Security daily (15-07-2021)

How AWS is helping EU customers navigate the new normal for data protection

French version German version Achieving compliance with the European Union’s data protection regulations is critical for hundreds of thousands of Amazon Web Services (AWS) customers. Many of them are subject to the EU’s General Data Protection Regulation (GDPR), which ensures individuals’ fundamental right to privacy and the protection of personal data. In February, we announced […] (AWS Security Blog)

TLS-enabled Kubernetes clusters with ACM Private CA and Amazon EKS

In this blog post, we show you how to set up end-to-end encryption on Amazon Elastic Kubernetes Service (Amazon EKS) with AWS Certificate Manager Private Certificate Authority. For this example of end-to-end encryption, traffic originates from your client and terminates at an Ingress controller server running inside a sample app. By following the instructions in […] (AWS Security Blog)

056| To Ban or Not to Ban? Ransomware Payment Regulation

Ransomware payment amounts have skyrocketed over the past year. As threat actors keep getting richer, they have more resources to fuel their operations. Many people argue that the way to discourage ransomware is to implement an outright ban on ransom payments. Is this suggestion idealistic or realistic? How would such a ban affect companies, and what are the alternatives? Päivi Tynninen of the Finnish National Cybersecurity Center and Jordan LaRose of F-Secure join us to share their views. Links: Episode 56 transcript (Cyber Security Sauna)

Iranian spies tried hacking US military personnel by posing as job recruiters on Facebook

Facebook said on Thursday it upended Iranian government-backed hackers who targeted U.S. military personnel and defense companies on its platform before trying to move conversations elsewhere to infect victims with malware. In a blog post, Facebook linked the campaign to a group known alternately as Tortoiseshell or Imperial Kitten, which primarily had focused on Middle East targets before. This time, they were mainly preoccupied with the United States. “In an apparent expansion of malicious activity to other regions and industries, our investigation found them targeting military personnel and companies in the defense and aerospace industries primarily in the US, and to a lesser extent in the UK and Europe,” wrote Mike Dvilyanski, Facebook’s head of cyberespionage investigations, and David Agranovich, director of threat disruption. As part of a social engineering effort, the hackers posed via fake online personas as defense and aerospace industry recruiters, or claimed to work in hospitality, journalism, […] The post Iranian spies tried hacking US military personnel by posing as job recruiters on Facebook appeared first on CyberScoop. (CyberScoop)

Momentum builds on federal oversight of facial recognition tech after reported abuses

Lawmakers in the House and Senate are considering legislation that would halt the use of facial recognition and biometric data collection tools by federal law enforcement, signaling that the controversial technologies may soon be subject to oversight after years of debate and revelations about its role in discriminatory policing. The Facial Recognition and Biometric Technology Moratorium Act, reintroduced in June by Sen. Ed Markey (D-Mass.) and Rep. Pramila Jayapal (D-Wash.), would fully ban the use of facial recognition and biometric technology by federal agencies, barring a lift by Congress. It would also block funding to state and local law enforcement who do not cease use of the tech. The bill would allow cities and states to keep and make their own laws. More than 40 privacy and civil liberties groups have thrown their weight on the Hill and organizing power behind the Biometric Technology Moratorium Act, saying that cases in […] The post Momentum builds on federal oversight of facial recognition tech after reported abuses appeared first on CyberScoop. (CyberScoop)

US government launches plans to cut cybercriminals off from cryptocurrency

The White House on Thursday announced a flurry of actions launched by a new interagency task force to combat ransomware. The updates on the White House’s plan to tackle ransomware comes on the heels of the third major ransomware attack to pose a serious threat to the U.S. national security in as many months. The Russia-tied group REvil hit Florida-based IT firm Kaseya earlier this month, potentially affecting more than 1,500 companies. The group’s websites recently went dark for reasons that are still unclear. A senior administration official declined to comment on whether the United States has or will take action against the group. Chief among the White House task force’s new efforts is to cut groups like REvil off from virtual currencies, which they use to collect ransom from victims and sell services to affiliates. The Treasury Department will support the implementation of money laundering requirements for virtual currency […] The post US government launches plans to cut cybercriminals off from cryptocurrency appeared first on CyberScoop. (CyberScoop)

The Code Red worm 20 years on – what have we learned?

"It was 20 years ago today..." that we learned a few lessons that are well worth revisiting! (Naked Security)

Safari Zero-Day Used In LinkedIn Campaign

(News ≈ Packet Storm)

KiwiSDR Has Had A Backdoor With Root Access For Years

(News ≈ Packet Storm)

Google Details Recent Malware Campaigns Amid Uptick In Zero-Day Attacks

(News ≈ Packet Storm)

iOS Zero-Day Let SolarWinds Hackers Compromise iPhones

(News ≈ Packet Storm)

Update Your Chrome Browser to Patch New Zero‑Day Bug Exploited in the Wild

Google has pushed out a new security update to Chrome browser for Windows, Mac, and Linux with multiple fixes, including a zero-day that it says is being exploited in the wild. The latest patch resolves a total of eight issues, one of which concerns a type confusion issue in its V8 open-source and JavaScript engine (CVE-2021-30563). The search giant credited an anonymous researcher for reporting (The Hacker News)

China's Cyberspies Targeting Southeast Asian Government Entities

A sweeping and "highly active campaign" that originally set its sights on Myanmar has broadened its focus to strike a number of targets located in the Philippines, according to new research. Russian cybersecurity firm Kaspersky, which first spotted the infections in October 2020, attributed them to a threat actor it tracks as "LuminousMoth," which it connected with medium to high confidence to a (The Hacker News)

New Zero-Trust API Offers Mobile Carrier Authentication to Developers

Zero Trust is increasingly being adopted as the best strategy to maintain application security and prevent data breaches. To help achieve progress on Zero Trust, there is now a new, easy way to implement continuous user verification by connecting directly to the authentication systems used by mobile operators – without the overhead of processing or storing user data.  Before we show you how it (The Hacker News)

Ransomware Attacks Targeting Unpatched EOL SonicWall SMA 100 VPN Appliances

Networking equipment maker SonicWall is alerting customers of an "imminent" ransomware campaign targeting its Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life 8.x firmware. The warning comes more than a month after reports emerged that remote access vulnerabilities in SonicWall SRA 4600 VPN appliances (CVE-2019-7481) are being (The Hacker News)

Google Details iOS, Chrome, IE Zero-Day Flaws Exploited Recently in the Wild

Threat intelligence researchers from Google on Wednesday shed more light on four in-the-wild zero-days in Chrome, Safari, and Internet Explorer browsers that were exploited by malicious actors in different campaigns since the start of the year. What's more, three of the four zero-days were engineered by commercial providers and sold to and used by government-backed actors, contributing to an (The Hacker News)

Zero-Day Attacks on Critical WooCommerce Bug Threaten Databases

The popular e-commerce platform for WordPress has started deploying emergency patches. (Threatpost)

Fake Zoom App Dropped by New APT ‘LuminousMoth’

First comes spear-phishing, next download of malicious DLLs that spread to removable USBs, dropping Cobalt Strike Beacon, and then, sometimes, a fake Zoom app. (Threatpost)

SonicWall Warns Secure VPN Hardware Bugs Under Attack

SonicWall issued an urgent security alert warning customers that some of its current and legacy secure VPN appliances were under active attack. (Threatpost)

Safari Zero-Day Used in Malicious LinkedIn Campaign

Researchers shed light on how attackers exploited Apple web browser vulnerabilities to target government officials in Western Europe. (Threatpost)


/security-daily/ 16-07-2021 23:44:23