Security daily (15-07-2020)

OSPAR 2020 report now available with 105 services in scope

We are excited to announce the addition of 41 new services in the scope of our latest Outsourced Service Provider Audit Report (OSPAR) audit cycle, for a total of 105 services in the Asia Pacific (Singapore) Region. The newly added services include: AWS Security Hub, which gives you a comprehensive view of high-priority security alerts […] (AWS Security Blog)

Scammers hijack Twitter accounts of Joe Biden, Bill Gates and others to promote cryptocurrency

Hackers on Wednesday took over a series of high-profile Twitter accounts — including those of presumptive Democratic presidential nominee Joe Biden and Microsoft co-founder Bill Gates — to promote cryptocurrency scams in a remarkable security breach. A series of similarly worded tweets promoting bitcoin, a type of cryptocurrency, began appearing from the compromised accounts around the same time on Wednesday. The Twitter account of cryptocurrency exchange Gemini appeared to be swept up in the scam, as did Apple’s official Twitter account. pic.twitter.com/QqPq27m7d1 — Jᵾlien Genestoux (@julien51) July 15, 2020 Hours after it began investigating the incident, Twitter said it appeared to be “a coordinated social engineering attack” against some Twitter employees “with access to internal systems and tools.” Twitter said it was “looking into what other malicious activity [the attackers] may have conducted or information they may have accessed and will share more here as we have it.” We detected what we believe to be a coordinated social engineering attack by […] The post Scammers hijack Twitter accounts of Joe Biden, Bill Gates and others to promote cryptocurrency appeared first on CyberScoop. (CyberScoop)

Credit union's lawsuit against Fiserv is a test for cybersecurity liability

After more than a year of legal wrangling and bureaucratic delays, a major lawsuit is moving forward against a fintech giant for its allegedly lax cybersecurity practices. A Pennsylvania credit union is taking on Fiserv, a Fortune 500 company that claims clients in over 100 countries, in a case that is a test of the legal obligations big financial firms have to protect client data. Bessemer System Federal Credit Union’s (FCU) originally sued Fiserv in April 2019. After moving to federal court, the case took on new life Tuesday when a judge in the Western District of Pennsylvania ruled that the court would hear some of the credit union’s claims against Fiserv. The credit union accuses Fiserv, one of three companies that provide the majority of digital infrastructure used by small banks, of taking cybersecurity for granted. “Rather than addressing the problems by updating its security, Fiserv continued to use […] The post Credit union's lawsuit against Fiserv is a test for cybersecurity liability appeared first on CyberScoop. (CyberScoop)

“Secure in your thoughts” – malware memories and brain passwords in the Stroke of Genius podcast

I’m in the latest episode of the “Stroke of Genius” podcast, which looks at passwords and how researchers are exploring ways to use brain patterns as a way to unlock devices. I’m on hand to describe the workings of some notorious password-stealing malware, and also share some stories of how computer games helped me get a job in the cybersecurity industry. (Graham Cluley)

Patch now! SIGRED – the wormable hole in your Windows servers

The bug can definitely crash your Windows DNS servers, and it could end up being used for much worse than that. Please patch now! (Naked Security)

How to Crack Password-Protected ZIP Files, PDFs & More with Zydra

Everybody knows not to store sensitive information in unencrypted files, right? PDFs and ZIP files can often contain a treasure trove of information, such as network diagrams, IP addresses, and login credentials. Sometimes, even certain files that are encrypted aren't safe from attackers. That's where Zydra comes in — a tool for cracking RAR files, ZIP files, PDF files, and Linux shadow files.

How Are These Files Encrypted?

Depending on the program used and its version, these sorts of files could be password protected using various encryption algorithms.

For example, the Linux command line... more (Null Byte « WonderHowTo)

Build Pro-Level Games with This GameGuru Bundle

If you're a tech-savvy coding pro, you have a virtually limitless number of great career choices to choose from. Whether you're interested in working at a small tech startup, freelancing as a cybersecurity specialist, or founding the next Google, having a solid understanding of development terminology and general programming will inevitably get you far.

But you don't necessarily need to work in a traditional tech field to take advantage of your design and development prowess. The Complete GameGuru Bundle will teach you how to use your talents to build pro-level games from scratch, and it's on... more (Null Byte « WonderHowTo)

Report: CIA Behind APT34, FSB Hacks, And Data Dumps

(News ≈ Packet Storm)

Microsoft Tackles 123 Fixes For July Patch Tuesday

(News ≈ Packet Storm)

Patch Tuesday: Adobe Eliminates Four Critical Bugs

(News ≈ Packet Storm)

Microsoft Urges Patching Wormable Server Vulnerability

(News ≈ Packet Storm)

Several High-Profile Accounts Hacked in the Biggest Twitter Hack of All Time

Social media platform Twitter, earlier today on Wednesday, was on fire after it suffered one of the biggest cyberattacks in its history.

A number of high-profile Twitter accounts, including those of US presidential candidate Joe Biden, Amazon CEO Jeff Bezos, Bill Gates, Elon Musk, Uber, and Apple, were breached simultaneously in what's a far-reaching hacking campaign carried out to promote a (The Hacker News)

4 Dangerous Brazilian Banking Trojans Now Trying to Rob Users Worldwide

Cybersecurity researchers on Tuesday detailed as many as four different families of Brazilian banking trojans that have targeted financial institutions in Brazil, Latin America, and Europe.

Collectively called the "Tetrade" by Kaspersky researchers, the malware families — comprising Guildma, Javali, Melcoz, and Grandoreiro — have evolved their capabilities to function as a backdoor and adopt (The Hacker News)

17-Year-Old Critical 'Wormable' RCE Vulnerability Impacts Windows DNS Servers

Cybersecurity researchers today disclosed a new highly critical "wormable" vulnerability—carrying a severity score of 10 out of 10 on the CVSS scale—affecting Windows Server versions 2003 to 2019.

The 17-year-old remote code execution flaw (CVE-2020-1350), dubbed 'SigRed' by Check Point, could allow an unauthenticated, remote attacker to gain domain administrator privileges over targeted (The Hacker News)

CompTIA Certification Prep Courses – Get Lifetime Access @ 98% Discount

In the world of professional IT, recruiters look for certificates as an important criterion for eligibility and assessing skills. Any IT professional with résumé that includes CompTIA certificates tends to rise up the pile.

Of course, there are many different CompTIA exams you can choose from based on your interest and already chosen path.

Our educational and industry partners have (The Hacker News)

Critical RCE Flaw Affects F5 BIG-IP Application Security Servers

Cybersecurity researchers today issued a security advisory warning enterprises and governments across the globe to immediately patch a highly-critical remote code execution vulnerability affecting F5's BIG-IP networking devices running application security servers.

The vulnerability, assigned CVE-2020-5902 and rated as critical with a CVSS score of 10 out of 10, could let remote attackers (The Hacker News)

Twitter Confirms it was Hacked in an Unprecedented Cryptocurrency Scam

The Twitter accounts of Bill Gates, Elon Musk, Joe Biden, Apple and Uber have each been hijacked at the same time to push a cryptocurrency scam in an unprecedented breach of Twitter accounts. (Threatpost)

Brazil’s Banking Trojans Go Global

Four sophisticated malware families are ramping up their techniques and actively spreading to new countries, including the U.S. (Threatpost)

The TLS 1.2 Deadline is Looming, Do You Have Your Act Together?

Sectors such as Education (47%), Energy (40%), and Public Administration (37%) have struggled to implement TLS 1.2 protocols (Threatpost)


/security-daily/ 16-07-2020 23:44:28