11-11-202013-11-2020

Security daily (12-11-2020)

Combining encryption and signing with AWS KMS asymmetric keys

In this post, I discuss how to use AWS Key Management Service (KMS) to combine asymmetric digital signature and asymmetric encryption of the same data. The addition of support for asymmetric keys in AWS KMS has exciting use cases for customers. The ability to create, manage, and use public and private key pairs with KMS […] (AWS Security Blog)

046| 10 Burning Mobile Security Questions, Answered

Is iOS really more secure than Android, and why? What are the pros and cons of biometric authentication? How can you know which apps are safe to use, anyway? In this episode we dive into a range of mobile security issues. Who better to answer our questions than a couple of mobile experts? F-Secure's Ken Gannon and Ben Knutson join the show to discuss app permissions, company mobile device management, mobile hygiene tips, signs your phone's been hacked and more. Plus, is your Facebook app listening in on you, or not? Links: Episode 46 transcript Ken's Samsung S20 vulnerability writeup - RCE via Samsung Galaxy Store App (Cyber Security Sauna)

Lawmakers back CISA chief Krebs after report that he expects to be fired

Multiple Democratic U.S. lawmakers on Thursday reacted with concern to a media report that a senior Department of Homeland Security cybersecurity official has told associates that he expects to be fired by the White House. Rep. Jim Langevin, D-R.I., and Sen. Mark Warner, D-Va, the ranking member of the Senate Intelligence Committee, were among those who hailed the work of Cybersecurity and Infrastructure Security Director Chris Krebs, who has been at the forefront of federal agencies’ efforts to protect the 2020 election from hacking and disinformation. “It would not be a surprise [but] would disappoint me profoundly if he were to be fired,” Langevin, who is co-founder of the Congressional Cybersecurity Caucus, said in an interview. “I think Chris Krebs has served in his role as director of CISA with great professionalism, with passion, in a nonpartisan way. He’s someone who is respected on both sides of the aisle.” Krebs, […] The post Lawmakers back CISA chief Krebs after report that he expects to be fired appeared first on CyberScoop. (CyberScoop)

How the Pentagon is trolling Russian, Chinese hackers with cartoons

There’s little that Russian hackers hate more than being seen as soft. So when U.S. military hackers saw a way to publicly portray them as bumbling and unthreatening in recent weeks, they seized the moment. It all began when Cyber Command, the U.S. Department of Defense’s offensive cyber arm, started working with a graphics company to illustrate foreign government hackers. The military realized it could punch up the reports it releases on foreign hacking operations by adding illustrations, and try to embarrass or infuriate the foreign hacking shops along the way, one U.S. official told CyberScoop. In one case, when Cyber Command started making plans to expose some state-sponsored espionage operations tied to Russia’s Federal Security Service (FSB), the country’s KGB successor, they turned to the graphics company to develop images that would goad the Russians, the official said. “Russia hates to be seen as cuddly or cozy so we want to tick them off,” said the official, who was not authorized […] The post How the Pentagon is trolling Russian, Chinese hackers with cartoons appeared first on CyberScoop. (CyberScoop)

Senior DHS cybersecurity official Bryan Ware to step down

Bryan S. Ware, who took the reins as the senior most Department of Homeland Security official focused exclusively on cybersecurity in January, is stepping down from his post and heading to the private sector. A former technology entrepreneur, Ware has helped lead the DHS Cybersecurity and Infrastructure Security Agency’s efforts to protect health care and pharmaceutical industry from criminal and state-sponsored hacking. He has also made a point of getting better data, with the help of software tools, into the hands of CISA analysts for tracking hacking campaigns. Ware’s last day on the job will be Friday. He told CyberScoop he is looking to start a new technology company. “I’m very proud of the work that CISA has done this year,” Ware said. “And I think against significant odds, the work we did on [protecting] elections is really a testament to what this agency can do.” Ware declined to comment […] The post Senior DHS cybersecurity official Bryan Ware to step down appeared first on CyberScoop. (CyberScoop)

Cybercriminal offers email implant software that dodges traditional security platforms

Imagine if cybercriminals didn’t have to send a malicious email for their victims to get the message anyway. That’s a tool one hacker is advertising on a dark web forum, according to research Gemini Advisory released Wednesday. And because the email can be implanted rather than sent, it has the potential to bypass  security that inspects messages as they’re en route to their destination server, researchers said. “The software poses a significant threat as it raises the success rate of malware attacks, allows for more sophisticated phishing and business email compromise (BEC) campaigns, and opens the door for technically simple ransomware-like attacks,” according to a blog post from the Miami-based threat intelligence company. The trick to implanting the email via the “Email Appender” software goes like this, Gemini Advisory explained: First, attackers must obtain valid email addresses and associated passwords, often available on the dark web at a low cost. Then the attacker has to upload the compromised credentials into Email […] The post Cybercriminal offers email implant software that dodges traditional security platforms appeared first on CyberScoop. (CyberScoop)

Well-developed backdoor can harvest information from restaurants, bars and hotels, researchers say

Restaurants, bars and hotels are taking a big hit from the coronavirus pandemic, but they still can be inviting targets for cybercriminals. A point-of-sale-system widely used in the hospitality industry to process credit card payments and other transactions — ORACLE MICROS Restaurant Enterprise Series (RES) 3700 — is vulnerable to a backdoor that allows attackers to see some of the information in the system’s databases, according to researchers at Slovakia-based cybersecurity company ESET. The researchers stress that highly sensitive pieces of information — such as credit card numbers and expiration dates – do not appear to be vulnerable to the malware, which they’re calling ModPipe. The malicious software, for now, harvests only “data stored in the clear,” ESET says, including cardholder names. But ModPipe potentially could be the conduit for more harmful malware, given that it is modular — meaning that it’s designed for attackers to swap features in and out. […] The post Well-developed backdoor can harvest information from restaurants, bars and hotels, researchers say appeared first on CyberScoop. (CyberScoop)

Ransomware incidents in manufacturing grow as transparency, and attack options, increase

The number of publicly documented ransomware incidents at manufacturing organizations has jumped considerably in 2020 as attackers have found ways to disrupt facilities’ operations by affecting both traditional IT networks and software that supports industrial processes, according to research published Thursday. Industrial security company Dragos found that ransomware incidents in the manufacturing sector had more than “tripled” this year compared to 2019, though the company did not specify the number of incidents. Two things help explain the report’s findings: Companies are being more transparent about reporting incidents; and manufacturing, like other sectors such as health care, has endured a rise in opportunistic attacks from criminals who know how bring an organization to its knees. “Companies that rely on availability of their operations [are] being targeted and held for ransom to be able to restart those processes,” said Selena Larson, a senior cyberthreat analyst at Dragos. Among the Dragos tally were reported ransomware […] The post Ransomware incidents in manufacturing grow as transparency, and attack options, increase appeared first on CyberScoop. (CyberScoop)

Hacker-for-hire group targeting South Asian organizations, research says

There’s a new cyber mercenary group on the block, and they’re going after targets in more than a dozen countries around the globe, according to BlackBerry research published Thursday. The hack-for-hire shop, which BlackBerry is calling “CostaRicto,” has largely gone after targets in South Asia, especially in India, Bangladesh and Singapore, according to BlackBerry. Some of its targeting has also been located in Africa, the Americas, Australia and Europe, including in Austria, the Bahamas, France, Mozambique, the Netherlands and Portugal, the researchers write in a blog on the group. It isn’t exactly clear who the hackers-for-hire are, but given that their targets tend to be focused in South Asia, BlackBerry researchers suggest they may be based in that region. The disparate targeting and characteristics of their toolset suggest they are working on behalf of clients, BlackBerry reachers write. CostaRicto targets victims with a custom backdoor that appeared last October, but has […] The post Hacker-for-hire group targeting South Asian organizations, research says appeared first on CyberScoop. (CyberScoop)

S3 Ep6: How not to get scammed [Podcast]

New episode - listen now! (Naked Security)

Now-Patched Ubuntu Desktop Vulnerability Allows Privilege Escalation

(News ≈ Packet Storm)

DNS Cache Poisoning Is Back From The Dead

(News ≈ Packet Storm)

Nvidia Warns Gamers Of GeForce NOW Flaw

(News ≈ Packet Storm)

Google Patches Two More Chrome Zero Days

(News ≈ Packet Storm)

Another Credit Card Stealer That Pretends to Be Sucuri

During a routine investigation, we found yet another web skimmer that pretends to be related to Sucuri. One of our Remediation Analysts, Liam Smith, found the following code injected into the database of a Magento site.

The first 109 lines of the malware don’t contain any content, which could be an attempt to avoid detection and conceal itself from detection, but line #110 contains a  base64-encoded Javascript ( eval(atob(… ). Continue reading Another Credit Card Stealer That Pretends to Be Sucuri at Sucuri Blog. (Sucuri Blog)

Cyberattackers Serve Up Custom Backdoor for Oracle Restaurant Software

The modular malware is highly sophisticated but may not be able to capture credit-card info. (Threatpost)

Animal Jam Hacked, 46M Records Roam the Dark Web

Animal Jam, just the latest in a string of attacks on gaming apps, has adopted a transparent communications strategy after stolen data turned up on a criminal forum. (Threatpost)

Digging into the Dark Web: How Security Researchers Learn to Think Like the Bad Guys

Hacker forums are a rich source of threat intelligence. (Threatpost)

11-11-202013-11-2020

/security-daily/ 13-11-2020 23:44:24