14-04-202116-04-2021

Security daily (15-04-2021)

How to use AWS IAM Access Analyzer API to automate detection of public access to AWS KMS keys

In this blog post, I show you how to use AWS IAM Access Analyzer programmatically to automate the detection of public access to your resources in an AWS account. I also show you how to work with the Access Analyzer API, create an analyzer on your account and call specific API functions from your code. […] (AWS Security Blog)

U.S. government accuses Russian companies of recruiting spies, hacking for Moscow

The Biden Administration took a sideswipe at the Russian government’s network of companies it allegedly relies on to conduct intelligence and military hacking Thursday — part of a broader effort to beat back Russian government hacking and information operations targeting Americans, the U.S. private sector and the federal government. In one of the most striking actions the Biden administration took Thursday, the U.S. Treasury Department sanctioned Positive Technologies, a cybersecurity firm headquartered in Moscow. According to the Treasury Department, Positive Technologies may appear to be a regular IT firm, but it actually supports Russian government clients, including the Federal Security Service. The firm also “hosts large-scale conventions that are used as recruiting events for the FSB and GRU,” the Treasury Department said, referring to the Federal Security Service (FSB) and Russia’s Main Intelligence Directorate (GRU). U.S. intelligence documents show that the company has gone even further at times and has […] The post U.S. government accuses Russian companies of recruiting spies, hacking for Moscow appeared first on CyberScoop. (CyberScoop)

White House slaps sanctions on Russian cyber activities while blaming SVR for SolarWinds campaign

The Biden administration on Thursday imposed sweeping sanctions on Russian intelligence operatives for their alleged interference in the 2020 U.S. election, and on Russian companies for allegedly supporting Moscow’s extensive cyber-espionage operations. The Treasury Department sanctioned 32 organizations and individuals for their alleged influence operations aimed at the U.S. election. The White House said it was part of an effort to “disrupt the coordinated efforts of Russian officials, proxies and intelligence agencies to delegitimize our electoral process.” As part of the crackdown, Treasury sanctioned six Russian tech firms for allegedly providing support to Russian intelligence services’ hacking operations by developing malicious software or setting up IT infrastructure. U.S. officials also made official what had long been rumored: They believe with “high confidence” that Russia’s foreign intelligence agency, the SVR, carried out the hacking campaign that has exploited software made by contractor SolarWinds and other vendors to infiltrate nine U.S. agencies […] The post White House slaps sanctions on Russian cyber activities while blaming SVR for SolarWinds campaign appeared first on CyberScoop. (CyberScoop)

NSA, FBI, DHS expose Russian intelligence hacking tradecraft

The U.S. government warned the private sector Thursday that Russian government hackers working for Russia’s Foreign Intelligence Service (SVR) are actively exploiting five known vulnerabilities to target U.S. companies and the defense industrial base. The National Security Agency, the FBI and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) urged system administrators to patch immediately against the vulnerabilities the hackers, also known at APT29 or Cozy Bear, are exploiting. The SVR hackers are specifically actively exploiting vulnerabilities in Fortinet FortiGate VPN, Synacor Zimbra Collaboration Suite, Pulse Secure Pulse Connect Secure VPN, Citrix Application Delivery Controller and Gateway and VMware Workspace ONE Access to gain initial footholds into networks, the government said in its alert. The hackers have been using these initial footholds to collect victims’ authentication credentials to burrow further into networks. The announcement coincides with the U.S. intelligence community’s formal attribution of the supply chain hack […] The post NSA, FBI, DHS expose Russian intelligence hacking tradecraft appeared first on CyberScoop. (CyberScoop)

S3 Ep28: Pwn2Own hacks, dark web hitmen and COVID-19 privacy [Podcast]

New episode - listen now! (Naked Security)

US Imposes Sanctions On Russia Over Cyber Attacks

(News ≈ Packet Storm)

Stories Of Dealing With Ransomware Gangs

(News ≈ Packet Storm)

Google Releases Chrome 90 With HTTPS By Default

(News ≈ Packet Storm)

Is It Still Possible To Run Malware In A Browser Using JavaScript And Rowhammer? Yes, Yes It Is

(News ≈ Packet Storm)

US Sanctions Russia and Expels 10 Diplomats Over SolarWinds Cyberattack

The U.S. and U.K. on Thursday formally attributed the supply chain attack of IT infrastructure management company SolarWinds with "high confidence" to government operatives working for Russia's Foreign Intelligence Service (SVR). "Russia's pattern of malign behaviour around the world – whether in cyberspace, in election interference or in the aggressive operations of their intelligence services (The Hacker News)

1-Click Hack Found in Popular Desktop Apps — Check If You're Using Them

Multiple one-click vulnerabilities have been discovered across a variety of popular software applications, allowing an attacker to potentially execute arbitrary code on target systems. The issues were discovered by Positive Security researchers Fabian Bräunlein and Lukas Euler and affect apps like Telegram, Nextcloud, VLC, LibreOffice, OpenOffice, Bitcoin/Dogecoin Wallets, Wireshark, and Mumble. (The Hacker News)

Malware Variants: More Sophisticated, Prevalent and Evolving in 2021

A malicious program intended to cause havoc with IT systems—malware—is becoming more and more sophisticated every year. The year 2021 is no exception, as recent trends indicate that several new variants of malware are making their way into the world of cybersecurity. While smarter security solutions are popping up, modern malware still eludes and challenges cybersecurity experts.  The evolution (The Hacker News)

YIKES! Hackers flood the web with 100,000 pages offering malicious PDFs

Cybercriminals are resorting to search engine poisoning techniques to lure business professionals into seemingly legitimate Google sites that install a Remote Access Trojan (RAT) capable of carrying out a wide range of attacks. The attack works by leveraging searches for business forms such as invoices, templates, questionnaires, and receipts as a stepping stone toward infiltrating the systems. (The Hacker News)

Biden Races to Shore Up Power Grid Against Hacks

A 100-day race to boost cybersecurity will rely on incentives rather than regulation, the White House said. (Threatpost)

Gafgyt Botnet Lifts DDoS Tricks from Mirai

The IoT-targeted malware has also added new exploits for initial compromise, for Huawei, Realtek and Dasan GPON devices. (Threatpost)

Attackers Target ProxyLogon Exploit to Install Cryptojacker

Threat actors targeted compromised Exchange servers to host malicious Monero cryptominer in an “unusual attack,” Sophos researchers discovered. (Threatpost)

14-04-202116-04-2021

/security-daily/ 16-04-2021 23:44:22