12-05-202114-05-2021

Security daily (13-05-2021)

Use EC2 Instance Connect to provide secure SSH access to EC2 instances with private IP addresses

In this post, I show you how to use Amazon EC2 Instance Connect to use Secure Shell (SSH) to securely access your Amazon Elastic Compute Cloud (Amazon EC2) instances running on private subnets within an Amazon Virtual Private Cloud (Amazon VPC). EC2 Instance Connect provides a simple and secure way to connect to your EC2 […] (AWS Security Blog)

Rapid7 says attacker accessed its source code in Codecov supply chain hack

An unauthorized party accessed Rapid7 source code via the Codecov supply chain compromise, the cybersecurity company said Thursday, making it the latest confirmed victim known to be swept up in the attack. Rapid7 said it made limited use of Codecov’s affected Bash Uploader tool, used to share code reports with the software auditing company, as part of its managed detection and response program. After conducting an internal investigation, Rapid7 determined to what degree any outsiders might have infiltrated Rapid7 repositories. “A small subset of our source code repositories for internal tooling for our MDR service was accessed by an unauthorized party outside of Rapid7,” the company wrote in a blog post. “We have contacted the small subset of customers who may be impacted by this incident to ensure they take appropriate steps to mitigate any potential risk,” the blog post continued. “Note: If you haven’t been contacted by us about […] The post Rapid7 says attacker accessed its source code in Codecov supply chain hack appeared first on CyberScoop. (CyberScoop)

US government plans to disrupt hackers behind Colonial Pipeline ransomware, Biden says

President Joe Biden suggested the U.S. intends to pursue hackers who last week infected the IT systems of the largest pipeline in the country with ransomware. The incident led Colonial Pipeline to shut down operations for days in an effort to prevent the ransomware, which the FBI has traced back to criminal operators known as DarkSide, from spreading to its operational technology. Now, following a spike in demand for fuel, the U.S. government is going to disrupt the hackers, who are believed to reside in Russia, Biden said. “We have been in direct communication with Moscow for the imperative for responsible countries to take decisive action against these ransomware networks,” Biden said in remarks Thursday. “We’re also going to pursue a measure to disrupt their ability to operate.” The president did not rule out carrying out a retaliatory cyberattack targeting the criminals, clarifying that the U.S. does not believe the […] The post US government plans to disrupt hackers behind Colonial Pipeline ransomware, Biden says appeared first on CyberScoop. (CyberScoop)

Suspected Pakistani spies use catfishing, stealthy hacking tools to target Indian defense sector

For years, suspected Pakistani hackers have sought to pry their way into Indian government computer networks as part of broader dueling cyber-espionage campaigns between the rival nations. Over the last 18 months, a spying group known as Transparent Tribe has expanded its use of a hacking tool capable of stealing data and taking screenshots from computers, according to research published Thursday by Talos, Cisco’s threat intelligence unit. Hackers also are going after additional targets beyond Indian military personnel, including defense contractors and attendees of Indian government-sponsored conferences. Talos did not mention Pakistan in its research, but multiple security researchers told CyberScoop the Transparent Tribe group is suspected of operating on behalf of the Pakistani government. Similarly, research from email security firm Proofpoint has previously linked a Pakistan-based company to the development of the group’s malicious code. Talos’ findings reflect a relentless appetite for defense-related secrets among hacking groups with suspected […] The post Suspected Pakistani spies use catfishing, stealthy hacking tools to target Indian defense sector appeared first on CyberScoop. (CyberScoop)

S3 Ep32: AirTag jailbreak, Dell vulns, and a never-ending scam [Podcast]

Latest episode - listen now! (Naked Security)

Tesla Stops Accepting Bitcoin Due To Fossil Fuel Use

(News ≈ Packet Storm)

US Petrol Supplies Tighten After Colonial Pipeline Hack

(News ≈ Packet Storm)

Hacker Manipulates Apple's Find My Network For Data Exfiltration

(News ≈ Packet Storm)

FACT SHEET: President Signs Executive Order Charting New Course To Improve The Nation's Cybersecurity And Protect Federal Government Networks

(News ≈ Packet Storm)

Server Side Scans and File Integrity Monitoring

When it comes to the ABCs of website security server side scans and file integrity monitoring are the “A” and “B”. In fact, our server side scanner is one of the most crucial tools in Sucuri’s arsenal. It’s paramount in maintaining an effective security product for our customers and analysts alike. This crucial tool handles tasks like issuing security warnings and alerts to our clients, notifying them that they have been compromised, and assisting our analysts in detecting new and emerging variants of malware. Continue reading Server Side Scans and File Integrity Monitoring at Sucuri Blog. (Sucuri Blog)

Can Data Protection Systems Prevent Data At Rest Leakage?

Protection against insider risks works when the process involves controlling the data transfer channels or examining data sources. One approach involves preventing USB flash drives from being copied or sending them over email. The second one concerns preventing leakage or fraud in which an insider accesses files or databases with harmful intentions. What's the best way to protect your data? It (The Hacker News)

Colonial Pipeline Shells Out $5M in Extortion Payout, Report

According to news reports, Colonial Pipeline paid the cybergang known as DarkSide the ransom it demanded in return for a decryption key. (Threatpost)

Ransomware Going for $4K on the Cyber-Underground

An analysis of three popular forums used by ransomware operators reveals a complex ecosystem with many partnerships. (Threatpost)

Beyond MFA: Rethinking the Authentication Key

Tony Lauro, director of security technology and strategy at Akamai, discusses hardware security dongles and using phones to act as surrogates for them. (Threatpost)

Fresh Loader Targets Aviation Victims with Spy RATs

The campaign is harvesting screenshots, keystrokes, credentials, webcam feeds, browser and clipboard data and more, with RevengeRAT or AsyncRAT payloads. (Threatpost)

12-05-202114-05-2021

/security-daily/ 14-05-2021 23:44:22