11-03-202113-03-2021

Security daily (12-03-2021)

Demystifying KMS keys operations, bring your own key (BYOK), custom key store, and ciphertext portability

As you prepare to build or migrate your workload on Amazon Web Services (AWS), designing your encryption scheme can be a challenging—and sometimes confusing—endeavor. This blog post gives you a framework to select the right AWS cryptographic services and tools for your application to help you with your journey. I share common repeatable cryptographic patterns, […] (AWS Security Blog)

DHS cyber official Rick Driggers heads to the private sector

Rick Driggers, a longtime cybersecurity official at the Department of Homeland Security, is leaving government for the private sector in May, CyberScoop has learned. Since September, Driggers has led CISA’s Integrated Operations Division, which houses the agency’s center for sharing cyberthreat information with American companies and oversees the agency’s field offices across the country. His work has included co-chairing a working group with critical infrastructure firms on the security of industrial control systems  — a field that the agency has pledged to invest greater resources in. An Air Force veteran turned civil servant, Driggers has been at DHS for most of the last 17 years, rising in the ranks to serve as a key official in the department’s two-year-old Cybersecurity and Infrastructure Security Agency. Driggers is one of many career civil servants who stuck with the agency through the turmoil of the Trump years, and after the White House purged […] The post DHS cyber official Rick Driggers heads to the private sector appeared first on CyberScoop. (CyberScoop)

Biden administration mulls software security grades after SolarWinds

The White House is contemplating the use of cybersecurity ratings and standards for U.S. software, a move akin to how New York City grades restaurants on sanitation or Singapore labels internet of things devices, a senior administration official told reporters on Friday. “There will be ideas coming on both of those in an executive action in the next few weeks,” the official said, briefing reporters on the condition of anonymity about simultaneous major security incidents that continue to roil the country: the SolarWinds supply chain attack, and the exploitation of Microsoft Exchange Server vulnerabilities. The concept of government labeling and grading in cybersecurity isn’t entirely new. Some experts have long coveted an Energy Star-style rating system resembling the program that the Environmental Protection Agency and Energy Department use to promote energy-efficient devices. Among them: the Cybersecurity Solarium Commission, which last year recommended that Congress establish a National Cybersecurity Certification and […] The post Biden administration mulls software security grades after SolarWinds appeared first on CyberScoop. (CyberScoop)

Alleged Verkada hacker says police raided their home in Switzerland

One of the hackers who claimed responsibility for breaking into the networks of camera surveillance firm Verkada says police have raided their home in Switzerland. Tillie Kottman said in a social media post that the raid occurred Friday morning in the Swiss city of Lucerne and resulted in the confiscation of their electronic devices. Kottman has claimed to be part of a group of hackers that breached Silicon Valley-based Verkada, and reportedly accessed live feeds of 150,00 cameras in hospitals, prisons and other organizations. The raid was part of a criminal case against Kottmann that U.S. prosecutors are pursuing out of the Western District of Washington, according to Bloomberg News, which was first to report on the raid. Kottmann is accused of identity theft, fraud and breaking into protect computers, Bloomberg reported. A spokesperson for the Lucerne police referred a request for comment to the U.S. Justice Department, which the spokesperson […] The post Alleged Verkada hacker says police raided their home in Switzerland appeared first on CyberScoop. (CyberScoop)

Botnet operators, ransomware scammers the latest groups to pounce on Exchange Server bugs

The floodgates appear to be open on critical bugs in Microsoft software as a predictable bevy of scammers — from a ransomware actor to cryptocurrency conmen — have flocked to vulnerable email servers. The new incidents make clear that what started as a reported China-linked spying operation to steal data from the Microsoft email program has devolved into an opportunistic romp for criminals. The number of attempts to exploit the email software program, known as Exchange Server, doubled every two to three hours over the course of 24 hours, Israeli security firm Check Point said Thursday. Government organizations, along with manufacturing and financial firms, were the top sectors targeted. The researchers cautioned, however, that they have yet to see intrusions that successfully string all of the vulnerabilities together. At least one ransomware actor has now entered the fray. Microsoft said late Thursday that crooks were using a new family of […] The post Botnet operators, ransomware scammers the latest groups to pounce on Exchange Server bugs appeared first on CyberScoop. (CyberScoop)

Microsoft Says Ransom Hackers Taking Advantage Of Server Flaws

(News ≈ Packet Storm)

Linux Systems Under Attack By New RedXOR Malware

(News ≈ Packet Storm)

Legislators Work Towards Breach Law Requiring Notification

(News ≈ Packet Storm)

Critics Fume After Github Removes Exploit Code For Exchange Vulnerabilities

(News ≈ Packet Storm)

Critical Security Hole Can Knock Smart Meters Offline

Unpatched Schneider Electric PowerLogic ION/PM smart meters are open to dangerous attacks. (Threatpost)

REvil Group Claims Slew of Ransomware Attacks

The threat group behind the Sodinokibi ransomware claimed to have recently compromised nine organizations. (Threatpost)

Europol Credits Sweeping Arrests to Cracked Sky ECC Comms  

Sky ECC claims that cops cracked a fake version of the app being passed off by disgruntled reseller. (Threatpost)

Metamorfo Banking Trojan Abuses AutoHotKey to Avoid Detection

A legitimate binary for creating shortcut keys in Windows is being used to help the malware sneak past defenses, in a rash of new campaigns. (Threatpost)

Microsoft Exchange Exploits Pave a Ransomware Path

As attacks double every hour, hackers are exploiting vulnerable Microsoft Exchange servers and installing a new family of ransomware called DearCry. (Threatpost)

Molson Coors Cracks Open a Cyberattack Investigation

The multinational brewing company did not say what type of incident caused a ‘systems outage,’ but it's investigating and working to get networks back online. (Threatpost)

11-03-202113-03-2021

/security-daily/ 13-03-2021 23:44:27