Security daily (14-07-2021)

Protect public clients for Amazon Cognito by using an Amazon CloudFront proxy

In Amazon Cognito user pools, an app client is an entity that has permission to call unauthenticated API operations (that is, operations that don’t have an authenticated user), such as operations to sign up, sign in, and handle forgotten passwords. In this post, I show you a solution designed to protect these API operations from […] (AWS Security Blog)

New Internet Explorer, Chrome zero-days highlight a growing market

Hackers are still using vulnerabilities in the seven-year-old Internet Explorer 11 browser to go after targets, even as Microsoft plans to sunset the program in less than a year, researchers at Google’s Threat Analysis Group reported Wednesday. The campaign largely targeted victims in Armenia. In April and June cybercriminals targeted Armenian users with the exploit, researchers found. “This exploit was delivered via an Office document rather than via the Internet Explorer browser [graphical user interface],” explained Shane Huntley, director of Google’s Threat Analysis Group. “Even if a user was to uninstall Internet Explorer, the exploit would still work.” Microsoft fixed the exploit in June. The same surveillance group also cashed in with two vulnerability in Chrome over the past several months. They sent the exploits via email with links posing as legitimate websites. The links sent users targets to attacker-controlled domains that fingerprinted a user’s device and allowed hackers to […] The post New Internet Explorer, Chrome zero-days highlight a growing market appeared first on CyberScoop. (CyberScoop)

An espionage campaign spread its wings from Myanmar to the Philippines, raising new questions

A cyberespionage campaign that spread through Myanmar last fall at first looked like many others of the genre: a handpicked set of targets affected by highly tailored break-in methods. After all, scattershot attacks historically are not only less likely to hit valuable victims, but they also equal a greater chance of being caught and halted before the hackers gather the information they want. Then something changed, according to the security firm Kaspersky. What began as a small campaign — ultimately affecting approximately 100 Myanmar victims that Kaspersky identified — leapfrogged to another country, the Philippines, where the victim count exploded to 1,400 and included some government entities. Kaspersky researchers on Wednesday detailed the extent of the campaign, and who they believe is behind it. But they remain unsure why it evolved the way it did, even if they have some informed guesses. The investigators attributed the infections to a group […] The post An espionage campaign spread its wings from Myanmar to the Philippines, raising new questions appeared first on CyberScoop. (CyberScoop)

CISA orders agencies to disable Microsoft Print Spooler in response to 'PrintNightmare' flaw

The Cybersecurity and Infrastructure Security Agency late Tuesday ordered federal agencies to disable the Microsoft Windows Print Spooler service because of an alarming flaw that could allow attackers to take over systems remotely. CISA, part of the Department of Homeland Security, gave agencies until midnight Wednesday to disable the service in response to the so-called “PrintNightmare” bug. Its “emergency directive” also ordered agencies to implement Microsoft security updates by July 20. The PrintNightmare issue has given Microsoft fits for weeks. It issued a patch last week that some security pros said didn’t work properly. On Tuesday, Microsoft issued another Print Spooler fix as part of its “Patch Tuesday” update, the latest of which also included answers for 13 “critical vulnerabilities” and four under active attack. “CISA has determined that this vulnerability poses an unacceptable risk to Federal Civilian Executive Branch agencies and requires emergency action,” CISA said in its PrintSpooler […] The post CISA orders agencies to disable Microsoft Print Spooler in response to 'PrintNightmare' flaw appeared first on CyberScoop. (CyberScoop)

Home delivery scams get smarter – don’t get caught out

We've said it before, and we'll say it again: don't be in too much of a hurry for those home deliveries you're expecting! (Naked Security)

Cellebrite Under Fire Again After Being Used To Target Journalist

(News ≈ Packet Storm)

Microsoft July 2021 Patch Tuesday Addresses 117 Vulnerabilities

(News ≈ Packet Storm)

Amazon Rolls Out Encryption For Ring Doorbells

(News ≈ Packet Storm)

Updated Joker Malware Floods Into Android Apps

(News ≈ Packet Storm)

Windows Hello Bypass Fools Biometrics Safeguards In PCs

(News ≈ Packet Storm)

Hackers Move To Extort Gaming Giant EA

(News ≈ Packet Storm)

An Overview of Basic WordPress Hardening

We have discussed in the past how out-of-the-box security configurations tend to not be very secure. This is usually true for all software and WordPress is no exception. While there are a plethora of different ways that site owners can lock down their website, in this post we are going to review the most basic hardening mechanisms that WordPress website owners can employ to improve their security. We will also review the pros and cons of these different tactics. Continue reading An Overview of Basic WordPress Hardening at Sucuri Blog. (Sucuri Blog)

16 Cybercriminals Behind Mekotio and Grandoreiro Banking Trojan Arrested in Spain

Spanish law enforcement agencies on Wednesday arrested 16 individuals belonging to a criminal network in connection with operating two banking trojans as part of a social engineering campaign targeting financial institutions in Europe. The arrests were made in Ribeira (A Coruña), Madrid, Parla and Móstoles (Madrid), Seseña (Toledo), Villafranca de los barros (Badajoz), and Aranda de Duero ( (The Hacker News)

REvil Ransomware Gang Mysteriously Disappears After High-Profile Attacks

REvil, the infamous ransomware cartel behind some of the biggest cyberattacks targeting JBS and Kaseya, has mysteriously disappeared from the dark web, leading to speculations that the criminal enterprise may have been taken down. Multiple darknet and clearnet sites maintained by the Russia-linked cybercrime syndicate, including the data leak, extortion, and payment portals, remained (The Hacker News)

Use This Definitive RFP Template to Effectively Evaluate XDR solutions

A new class of security tools is emerging that promises to significantly improve the effectiveness and efficiency of threat detection and response.

Emerging Extended Detection and Response (XDR) solutions aim to aggregate and correlate telemetry from multiple detection controls and then synthesize response actions.

XDR has been referred to as the next step in the evolution of Endpoint (The Hacker News)

Update Your Windows PCs to Patch 117 New Flaws, Including 9 Zero-Days

Microsoft rolled out Patch Tuesday updates for the month of July with fixes for a total of 117 security vulnerabilities, including nine zero-day flaws, of which four are said to be under active attacks in the wild, potentially enabling an adversary to take control of affected systems.  Of the 117 issues, 13 are rated Critical, 103 are rated Important, and one is rated as Moderate in severity, (The Hacker News)

Chinese Hackers Exploited Latest SolarWinds 0-Day in Targeted Attacks

Microsoft on Tuesday disclosed that the latest string of attacks targeting SolarWinds Serv-U managed file transfer service with a now-patched remote code execution (RCE) exploit is the handiwork of a Chinese threat actor dubbed "DEV-0322." The revelation comes days after the Texas-based IT monitoring software maker issued fixes for the flaw that could enable adversaries to remotely run arbitrary (The Hacker News)

Crafting a Custom Dictionary for Your Password Policy

Modern password policies are comprised of many different elements that contribute to its effectiveness. One of the components of an effective current password policy makes use of what is known as a custom dictionary that filters out certain words that are not allowed as passwords in the environment.  Using custom dictionaries, organizations can significantly improve their cybersecurity posture (The Hacker News)

Cryptominer Farm Rigged with 3,800 PS4s Busted in Ukraine

Ukrainian cops seize PlayStation 4 consoles, graphics cards, processors and more in cryptomining sting involving alleged electricity theft. (Threatpost)

Linux-Focused Cryptojacking Gang Tracked to Romania

The gang is using a new brute-forcer – “Diicot brute” – to crack passwords on Linux-based machines with weak passwords. (Threatpost)

Apps Built Better: Why DevSecOps is Your Security Team’s Silver Bullet

Phil Richards, vice president and CSO at Ivanti, explains how organizations can design DevOps processes and systems to thwart cyberattacks. (Threatpost)

Trickbot Malware Rebounds with Virtual-Desktop Espionage Module

The attackers have spruced up the 'vncDll' module used for spying on targets and stealing data. (Threatpost)

Updated Joker Malware Floods into Android Apps

The Joker premium billing-fraud malware is back on Google Play in a fresh onslaught, with an updated bag of tricks to evade scanners. (Threatpost)

Windows Hello Bypass Fools Biometrics Safeguards in PCs

A Windows security bug would allow an attacker to fool a USB camera used in the biometric facial-recognition aspect of the system. (Threatpost)


/security-daily/ 15-07-2021 23:44:22