12-07-202114-07-2021

Security daily (13-07-2021)

Implement tenant isolation for Amazon S3 and Aurora PostgreSQL by using ABAC

In software as a service (SaaS) systems, which are designed to be used by multiple customers, isolating tenant data is a fundamental responsibility for SaaS providers. The practice of isolation of data in a multi-tenant application platform is called tenant isolation. In this post, we describe an approach you can use to achieve tenant isolation […] (AWS Security Blog)

REvil ransomware gang sites go dark, for reasons that remain unclear

The ransomware gang behind a string of recent attacks that netted tens of millions of dollars may have been too successful for its own good. REvil, the Russian-speaking hacking crew that claimed responsibility for a hack at the IT firm Kaseya that yielded perhaps thousands of victims, largely went dark Tuesday morning, according to multiple security researchers. The dark web site where REvil typically posts victim data and a payment site suddenly went down, while one site apparently ceased responding to Domain Name System requests. The cause of the outages was not immediately clear. Ransomware gangs frequently shutter their operations, update their tradecraft or evolve into different extortion techniques after profitable periods. The White House recently said it reserves the right to “take any necessary action to defend its people and its critical infrastructure” in the face of costly digital extortion attacks. REvil, widely suspected to be based in Russia, […] The post REvil ransomware gang sites go dark, for reasons that remain unclear appeared first on CyberScoop. (CyberScoop)

Researchers find big flaw in a Schneider Electric ICS system popular in building systems, utilities

A vulnerability in Schneider Electric computer control systems popular in heating, air conditioning and other building systems could allow hackers to take control of them, researchers at security firm Armis warn. The remote code execution vulnerability puts millions of devices at risk, Armis said in a report out Tuesday. The affected Modicon programmable logic controllers (PLCs) are also used widely in manufacturing, automation applications and energy utilities. The vulnerability could be used to deploy a variety of attacks, from launching ransomware to altering the commands to machinery. “It’s a very wide range,” said Ben Seri, vice president of research at Armis. “It does reach on one end nation-states and sophisticated attacks in that type of scale, but it can also just be the next logical steps for ransomware attackers.” The vulnerability would allow attackers to hijack a command that would leak a password hash from the device’s memory. Once they have […] The post Researchers find big flaw in a Schneider Electric ICS system popular in building systems, utilities appeared first on CyberScoop. (CyberScoop)

Armis Discovers Critical Vulnerability In Schneider Electric Modicon PLCs

(News ≈ Packet Storm)

Guess Announces Breach Of Employee SSNs And Financial Data After DarkSide Ransomware Attack

(News ≈ Packet Storm)

Iranian Hackers Posed As British-Based Academic

(News ≈ Packet Storm)

SolarWinds Issues Hotfix For Zero-Day Flaw Under Active Attack

(News ≈ Packet Storm)

REvil Ransomware Site Goes Offline

(News ≈ Packet Storm)

Critical Flaws Reported in Etherpad — a Popular Google Docs Alternative

Cybersecurity researchers have disclosed new security vulnerabilities in the Etherpad text editor (version 1.8.13) that could potentially enable attackers to hijack administrator accounts, execute system commands, and even steal sensitive documents. The two flaws — tracked as CVE-2021-34816 and CVE-2021-34817 — were discovered and reported on June 4 by researchers from SonarSource, following (The Hacker News)

Iranian Hackers Posing as Scholars Target Professors and Writers in Middle-East

A sophisticated social engineering attack undertaken by an Iranian-state aligned actor targeted think tanks, journalists, and professors with an aim to solicit sensitive information by masquerading as scholars with the University of London's School of Oriental and African Studies (SOAS). Enterprise security firm Proofpoint attributed the campaign — called "Operation SpoofedScholars" — to the (The Hacker News)

Trickbot Malware Returns with a new VNC Module to Spy on its Victims

Cybersecurity researchers have opened the lid on the continued resurgence of the insidious Trickbot malware, making it clear that the Russia-based transnational cybercrime group is working behind the scenes to revamp its attack infrastructure in response to recent counter efforts from law enforcement. "The new capabilities discovered are used to monitor and gather intelligence on victims, using (The Hacker News)

A New Critical SolarWinds Zero-Day Vulnerability Under Active Attack

SolarWinds, the Texas-based company that became the epicenter of a massive supply chain attack late last year, has issued patches to contain a remote code execution flaw in its Serv-U managed file transfer service. The fixes, which target Serv-U Managed File Transfer and Serv-U Secure FTP products, arrive after Microsoft notified the IT management and remote monitoring software maker that the (The Hacker News)

Microsoft Crushes 116 Bugs, Three Actively Exploited

Microsoft tackles 12 critical bugs, part of its July 2021 Patch Tuesday roundup, capping a ‘PrintNightmare’ month of headaches for system admins. (Threatpost)

Ransomware Giant REvil’s Sites Disappear

Just days after President Biden demanded that Russian President Putin shut down ransomware groups, the servers of one of the biggest groups mysteriously went dark. (Threatpost)

Guess Fashion Brand Deals With Data Loss After Ransomware Attack

An attack on Guess compromised the personal and banking data of 1,300 victims. (Threatpost)

Unpatched Critical RCE Bug Allows Industrial, Utility Takeovers

The 'ModiPwn' bug lays open production lines, sensors, conveyor belts, elevators, HVACs and more that use Schneider Electric PLCs. (Threatpost)

12-07-202114-07-2021

/security-daily/ 14-07-2021 23:44:22