Security daily (15-03-2021)

How to auto-remediate internet accessible ports with AWS Config and AWS System Manager

With the AWS Config service, you can assess, audit, and evaluate the configuration of your Amazon Web Services (AWS) resources. AWS Config continuously monitors and records your AWS resource configurations changes, and enables you to automate the evaluation of those recordings against desired configurations. Not only can AWS Config monitor and detect deviations from desired […] (AWS Security Blog)

NFT digital art is already attracting hackers

Users of the digital art marketplace Nifty Gateway reported hackers had taken over their accounts and stolen artwork worth thousands of dollars over the weekend. Some users reported their entire accounts of digital certificates of authenticity for digital assets — known as non-fungible tokens (NFTs or “nifities”) — were drained over the weekend. But even after changing their passwords, some users said the hackers weren’t kicked out of their accounts. Some reported that the digital assets stolen from their accounts were then sold on the chat application Discord or on Twitter. Others users reported the intruders also stole their credit card information and began using it to make purchases of other art to the tune of $20,000. Nifty Gateway, a marketplace where users can buy, sell and display digital items, said in a statement that it encourages users to use two-factor authentication (2FA) to prevent account takeovers and hacking, noting […] The post NFT digital art is already attracting hackers appeared first on CyberScoop. (CyberScoop)

Google rushes out fix for another Chrome zero-day flaw

Google has released an urgent software update for a flaw in the popular Chrome browser amid reports that an exploit for the bug is already available.  The vulnerability is in Blink, the feature that Chrome uses to convert HTML code to web pages, and could allow an attacker to execute code remotely or conduct a denial-of-service attack on a machine, according to IBM. An anonymous researcher reported the issue to Google on March 9, and the company released a fix for the bug on March 12. It’s the third so-called zero-day, or previously unknown, vulnerability that Chrome has addressed this year. It’s an example of the high-stakes cat-and-mouse game between attackers searching for holes in popular software and vendors moving to plug them. In a blog post, Google Chrome’s Prudhvikumar Bommana did not offer additional details on the bug. “Access to bug details and links may be kept restricted until […] The post Google rushes out fix for another Chrome zero-day flaw appeared first on CyberScoop. (CyberScoop)

Buffalo Public Schools cancels classes after cyberattack

Ransomware attackers appear to have taken a swipe at Buffalo Public Schools in recent days, screeching the school system’s plans for remote classes and in-person learning to a halt on Friday. The school system, which has been slowly returning to in-person learning plans, canceled all classes Monday while it works to respond to the incident, according to an announcement. The FBI is investigating the attack, but so far the probe has not found that any sensitive information about students and teachers was exposed during the attack, the superintendent of Buffalo Public Schools, Kriner Cash, said in a statement. The attackers, who encrypted the school’s computers, have not made any ransom demands yet, The Buffalo News reported. But the FBI has determined that the hackers’ demand is likely between $100,000 and $300,000, according to the The Buffalo News. GreyCastle, a cybersecurity firm, is reportedly assisting the investigation. GreyCastle did not immediately […] The post Buffalo Public Schools cancels classes after cyberattack appeared first on CyberScoop. (CyberScoop)

S3 Ep 23.5: An interview with cybersecurity expert John Noble CBE

Special episode - listen now! (Naked Security)

Naked Security Live – HAFNIUM explained in plain English

Latest episode - watch now! (Naked Security)

Google Faces $5 Billion Lawsuit Over Incognito Mode

(News ≈ Packet Storm)

U.S. Indicts CEO Of Encrypted Phone Firm Sky

(News ≈ Packet Storm)

Critical Security Hole Can Knock Smart Meters Offline

(News ≈ Packet Storm)

Bitcoin Surges Past $60,000 For The First Time

(News ≈ Packet Storm)

Rising Demand for DDoS Protection Software Market By 2020-2028

Distributed Denial of Service (DDoS) attack is a malicious form of attack that disrupts the regular network traffic by overwhelming the website with more traffic than the server can handle. The main aim of this kind of cyberattack is to render the website inoperable. Over recent years, these kinds of attacks are increasing, fueling the demand for the best DDoS protection software solutions. Many (The Hacker News)

Cybersecurity Bug-Hunting Sparks Enterprise Confidence

A survey from Intel shows that most organizations prefer tech providers to have proactive security, but few meet security expectations. (Threatpost)

Cyberattacks See Fundamental Changes, A Year into COVID-19

A year after COVID-19 was officially determined to be a pandemic, the methods and tactics used by cybercriminals have drastically changed. (Threatpost)

Google Warns Mac, Windows Users of Chrome Zero-Day Flaw

The use-after-free vulnerability is the third Google Chrome zero-day flaw to be disclosed in three months. (Threatpost)


/security-daily/ 16-03-2021 23:44:24