11-07-202113-07-2021

Security daily (12-07-2021)

How to create auto-suppression rules in AWS Security Hub

July 13, 2021: We’ve updated this post to clarify how SecurityHub and EventBridge rules exchange data between management and member accounts. AWS Security Hub gives you a comprehensive view of your security alerts and security posture across your AWS accounts. With Security Hub, you have a single place that aggregates, organizes, and prioritizes your security […] (AWS Security Blog)

SolarWinds says hackers used a zero-day flaw for 'targeted attacks' in a new breach

The federal contractor at the heart of a cyber-espionage campaign that caused months of consternation throughout the U.S. government says hackers have struck again. SolarWinds says an attacker leveraged a software vulnerability in a company product to carry out “limited, targeted attacks.” The unknown hacker used a zero-day flaw in SolarWinds’ Serv-U Managed File Transfer and Serv-U Secure FTP, which are used to transmit data, to target an unknown number of the firm’s customers. Such access would have allowed hackers to install programs; view, manipulate or delete data; or run their own software on an affected system, SolarWinds said in an advisory. “Microsoft has provided evidence of limited, targeted customer impact, though SolarWinds does not currently have an estimate of how many customers may be directly affected by the vulnerability,” the company statement added. “SolarWinds is unaware of the identity of the potentially affected customers.” The breach appears to be […] The post SolarWinds says hackers used a zero-day flaw for 'targeted attacks' in a new breach appeared first on CyberScoop. (CyberScoop)

Senate confirms former White House, NSA official Jen Easterly as CISA director after delay

Seven months into Joe Biden’s presidency, an administration confronting several cybersecurity crises finally has a permanent director en route to take over one of the top few cyber posts in the federal government. The Senate on Monday confirmed Jen Easterly as director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency by voice vote. Once she’s sworn in, Easterly — the departing head of Morgan Stanley’s Fusion Resilience Center and a former White House and National Security Agency official — will be busy with the aftermath of a spree of ransomware attacks that have attracted the attention of policymakers like none before. They include incidents at fuel supplier Colonial Pipeline, meat processor JBS and software company Kaseya, where a compromise opened the door for attackers to claim perhaps thousands of victims. In the early months of the Biden administration, officials also have contended with a cyber-espionage operation that […] The post Senate confirms former White House, NSA official Jen Easterly as CISA director after delay appeared first on CyberScoop. (CyberScoop)

Cast your nominations for CyberScoop 50

Nominations are now open for the CyberScoop 50 Awards. Nominate and recognize cybersecurity leaders in both the public and private sector. The post Cast your nominations for CyberScoop 50 appeared first on CyberScoop. (CyberScoop)

Suspected Chinese hackers return with unusual attacks on domestic gambling companies

It’s rare for Chinese hackers to turn their gaze inward on domestic companies. But a well-known group appears to have been targeting online gambling firms in China with new malware. The malware, which Trend Micro dubbed BIOPASS RAT, goes after Chinese gambling companies with a watering hole attack, where hackers try to infect websites commonly used by its targets. “Notably, a large number of features were implemented to target and steal the private data of popular web browsers and instant messengers that are primarily used in Mainland China,” Trend Micro said in a report on Friday. Digital clues that Trend Micro identified point to the Chinese hacking outfit the Winnti Group as a culprit. Its activity overlaps with that of the Chinese government hackers known as APT41, such that it’s sometimes mentioned as a second name for the group. That’s a joint cybercrime and espionage organization of hackers whose goals […] The post Suspected Chinese hackers return with unusual attacks on domestic gambling companies appeared first on CyberScoop. (CyberScoop)

Don’t get tricked by this crashtastic iPhone Wi-Fi hack!

Learn how the trick works so that you can avoid it in case someone thinks it's a joke to catch you out. (Naked Security)

Critical RCE Flaw in ForgeRock Access Manager Under Active Attack

Cybersecurity agencies in Australia and the U.S. are warning of an actively exploited vulnerability impacting ForgeRock's OpenAM access management solution that could be leveraged to execute arbitrary code on an affected system remotely. "The [Australian Cyber Security Centre] has observed actors exploiting this vulnerability to compromise multiple hosts and deploy additional malware and tools," (The Hacker News)

A New Critical SolarWinds Zero-Day Vulnerability Under Active Attack

SolarWinds, the Texas-based company that became the epicenter of a massive supply chain attack late last year, has issued patches to contain a remote code execution flaw in its Serv-U managed file transfer service. The fixes, which target Serv-U Managed File Transfer and Serv-U Secure FTP products, arrive after Microsoft notified the IT management and remote monitoring software maker that the (The Hacker News)

Crafting a Custom Dictionary for Your Password Policy

Modern password policies are comprised of many different elements that contribute to its effectiveness. One of the components of an effective current password policy makes use of what is known as a custom dictionary that filters out certain words that are not allowed as passwords in the environment. Using custom dictionaries, organizations can significantly improve their cybersecurity posture (The Hacker News)

Hackers Spread BIOPASS Malware via Chinese Online Gambling Sites

Cybersecurity researchers are warning about a new malware that's striking online gambling companies in China via a watering hole attack to deploy either Cobalt Strike beacons or a previously undocumented Python-based backdoor called BIOPASS RAT that takes advantage of Open Broadcaster Software (OBS) Studio's live-streaming app to capture the screen of its victims. The attack involves deceiving (The Hacker News)

Kaseya Releases Patches for Flaws Exploited in Widespread Ransomware Attack

Florida-based software vendor Kaseya on Sunday rolled out urgent updates to address critical security vulnerabilities in its Virtual System Administrator (VSA) solution that was used as a jumping off point to target as many as 1,500 businesses across the globe as part of a widespread supply-chain ransomware attack. Following the incident, the company had urged on-premises VSA customers to shut (The Hacker News)

BIOPASS RAT Uses Live Streaming Steal Victims’ Data

The malware has targeted Chinese gambling sites with fake app installers. (Threatpost)

11-07-202113-07-2021

/security-daily/ 13-07-2021 23:44:23