Security daily (12-08-2020)

Quickly build STIG-compliant Amazon Machine Images using Amazon EC2 Image Builder

In this post, we discuss how to implement the operating system security requirements defined by the Defence Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs). As an Amazon Web Services (AWS) customer, you can use Amazon Machine Images (AMIs) published by AWS or APN partners. These AMIs, which are owned and published by AWS, […] (AWS Security Blog)

TikTok users 'voluntarily' giving their data to China, Justice official says

U.S. officials have repeatedly expressed concern that China could use the 2014 and 2015 hacks of the Office of Personnel Management and health care insurer Anthem to build data profiles on Americans for intelligence recruitment (allegations Beijing denies). But TikTok, the popular video-sharing application, is a different type of data collection opportunity for China because Americans are willingly handing the information over, a senior Department of Justice official alleged Wednesday. “[Y]ou have an instance of Americans voluntarily signing onto this product as opposed to the Chinese stealing the data or the Chinese buying the data,” said John Demers, the assistant attorney general for national security. “And that’s what the recent executive order was meant to address,” Demers said, referring to the Aug. 6 directive from President Donald Trump that will ban transactions with ByteDance, TikTok’s Chinese parent company, and Tencent, another Chinese tech firm, starting Sept. 20. TikTok, which is […] The post TikTok users 'voluntarily' giving their data to China, Justice official says appeared first on CyberScoop. (CyberScoop)

North Korean hackers are targeting Israel's defense sector, Israel Ministry of Defense claims

North Korean government-linked hackers have been targeting the Israeli defense sector with fake job offers, Israel’s Ministry of Defense said Wednesday. The actors, which Israel says were part of Lazarus Group, a hacking outfit the U.S. government has linked to North Korea, sent their phony job offers through LinkedIn. The hackers created fake LinkedIn accounts impersonating CEOs and top officials at multinational companies to run their scam, according to the Ministry of Defense. According to ClearSky, an Israeli cybersecurity firm which has been tracking the campaign, the hackers imitated the likes of Boeing, McDonnell Douglas, and BAE. After making contact with targets, the hackers continued conversations with victims over WhatsApp, ClearSky said in a research report issued Thursday. It’s the latest example of North Korean hackers using fake job offers to zero in on targets of its espionage operations. In 2016 and 2017, North Korean hackers sent spearphishing emails posing as job recruiters in an […] The post North Korean hackers are targeting Israel's defense sector, Israel Ministry of Defense claims appeared first on CyberScoop. (CyberScoop)

Someone duped Twitter verification to spread racist disinformation on US coronavirus vaccine

A verified Twitter account impersonating a top World Health Organization official recently alleged that the Trump administration was going to test a coronavirus vaccine on Black Americans without their knowledge or informed consent. The disinformation scheme originated in May with an account masquerading as Dr. Jaouad Mahjour, assistant director-general of the World Health Organization (WHO), in the latest example of attackers trying to inflame existing tension in the U.S. over issues like vaccines and racism. Tweets included racist tropes against Black Americans, and implied that the U.S. had lobbied WHO to test its vaccines on prisoners, immigrants, and Black Americans. Twitter has since suspended the account, after WHO representatives told reporters that the account in question didn’t belong to Mahjour. News of the disinformation was first reported by The Daily Beast. Neither Twitter nor the World Health Organization provided comment for this article by press time. The impersonation appeared to […] The post Someone duped Twitter verification to spread racist disinformation on US coronavirus vaccine appeared first on CyberScoop. (CyberScoop)

SANS Institute, which drills cyber professionals in defense, suffers data breach

The SANS Institute, which trains cybersecurity professionals around the world, was hacked, resulting in the compromise of 28,000 records of personally identifiable information, the organization said Tuesday. The Maryland-based research and educational outfit said the breach was the result of a single phishing email sent to a SANS employee, which led to more than 500 of the organization’s emails being forwarded. The breached data included names, email addresses, and physical addresses — information submitted by attendees of a recent SANS virtual training event. After discovering the breach on Aug. 6, SANS said it “quickly stopped any further release of information” from the compromised email account, which was forwarding the data to an “unknown external email address.” The institute did not identify who was responsible for the hack. “We are investigating this incident with the support of some of the world’s top forensic experts to be certain that we understand the complete […] The post SANS Institute, which drills cyber professionals in defense, suffers data breach appeared first on CyberScoop. (CyberScoop)

Citrix Warns Of Critical Flaws In XenMobile Server

(News ≈ Packet Storm)

An Overview Of Microsoft's Recent Patch Tuesday

(News ≈ Packet Storm)

Adobe Tackles Code Execution Vulnerabilities In Acrobat, Reader

(News ≈ Packet Storm)

28,000 Infosec Training Records Stolen From SANS After Staffer Is Phished

(News ≈ Packet Storm)

How SSL Works with a Website Firewall

It’s no secret that a secure sockets layer (SSL) encrypts data as it moves between a visitor’s browser and the site host. For many people, a single SSL appears to be sufficient for protecting data exchanged between visitors and their website. But what happens to your SSL protection when you add a web application firewall like the Sucuri WAF? Protecting that additional data transit point is a topic we often discuss with customers, and it’s relevant for anyone to understand. Continue reading How SSL Works with a Website Firewall at Sucuri Blog. (Sucuri Blog)

String Concatenation: Obfuscation Techniques

While string concatenation has many valuable applications in development — such as making code more efficient or functions more effective — it is also a popular way for attackers to obfuscate code and try to make it more difficult to detect. Let’s dig into how bad actors are leveraging this technique to conceal their malware. Avoiding Detection with String Concatenation String concatenation obfuscation works by using a period between each string, which instructs PHP to join these character strings  together and run it as a single function — for example, ‘cr’.’ea’.’te’.’f’.’un’.’c’.’ti’.’o’.’n’; would become createfunction. Continue reading String Concatenation: Obfuscation Techniques at Sucuri Blog. (Sucuri Blog)

Microsoft Reveals New Innocent Ways Windows Users Can Get Hacked

Microsoft earlier today released its August 2020 batch of software security updates for all supported versions of its Windows operating systems and other products.

This month's Patch Tuesday updates address a total of 120 newly discovered software vulnerabilities, of which 17 are critical, and the rest are important in severity.

In a nutshell, your Windows computer can be hacked if you:

Play a (The Hacker News)

Flaws in Samsung Phones Exposed Android Users to Remote Attacks

New research disclosed a string of severe security vulnerabilities in the 'Find My Mobile'—an Android app that comes pre-installed on most Samsung smartphones—that could have allowed remote attackers to track victims' real-time location, monitor phone calls, and messages, and even delete data stored on the phone.

Portugal-based cybersecurity services provider Char49 revealed its findings on (The Hacker News)

Contrast Community Edition Empowers Developers to Write Secure Code Faster

As software eats the world, the world faces a software security crisis. The movement to modern software such as cloud technologies and microservice architectures is essential to innovate quickly. Yet, nearly three in four developers say that security slows down Agile and DevOps.

Neither developers nor security teams are to blame. DevOps speed is held back by a 15-year-old, scan-based (The Hacker News)

Citrix Warns of Critical Flaws in XenMobile Server

Citrix said that it anticipates malicious actors "will move quickly to exploit" two critical flaws in its mobile device management software. (Threatpost)

TikTok Surreptitiously Collected Android User Data Using Google-Prohibited Tactic

App concealed the practice of gathering device unique identifiers using an added layer of encryption. (Threatpost)


/security-daily/ 13-08-2020 23:44:24