Security daily (10-12-2020)

Automate domain join for Amazon EC2 instances from multiple AWS accounts and Regions

As organizations scale up their Amazon Web Services (AWS) presence, they are faced with the challenge of administering user identities and controlling access across multiple accounts and Regions. As this presence grows, managing user access to cloud resources such as Amazon Elastic Compute Cloud (Amazon EC2) becomes increasingly complex. AWS Directory Service for Microsoft Active […] (AWS Security Blog)

Matt Masterson, CISA’s top election security official, to step down

Matt Masterson, one of the U.S. government’s top election experts, is leaving his post as of next week for a role in academia where he will continue to study the disinformation campaigns that have plagued the country, he told CyberScoop on Thursday. Masterson has been a senior adviser at the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency since 2018. He led a team that reassured the public that the 2020 election was secure, despite President Donald Trump’s baseless assertions to the contrary. Masterson will join the Stanford Internet Observatory, a team of academics and tech experts led by former Facebook security chief Alex Stamos, which works on election security and social media challenges. Masterson said his last day at CISA will be Dec. 18. At Stanford, “We’re going to unpack what we’ve learned over the last few years [on election security],” Masterson said in an interview, including “what […] The post Matt Masterson, CISA’s top election security official, to step down appeared first on CyberScoop. (CyberScoop)

As FireEye grapples with breach investigation, questions remain

FireEye’s announcement this week that hackers breached its systems has sent shockwaves through the cybersecurity community, raising new questions about how one of the most influential security firms in the U.S. grappled with an apparently state-sponsored attack. It also has triggered policy discussions about whether the U.S. government should do more to protect cyber industry titans like FireEye, one of the top cybersecurity firms in the world with customers that counts Fortune 500 companies among its clients. The hack adds FireEye to the list of cybersecurity companies that have experienced their own breaches, a roster stretching back to at least the beginning of the last decade. “This news has rocked the cybersecurity industry to our core, unlike anything since the RSA hack” from 2011, said Tom Bossert, president of Trinity Cyber and the former homeland security adviser to President Donald Trump. “It’s a pretty big deal.” FireEye revealed on Tuesday […] The post As FireEye grapples with breach investigation, questions remain appeared first on CyberScoop. (CyberScoop)

Scammers use Chrome, Firefox extensions in widespread ad fraud campaign

Security experts at Microsoft on Thursday detailed how internet attackers are abusing some of the world’s most popular web browsers for a fraud campaign, which at its height has affected more than 30,000 devices per day. The scammers are using malicious browser extensions— a tried and tested fraud tactic — to inject bogus advertisements into the results displayed on a search engine page. The more users who visit the fraudulent ad pages, the more money the perpetrators earn via a traffic-driven advertising program. Microsoft did not identify who was responsible for the attacks, or how much money they had netted. The malicious campaign, which Microsoft said began in May, uses extensions on popular web browsers like Google Chrome, Mozilla Firefox, Microsoft Edge and Russian-language Yandex to reach as many internet users as possible. “[T]he fact that this campaign utilizes a piece of malware that affects multiple browsers is an indication of how […] The post Scammers use Chrome, Firefox extensions in widespread ad fraud campaign appeared first on CyberScoop. (CyberScoop)

Al Jazeera journalist files lawsuit accusing Saudi, UAE crown princes of hack-and-leak

An Al Jazeera anchor is alleging the crown princes of Saudi Arabia and the United Arab Emirates helped to coordinate a hack-and-leak operation intended to intimidate and disparage her. In a civil suit filed Wednesday in the U.S. District Court for the Southern District of Florida, journalist Ghada Oueiss accuses Saudi Crown Prince Mohammed bin Salman (MBS) and UAE Crown Prince Mohammed bin Zayed (MBZ) of coordinating efforts to break into her iPhone and then share private photos on Twitter and various websites. The lawsuit says the operation is connected to larger efforts by rulers in Saudi Arabia and the UAE to stifle reports about the two regimes’ alleged human rights abuses. Oueiss has been critical of both nations’ leaders as part of her work as a principal anchor and presenter for Al Jazeera, a news agency based in the nearby Persian Gulf state of Qatar, which has strained ties […] The post Al Jazeera journalist files lawsuit accusing Saudi, UAE crown princes of hack-and-leak appeared first on CyberScoop. (CyberScoop)

Was there a “COVID-19 vaccine hack” against the European Medicines Agency?

Just because a medical agency is "obviously" on the cybercriminal radar doesn't mean that the rest of us are "obviously" off it. (Naked Security)

S3 Ep10: Hacking iPhones, sunken Enigmas and double scams [Podcast]

Latest episode - listen now, and please tell your friends about our podcast. (Naked Security)

Remote Code Execution Discovered In Starbucks Mobile Platform

(News ≈ Packet Storm)

Misery Of Ransomware Hits Hospitals The Hardest

(News ≈ Packet Storm)

US Diplomats' Brain Injuries May Be From Covert Microwave Attack

(News ≈ Packet Storm)

Google Fined 100 Million Euros Over Ad Tracking Cookies

(News ≈ Packet Storm)

Malware Dropper Takes Advantage of COVID-19 Pandemic

Since April, our team has been tracking the spread of a PHP malware dropper. It’s impacting unsuspecting victims who thought they were downloading a mapping software to monitor the spread of the COVID-19 pandemic. While the attack is likely spread through a variety of vectors, we have verified that bad actors are using other compromised websites to serve the malicious payload to users. Malware Dropper Behavior To distribute their malicious executable, hackers create two subdirectories — comap and cvmap — inside a compromised WordPress wp-admin directory. Continue reading Malware Dropper Takes Advantage of COVID-19 Pandemic at Sucuri Blog. (Sucuri Blog)

Defending the Intelligent Edge from Evolving Attacks

Fortinet's Aamir Lakhani discusses best practices for securing company data against next-gen threats, like edge access trojans (EATs). (Threatpost)

Pfizer COVID-19 Vaccine Targeted in EU Cyberattack

Threat actors accessed Pfizer vaccine documentation submitted to EU regulators in the latest cyberattack trying to profit off pandemic suffering.   (Threatpost)

MoleRats APT Returns with Espionage Play Using Facebook, Dropbox

The threat group is increasing its espionage activity in light of the current political climate and recent events in the Middle East, with two new backdoors. (Threatpost)

PLEASEREADME Ransomware Attacks 85K MySQL Servers

Ransomware actors behind the attack have breached at least 85,000 MySQL servers, and are currently selling at least compromised 250,000 databases. (Threatpost)

Zero-Click Wormable RCE Vulnerability in Cisco Jabber Gets Fixed, Again

A series of bugs, patched in September, still allow remote code execution by attackers. (Threatpost)


/security-daily/ 11-12-2020 23:44:27