Security daily (13-11-2020)

How to record a video of Amazon AppStream 2.0 streaming sessions

Amazon AppStream 2.0 is a fully managed service that lets you stream applications and desktops to your users. In this post, I’ll show you how to record a video of AppStream 2.0 streaming sessions by using FFmpeg, a popular media framework. There are many use cases for session recording, such as auditing administrative access, troubleshooting […] (AWS Security Blog)

TikTok gets extensions on US sale order, ban enforcement

The Trump administration is giving Beijing-based ByteDance 15 more days to divest in popular video-sharing app TikTok, the Treasury Department said Friday. The Treasury Department statement is the second executive branch reprieve in as many days for TikTok, which the Trump administration has sought to ban in the United States. The Commerce Department also said Thursday that it wouldn’t start enforcing a TikTok ban as a court battle continues. The Trump administration cited the national security threat posed by the China-based company as a reason for the ban, given the vast amounts of personal information TikTok collects. TikTok has said it doesn’t share data with the Chinese government.   Thursday was the date the Commerce Department had set to implement an executive order that would have forbidden U.S. companies from providing internet and content delivery services to TikTok, which would have effectively shut down its ability to operate in the U.S. […] The post TikTok gets extensions on US sale order, ban enforcement appeared first on CyberScoop. (CyberScoop)

Russian, North Korean hackers targeted COVID-19 vaccine researchers — and some attacks got through, Microsoft says

Three hacking groups connected to the Russian and North Korean governments targeted COVID-19 vaccine and treatment researchers across five nations in recent months, and some of their attacks were successful, Microsoft said Friday. The hackers went after seven prominent companies in Canada, France, India, South Korea and the United States, according to Microsoft. The hacking groups are the Russia-linked Fancy Bear, which Microsoft refers to as Strontium; the North Korea-connected organization Lazarus Group, which Microsoft calls Zinc; and a third North Korean group that Microsoft has not previously mentioned publicly, which it calls Cerium. Microsoft’s alert deepens the breadth of warnings from government agencies and cybersecurity companies: Hackers affiliated with some of the U.S.’s biggest adversaries in cyberspace are hard at work to hack others’ vaccine research. “Among the targets, the majority are vaccine makers that have Covid-19 vaccines in various stages of clinical trials,”  Tom Burt, Microsoft’s corporate vice president for customer security and […] The post Russian, North Korean hackers targeted COVID-19 vaccine researchers — and some attacks got through, Microsoft says appeared first on CyberScoop. (CyberScoop)

How to Hack Computers Over Wi-Fi with the WiFi Duck Payload Deliverer

The USB Rubber Ducky is a well-known hacking device in the cybersecurity industry, but it needs to be preprogrammed before it can be used. That means it's not easy to issue commands to a target computer since you can't interact with it from afar after plugging it in. And if you don't know what the target computer is, you might come up empty. That's where the WiFi Duck comes in handy.

The WiFi Duck is a project created by Stefan Kremser, also known as Spacehuhn. With it, you can plug the WiFi Duck into a target computer that's exposed even for just a minute, then connect to it over Wi-Fi from... more (Null Byte « WonderHowTo)

Add MATLAB to Your Programming Toolkit with This Bundle

It's no secret that more and more talented computer science gurus and programmers are turning toward high-paying careers in engineering. Today's engineers stand at the forefront of some of the world's most important and exciting technological innovations — ranging from self-driving cars and surgical robots to large-scale construction projects and even space exploration—and our reliance on these talented data-driven professionals is only going to grow in the coming years.

With seven courses and over 30 hours of detailed content, the Complete MATLAB Programming Certification Bundle will help... more (Null Byte « WonderHowTo)

Manufacturing Becomes Major Target For Ransomware Attacks

(News ≈ Packet Storm)

Microsoft: North Korean, Russian Hackers Target COVID-19 Researchers

(News ≈ Packet Storm)

Ticketmaster Fined £1.25m Over Payment Data Breach

(News ≈ Packet Storm)

The Best Gifts For Hackers

(News ≈ Packet Storm)

Amazon Sues Instagram, TikTok Influencers Over Knockoff Scam

'Order This, Get This': Social-media influencers are in Amazon’s legal crosshairs for promoting generic Amazon listings with the promise to get prohibited counterfeit luxury items instead. (Threatpost)

Botnet Attackers Turn to Vulnerable IoT Devices

Cybercriminals are leveraging the multitudes of vulnerable connected devices with botnets that launch dangerous distributed denial-of-service (DDoS) attacks. (Threatpost)

Nation-State Attackers Actively Target COVID-19 Vaccine-Makers

Three major APTs are involved in ongoing compromises at pharma and clinical organizations involved in COVID-19 research, Microsoft says. (Threatpost)

2020 Reader Survey: Share Your Feedback to Help Us Improve


Ticketmaster Scores Hefty Fine Over 2018 Data Breach

The events giant faces a GDPR-related penalty in the U.K., and more could follow. (Threatpost)

Credential-Stuffing Attack Hits The North Face

The North Face has reset an undisclosed number of customer accounts after detecting a credential-stuffing attack on its website. (Threatpost)

Report: CISA Chief Expects White House to Fire Him

Chris Krebs, the first and current U.S. cybersecurity director, said his protection of election process drew ire from Trump administration. (Threatpost)


/security-daily/ 14-11-2020 23:44:23