Security daily (14-09-2021)

Disaster recovery compliance in the cloud, part 2: A structured approach

Compliance in the cloud is fraught with myths and misconceptions. This is particularly true when it comes to something as broad as disaster recovery (DR) compliance where the requirements are rarely prescriptive and often based on legacy risk-mitigation techniques that don’t account for the exceptional resilience of modern cloud-based architectures. For regulated entities subject to […] (AWS Security Blog)

Disaster recovery compliance in the cloud, part 1: Common misconceptions

Compliance in the cloud can seem challenging, especially for organizations in heavily regulated sectors such as financial services. Regulated financial institutions (FIs) must comply with laws and regulations (often in multiple jurisdictions), global security standards, their own corporate policies, and even contractual obligations with their customers and counterparties. These various compliance requirements may impose constraints […] (AWS Security Blog)

Former US intelligence operatives charged with helping UAE hack rivals, Americans

The Justice Department charged three former U.S. intelligence operatives on Tuesday with hacking and conspiracy charges in connection with their work helping United Arab Emirates spy on activists and political rivals. The charges allege that defendants Marc Baier, Ryan Adams and Daniel Gericke “knowingly and willfully” provided the UAE with spy technology without approval from the U.S. government. The charges back up a 2019 Reuters investigation that found a secret hacking unit of UAE-based cybersecurity firm DarkMatter was hiring former U.S. intelligence officers to help the UAE to spy on the phones of activists, diplomats and other nation’s leaders. Former employees told Reuters that their work with the hacking unit, “Project Raven,” also involved spying on U.S. citizens and companies. The Intercept first reported the existence of DarkMatter in 2016. According to court documents, after leaving government employment, Baier, Adams and Gericker joined a firm prosecutors referred to as “Company […] The post Former US intelligence operatives charged with helping UAE hack rivals, Americans appeared first on CyberScoop. (CyberScoop)

ATM skimmer sentenced to 4 years after bank cameras, license plate readers captured crime spree

A U.S. judge sentenced a Romanian man who installed data-stealing devices on ATMs throughout New York City and New Jersey to more than four years in prison in what is only the latest example of scammers using crude technical methods to access victims’ bank accounts. District Judge Peter Sherian imposed the punishment Monday on Dorinel Trofin, a 47-year-old man who previously pleaded guilty to conspiracy to commit bank fraud. Bank surveillance cameras and police license plate readers placed Trofin and a partner at dozens of locations where ATM skimmers were found. As part of a fraud ring, Trofin and his associate, Ionut Parachiv, would install hidden card-reading machines on popular ATMs, copying customers’ information and then withdrawing cash from the same accounts later. The pair also installed pinhole cameras in the cash machines to capture customers’ personal identification numbers. The effort affected more than 1,000 people and involved more than […] The post ATM skimmer sentenced to 4 years after bank cameras, license plate readers captured crime spree appeared first on CyberScoop. (CyberScoop)

Apple products vulnerable to FORCEDENTRY zero-day attack – patch now!

Double trouble: two zero-days, patched in the same emergency update. So please don't delay - patch today! (Naked Security)

Pair Of Google Chrome Zero Day Bugs Actively Exploited

(News ≈ Packet Storm)

Wiz Discovers Another Major Azure Vulnerability

(News ≈ Packet Storm)

Apple Patches Zero-Click iMessage Hack Used By NSO

(News ≈ Packet Storm)

HP Patches Severe OMEN Driver Privilege Escalation

(News ≈ Packet Storm)

Microsoft Releases Patch for Actively Exploited Windows Zero-Day Vulnerability

A day after Apple and Google rolled out urgent security updates, Microsoft has pushed software fixes as part of its monthly Patch Tuesday release cycle to plug 66 security holes affecting Windows and other components such as Azure, Office, BitLocker, and Visual Studio, including an actively exploited zero-day in its MSHTML Platform that came to light last week.  Of the 66 flaws, three are rated (The Hacker News)

New Stealthier ZLoader Variant Spreading Via Fake TeamViewer Download Ads

Users searching for TeamViewer remote desktop software on search engines like Google are being redirected to malicious links that drop ZLoader malware onto their systems while simultaneously embracing a stealthier infection chain that allows it to linger on infected devices and evade detection by security solutions. "The malware is downloaded from a Google advertisement published through Google (The Hacker News)

HP OMEN Gaming Hub Flaw Affects Millions of Windows Computers

Cybersecurity researchers on Tuesday disclosed details about a high-severity flaw in the HP OMEN driver software that impacts millions of gaming computers worldwide, leaving them open to an array of attacks. Tracked as CVE-2021-3437 (CVSS score: 7.8), the vulnerabilities could allow threat actors to escalate privileges to kernel mode without requiring administrator permissions, allowing them to (The Hacker News)

Zero Trust Requires Cloud Data Security with Integrated Continuous Endpoint Risk Assessment

Every once in a while, an industry term will get overused by marketing to the point of becoming a cliche. "Zero Trust" may have reached this threshold. In some ways, we understand why this is happening. Security perimeters have become obsolete as people use mobile devices and cloud applications to work from anywhere. Zero Trust deployment — moving all your apps and data to the cloud and assuming (The Hacker News)

Update Google Chrome to Patch 2 New Zero-Day Flaws Under Attack

Google on Monday released security updates for Chrome web browser to address a total of 11 security issues, two of which it says are actively exploited zero-days in the wild. Tracked as CVE-2021-30632 and CVE-2021-30633, the vulnerabilities concern an out of bounds write in V8 JavaScript engine and a use after free flaw in Indexed DB API respectively, with the internet giant crediting anonymous (The Hacker News)

Linux Implementation of Cobalt Strike Beacon Targeting Organizations Worldwide

Researchers on Monday took the wraps off a newly discovered Linux and Windows re-implementation of Cobalt Strike Beacon that's actively set its sights on government, telecommunications, information technology, and financial institutions in the wild. The as-yet undetected version of the penetration testing tool — codenamed "Vermilion Strike" — marks one of the rare Linux ports, which has been (The Hacker News)

New SpookJS Attack Bypasses Google Chrome’s Site Isolation Protection

A newly discovered side-channel attack demonstrated on modern processors can be weaponized to successfully overcome Site Isolation protections weaved into Google Chrome and Chromium browsers and leak sensitive data in a Spectre-style speculative execution attack. Dubbed "Spook.js" by academics from the University of Michigan, University of Adelaide, Georgia Institute of Technology, and Tel Aviv (The Hacker News)

Adobe Snuffs Critical Bugs in Acrobat, Experience Manager

Adobe releases security updates for 59 bugs affecting its core products, including Adobe Acrobat Reader, XMP Toolkit SDK and Photoshop. (Threatpost)

Microsoft Patches Actively Exploited Windows Zero-Day Bug

On Patch Tuesday, Microsoft fixed 66 CVEs, including an RCE bug in MSHTML under active attack as threat actors passed around guides for the drop-dead simple exploit. (Threatpost)

2021’s Most Dangerous Software Weaknesses

Saryu Nayyar, CEO at Gurucul, peeks into Mitre's list of dangerous software bug types, highlighting that the oldies are still the goodies for attackers. (Threatpost)

ZLoader’s Back, Abusing Google AdWords, Disabling Windows Defender

The well-known banking trojan retools for stealth with a whole new attack routine, including using ads for Microsoft TeamViewer and Zoom to lure victims in. (Threatpost)

Pair of Google Chrome Zero-Day Bugs Actively Exploited

The security vulnerabilities bring the web behemoth up to 10 browser zero-days found so far this year. (Threatpost)

Unpatched Bugs Plague Databases; Your Data Is Probably Not Secure – Podcast

Imperva's Elad Erez discusses findings that 46 percent of on-prem databases are sitting ducks, unpatched and vulnerable to attack, each with an average of 26 flaws. (Threatpost)

Romance, BEC Scams Lands Soldier in Jail for 46 Months

A former Army Reservist pleaded guilty to scamming the elderly with catfishing and stealing from veterans. (Threatpost)

BlackMatter Ransomware Hits Japanese Tech Giant Olympus

The incident that occurred Sept. 8 and affected its EMEA IT systems seems to signal a return to business as usual for ransomware groups. (Threatpost)


/security-daily/ 15-09-2021 23:44:22