10-01-202112-01-2021

Security daily (11-01-2021)

Masking field values with Amazon Elasticsearch Service

Amazon Elasticsearch Service (Amazon ES) is a fully managed service that you can use to deploy, secure, and run Elasticsearch cost-effectively at scale. The service provides support for open-source Elasticsearch APIs, managed Kibana, and integration with Logstash and other AWS services. Amazon ES provides a deep security model that spans many layers of interaction and […] (AWS Security Blog)

SolarWinds details stealthy code used to launch hacking campaign

SolarWinds, the federal contractor at the center of a sweeping suspected Russian hacking campaign, on Monday identified malicious code the company says attackers used to manipulate its software, and remain undetected for months. The code was designed to inject another piece of custom malicious software into Orion, the SolarWinds software used by numerous Fortune 500 companies and federal agencies, “without arousing the suspicion of our software development and build teams,” Sudhakar Ramakrishna, the new CEO of SolarWinds, wrote in a blog post. The discovery adds to the public understanding of one of the most complex digital espionage operations in recent memory. The attackers have used not only SolarWinds’ software, but other digital entry points in carrying out the hack, which has affecting major firms including Microsoft and FireEye, as well as multiple federal agencies. Security firm CrowdStrike, which helped find the new malicious code, said the code monitors software processes […] The post SolarWinds details stealthy code used to launch hacking campaign appeared first on CyberScoop. (CyberScoop)

More federal victims of SolarWinds hacking likely to come forward, CISA chief says

The number of federal agencies confirmed to have been breached in a suspected Russian espionage campaign will likely increase as the investigation continues, the head of the U.S Cybersecurity and Infrastructure Security Agency said. “The number [of federal victims] is likely to grow with further investigation,” Brandon Wales, CISA’s acting director, said in an interview Friday. “That being said, we do believe that the number will remain extremely small because of the highly targeted nature of this campaign. And that is going to be true for both government and private-sector entities compromised.” Wales is a career civil servant who found himself at the helm of the Department of Homeland Security’s cybersecurity agency in mid-November after President Donald Trump fired Chris Krebs. Wales has been quarterbacking CISA’s response to a sweeping breach of federal and corporate networks, in which suspected Russian hackers exploited the reach of software made by the contractor […] The post More federal victims of SolarWinds hacking likely to come forward, CISA chief says appeared first on CyberScoop. (CyberScoop)

US government sanctions more Ukrainians tied to Biden family smear

The U.S. Treasury Department on Monday leveled sanctions at another batch of current and former Ukrainian government officials it says are affiliated with a 2020 election influence campaign. Treasury said all four men have publicly associated themselves with Andrii Derkach, a previously sanctioned Ukrainian parliament member and suspected Russian agent who has met with President Donald Trump’s personal attorney Rudy Giuliani as part of his bid to spread misinformation about the Biden family. Of the four, Konstantin Kulyk, Oleksandr Onyshchenko and Andriy Telizhenko are former Ukrainian government officials, while Oleksandr Dubinsky currently sits in parliament. Treasury says they are part of Derkach’s inner circle and have coordinated to spread fraudulent, unproven claims. In total, Treasury’s Office of Foreign Assets Control imposed sanctions on Monday on seven individuals and four “media front companies” associated with the disinformation campaign. The other three men are also Derkach supporters, Treasury said. In a sign […] The post US government sanctions more Ukrainians tied to Biden family smear appeared first on CyberScoop. (CyberScoop)

Kaspersky discovers overlap between SolarWinds hack, Turla

Security researchers on Monday linked the SolarWinds breach to a different set of suspected Russian hacking tools, finding commonalities between that attack and the methods of the Turla group. Moscow-based Kaspersky said the source code for Sunburst, one of the nicknames for the malware that attackers used in the SolarWinds hack, overlapped with the Kazuar backdoor that Turla has deployed in the past. The Turla group is known for stalking embassies and ministries of foreign affairs in Europe and elsewhere for sensitive data. Sources have told reporters that the Russian hacking group APT29, or Cozy Bear, is responsible for the SolarWinds attack. Cozy Bear is most often linked to the SVR, the Russian foreign intelligence service. Turla, by contrast, is usually affiliated with another Russian intelligence service, the FSB. U.S. government investigators have only said the attack is “likely Russian in origin.” Cyber threat intelligence firms have been cautious about […] The post Kaspersky discovers overlap between SolarWinds hack, Turla appeared first on CyberScoop. (CyberScoop)

Amazon boots Parler from web hosting service over violent content

Parler, a social media platform favored by pro-Trump groups, was completely offline Monday morning after Amazon knocked the company from its web hosting services overnight. The move by Amazon Web Services (AWS) leaves Parler without a digital home — a blow potentially even more serious than moves by Google and Apple to suspend it from their app stores. All three technology giants took action after saying Parler had violated their terms of service for allowing posts that could contribute to violence. The existential problems for Parler come as federal law enforcement continues to make arrests related to the violent Jan. 6 intrusion of the U.S. Capitol by pro-Trump rioters. Posts on the social media platform were part of the long trail of digital evidence available to investigators. The mob included white supremacists and proponents of the QAnon conspiracy movement. Amazon’s decision was first reported by BuzzFeed News, which cited an […] The post Amazon boots Parler from web hosting service over violent content appeared first on CyberScoop. (CyberScoop)

Deepfake laws emerge as harassment, security threats come into focus

A new flurry of state and federal legislation that aims to better understand the creation of doctored video and audio files — and help victims respond — couldn’t have come soon enough, analysts say.  The manipulated content, better known as deepfakes, has been used to falsely portray House Speaker Nancy Pelosi as ill or inebriated in a video that went viral in 2019. Other examples include a faked video of former president Obama, and an artificial intelligence service that has been enabling users to transform photos of women into nude pictures, enabling abuse, blackmail and other kinds of harassment.  Potential malicious uses of deepfakes include fraud, inciting acts of violence or sowing political unrest. Last week, several Trump supporters proposed on Parler that Trump’s concession speech may have been a manipulated video. The chatter is only more evidence that the existence of deepfakes, and the lack of truly effective screening […] The post Deepfake laws emerge as harassment, security threats come into focus appeared first on CyberScoop. (CyberScoop)

Naked Security Live – HTTPS: do we REALLY need it?

Here's the latest Naked Security Live video talk - watch now, and please share with your friends! (Naked Security)

Google Titan security keys hacked by French researchers

Researchers can now made software copies of Google's "unclonable" Titan security keys - but not yet undetectably. (Naked Security)

Nissan Balances Fallout From Source Code Leak

(News ≈ Packet Storm)

Ransom Hacker Locks Internet Connected Chastity Cage

(News ≈ Packet Storm)

Capitol Attack's Cybersecurity Fallout: Stolen Laptops, Lost Data, And Possible Espionage

(News ≈ Packet Storm)

SolarWinds Hackers Linked To Known Russian Spying Tools

(News ≈ Packet Storm)

Aliens and UFOs: A Final Frontier for Social Engineers

The release of a CIA archive on UFOs is exactly the kind of headline-making event that phishing and scam actors long for. (Threatpost)

Millions of Social Profiles Leaked by Chinese Data-Scrapers

A cloud misconfig by SocialArks exposed 318 million records gleaned from Facebook, Instagram and LinkedIn. (Threatpost)

Researcher Builds Parler Archive Amid Amazon Suspension

A researcher scraped and archived public Parler posts before the conservative social networking service was taken down by Amazon, Apple and Google. (Threatpost)

10-01-202112-01-2021

/security-daily/ 12-01-2021 23:44:26