12-05-202014-05-2020

Security daily (13-05-2020)

AWS achieves Spain’s ENS High certification across 105 services

AWS achieved Spain’s Esquema Nacional de Seguridad (ENS) High certification across 105 services in all AWS Regions. To successfully achieve the ENS High certification, BDO España conducted an independent audit and attested that AWS meets confidentiality, integrity, and availability standards. This provides assurance to Spain’s public sector organizations wanting to build secure applications and services […] (AWS Security Blog)

Zero-day broker: Stop sending us Apple bugs, we have enough already

A company that pays hackers to submit serious security vulnerabilities says it’s made aware of so many flaws in various Apple operating systems that it will temporarily stop acquiring new attack techniques. In a tweet Wednesday, Zerodium said it will stop accepting Apple iOS bugs that lead to “local privilege escalation,” which attackers use to dig deeper into an infected device, remote code execution bugs in the the company’s Safari web browser, or “sandbox escape” tools, which enable attackers to move from an app to other areas of a device. We will NOT be acquiring any new Apple iOS LPE, Safari RCE, or sandbox escapes for the next 2 to 3 months due to a high number of submissions related to these vectors. Prices for iOS one-click chains (e.g. via Safari) without persistence will likely drop in the near future. — Zerodium (@Zerodium) May 13, 2020 In a follow-up tweet, […] The post Zero-day broker: Stop sending us Apple bugs, we have enough already appeared first on CyberScoop. (CyberScoop)

Researchers expose new malware designed to steal data from air-gapped networks

Hacking tools and techniques that are capable of accessing “air-gapped” systems — those cut off from external network connections — are coveted by intelligence agencies and pored over by security researchers. Spies try to conceal them; researchers try to expose them to warn potential victims. That dynamic is behind Slovakian anti-virus company ESET’s decision Wednesday to go public with what it says is a previously unknown malicious software framework designed to steal files from air-gapped systems. Much around the hacking tool — who is using it, who some of its victims are — remains a mystery. But ESET is hoping publicizing it will shake loose more clues in their hunt for the hackers. “We believe Ramsay is intended to be used in targeted attacks only and [has] espionage written all over it,” Alexis Dorais-Joncas, a security intelligence team lead at ESET, told CyberScoop. “‘Normal’ people do not operate in air-gapped environments.” The […] The post Researchers expose new malware designed to steal data from air-gapped networks appeared first on CyberScoop. (CyberScoop)

U.S. accuses Chinese hackers of trying to steal coronavirus vaccine research

The Department of Homeland Security and the FBI on Wednesday blamed hackers linked with the Chinese government for attempting to steal U.S. research into a coronavirus vaccine, an escalation of the bilateral feud over handling of the global pandemic. The U.S. agencies accused Chinese hackers as well as spies of trying to pilfer intellectual property and other information related to coronavirus treatments. “The FBI is investigating the targeting and compromise of U.S. organizations conducting COVID-19-related research by [People’s Republic of China]-affiliated cyber actors and non-traditional collectors,” reads the statement from DHS’s Cybersecurity and Infrastructure Security Agency and the FBI. “The potential theft of this information jeopardizes the delivery of secure, effective, and efficient treatment options.” Labeling their statement a “public service announcement,” the agencies urged medical research organizations to be vigilant and report suspicious cyber activity. The announcement adds to a slew of charges the Trump administration has made against China for allegedly stealing […] The post U.S. accuses Chinese hackers of trying to steal coronavirus vaccine research appeared first on CyberScoop. (CyberScoop)

Smashing Security #178: Office pranks, meat dresses, and robocop dogs

Graham shares stories of email storms, Carole describes the steps being taken by firms as they try to coax employees back to the office, and special guest Lisa Forte details a hack that has impacted Lady Gaga and other celebrities. All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast with computer security veterans Graham Cluley and Carole Theriault. (Graham Cluley)

Info on NHS Coronavirus app leaks out via Google Drive snafu

Sensitive documents about the UK’s Coronavirus-tracing app have reportedly been carelessly leaked via a publicly accessible Google Drive link. (Graham Cluley)

Password security is critical in a remote work environment – see where businesses are putting themselves at risk

Graham Cluley Security News is sponsored this week by the folks at LastPass. Thanks to the great team there for their support! LastPass has analyzed over 47,000 businesses to bring you insights into security behavior worldwide. The takeaway is clear: Many businesses are making significant strides in some areas of password and access security – […] (Graham Cluley)

Beware the DHL delivery message email – it could be a package scam

Here's a DHL delivery scam with a simple twist - simplicity and a total lack of drama... (Naked Security)

TikTok’s handling of child privacy gets another watchdog’s attention

Use of the kid-addicting, video-sharing app is exploding during lockdown, triggering yet another inquiry into how safe it is for young ones. (Naked Security)

Criminal forum trading stolen data suffers ironic data breach

Someone on the dark web is touting for sale an unusual database a lot of people might pay handsomely to get their hands on. (Naked Security)

How to Get Started with Kali Linux in 2020

Kali Linux has come a long way since its BackTrack days, and it's still widely considered the ultimate Linux distribution for penetration testing. The system has undergone quite the transformation since its old days and includes an updated look, improved performance, and some significant changes to how it's used.

Offensive Security is the team behind Kali Linux, a Debian-based system. Kali is the preferred weapon of choice on Null Byte, and you can install it as your primary system (not recommended), use it with dual boot, use it in a virtual workstation, or create a portable live version on... more (Null Byte « WonderHowTo)

Expand Your Coding Skill Set by Learning How to Build Games in Unity

Null Byte readers are no strangers to the powers and benefits that come from learning how to code. By knowing only a handful of programming languages and platforms, an intrepid developer can create everything from best-selling apps to spyware in the comfort of his or her own home.

But your technical skills and coding prowess can also be used for much more than run-of-the-mill hacking and app development. Through four courses and over 40 hours of training that's geared toward tech enthusiasts looking to expand their development horizons, the Official Unity Game Development Bundle will teach... more (Null Byte « WonderHowTo)

Coronavirus: Cyber-Attacks Hit Hospital Construction Companies

(News ≈ Packet Storm)

Google Search Results Topped By Suspected Scam Gadget Store

(News ≈ Packet Storm)

DHS CISA And FBI Share List Of Top 10 Most Exploited Vulnerabilities

(News ≈ Packet Storm)

Feds Reveal Hidden Cobra's Trove Of Espionage Tools

(News ≈ Packet Storm)

Researcher Spots New Malware Claimed to be 'Tailored for Air‑Gapped Networks'

A cybersecurity researcher at ESET today published an analysis of a new piece of malware, a sample of which they spotted on the Virustotal malware scanning engine and believe the hacker behind it is likely interested in some high-value computers protected behind air‑gapped networks.

Dubbed 'Ramsay,' the malware is still under development with two more variants (v2.a and v2.b) spotted in the (The Hacker News)

U.S Defense Warns of 3 New Malware Used by North Korean Hackers

Yesterday, on the 3rd anniversary of the infamous global WannaCry ransomware outbreak for which North Korea was blamed, the U.S. government released information about three new malware strains used by state-sponsored North Korean hackers.

Called COPPERHEDGE, TAINTEDSCRIBE, and PEBBLEDASH, the malware variants are capable of remote reconnaissance and exfiltration of sensitive information from (The Hacker News)

Texas Courts Won’t Pay Up in Ransomware Attack

Texas appellate courts and judicial agencies’ websites and computer servers were shut down after a ransomware attack. (Threatpost)

Leaked NHS Docs Reveal Roadmap, Concerns Around Contact-Tracing App

Future features include plenty of self-reporting options, and officials' fears the data could be misused. (Threatpost)

Ramsay Malware Targets Air-Gapped Networks

The cyber-espionage toolkit is under active development. (Threatpost)

Healthcare Giant Magellan Struck with Ransomware, Data Breach

Logins, personal information and tax info were all exfiltrated ahead of the ransomware attack, thanks to a phishing email. (Threatpost)

12-05-202014-05-2020

/security-daily/ 14-05-2020 23:44:21