12-08-202114-08-2021

Security daily (13-08-2021)

How US federal agencies can use AWS to improve logging and log retention

This post is part of a series about how Amazon Web Services (AWS) can help your US federal agency meet the requirements of the President’s Executive Order on Improving the Nation’s Cybersecurity. You will learn how you can use AWS information security practices to help meet the requirement to improve logging and log retention practices […] (AWS Security Blog)

How AWS can help your US federal agency meet the executive order on improving the nation’s cybersecurity

AWS can support your information security modernization program to meet the President’s Executive Order on Improving the Nation’s Cybersecurity (issued May 12th, 2021). When working with AWS, a US federal agency gains access to resources, expertise, technology, professional services, and our AWS Partner Network (APN), which can help the agency meet the security and compliance […] (AWS Security Blog)

Multiple ransomware gangs pounce on 'PrintNightmare' vulnerability

The so-called PrintNightmare vulnerability in Microsoft software is turning into a dream for ransomware gangs. For the second time this week, security researchers have warned that extortionists exploited the critical flaw in an attempt to lock files and shake down victims. It shows how, more than a month after Microsoft disclosed the bug and urged users to update their software, a new round of exploitation is under way against vulnerable organizations. A ransomware group dubbed Vice Society recently seized on the PrintNightmare bug to move through an unnamed victim’s network and attempt to steal sensitive data, Talos, Cisco’s threat intelligence unit, said Thursday. A day earlier, cybersecurity firm CrowdStrike said that hackers using another type of ransomware had tried to use PrintNightmare to infect victims in South Korea. Neither Talos nor CrowdStrike named the targeted organizations. The PrintNightmare vulnerability affects how Windows’ Print Spooler manages interactions between computers and printers. […] The post Multiple ransomware gangs pounce on 'PrintNightmare' vulnerability appeared first on CyberScoop. (CyberScoop)

Poly Network offers bug bounty to hacker who stole $600 million worth of cryptocurrency

Poly Network is offering the hacker that stole $600 million worth of virtual currencies from the company a half-million dollars as a bug bounty, the company said Friday. Poly Network said that as of early Friday morning the hacker had returned roughly $340 million worth of assets they stole from the company. The remaining cryptocurrency assets have been transferred to a wallet jointly controlled by Poly Network and the hacker.  The company is also still trying to retrieve $33 million worth of Tether cryptocurrency frozen by Tether. A hacker, who the company is now calling “Mr. White Hat,” stole $600 million worth of virtual currencies from Poly Network on Tuesday. Less than 24 hours later, he began to return it. The hacker claimed in blockchain messages shared by cryptocurrency compliance firm Elliptic that he stole the money “for fun” and to keep it safe from others who might exploit a […] The post Poly Network offers bug bounty to hacker who stole $600 million worth of cryptocurrency appeared first on CyberScoop. (CyberScoop)

United Nations Calls For Moratorium On Sale Of Surveillance Tech Like NSO Group's Pegasus

(News ≈ Packet Storm)

Phishing Campaign Leverages Legit DocuSign Email Notifications

(News ≈ Packet Storm)

Poly Network Rewards Hacker With $500,000 Bug Bounty

(News ≈ Packet Storm)

Hackers Uncover Weaknesses In Agriculture Giants' Systems

(News ≈ Packet Storm)

Adobe Patches Critical Magento Vulnerabilities in Recent Update

Adobe has recently released several critical security patches for both their open source and commercial versions of their ecommerce platform. There are a total of 18 security vulnerabilities patched according to Adobe, although they list only 16 specific issues in the patch notes. Eleven of these issues are considered critical and five considered important, ranked by CWE standards. Ten of these vulnerabilities do not require any authentication whatsoever in order to be exploited, whereas the remaining six do require an admin account. Continue reading Adobe Patches Critical Magento Vulnerabilities in Recent Update at Sucuri Blog. (Sucuri Blog)

Hackers Spotted Using Morse Code in Phishing Attacks to Evade Detection

Microsoft has disclosed details of an evasive year-long social engineering campaign wherein the operators kept changing their obfuscation and encryption mechanisms every 37 days on average, including relying on Morse code, in an attempt to cover their tracks and surreptitiously harvest user credentials. The phishing attacks take the form of invoice-themed lures mimicking financial-related (The Hacker News)

Why Is There A Surge In Ransomware Attacks?

The U.S. is presently combating two pandemics--coronavirus and ransomware attacks. Both have partially shut down parts of the economy. However, in the case of cybersecurity, lax security measures allow hackers to have an easy way to rake in millions. It's pretty simple for hackers to gain financially, using malicious software to access and encrypt data and hold it hostage until the victim pays (The Hacker News)

Hackers Actively Searching for Unpatched Microsoft Exchange Servers

Threat actors are actively carrying out opportunistic scanning and exploitation of Exchange servers using a new exploit chain leveraging a trio of flaws affecting on-premises installations, making them the latest set of bugs after ProxyLogon vulnerabilities were exploited en masse at the start of the year. The remote code execution flaws have been collectively dubbed "ProxyShell." At least (The Hacker News)

Ransomware Gangs Exploiting Windows Print Spooler Vulnerabilities

Ransomware operators such as Magniber and Vice Society are actively exploiting vulnerabilities in Windows Print Spooler to compromise victims and spread laterally across a victim's network to deploy file-encrypting payloads on targeted systems. "Multiple, distinct threat actors view this vulnerability as attractive to use during their attacks and may indicate that this vulnerability will (The Hacker News)

Amazon’s Plan to Track Worker Keystrokes: A Sign of Controls to Come?

Data theft, insider threats and imposters accessing sensitive customer data have apparently gotten so bad inside Amazon, the company is considering rolling out keyboard-stroke monitoring for its customer-service reps. A confidential memo from inside Amazon explained that customer service credential abuse and data theft was on the rise, according to Motherboard which reviewed the document. […] (Threatpost)

Cyberattackers Embrace CAPTCHAs to Hide Phishing, Malware

CAPTCHA-protected malicious URLs are snowballing lately, researchers said. (Threatpost)

SolarWinds 2.0 Could Ignite Financial Crisis – Podcast

That’s what NY State suggests could happen, given the utter lack of cybersec protection at many private equity & hedge fund firms. Can AI help avert it? (Threatpost)

Exchange Servers Under Active Attack via ProxyShell Bugs

There’s an entirely new attack surface in Exchange, a researcher revealed at Black Hat, and threat actors are now exploiting servers vulnerable to the RCE bugs. (Threatpost)

WordPress Sites Abused in Aggah Spear-Phishing Campaign

The Pakistan-linked threat group's campaign uses compromised WordPress sites to deliver the Warzone RAT to manufacturing companies in Taiwan and South Korea. (Threatpost)

12-08-202114-08-2021

/security-daily/ 14-08-2021 23:44:23