the sender or recipient to other parties once the message is received, as a recent article by ProPublica on WhatsApp’s content moderation process underscored. The same was true for messages backed up to third-party cloud providers. Until now, WhatsApp did not offer users a way to protect those messages upon backing them up to a third party like Google Drive or iCloud. For instance, FBI agents in 2018 proved capable of accessing WhatsApp messages from former Donald Trump presidential campaign manager Paul Manafort by obtaining a court order to search his iCloud. Now users can […] The post WhatsApp adds end-to-end encryption to chat backups, locking up data in the cloud appeared first on CyberScoop. (CyberScoop)

Civil liberties groups pressure White House to fill surveillance oversight board

Privacy advocates are urging President Joe Biden to fill an independent watchdog board that could have an enormous impact on the future of the U.S. surveillance programs raised in response to the terrorist attacks of Sept. 11, 2001. Filling the empty seats on the Privacy and Civil Liberties Oversight Board is  “necessary to continue to hold the government accountable for safeguarding our privacy and civil liberties in surveillance programs that are often shrouded in secrecy,” a group of nearly two dozen organizations led by the American Civil Liberties Union wrote to the White House Wednesday. While the failure to maintain a quorum of members and chairperson for the independent oversight agency predates the Biden administration, advocates say that by failing to act the White House is missing a key opportunity to examine federal surveillance programs. Numerous legal and civil rights experts have underscored over the years how these programs disproportionately […] The post Civil liberties groups pressure White House to fill surveillance oversight board appeared first on CyberScoop. (CyberScoop)

Attackers Exploit MSHTML Browser Engine Via ActiveX Controls

(News ≈ Packet Storm)

Thousands Of Fortinet VPN Account Credentials Leaked

(News ≈ Packet Storm)

Hacker Lawyer Jay Leiderman Is Dead At 50

(News ≈ Packet Storm)

Infosec Researchers Say Apple's Bug Bounty Program Needs Work

(News ≈ Packet Storm)

Moving Forward After CentOS 8 EOL

The Linux community was caught unprepared when, in December 2020, as part of a change in the way Red Hat supports and develops CentOS, Red Hat suddenly announced that it's cutting the official CentOS 8 support window from ten years – to just two, with support ending Dec 31, 2021. It created a peculiar situation where CentOS 7 users that did the right thing and upgraded quickly to CentOS 8 were (The Hacker News)

SOVA: New Android Banking Trojan Emerges With Growing Capabilities

A mix of banking applications, cryptocurrency wallets, and shopping apps from the U.S. and Spain are the target of a newly discovered Android trojan that could enable attackers to siphon personally identifiable information from infected devices, including banking credentials and open the door for on-device fraud. Dubbed S.O.V.A. (referring to the Russian word for owl), the current version of the (The Hacker News)

MyRepublic Data Breach Raises Data-Protection Questions

The incident raises considerations for security for critical data housed in third-party infrastructure, researchers say. (Threatpost)

Top Steps for Ransomware Recovery and Preparation

Alex Restrepo, Virtual Data Center Solutions at Veritas Technologies, discusses post-attack restoration options, and how to prepare for another one in the future. (Threatpost)

Yandex Pummeled by Potent Meris DDoS Botnet

Record-breaking distributed denial of service attack targets Russia’s version of Google - Yandex. (Threatpost)

SOVA, Worryingly Sophisticated Android Trojan, Takes Flight

The malware appeared in August with an ambitious roadmap (think ransomware, DDoS) that could make it 'the most feature-rich Android malware on the market.' (Threatpost)

5 Steps For Securing Your Remote Work Space

With so many people still working from home, cybercriminals are trying to cash in. Cyberattacks have increased 300% and the risk of losing important data or being compromised is much greater at home.

Here are five recommendations for securing your home office. (Threatpost)

Stolen Credentials Led to Data Theft at United Nations

Threat actors accessed the organization’s proprietary project management software, Umoja, in April, accessing the network and stealing info that can be used in further attacks. (Threatpost)


/security-daily/ 11-09-2021 23:44:24