10-06-202012-06-2020

Security daily (11-06-2020)

The importance of encryption and how AWS can help

Encryption is a critical component of a defense-in-depth strategy, which is a security approach with a series of defensive mechanisms designed so that if one security mechanism fails, there’s at least one more still operating. As more organizations look to operate faster and at scale, they need ways to meet critical compliance requirements and improve […] (AWS Security Blog)

Senate Intelligence Committee wants DNI to investigate commercial spyware threats

The Senate Intelligence Committee quietly approved a measure last week that would require the Director of National Intelligence to submit a report to Congress on the threats posed by foreign governments’ and entities’ use of commercially available surveillance software. The DNI’s report, which would be sent to Congress 180 days after the Intelligence Authorization Act for 2021 passes, would include information on how the U.S. — and other countries — can work to reduce the threats of commercial spyware, including through export controls, diplomatic pressure, trade agreements, and work with the technology and telecommunications sectors to better secure consumers’ software. The committee wants the DNI to specifically address the threat posed to U.S. citizens, in addition to those living abroad or employed by the U.S. government. The report request comes nearly one year after the United Nations Special Rapporteur David Kaye called for a moratorium on the creation and sale of […] The post Senate Intelligence Committee wants DNI to investigate commercial spyware threats appeared first on CyberScoop. (CyberScoop)

Gamaredon, a hacking group with a fixation on Ukraine, deploys new email compromise tools

A Russian-speaking espionage group has been using new email hacking tools in a multi-month campaign intended to infiltrate unidentified government organizations, according to new research. The group, known as Gamaredon, has spent the last six months inundating the organizations with spearphishing emails and not bothering to cover their tracks, the Slovak anti-virus company ESET said Thursday. The researchers declined to name the government targeted. But historically, Gamaredon is one of multiple Russia-linked groups that has spied on Ukrainian government and corporate officials. And they are one of the more conspicuous ones. “They make no effort to stay under the radar,” Jean-Ian Boutin, ESET’s head of threat research, told CyberScoop. “One hypothesis is that they are doing that to create a state of constant dread in their targets.” One of the hacking tools uses a victim’s Microsoft Outlook account to send spearphishing messages to people in their contact address book. Another tool injects malicious code into Microsoft Office documents. The […] The post Gamaredon, a hacking group with a fixation on Ukraine, deploys new email compromise tools appeared first on CyberScoop. (CyberScoop)

Here's what that Capital One court decision means for corporate cybersecurity

When a judge ruled last month that Capital One must provide outsiders with a third-party incident response report detailing the circumstances around the bank’s massive data breach, the cybersecurity world took notice. The surprise decision, in effect, determined that Capital One would need to provide the forensic details — warts and all — about the hack to attorneys representing a group of customers suing the bank. It’s the kind of report that, if made public, could highlight technical and procedural failures that made it possible for a single suspect to allegedly collect gigabytes of data about 100 million people from a bank with $28 billion in revenue. Typically, hacked organizations are able to keep incident response reports private and avoid costly suits by shielding the details under attorney-client privilege. Not under this decision. U.S. Magistrate Judge John Anderson of the Eastern District of Virginia ruled that Capital One must provide a […] The post Here's what that Capital One court decision means for corporate cybersecurity appeared first on CyberScoop. (CyberScoop)

Babylon Health app leaked patients’ video consultations

Babylon Health, makers of a smartphone app that allows Brits to have consultations with NHS doctors, has admitted that a “software error” resulted in some users being able to access other patients’ private video chats with GPs. Read more in my article on the Tripwire State of Security blog. (Graham Cluley)

Smashing Security podcast #182: Space Force, credit card fraud, and beep-ti-beep

Graham finds himself in hot water with a security firm after a data breach, Carole discusses credit card fraud, and we have a pleasant surprise for Thom Langford, who appears to have mostly agreed to be a guest to promote his own podcast. All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Host Unknown’s Thom Langford. (Graham Cluley)

Crooks hijack “Black Lives Matter” to spread zombie malware

The email says it will let you have your say anonymously about Black Lives Matter. (Naked Security)

Bitcoin scammers take YouTube channels for a SpaceX ride

Multiple hijacked YouTube accounts impersonated Elon Musk's Space X channel in a Bitcoin scheme that ripped off nearly $150,000. (Naked Security)

Microsoft squishes 129 bugs with Patch Tuesday updates

Patch Tuesday was this week and software giant Microsoft released patches to fix 129 CVEs, 11 of which are rated critical. (Naked Security)

How to Write Your Own Bash Script to Automate Recon

Automation has been a buzz word for quite some time now, but the principles behind it are as strong as ever. For a hacker or pentester, Bash scripting is one form of automation that cannot be ignored. Virtually any command that can be run from the terminal can be scripted — and should be, in many cases — to save valuable time and effort. And a Bash script just happens to be great for recon.

Step 1: Start the Script

To get started, create a Bash script and name it whatever you like. I'll call mine recon.sh. Using your favorite text editor, make the first line look like this:

[code]

This is... more (Null Byte « WonderHowTo)

The WizardOpium LPE: Exploiting CVE-2019-1458

(News ≈ Packet Storm)

UPnP Flaw Exposes Millions Of Network Devices

(News ≈ Packet Storm)

Nintendo Switch Hack Nearly Twice As Bad As First Reported

(News ≈ Packet Storm)

Amazon Bans Police Use Of Facial Recognition Tech

(News ≈ Packet Storm)

Hackers Breached A1 Telekom, Austria's Largest ISP

(News ≈ Packet Storm)

A Bug in Facebook Messenger for Windows Could've Helped Malware Gain Persistence

Cybersecurity researchers at Reason Labs, the threat research arm of security solutions provider Reason Cybersecurity, today disclosed details of a vulnerability they recently discovered in the Facebook Messenger application for Windows.

The vulnerability, which resides in Messenger version 460.16, could allow attackers to leverage the app to potentially execute malicious files already (The Hacker News)

Black Lives Matter Emails Deliver TrickBot Malware

Malspam emails are claiming to deliver a survey on BLM -- but in reality they deliver the infamous banking trojan. (Threatpost)

Microsoft Outlook Users Targeted By Gamaredon’s New VBA Macro

The Gamaredon APT has started using a new VBA macro to target Microsoft Outlook victims' contact lists. (Threatpost)

Kubernetes Falls to Cryptomining via Machine-Learning Framework

Misconfigured dashboards are at the heart of a widespread XMRIG Monero-mining campaign. (Threatpost)

Podcast: Would You Use A Contact-Tracing Coronavirus App?

Contact tracing apps for the coronavirus are being developed and tested globally as the world starts to re-open. Are the apps worth using to flatten the curve? Or do data privacy worries trump public health? (Threatpost)

10-06-202012-06-2020

/security-daily/ 12-06-2020 23:44:22