15-03-202117-03-2021

Security daily (16-03-2021)

Automatically block suspicious traffic with AWS Network Firewall and Amazon GuardDuty

According to the AWS Security Incident Response Guide, by using security response automation, you can increase both the scale and the effectiveness of your security operations. Automation also helps you to adopt a more proactive approach to securing your workloads on AWS. For example, rather than spending time manually reacting to security alerts, you can […] (AWS Security Blog)

Twitter hacker pleads guilty, sentenced to 3 years

A Florida teenager has admitted to orchestrating the hijacking of celebrity Twitter accounts last year as part of a plea deal that will see him serve three years in a juvenile facility, prosecutors said Tuesday. Graham Ivan Clark, 18, admitted to being behind a scheme that saw him steal more than $117,000 by taking over the Twitter accounts of numerous public figures and then blasted out tweets promoting cryptocurrency, according to prosecutors in Hillsborough County, Fla. More than 100 high profile people, from Microsoft founder Bill Gates to former president Barack Obama, had their accounts targeted in an incident that exposed glaring vulnerabilities in Twitter’s security protocols. Clark was 17 when he was arrested, and prosecutors touted the plea deal as a chance for him to mend his ways. The agreement includes three years of supervised release. Clark pleaded guilty to obtaining unauthorized access to a computer, and to numerous counts […] The post Twitter hacker pleads guilty, sentenced to 3 years appeared first on CyberScoop. (CyberScoop)

Russia, Iran ran influence operations aimed at 2020 elections, US says

The governments of Russia and Iran sought to influence the U.S. presidential elections in 2020 and exacerbate societal tensions throughout the nation last year, the U.S. intelligence community said in a declassified assessment released Tuesday. The long awaited report from the Office of the Director of National Intelligence detailing how foreign governments sought to influence or interfere in U.S. elections declared that Russian President Vladimir Putin authorized the influence operations that were aimed at denigrating Joe Biden’s candidacy and the Democratic Party while supporting then-President Donald Trump. The assessment states that Supreme Leader Ali Khamenei “probably” authorized Iran’s campaign, which was aimed at undermining Trump’s reelection. Both Russia and Iran intended to undermine public confidence in the electoral process as well, the report states. China did not run influence operations aimed at the U.S. elections, but Chinese authorities had considered doing so, the U.S. intelligence community found. The assessment, which […] The post Russia, Iran ran influence operations aimed at 2020 elections, US says appeared first on CyberScoop. (CyberScoop)

Foreign operatives were active in 2020 but did not alter vote, US officials say

Russian, Chinese and Iranian government-linked operatives were active in advance of the 2020 U.S. presidential election, but their intrusions into U.S. organizations did not compromise the integrity of the vote, U.S. officials said Tuesday. The report released Tuesday by the departments of Homeland Security and Justice points to growing interest by an array of foreign actors to influence U.S. voters, but “found no evidence that any foreign government-affiliated actor manipulated election results or otherwise compromised the integrity” of the 2020 vote. “The playbook of Russia in 2016 is out there,” Geoffrey Hale, head of CISA’s Election Security Initiative, said in an interview. “Even in a very secure election, there are incidents, and in this cycle, you saw multiple nation-states involved.” In a separate finding made public Tuesday, the U.S. intelligence community said Russia and Iran had conducted multi-faceted operations to try to influence the vote, and that China had “considered, […] The post Foreign operatives were active in 2020 but did not alter vote, US officials say appeared first on CyberScoop. (CyberScoop)

Another Mirai variant used in attempted hacks on routers, switches

Four years after being used in one of the most powerful distributed denial-of-service attacks on record, the so-called Mirai malware continues to haunt the internet. Researchers on Monday evening revealed that attackers used a new variant of the malicious software in a string of ongoing hacking attempts against devices like routers and switches. The attackers are using no less than eight flaws in popular networking gear to try to remotely commandeer the devices, according to Palo Alto Networks’ Unit 42, the research outfit that made the discovery. After breaking into a device, the attackers try to download malicious code to deploy Mirai variants, Unit 42 said. The concern is that the devices could be conscripted into a botnet, a horde of infected computers used for spamming or distributed denial-of-service (DDoS) attacks, which stifle connectivity by flooding a network with phony traffic. Unit 42 did not identify the suspected attackers. But Zhibin […] The post Another Mirai variant used in attempted hacks on routers, switches appeared first on CyberScoop. (CyberScoop)

Signal is down in China after 100 million reported downloads

Signal users have begun reporting issues with the encrypted messaging app in China, a sign that the government may be adding another chat application to its list of banned services. Signal’s website itself has been banned since Monday, according to Greatfire.org. The app relies on end-to-end encryption, a data protection measure that puts the content of users’ messages and calls outside the government’s reach. Signal also has encountered roadblocks in Iran in recent months, where users began reporting issues in January after Signal experienced a surge of new users. Users in China can still download the app from Apple’s iOS store, and seem to be able to access the app through a virtual private network, according to Greatfire.org. Android stores, on the other hand, no longer list the encrypted app as being available. Signal has been downloaded approximately 100 million times in China, according to data from Sensor Tower, an […] The post Signal is down in China after 100 million reported downloads appeared first on CyberScoop. (CyberScoop)

Indian Government Is Planning Outright Ban On Cryptocurrency

(News ≈ Packet Storm)

Google Warns Mac, Windows Users Of Chrome Zero-Day Flaw

(News ≈ Packet Storm)

This Years-Old Microsoft Vulnerability Is Still Popular With Hackers, So Patch Now

(News ≈ Packet Storm)

Encrypted Messaging App Signal Goes Down In China

(News ≈ Packet Storm)

Use This One-Click Mitigation Tool from Microsoft to Prevent Exchange Attacks

Microsoft on Monday released a one-click mitigation software that applies all the necessary countermeasures to secure vulnerable environments against the ongoing widespread ProxyLogon Exchange Server cyberattacks. Called Exchange On-premises Mitigation Tool (EOMT), the PowerShell-based script serves to mitigate against current known attacks using CVE-2021-26855, scan the Exchange Server using (The Hacker News)

CEO of Encrypted Chat Platform Indicted for Aiding Organised Criminals

The U.S. Department of Justice (DoJ) on Friday announced an indictment against Jean-Francois Eap, the CEO of encrypted messaging company Sky Global, and an associate for wilfully participating in a criminal enterprise to help international drug traffickers avoid law enforcement. Eap (also known as "888888") and Thomas Herdman, a former high-level distributor of Sky Global devices, have been (The Hacker News)

PYSA Ransomware Pillages Education Sector, Feds Warn

A major spike of attacks against higher ed, K-12 and seminaries in March has prompted the FBI to issue a special alert. (Threatpost)

Mom & Daughter Duo Hack Homecoming Crown

A Florida high-school student faces jail time for rigging her school's Homecoming Queen election. (Threatpost)

Latest Mirai Variant Targets SonicWall, D-Link and IoT Devices

A new Mirai variant is targeting known flaws in D-Link, Netgear and SonicWall devices, as well as newly-discovered flaws in unknown IoT devices. (Threatpost)

Exchange Cyberattacks Escalate as Microsoft Rolls One-Click Fix

Public proof-of-concept (PoC) exploits for ProxyLogon could be fanning a feeding frenzy of attacks even as patching makes progress. (Threatpost)

15-03-202117-03-2021

/security-daily/ 17-03-2021 23:44:24