11-05-202013-05-2020

Security daily (12-05-2020)

Easily control the naming of individual IAM role sessions

AWS Identity and Access Management (IAM) now has a new sts:RoleSessionName condition element for the AWS Security Token Service (AWS STS), that makes it easy for AWS account administrators to control the naming of individual IAM role sessions. IAM roles help you grant access to AWS services and resources by using dynamically generated short-term credentials. […] (AWS Security Blog)

Microsoft's May 'Patch Tuesday' remedies 111 vulnerabilities

Microsoft has released a set of software upgrades meant to address more than 100 vulnerabilities in the company’s products, the latest in a series of scheduled updates that comes as many corporate security executives are working remotely. The announcement comes as part of Microsoft’s “Patch Tuesday” release, the batch of security updates that the company publishes each month to mitigate known vulnerabilities. The May 2020 list includes 111 vulnerabilities, including 13  “critical” issues, 91 classified as “important,” three “moderate” bugs and four “low” priority. Hackers don’t appear to be exploiting any of the vulnerabilities, according to the advisory. The updates pertain to vulnerabilities in Microsoft Edge, the Windows Defender security software, Microsoft Office, Internet Explorer, and a number of other products. Among the most urgent patches are meant to repair flaws in Microsoft SharePoint that could enable hackers to executive arbitrary code on a victim’s machine. One of the SharePoint vulnerabilities […] The post Microsoft's May 'Patch Tuesday' remedies 111 vulnerabilities appeared first on CyberScoop. (CyberScoop)

Former Ghana government officials sentenced to jail for doing business with NSO Group

Three former government officials in Ghana have been sentenced to jail for purchasing spyware products from Israeli software surveillance company NSO Group. The country’s former national security coordinator, Salifu Osman, and director-general of the country’s telecommunications authority, William Tetteh Tevie, were sentenced to five years in prison, according to Ghana Business News and other local news outlets. A former board chairman of the telecommunications authority, Eugene Baffoe-Bonnie, was sentenced to six years because he allegedly made $200,000 from the deal, according to Graphic Online. The case, which has been in the country’s high court since 2017, hinged on the argument that officials had caused significant financial loss in the country due to their $4 million purchase of NSO Group’s signature Pegasus spyware. The National Communications Authority (NCA) allegedly bought the surveillance product through a reseller in order to track suspected terrorism, according to Graphic Online, which attended the court session Tuesday. It […] The post Former Ghana government officials sentenced to jail for doing business with NSO Group appeared first on CyberScoop. (CyberScoop)

How two researchers used an app store to demonstrate hacks on a factory

When malicious code spread through the networks of Rheinmetall Automotive last year, it disrupted the German manufacturing firm’s plants on two continents, temporarily costing up to $4 million each week. The attacks were the latest reminder to factory owners that computer viruses can hobble production. While awareness of the threats has grown, there’s still a risk that too many organizations view such attacks as isolated incidents, rather than the work of a determined attacker that could be visited upon them. Federico Maggi, a senior researcher at cybersecurity company Trend Micro, set out to dispel that mindset. So he used a laboratory housed at Politecnico di Milano School of Management, Italy’s largest technical university, to show how attackers could disrupt production on the factory floor. His goal was to use the hypothetical hacks to help organizations address weaknesses in their defenses before actual attackers strike. “We wanted to look for something different, something that future attackers […] The post How two researchers used an app store to demonstrate hacks on a factory appeared first on CyberScoop. (CyberScoop)

FBI, DHS to go public with suspected North Korean hacking tools

The FBI and the Department of Homeland Security are preparing to jointly expose North Korean government-backed hacking this week, CyberScoop has learned. Threat data meant to help companies fend off hackers has already been shared with the private sector in an effort to boost cyber-defenses in critical infrastructure sectors. The circulating information, contained in several documents known as malware analysis reports (MARs), details activity from Hidden Cobra hackers, an advanced persistent threat group that the U.S. government has previously linked with the North Korean government. The Hidden Cobra group frequently targets financial institutions such as banks, cryptocurrency exchanges, and ATMs for financial gain, the government says. However, it was not immediately clear which specific security incidents, if any, the U.S. government sought to expose in the information sharing effort. The documents, which sources say contains 26 malware samples, appear to be the latest piece of a broader U.S. government effort […] The post FBI, DHS to go public with suspected North Korean hacking tools appeared first on CyberScoop. (CyberScoop)

Thunderspy – why turning your computer off is a cool idea!

Thunderbolt ports can provide direct access to the memory in your laptop... just how hard is it for crooks to do so when you aren't looking? (Naked Security)

Huge toll of ransomware attacks revealed in Sophos report

To understand the scope of the ransomware threat, Sophos commissioned a study into the state of ransomware 2020. (Naked Security)

Dating app user logins found on hacking forum

3.5 million user logins for the MobiFriends dating app are being offered for free on a popular dark web hackers forum. (Naked Security)

Maze ransomware one year on – a SophosLabs report

The latest SophosLabs report tells the story of how the infamous "Maze" ransomware has evolved over the past 12 months... (Naked Security)

How to Create Rogue APs with MicroPython on an ESP8266 Microcontroller

For a hacker, there are a lot of advantages to creating a fake network. One advantage forces nearby devices to use their real MAC address if you happen upon a network that's stored in their preferred network list.

There are a lot of tools out there for creating fake access points. Spacehuhn has designed one called the Beacon Spammer that's based in Arduino and allows you to create hundreds of artificial networks, all spammed out regularly using different MAC addresses. We can even create fake access points that have passwords, which can trick smartphones that have encrypted networks stored on... more (Null Byte « WonderHowTo)

Texas Courts Slammed By Ransomware Attack

(News ≈ Packet Storm)

Chatbooks Confirms Breach After Data Sale

(News ≈ Packet Storm)

Hackers Hit A-List Law Firm Of Lady Gaga, Drake, And Madonna

(News ≈ Packet Storm)

Musk Dares County Officials To Arrest Him As He Reopens Fremont Factory

(News ≈ Packet Storm)

YouTube Account Recovery Phishing

Phishing attacks against targeted channels have been successful in the past, as explained last year on ZDNet. Recently, our Remediation team found an interesting phishing page following a similar pattern that was targeting YouTube creators. Phishing Behavior The phishing campaign, which was initially discovered on a compromised WordPress website, is made up of two pages responsible for harvesting and sending along the victim’s stolen username, password, and recovery phone number.

Simply knowing the account recovery phone number will not allow the attacker to bypass 2FA for accounts that have it enabled. Continue reading YouTube Account Recovery Phishing at Sucuri Blog. (Sucuri Blog)

Over 4000 Android Apps Expose Users' Data via Misconfigured Firebase Databases

More than 4,000 Android apps that use Google's cloud-hosted Firebase databases are 'unknowingly' leaking sensitive information on their users, including their email addresses, usernames, passwords, phone numbers, full names, chat messages and location data.

The investigation, led by Bob Diachenko from Security Discovery in partnership with Comparitech, is the result of an analysis of 15,735 (The Hacker News)

Cynet Offers IR Specialists Grants up to $1500 for each IR Engagement

In the past, the autonomous breach protection company Cynet announced that it is making Cynet 360 threat detection and response platform available at no charge for IR (incident response) service providers and consultants.

Today Cynet takes another step and announces a $500 grant for Incident Responders for each IR engagement in which Cynet 360 was used, with an additional $1,000 grant if the (The Hacker News)

REvil Ransomware Attack Hits A-List Celeb Law Firm

Cybercriminals used the REvil ransomware to attack a law firm used by the likes of Lady Gaga, Drake and Madonna. Now, they're threatening to leak the 756 gigabytes of stolen data. (Threatpost)

Microsoft Addresses 111 Bugs for May Patch Tuesday

Important-rated EoP flaws make up the bulk of the CVEs; SharePoint continues its critical run with four worrying bugs. (Threatpost)

WordPress Page Builder Plugin Bugs Threaten 1 Million Sites with Full Takeover

Severe CSRF to XSS bugs open the door to code execution and complete website compromise. (Threatpost)

Adobe Kills 16 Critical Flaws in Acrobat and Reader, Digital Negative SDK

Adobe patched 36 flaws, including critical vulnerabilities in Acrobat and Reader and its DNG Software Development Kit. (Threatpost)

Chatbooks Confirms Breach After ‘Shiny Hunters’ Sell Data

Photo print service Chatbooks has disclosed a data breach after customers' emails, passwords and more were listed for sale on underground forums. (Threatpost)

11-05-202013-05-2020

/security-daily/ 13-05-2020 23:44:22