Security daily (14-10-2020)

Use AWS Firewall Manager to deploy protection at scale in AWS Organizations

Security teams that are responsible for securing workloads in hundreds of Amazon Web Services (AWS) accounts in different organizational units aim for a consistent approach across AWS Organizations. Key goals include enforcing preventative measures to mitigate known security issues, having a central approach for notifying the SecOps team about potential distributed denial of service (DDoS) […] (AWS Security Blog)

Facebook, Twitter aim to slow spread of New York Post article amid disinformation concerns

Social media companies are moving to limit the spread of an article that fits the description of the kind of political dirt that disinformation specialists have predicted would surface in the weeks before Election Day. An Oct. 14 New York Post story which purportedly shows evidence that Democratic presidential nominee Joe Biden had engaged in some kind of political corruption during his time as vice president was immediately criticized by a range of academics and security practitioners who, for months, have advised the media to be cautious with any salacious materials that allegedly had been leaked prior to Nov. 3. The article from the right-leaning Post reports that Biden’s son, Hunter Biden, had sought to introduce his father to a Ukrainian businessman, citing emails that were allegedly left at a Delaware computer repair shop and provided to an attorney for Rudy Giuliani, a member of President Donald Trump’s legal team. Facebook said […] The post Facebook, Twitter aim to slow spread of New York Post article amid disinformation concerns appeared first on CyberScoop. (CyberScoop)

After blows from Cyber Command and Microsoft, TrickBot lives on

Disrupting a well-oiled botnet, or network of compromised computers used to launch attacks, isn’t easy. It’s little surprise, then, that in the days after U.S. Cyber Command and Microsoft took aim at TrickBot, one of the world’s largest botnets, parts of the zombie computer army still appear to be active. The goal of the distinct operations carried out in recent weeks was to wound a vast, malicious network that Russian-speaking criminals had used to infect victims with ransomware. Cyber Command, the offensive hacking unit within the U.S. Department of Defense, attacked the botnet’s infrastructure. In a separate action, Microsoft carried out a court order to disable some of TrickBot’s U.S.-based computer activity. The latter move appears to have taken large chunks of the botnet’s U.S.-based servers offline, forcing TrickBot’s puppet masters to reconfigure some of their operations, and seemed to give some organizations a reprieve to shore up digital defenses. The dual actions sought to curb the ability of a criminal network to deploy ransomware on state […] The post After blows from Cyber Command and Microsoft, TrickBot lives on appeared first on CyberScoop. (CyberScoop)

Zoom to begin end-to-end encryption rollout with monthlong preview

Zoom says it will preview its end-to-end encryption feature for all users, free and paid, as the first phase of its plan to fully roll out the security technology. It’s the latest security step for a video conferencing platform that took off in the early days of the COVID-19 pandemic, but also underwent criticism over its user data protection mechanisms. The technical preview of end-to-end encryption is the inaugural phase of four, the company said Wednesday, with the idea that it will solicit user feedback during a 30-day period. End-to-end encryption means that no outsiders can access a call, not even law enforcement or Zoom itself. “In typical meetings, Zoom’s cloud generates encryption keys and distributes them to meeting participants using Zoom apps as they join,” the company explained in a blog post. “With Zoom’s E2EE, the meeting’s host generates encryption keys and uses public key cryptography to distribute these keys to the other meeting participants. Zoom’s […] The post Zoom to begin end-to-end encryption rollout with monthlong preview appeared first on CyberScoop. (CyberScoop)

SD-WAN is a pandemic-ready network security technology

A former national cyberthreat intelligence adviser urges federal agency leaders to adapt a platform mindset that fully embraces software-defined networking. The post SD-WAN is a pandemic-ready network security technology appeared first on CyberScoop. (CyberScoop)

Windows “Ping of Death” bug revealed – patch now!

No one has figured out how to run code with this bug yet - but if they do, you can bet that someone will turn it into a computer worm. (Naked Security)

How to Discover Hidden Subdomains on Any Website with Subfinder

When approaching a target, having a precise and detailed plan of attack is absolutely necessary. One of the main goals is to increase the attack surface since the more opportunities there are for exploitation, the greater the chances of success. Subdomain enumeration is one method used to increase the attack surface, and we'll be using a tool called Subfinder to discover hidden subdomains.

Subdomain Enumeration Overview

Subdomain enumeration is an indispensable, often overlooked part of the reconnaissance phase. It is basically the process of finding subdomains for any given domain or set of... more (Null Byte « WonderHowTo)

Apple Is Poaching From Google's iPhone Hacking Team

(News ≈ Packet Storm)

German Authorities Raid FinFisher Offices

(News ≈ Packet Storm)

Twitter's Security Fell Short Before Hack Targeting Celebrities, Regulator Says

(News ≈ Packet Storm)

Zoom To Roll Out End-To-End Encrypted Calls

(News ≈ Packet Storm)

Magento Phishing Leverages JavaScript For Exfiltration

During a recent investigation, a Magento admin login phishing page was found on a compromised website using the file name wp-order.php. This is an odd file name choice for a Magento phishing page, but nevertheless it successfully loads a legitimate looking Magento 1.x login page.

What is not immediately visible or apparent to victims, however, is that the page elements like the images and CSS structure are almost all loaded from a malicious domain — orderline[.]club:

Harvesting Magento Login Credentials For stolen data exfiltration, the phishing page uses a technique that doesn’t require a separate PHP file or rely on PHP functions to send out an email to the attacker, which is what we often find for exfiltration on phishing pages like this. Continue reading Magento Phishing Leverages JavaScript For Exfiltration at Sucuri Blog. (Sucuri Blog)

India Witnessed Spike in Cyber Attacks Amidst Covid-19 - Here's Why?

The COVID-19 outreach is turning out to be not only health, social, and economic hazard but also a cybersecurity crisis. The pandemic has presented new challenges for businesses in the areas of remote collaboration and business continuity. With increased remote working for better business continuity, employees are using numerous Internet tools. As businesses and people have started relying more (The Hacker News)

Police Raided German Spyware Company FinFisher Offices

German investigating authorities have raided the offices of Munich-based company FinFisher that sells the infamous commercial surveillance spyware dubbed 'FinSpy,' reportedly in suspicion of illegally exporting the software to abroad without the required authorization. Investigators from the German Customs Investigation Bureau (ZKA), ordered by the Munich Public Prosecutor's Office, searched a (The Hacker News)

FIN11 Hackers Spotted Using New Techniques In Ransomware Attacks

A financially-motivated threat actor known for its malware distribution campaigns has evolved its tactics to focus on ransomware and extortion. According to FireEye's Mandiant threat intelligence team, the collective — known as FIN11 — has engaged in a pattern of cybercrime campaigns at least since 2016 that involves monetizing their access to organizations' networks, in addition to deploying (The Hacker News)

Guide: Scale or Fail — Why MSSPs Need Multitenant Security Solutions

Managed Security Services Providers (MSSPs) have it rough. They have the burden of protecting their client organizations from cyberattacks, with clients from different industries, different security stacks, and different support requirements. And everything is in a constant state of flux. MSSPs are turning to multitenant solutions to help reduce the complexity of managing multiple security (The Hacker News)

Microsoft Releases Patches For Critical Windows TCP/IP and Other Bugs

Microsoft on Tuesday issued fixes for 87 newly discovered security vulnerabilities as part of its October 2020 Patch Tuesday, including two critical remote code execution (RCE) flaws in Windows TCP/IP stack and Microsoft Outlook. The flaws, 11 of which are categorized as Critical, 75 are ranked Important, and one is classified Moderate in severity, affect Windows, Office and Office Services and (The Hacker News)

Travelex, Other Orgs Face DDoS Threats as Extortion Campaign Rages On

Organizations worldwide – including Travelex – have been sent letters threatening to launch DDoS attacks on their network unless a $230K ransom is paid. (Threatpost)

BEC Attacks: Nigeria No Longer the Epicenter as Losses Top $26B

BEC fraudsters now have bases of operation across at least 39 counties and are responsible for $26 billion in losses annually -- and growing. (Threatpost)

Critical SonicWall VPN Portal Bug Allows DoS, Worming RCE

The CVE-2020-5135 stack-based buffer overflow security vulnerability is trivial to exploit, without logging in. (Threatpost)

Silent Librarian Goes Back to School with Global Research-Stealing Effort

The Iranian hacker group is targeting universities in 12 countries. (Threatpost)


/security-daily/ 15-10-2020 23:44:22