11-01-202113-01-2021

Security daily (12-01-2021)

Best practices and advanced patterns for Lambda code signing

Amazon Web Services (AWS) recently released Code Signing for AWS Lambda. By using this feature, you can help enforce the integrity of your code artifacts and make sure that only trusted developers can deploy code to your AWS Lambda functions. Today, let’s review a basic use case along with best practices for lambda code signing. […] (AWS Security Blog)

How to approach threat modeling

In this post, I’ll provide my tips on how to integrate threat modeling into your organization’s application development lifecycle. There are many great guides on how to perform the procedural parts of threat modeling, and I’ll briefly touch on these and their methodologies. However, the main aim of this post is to augment the existing […] (AWS Security Blog)

After pro-Trump riot, experts urge US to tackle domestic disinformation

The post After pro-Trump riot, experts urge US to tackle domestic disinformation appeared first on CyberScoop. (CyberScoop)

Hackers who breached European medical regulator leak vaccine-related data

Hackers who stole data related to a coronavirus vaccine have leaked it online, a European regulator investigating the breach said Tuesday. An ongoing investigation into the breach found that “some of the unlawfully accessed documents related to COVID-19 medicines and vaccines belonging to third parties have been leaked on the internet,” the European Medicines Agency said in a statement. It was not immediately clear what the unidentified attackers were trying to accomplish in dumping the data online. Cybercriminals often leak stolen data in an attempt to extort victims. Hackers last month stole documents from an EMA computer server related to a COVID-19 vaccine candidate developed by pharmaceutical firms Pfizer and BioNTech. The EMA emphasized that the breach hasn’t affected the efficacy or approval of the vaccine. The incident again spotlights that vaccine data has drawn interest not only from spies, but also also from scammers aiming to exploit a global […] The post Hackers who breached European medical regulator leak vaccine-related data appeared first on CyberScoop. (CyberScoop)

Larger CyberBunker investigation yields shutdown of DarkMarket

German law enforcement has shut down an internet market where users bought and sold narcotics, stolen data and hacking tools, authorities said Tuesday. The forum, known as DarkMarket, was the internet’s largest bazaar for illicit goods, the European police agency Europol said, with more than 2,400 vendors and 320,000 transactions completed. Police said they apprehended a single suspect, a 34-year-old Australian man accused of operating the site, near the German-Danish border.  The law enforcement action originated in a larger investigation into the internet hosting provider known as CyberBunker, a notorious service that scammers for a generation have used to operate with little fear of detection.  The CyberBunker hosting service was based in former North Atlantic Treaty Organization bunkers in Holland and then Germany, helping controversial sites avoid police legal enforcement from military-style basements. CyberBunker has housed servers for the Pirate Bay, WikiLeaks and a range of dark net markets as […] The post Larger CyberBunker investigation yields shutdown of DarkMarket appeared first on CyberScoop. (CyberScoop)

Twitter purges QAnon accounts; Facebook targets 'Stop the Steal'

The latest moves by Twitter and Facebook against misinformation look a lot like efforts from 2020. One platform suspended tens of thousands of accounts that were amplifying the QAnon conspiracy theory, and another is removing content suggesting that the election was rigged. Twitter said Tuesday it removed more than 70,000 accounts for “sharing harmful QAnon-associated content at scale,” one day after Facebook said it is targeting the phrase “stop the steal” — a favorite hashtag of President Donald Trump’s supporters — in the interest of stopping “misinformation and content that could incite further violence.” Both moves come as the social media giants have blocked Trump in the aftermath of the riot by right-wing extremists at the U.S. Capitol on Jan. 6, which occurred as Congress was preparing to certify Joe Biden’s victory over the incumbent president in November’s elections. Twitter, Facebook and other Silicon Valley companies say incitements to violence […] The post Twitter purges QAnon accounts; Facebook targets 'Stop the Steal' appeared first on CyberScoop. (CyberScoop)

Twitter Suspends 70,000 Accounts Sharing QAnon Content

(News ≈ Packet Storm)

Amazon And Facebook Staff Warned Of Threats To Safety

(News ≈ Packet Storm)

This Android Malware Claims To Give Hackers Full Control Of Your Phone

(News ≈ Packet Storm)

Parler Hacked As Attackers Claim Access To Messages, Locations, And Raw Videos

(News ≈ Packet Storm)

Obfuscation Techniques in Ransomweb “Ransomware”

As vital assets for many business operations, websites and their hosting servers are often the target of ransomware attacks — and if they get taken offline, this can cause major issues for a business’ data, revenue, and ultimately reputation. The worst part about ransomware is that it encrypts data and removes the original encrypted copies. This means if victims don’t have backups of their files and databases, there may not be any way to recover the kidnapped data without paying the ransom. Continue reading Obfuscation Techniques in Ransomweb “Ransomware” at Sucuri Blog. (Sucuri Blog)

Critical Microsoft Defender Bug Actively Exploited; Patch Tuesday Offers 83 Fixes

The first Patch Tuesday security bulletin for 2021 from Microsoft includes fixes for one bug under active attack, possibly linked to the massive SolarWinds hacks. (Threatpost)

Data Breach at ‘Resident Evil’ Gaming Company Widens

Capcom, the game developer behind Resident Evil, Street Fighter and Dark Stalkers, now says its recent attack compromised the personal data of up to 400,000 gamers. (Threatpost)

Mimecast Certificate Hacked in Microsoft Email Supply-Chain Attack

A sophisticated threat actor has hijacked email security connections to spy on targets. (Threatpost)

BumbleBee Opens Exchange Servers in xHunt Spy Campaign

The BumbleBee web shell allows APT attackers to upload and download files, and move laterally by running commands. (Threatpost)

11-01-202113-01-2021

/security-daily/ 13-01-2021 23:44:24