14-09-202016-09-2020

Security daily (15-09-2020)

Role-based access control using Amazon Cognito and an external identity provider

Amazon Cognito simplifies the development process by helping you manage identities for your customer-facing applications. As your application grows, some of your enterprise customers may ask you to integrate with their own Identity Provider (IdP) so that their users can sign-on to your app using their company’s identity, and have role-based access-control (RBAC) based on […] (AWS Security Blog)

Public disclosure didn't stop suspected Chinese hackers from targeting the Vatican

Hackers with suspected ties to the Chinese government kept up their operations in the weeks after they were caught targeting the Vatican, according to Recorded Future findings published Tuesday. Recorded Future researchers first called out the hacking group’s focus on the Vatican and Hong Kong’s Catholic Diocese in July, after which the hackers appeared to briefly pause their activity, in a likely effort to evade detection. But within two weeks, the hackers, known as RedDelta, had resumed their activities, aiming to infiltrate mail servers of the Vatican and the Hong Kong Catholic Diocese, researchers said. “This is indicative of RedDelta’s persistence in maintaining access to these environments for gathering intelligence, in addition to the group’s aforementioned high risk tolerance,” the researchers write in a blog post on the matter. China has long had an interest in collecting intelligence on religious groups in the region, and in particular on Catholics, ever since the Vatican […] The post Public disclosure didn't stop suspected Chinese hackers from targeting the Vatican appeared first on CyberScoop. (CyberScoop)

US indicts two hackers for retaliating for Soleimani's killing; more Iran-related charges expected soon

U.S. prosecutors have indicted two hackers, including an Iranian national, for allegedly defacing a slew of websites in retaliation for the U.S. killing of a top Iranian general in January. The indictment returned by a federal grand jury in Massachusetts accuses Behzad Mohammadzadeh, an Iranian thought to be 19, and Marwan Abusrour, a 25-year-old Palestinian, of attacking U.S. websites and planting messages such as “Down with America.” Mohammadzadeh is a “self-described spammer” who allegedly traffics in stolen credit cards, the Department of Justice said. Such defacement attacks do not require much skill, and are not the retaliatory cyberattacks that officials feared after the U.S. military killed Qassem Soleimani, Iran’s top general. The FBI had warned companies that Iranian hackers had stepped up their reconnaissance in the immediate aftermath of the Soleimani killing. The indictment unsealed Tuesday is one of multiple indictments that U.S. prosecutors are expected to announce this week related to Iranian hacking, according to two people familiar with the matter. It […] The post US indicts two hackers for retaliating for Soleimani's killing; more Iran-related charges expected soon appeared first on CyberScoop. (CyberScoop)

Chinese hacking groups are bullying telecoms as 2020 goes on, CrowdStrike says

Six suspected Chinese hacking groups have zeroed-in on entities in the telecommunications sector in the first half of this year, according to CrowdStrike research published Tuesday. While CrowdStrike did not identify the groups by name, attackers have likely been running their hacking operations in an effort to steal sensitive data about targets, or to conduct intellectual property theft, researchers at the threat intelligence firm determined. CrowdStrike also did not identify the targets. The telecommunications sector was among the top most-targeted sectors in the first half of 2020, the company said, alluding to behavior that aligns with previous espionage patterns from hackers with suspected ties to Beijing. Publication of the report coincides with a fresh warning from the U.S. Department of Homeland Security that a Chinese intelligence agency is exploiting known software flaws to gather information from U.S. federal agencies, and amid an ongoing U.S. government effort to safeguard research into a COVID-19 vaccine, […] The post Chinese hacking groups are bullying telecoms as 2020 goes on, CrowdStrike says appeared first on CyberScoop. (CyberScoop)

Magecart Attack Impacts More Than 10k Online Shoppers

(News ≈ Packet Storm)

MITRE Releases Emulation Plan For FIN6 Hacking Group

(News ≈ Packet Storm)

MFA Bypass Bugs Opened Microsoft 365 To Attack

(News ≈ Packet Storm)

European Police Malware Could Harvest GPS, Messages, Passwords, More

(News ≈ Packet Storm)

Department Of Veterans Affairs Breach Impacts 46,000 Veterans

(News ≈ Packet Storm)

Coronavirus: FM Learned Of Data Breach 11 Days After Health Minister

(News ≈ Packet Storm)

Missing DMARC Records Lead to Phishing

Email will continue to be the dominant mode of digital communication for the foreseeable future. However, the email framework was not designed with security in mind. There still are security flaws that bad actors regularly exploit to their advantage. Recently, researchers have discovered a business-email compromise scam in Russia. Known as Cosmic Lync, the cybercriminal group running this scam has been associated with more than 200 security incidents targeting senior-level executives globally since July 2019. Continue reading Missing DMARC Records Lead to Phishing at Sucuri Blog. (Sucuri Blog)

Report: 97% of Cybersecurity Companies Have Leaked Data on the Dark Web

In a new report into the global cybersecurity industry's exposure on the Dark Web this year, global application security company, ImmuniWeb, uncovered that 97% of leading cybersecurity companies have data leaks or other security incidents exposed on the Dark Web, while on average, there are over 4,000 stolen credentials and other sensitive data exposed per cybersecurity company.

Even the (The Hacker News)

CISA: Chinese Hackers Exploiting Unpatched Devices to Target U.S. Agencies

The US Cybersecurity and Infrastructure Security Agency (CISA) issued a new advisory on Monday about a wave of cyberattacks carried by Chinese nation-state actors targeting US government agencies and private entities.

"CISA has observed Chinese [Ministry of State Security]-affiliated cyber threat actors operating from the People's Republic of China using commercially available information (The Hacker News)

Data Breaches Exposes Vets, COVID-19 Patients

Social engineering and employee mistakes lead to breach Veteran's Administration and the National Health Service. (Threatpost)

QR Codes Serve Up a Menu of Security Concerns

QR code usage is soaring in the pandemic -- but malicious versions aren't something that most people think about. (Threatpost)

IBM Spectrum Protect Plus Security Open to RCE

Two bugs (CVE-2020-4703 and CVE-2020-4711) in IBM's Spectrum Protect Plus data-storage protection solution could enable remote code execution. (Threatpost)

Windows Exploit Released For Microsoft ‘Zerologon’ Flaw

Security researchers and U.S. government authorities alike are urging admins to address Microsoft's critical privilege escalation flaw. (Threatpost)

MFA Bypass Bugs Opened Microsoft 365 to Attack

Vulnerabilities ‘that have existed for years’ in WS-Trust could be exploited to attack other services such as Azure and Visual Studio. (Threatpost)

14-09-202016-09-2020

/security-daily/ 16-09-2020 23:44:23