Security daily (14-08-2020)

Updated guidance to assist customers with APRA requirements

Just over a year ago, on July 1, 2019, the Australian Prudential Regulation Authority’s (APRA’s) Prudential Standard CPS 234 Information Security became effective. This standard is a set of legally enforceable information security requirements for APRA-regulated entities. CPS 234 aims to: “…ensure that an APRA regulated entity takes measures to be resilient against information security […] (AWS Security Blog)

‘Cyber Storm’ drill for critical infrastructure focuses on corruption of key IT services

In a drill this week that drew some 2,000 participants, the Department of Homeland Security tested the ability of companies in the health care, manufacturing and other key sectors to withstand hypothetical hacking campaigns that compromise the trust users place in key internet services. The seventh iteration of Cyber Storm, as the biannual exercise is called, focused on what could go wrong when some of the pillars of the internet are corrupted. It is the subtle manipulation of these IT services that advanced hacking campaigns often exploit in the real world. The simulation featured compromised certificate authorities, which deem software trustworthy, attacks on the Border Gateway Protocol, the internet’s basic routing mechanism, and the subversion of domain name system (DNS) records, which help send a user to a website that is not malicious. “[I]t was clear that many organizations do not have a full understanding of their reliance on third-party services,” […] The post ‘Cyber Storm’ drill for critical infrastructure focuses on corruption of key IT services appeared first on CyberScoop. (CyberScoop)

CactusPete Hackers Go On European Rampage With Bisonal

(News ≈ Packet Storm)

Alexa Vulnerability Is A Reminder To Delete Your Voice History

(News ≈ Packet Storm)

Google Stops Responding To Data Requests From Hong Kong Govt

(News ≈ Packet Storm)

Instagram Retained Deleted User Data Despite GDPR Rules

(News ≈ Packet Storm)

Web Crawler & User Agent Blocking Techniques

This is a simple script that allows hackers to block specific crawlers based upon website requests from specific user-agents. This is useful when you don’t want certain traffic from being able to load certain content – usually a phishing page or a malicious download. if(pregmatch('/bot|crawler|spider|facebook|alexa|twitter|curl/i', $SERVER['HTTPUSERAGENT'])) { logger("[BOT] {$SERVER['REQUESTURI']} - 500"); header('HTTP/1.1 500 Internal Server Error'); exit(); } Using preg_match, the script looks for certain known crawler strings in the user-agent. Continue reading Web Crawler & User Agent Blocking Techniques at Sucuri Blog. (Sucuri Blog)

PoC Exploit Targeting Apache Struts Surfaces on GitHub

Researchers have discovered freely available PoC code and exploit that can be used to attack unpatched security holes in Apache Struts 2. (Threatpost)

Mac Users Targeted by Spyware Spreading via Xcode Projects

The XCSSET suite of malware also hijacks browsers, has a ransomware module and more -- and uses a pair of zero-day exploits. (Threatpost)

Critical Flaws in WordPress Quiz Plugin Allow Site Takeover

The recently patched flaws could be abused by an unauthenticated, remote attackers to take over vulnerable websites. (Threatpost)

UPDATE: Canon Ransomware Attack Results in Leaked Data, Report

The consumer-electronics giant had suffered partial outages across its U.S. website and internal systems reportedly, thanks to the Maze gang. (Threatpost)

Instagram Retained Deleted User Data Despite GDPR Rules

The photo-sharing app retained people’s photos and private direct messages on its servers even after users removed them. (Threatpost)


/security-daily/ 15-08-2020 23:44:23