Spring 2020 SOC reports now available with 122 services in scope
At AWS, our customers’ security is of the highest importance and we continue to provide transparency into our security posture. We’re proud to deliver the System and Organizational Controls (SOC) 1, 2, and 3 reports to our AWS customers. The SOC program continues to enable our global customer base to maintain confidence in our secured […]
(AWS Security Blog)
Gen. Paul Nakasone, the director of the National Security Agency and head of U.S. Cyber Command, is a busy man. He oversees vast, technical surveillance efforts in the U.S. and abroad, while also commanding a military outfit charged with launching cyberattacks. Emailing random women from an outpost in Syria is probably not on his to-do list. So when, Susan, a woman from the New York City area, started receiving correspondence from a “Paul Nakasone” this week, she wondered why the self-proclaimed “head of U.S. Army Cyber Command” was trying to flirt with her. “I Googled this guy and I’m like, ‘Are you kidding me?’” Susan, who asked to be identified by only her first name, told CyberScoop. “And it was very flirtatious, but I’m a married woman.” Susan ultimately realized, that, no, she was not talking to the real Paul Nakasone. She and her friend were actually dealing with scammers who were posing as top […] The post Someone is trying to catfish women by pretending to be Paul Nakasone appeared first on CyberScoop.
Romanian authorities said Friday they had disrupted a cybercriminal group that planned to conduct ransomware attacks on hospitals in the country. The hackers intended to pose as government officials and send malicious emails to public health institutions that purported to contain information on the coronavirus, according to the Directorate for Investigating Organized Crime and Terrorism (DIICOT), one of Romania’s top law enforcement agencies. Such ransomware attacks could disrupt the IT systems of hospitals, DIICOT said. But before that could happen, police and security officials said they searched the suspects’ properties in Romania and neighboring Moldova. All four suspects were arrested, ZDNet reported. The hackers planned to threaten hospitals to protest Romania’s state of emergency, which has restricted public gatherings during the COVID-19 pandemic, according to Romanian news outlet Stirile Pro Tv. The threat of attacking hospitals would be a much more serious crime than the website defacements and other low-skill digital mischief usually […] The post Romanian police bust hackers allegedly plotting ransomware attacks on hospitals appeared first on CyberScoop.
The U.S. Department of Commerce on Friday said it was tightening regulations to prevent Huawei from using U.S. software to make semiconductors abroad, the latest move by officials to crack down on a Chinese telecommunications giant they deem a national security threat. The new regulations are an effort to “narrowly and strategically target Huawei’s acquisition of semiconductors that are the direct product of certain U.S. software and technology,” the Department of Commerce said in a statement. Huawei has been circumventing previous restrictions on using U.S. technology to make semiconductors, which are key to its smartphone business, Commerce officials alleged. The updated export controls go further in forcing foreign companies that use U.S. chipset technology to get a license before selling that technology to Huawei. A Huawei spokesperson did not immediately respond to a request for comment. The new export controls are one of a series of stringent measures the Trump administration […] The post US Commerce Department tightens screws on Huawei export controls appeared first on CyberScoop.
Recent weeks have seen a spate of scams and attacks associated with the Coronavirus pandemic, and there is little evidence of the end being in sight.
Reply all woes, DHS says no to DoH and why turning your computer off is good for security.
Google Search uses open redirects by design, which is handy if you're a scammer trying to hide an iffy-looking URL.
The agencies say it's vital to prioritize patching. Otherwise, we're making it easy for attackers who don't have to work at finding 0 days.
Microsoft is the latest browser vendor to join the encrypted DNS club by supporting DNS over HTTPS in Windows 10.
If you're reading this, you're likely a tech-savvy coding pro whose analytical talents are mostly applied to designing apps, cracking passwords, and infiltrating networks — all of which are admirable activities for both aspiring and seasoned white hat hackers. But there are other profitable ways that you can put these types of skills to use, namely in the world of investment and trading.
Whether you're interested in beginning a full-fledged career as a day trader or simply want to earn some extra cash on the side, the Premium Novice-to-Expert Day Trading & Technical Analysis Bundle will teach... more
(Null Byte « WonderHowTo)
(News ≈ Packet Storm)
(News ≈ Packet Storm)
(News ≈ Packet Storm)
(News ≈ Packet Storm)
During a recent investigation, our team found malicious code that reveals how attackers are performing reconnaissance to identify if sites are actively using WooCommerce in a compromised hosting environment. These compromised websites are victims of the ongoing wave of exploits against vulnerable WordPress plugins. Why are WooCommerce websites being targeted? WooCommerce is a powerful WordPress plugin that can help a website owner set up an ecommerce store. WooCommerce’s popularity has allowed it to quickly grow a large market share and become one of the biggest ecommerce platforms in the world. Continue reading WordPress Malware Collects Sensitive WooCommerce Data at Sucuri Blog.
A new version of COMpfun remote access trojan (RAT) has been discovered in the wild that uses HTTP status codes to control compromised systems targeted in a recent campaign against diplomatic entities in Europe.
The cyberespionage malware—traced to Turla APT with "medium-to-low level of confidence" based on the history of compromised victims—spread via an initial dropper that masks itself as
(The Hacker News)
The fast-moving botnet has added an exploit for an unpatched bug in an unsupported version of the security gateway.
Threatpost editors discuss recent ransomware attacks and contact-tracing app privacy concerns.
A new threat group uses NSIS as an installer to target industrial companies with revolving payloads, including LokiBot, FormBook, BetaBot, Agent Tesla and Netwire.
Paying ransom to cybercriminals costs companies hit with ransomware attacks more than recovering data on their own, according to a new research.
/security-daily/ 16-05-2020 23:44:21