Security daily (13-04-2021)

How to relate IAM role activity to corporate identity

April 14, 2021: In the section “Use the SourceIdentity attribute with identity federation,” we updated “AWS SSO” to “sign-in endpoint” for clarity. AWS Security Token Service (AWS STS) now offers customers the ability to specify a unique identity attribute for their workforce identities and applications when they assume an AWS Identity and Access Management (IAM) […] (AWS Security Blog)

Hundreds of electric utilities downloaded SolarWinds backdoor, regulator says

About a quarter of roughly 1,500 electric utilities sharing data with the North American power grid regulator said they installed the malicious SolarWinds software used by suspected Russian hackers, the regulator said on Tuesday. The electric utilities did not report any significant follow-on activity from the hackers, but the broad exposure of the sector points to the challenges of protecting utilities from supply-chain breaches. A minority of the electric-sector organizations that downloaded the malicious code used the affected SolarWinds software in their “operational technology” networks, a broad term for more sensitive software and hardware used to manage industrial operations, according to the North American Electric Reliability Corp. NERC is a not-for-profit regulatory authority backed by the U.S. and Canadian governments.   But Manny Cancel, a senior vice president at NERC, said clear communication on the espionage campaign from the U.S. government helped the sector to reduce its exposure to any […] The post Hundreds of electric utilities downloaded SolarWinds backdoor, regulator says appeared first on CyberScoop. (CyberScoop)

U.S. intelligence community details destructive cyber capabilities, growing influence threats

The intelligence community made its most direct public attribution yet that Russia was behind weaving malicious code into a SolarWinds software update to facilitate a sweeping espionage operation, impacting hundreds of companies and U.S. federal agencies. The intelligence community said Russia was behind the software supply chain hack in the intelligence community’s Annual Threat Assessment, which the Office of the Director of National Intelligence released Tuesday. “A Russian software supply chain operation against a US-based IT firm exposed approximately 18,000 customers worldwide, including enterprise networks across US Federal, state, and local governments,” the assessment notes, without naming SolarWinds. The intelligence community under the Trump administration had only previously stated that the operation was “likely” Russian in origin. The publication of the threat assessment coincides with President Joe Biden’s call with Russian President Vladimir Putin Tuesday, during which Biden “made clear that the United States will act firmly in defense of […] The post U.S. intelligence community details destructive cyber capabilities, growing influence threats appeared first on CyberScoop. (CyberScoop)

NSA says it found new critical vulnerabilities in Microsoft Exchange Server

The National Security Agency on Tuesday said it alerted Microsoft to a fresh batch of critical vulnerabilities that hackers could exploit to remotely compromise the Exchange Server email software program. Microsoft said that it hadn’t see any hacks using the vulnerabilities on its customers, but the news comes at a time of heightened concern over bugs in Exchange Server. Microsoft on March 2 revealed that suspected Chinese spies had exploited another set of flaws in Exchange Server to siphon off emails from targeted U.S. organizations. A bevy of opportunistic cybercriminals proceeded to exploit those vulnerabilities, to which tens of thousands of U.S. businesses and state and local organizations were reportedly exposed. The latest software bugs that the NSA discovered are in the 2013, 2016 and 2019 versions of Exchange Server. Microsoft said that the vulnerabilities, if exploited, could allow an attacker to execute code remotely on a target computer. Like […] The post NSA says it found new critical vulnerabilities in Microsoft Exchange Server appeared first on CyberScoop. (CyberScoop)

Banking organizations dub proposed US cyber notification regulation 'burdensome'

Banking groups have objected to elements of a proposed U.S. cyber incident notification rule, saying that its threshold for mandatory disclosure of such events to regulators is overly broad and would lead to over-reporting of incidents. Under the proposed regulation from the Treasury Department and other regulators, banks would have to notify their regulators within 36 hours of certain kinds of attacks, and bank service providers would have to notify their customers of particularly damaging incidents as well. “While we support the policy goals of the proposed rule, we believe that, as currently drafted, the proposed rule calls for notification of incidents well below the intended threshold of critical cybersecurity incidents,” wrote the American Bankers Association, Bank Policy Institute, Institute of International Bankers, and the Securities Industry and Financial Markets Association. “As a result, the proposed rule would lead to significant and burdensome over-reporting to the Agencies, contrary to its […] The post Banking organizations dub proposed US cyber notification regulation 'burdensome' appeared first on CyberScoop. (CyberScoop)

IoT bug report claims “at least 100M devices” may be impacted

The programmers among us are learning... but not always quickly enough, it seems. Here's some food for coding thought... (Naked Security)

1.3M Clubhouse Users' Data Dumped In Hacker Forum For Free

(News ≈ Packet Storm)

Prosecutor Says Russia's GRU Hacked Sweden's Sports Body

(News ≈ Packet Storm)

Millions Of Devices Are At Risk From The NAME:WRECK DNS Bugs

(News ≈ Packet Storm)

Estate Agent's Hi-Tech House Tour Exposes Personal Data

(News ≈ Packet Storm)

NSA Discovers New Vulnerabilities Affecting Microsoft Exchange Servers

In its April slate of patches, Microsoft rolled out fixes for a total of 114 security flaws, including an actively exploited zero-day and four remote code execution bugs in Exchange Server. Of the 114 flaws, 19 are rated as Critical, 88 are rated Important, and one is rated Moderate in severity. Chief among them is CVE-2021-28310, a privilege escalation vulnerability in Win32k that's said to be (The Hacker News)

New NAME:WRECK Vulnerabilities Impact Nearly 100 Million IoT Devices

Security researchers have uncovered nine vulnerabilities affecting four TCP/IP stacks impacting more than 100 million consumer and enterprise devices that could be exploited by an attacker to take control of a vulnerable system. Dubbed "NAME:WRECK" by Forescout and JSOF, the flaws are the latest in series of studies undertaken as part of an initiative called Project Memoria to study the security (The Hacker News)

Hackers Using Website's Contact Forms to Deliver IcedID Malware

Microsoft has warned organizations of a "unique" attack campaign that abuses contact forms published on websites to deliver malicious links to businesses via emails containing fake legal threats, in what's yet another instance of adversaries abusing legitimate infrastructure to mount evasive campaigns that bypass security protections. "The emails instruct recipients to click a link to review (The Hacker News)

Detecting the "Next" SolarWinds-Style Cyber Attack

The SolarWinds attack, which succeeded by utilizing the sunburst malware, shocked the cyber-security industry. This attack achieved persistence and was able to evade internal systems long enough to gain access to the source code of the victim. Because of the far-reaching SolarWinds deployments, the perpetrators were also able to infiltrate many other organizations, looking for intellectual (The Hacker News)

BRATA Malware Poses as Android Security Scanners on Google Play Store

A new set of malicious Android apps have been caught posing as app security scanners on the official Play Store to distribute a backdoor capable of gathering sensitive information. "These malicious apps urge users to update Chrome, WhatsApp, or a PDF reader, yet instead of updating the app in question, they take full control of the device by abusing accessibility services," cybersecurity firm (The Hacker News)

How the NAME:WRECK Bugs Impact Consumers, Businesses

How this class of vulnerabilities will impact millions connected devices and potentially wreck the day of IT security professionals. (Threatpost)

COVID-Related Threats, PowerShell Attacks Lead Malware Surge

Researchers measured 648 new malware threats every minute during Q4 2020.   (Threatpost)

Tax Phish Swims Past Google Workspace Email Security

Crooks are looking to harvest email credentials with a savvy campaign that uses the Typeform service to host the phishing page. (Threatpost)

Adobe Patches Slew of Critical Security Bugs in Bridge, Photoshop

The security bugs could open the door for arbitrary code-execution and full takeover of targeted machines. (Threatpost)


/security-daily/ 14-04-2021 23:44:22