13-10-202115-10-2021

Security daily (14-10-2021)

New AWS workbook for New Zealand financial services customers

We are pleased to announce a new AWS workbook designed to help New Zealand financial services customers align with the Reserve Bank of New Zealand (RBNZ) Guidance on Cyber Resilience. The RBNZ Guidance on Cyber Resilience sets out the RBNZ expectations for its regulated entities regarding cyber resilience, and aims to raise awareness and promote […] (AWS Security Blog)

Introducing the Security at the Edge: Core Principles whitepaper

Amazon Web Services (AWS) recently released the Security at the Edge: Core Principles whitepaper. Today’s business leaders know that it’s critical to ensure that both the security of their environments and the security present in traditional cloud networks are extended to workloads at the edge. The whitepaper provides security executives the foundations for implementing a […] (AWS Security Blog)

FBI, CISA warn water facility operators of ongoing malicious cyber activity

Ransomware attackers are continuing to target water and wastewater facilities, U.S. intelligence and law enforcement officials warned in a bulletin based on incidents in five states. A cybersecurity advisory published Thursday from the FBI, the Cybersecurity Infrastructure and Security Agency, the Environmental Protection Agency and the National Security Agency highlighted incidents in five states between March of 2019 and August 2021, where systems were targeted by either ransomware attacks or other hacks. In one case, a former employee of a Kansas-based facility tried to “threaten drinking water safety by using his user credentials…to remotely access a facility computer,” according to the alert. Other incidents occurred in California, Maine, Nevada and New Jersey. The notice pointed to “ongoing malicious cyber activity — both by known and unknown actors,” targeting information technology and operational technology networks, systems, and devices. “Recent ransomware incidents and ongoing threats demonstrate why all critical infrastructure owners and operators […] The post FBI, CISA warn water facility operators of ongoing malicious cyber activity appeared first on CyberScoop. (CyberScoop)

US, allies pledge to combat money laundering as part of efforts to slow ransomware

Nations must better clamp down on money laundering in order to disrupt ransomware gangs’ illicit financial transactions, according to a statement Thursday from more than 30 countries that participated in two days of White House meetings focused on slowing hackers and digital extortion. The joint statement also included commitments to other methods of countering ransomware, such as encouraging cyber hygiene practices to the private sector, collaborating across law enforcement and national security agencies and using diplomatic pressure against nations that harbor cybercriminals. The initiative comes after a White House summit that included presentations and intelligence sharing between countries including Australia, Brazil, Bulgaria, Canada, the Czech Republic, Estonia, France and Germany, among others. The two days of meetings were the latest steps the Biden administration has taken to battle ransomware, a frequent focus of the White House since major attacks this summer on Colonial Pipeline, JBS and Kaseya. However, the meetings […] The post US, allies pledge to combat money laundering as part of efforts to slow ransomware appeared first on CyberScoop. (CyberScoop)

A former top US election official urges sweeping security improvements, warning 'democracy is in trouble'

The Cybersecurity and Infrastructure Security Agency’s former lead election security official is recommending comprehensive changes to protect the ballot in future elections, from physical safety upgrades for election workers and federal agency revamps to mandated disclosure of cyber incidents. A report published Thursday from former CISA election adviser Matt Masterson, who now works for Stanford’s Internet Observatory Cyber Policy Center, is a response to the complications that surrounded the 2020 elections. Namely, 2020 was marred by misinformation that undermined public faith in elections, inconsistent funding to mitigate IT vulnerabilities and threats against election officials, the report concludes. The battle over the 2020 presidential race rages on, with the GOP pushing partisan election reviews in several states despite numerous recounts that concluded with Joe Biden as the victor. “Our democracy is in trouble,” Masterson told CyberScoop. “We are in a downward spiral of distrust of the process. If we don’t make […] The post A former top US election official urges sweeping security improvements, warning 'democracy is in trouble' appeared first on CyberScoop. (CyberScoop)

State-sponsored Iranian hackers uploaded fake VPN app to Google's Play store, posed as university officials

Suspected government-backed hackers from Iran have used an array of techniques, from password theft to uploading a fake app to a prominent app marketplace, to try gathering intelligence from targets over the past year, Google said in a bulletin published Thursday. The espionage group APT35, also known as Charming Kitten, last year successfully uploaded to Google’s Play Store an app that masqueraded as a virtual private network service, claiming the tool would safeguard user data. In fact, the apparent VPN program functioned as spyware, collecting call logs, text messages, contacts and location data from affected devices. Google said in an Oct. 14 update that it detected the program “quickly” and removed it before any downloads occurred. The surveillance app marks an update to existing APT35 tactics. The group is best known for reportedly targeting email accounts associated with former President Donald Trump’s election campaign in 2020 and espionage around major […] The post State-sponsored Iranian hackers uploaded fake VPN app to Google's Play store, posed as university officials appeared first on CyberScoop. (CyberScoop)

S3 Ep54: Another 0-day, double Apache patch, and Fight The Phish [Podcast]

Latest episode - listen now! (Naked Security)

7-11 Breached Privacy By Collecting Facial Imagery Without Consent

(News ≈ Packet Storm)

US Invites Friends To Multilateral Cybersecurity Meetings - Russia And China Strangely Absent

(News ≈ Packet Storm)

Fake News Writer Only Now Regrets Writing Fake News

(News ≈ Packet Storm)

FreakOut Botnet Turns DVRs Into Monero Cryptominers

(News ≈ Packet Storm)

The Ultimate SaaS Security Posture Management (SSPM) Checklist

Cloud security is the umbrella that holds within it: IaaS, PaaS and SaaS. Gartner created the SaaS Security Posture Management (SSPM) category for solutions that continuously assess security risk and manage the SaaS applications’ security posture. With enterprises having 1,000 or more employees relying on dozens to hundreds of apps, the need for deep visibility and remediation for SaaS security (The Hacker News)

Critical Remote Hacking Flaws Disclosed in Linphone and MicroSIP Softphones

Multiple security vulnerabilities have been disclosed in softphone software from Linphone and MicroSIP that could be exploited by an unauthenticated remote adversary to crash the client and even extract sensitive information like password hashes by simply making a malicious call. The vulnerabilities, which were discovered by Moritz Abrell of German pen-testing firm SySS GmbH, have since been (The Hacker News)

VirusTotal Releases Ransomware Report Based on Analysis of 80 Million Samples

As many as 130 different ransomware families have been found to be active in 2020 and the first half of 2021, with Israel, South Korea, Vietnam, China, Singapore, India, Kazakhstan, Philippines, Iran, and the U.K. emerging as the most affected territories, a comprehensive analysis of 80 million ransomware-related samples has revealed. Google's cybersecurity arm VirusTotal attributed a (The Hacker News)

Experts Warn of Unprotected Prometheus Endpoints Exposing Sensitive Information

A large-scale unauthenticated scraping of publicly available and non-secured endpoints from older versions of Prometheus event monitoring and alerting solution could be leveraged to inadvertently leak sensitive information, according to the latest research. "Due to the fact that authentication and encryption support is relatively new, many organizations that use Prometheus haven't yet enabled (The Hacker News)

Microsoft Fended Off a Record 2.4 Tbps DDoS Attack Targeting Azure Customers

Microsoft on Monday revealed that its Azure cloud platform mitigated a 2.4 Tbps distributed denial-of-service (DDoS) attack in the last week of August targeting an unnamed customer in Europe, surpassing a 2.3 Tbps attack stopped by Amazon Web Services in February 2020. "This is 140 percent higher than 2020's 1 Tbps attack and higher than any network volumetric event previously detected on Azure, (The Hacker News)

Rickroll Grad Prank Exposes Exterity IPTV Bug

IPTV and IP video security is increasingly under scrutiny, even by high school kids. (Threatpost)

Verizon’s Visible Wireless Carrier Confirms Credential-Stuffing Attack

Visible says yes, user accounts were hijacked, but it denied a breach. As of today, users are still posting tales of forcibly changed passwords and getting stuck with bills for pricey new iPhones. (Threatpost)

CryptoRom Scam Rakes in $1.4M by Exploiting Apple Enterprise Features

The campaign, which uses the Apple Developer Program and Enterprise Signatures to get past Apple's app review process, remains active. (Threatpost)

Podcast: 67% of Orgs Have Been Hit by Ransomware at Least Once

Fortinet’s Derek Manky discusses a recent global survey showing that two-thirds of organizations suffered at least one ransomware attack, while half were hit multiple times. (Threatpost)

13-10-202115-10-2021

/security-daily/ 15-10-2021 23:44:22