15-07-202017-07-2020

Security daily (16-07-2020)

Learn and use 13 AWS security tools to implement SEC recommended protection of stored customer data in the cloud

Most businesses collect, process, and store sensitive customer data that needs to be secured to earn customer trust and protect customers against abuses. Regulated businesses must prove they meet guidelines established by regulatory bodies. As an example, in the capital markets, broker-dealers and investment advisors must demonstrate they address the guidelines proposed by the Office […] (AWS Security Blog)

CISA issues emergency order requiring agencies to patch critical Windows bug

The Department of Homeland Security’s cybersecurity division on Thursday ordered federal civilian agencies to apply a security fix for a newly revealed Microsoft Windows vulnerability, citing the “unacceptable significant risk” posed by the flaw to agencies’ security. The emergency order — only the third ever issued by DHS’s Cybersecurity and Infrastructure Security Agency — gave agencies roughly 24 hours to either patch Windows servers used for domain name system purposes or apply another mitigation. Organizations with affected servers that aren’t for DNS have until July 24 to patch. The urgency of the directive is “based on the likelihood of the vulnerability being exploited, the widespread use of the affected software across the federal enterprise, the high potential for a compromise of agency information systems, and the grave impact of a successful compromise,” CISA said in its directive. The agency said it wasn’t aware of any active exploitation of the vulnerability — yet. “[I]t […] The post CISA issues emergency order requiring agencies to patch critical Windows bug appeared first on CyberScoop. (CyberScoop)

Private equity firm to acquire Forescout for $1.4 billion after awkward start

A scheduled private equity acquisition of a major cybersecurity vendor is back on after a lawsuit and questions about the strength of its business during the coronavirus pandemic. San Jose, California-based Forescout announced Wednesday it would drop litigation against Advent International, a private equity firm, as part of a revised acquisition agreement. Advent will purchase outstanding Forescout shares for $29 per share, down from the $33 per share it initially said it would pay when the two companies announced a proposed agreement in February. The final deal values Forescout at $1.43 billion, down from the initial price of $1.9 billion. Forescout said its board of directors unanimously approved the deal, which is expected to close in the third fiscal quarter. The resolution comes after Boston-based Advent said in May it would hold up the acquisition over a “material adverse effect” that it had not anticipated when the two sides first […] The post Private equity firm to acquire Forescout for $1.4 billion after awkward start appeared first on CyberScoop. (CyberScoop)

UK 'almost certain' that 2019 election was target of Russian disinformation operation

British officials expressed confidence that Russian operatives tried to interfere in the U.K.’s most recent general election by using social media to promote documents that were stolen and leaked from the government. Dominic Raab, the U.K.’s Secretary of State for Foreign and Commonwealth Affairs, said in a statement Thursday that “it is almost certain that Russian actors” aimed to intervene in the 2019 election in which Boris Johnson defeated Jeremy Corbyn in the race for prime minister. The campaign utilized “illicitly acquired” government documents about the U.K.-U.S. Free Trade Agreement, which were posted on Reddit and promoted elsewhere in an apparent attempt to influence potential voters’ opinions. “There is an ongoing criminal investigation and it would be inappropriate for us to say anything further at this point,” Raab said in a statement. “The Government reserves the right to respond with appropriate measures in the future.” The attribution is a reference to Operation Secondary Infektion, […] The post UK 'almost certain' that 2019 election was target of Russian disinformation operation appeared first on CyberScoop. (CyberScoop)

Russian government hackers targeting coronavirus vaccine research, UK, US and Canada warn

The Russian government hacking group known as Cozy Bear or APT29 has been targeting coronavirus vaccine research, U.K., U.S., and Canadian government officials said Thursday morning. The hackers have been trying to breach programs in all three countries, the officials said in a security assessment issued by the U.K.’s National Cyber Security Centre (NCSC). Agencies from the U.S. and Canada contributed to the effort. The hacking is aimed predominantly at “government, diplomatic, think-tank, healthcare and energy targets,” the NCSC said in the assessment. A senior official with the U.S. National Security Agency urged organizations to pay attention to the technical details in the document. “APT29 has a long history of targeting governmental, diplomatic, think-tank, healthcare and energy organizations for intelligence gain so we encourage everyone to take this threat seriously and apply the mitigations issued in the advisory,” NSA Cybersecurity Director Anne Neuberger said in a separate statement. State-backed hackers worldwide are interested in targeting research […] The post Russian government hackers targeting coronavirus vaccine research, UK, US and Canada warn appeared first on CyberScoop. (CyberScoop)

Iran-linked hackers steal sensitive data from US Navy member, researchers say

Allison Wikoff has spent years tracking suspected Iranian hackers, sifting through data they’ve left behind and analyzing their techniques. But in May, when her colleague stumbled upon a server with 40 gigabytes of the hackers’ training videos and online personas, Wikoff knew she had struck gold. “[When] we started combing through all the data and video files we couldn’t believe what we were seeing,” said Wikoff, a cyber threat analyst on IBM’s X-Force security team. “This discovery brought a whole new meaning to observing ‘hands-on keyboard activity.’” The nearly five hours of videos found on the server, which IBM reported publicly on Thursday, include evidence of a suspected Iranian hacker stealing data from the personal email and social media accounts of an enlisted member of the U.S. Navy and a Greek naval officer. The attacker managed to exfiltrate files on the military unit of the U.S. Navy member and their […] The post Iran-linked hackers steal sensitive data from US Navy member, researchers say appeared first on CyberScoop. (CyberScoop)

The Twitter hack: Why Elon Musk, Bill Gates, Jeff Bezos and others might have reason to be worried

The real worry of the Twitter hack is not the cryptocurrency scam that was spammed out, but that attackers might have accessed private messages sent and received by the rich and powerful. (Graham Cluley)

The Twitter mega-hack. What you need to know

Multiple Twitter accounts have been hacked as part of a Bitcoin scam, and it’s one of the biggest security disasters in Twitter’s history. Read more in my article on the Tripwire State of Security. (Graham Cluley)

Smashing Security podcast #187: Huawei ban, MGM hack, and a contact-tracing cock-up

Login chaos for the UK’s contact tracing service, our drill-down on the Britain’s Huawei 5G ban, MGM’s blockbuster breach, and how to pronounce “Gigabyte.” All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast with Graham Cluley and Carole Theriault, and special guest Maria Varmazis. (Graham Cluley)

Twitter limits tweeting as prominent accounts spam out cryptocoin scams

Twitter is investigating a rash of fraudulent tweets from prominent accounts - don't fall for these scams! (Naked Security)

Docker Attackers Devise Clever Technique To Avoid Detection

(News ≈ Packet Storm)

Cisco Releases 33 Bug Fixes, 5 Critical

(News ≈ Packet Storm)

Twitter Silences Some Top Accounts After Internal Systems Hacked

(News ≈ Packet Storm)

Russia Is Trying To Hack COVID-19 Vaccine Development

(News ≈ Packet Storm)

Fake WordPress Plugin SiteSpeed Serves Malicious Ads & Backdoors

Fake WordPress plugins appear to be trending as an effective way of establishing a foothold on compromised websites. During a recent investigation, we discovered a fake component which was masquerading as a legitimate plugin. Named SiteSpeed, it contained a lot of interesting malicious capabilities. Unwanted Advertisements The malicious plugin can be used by the attacker to display ads on the website. To avoid detection and target specific website visitors, the plugin has many functions to check the user-agent, referrer, and the IP of the user accessing the page. Continue reading Fake WordPress Plugin SiteSpeed Serves Malicious Ads & Backdoors at Sucuri Blog. (Sucuri Blog)

A New Flaw In Zoom Could Have Let Fraudsters Mimic Organisations

In a report shared with The Hacker News, researchers at cybersecurity firm CheckPoint today disclosed details of a minor but easy-to-exploit flaw they reported in Zoom, the highly popular and widely used video conferencing software.

The latest Zoom flaw could have allowed attackers mimic an organization, tricking its employees or business partners into revealing personal or other confidential (The Hacker News)

Enterprise Data Security: It’s Time to Flip the Established Approach

Companies should forget about auditing where data resides and who has access to it. (Threatpost)

Hackers Look to Steal COVID-19 Vaccine Research

The Russia-linked APT29 has set its sights on pharma research in Western nations in a likely attempt to get ahead on a cure for coronavirus. (Threatpost)

Zoom Addresses Vanity URL Zero-Day

An attacker could pose as a company employee, invite customers or partners to meetings, then use socially engineered conversation to extract sensitive information. (Threatpost)

Amazon-Themed Phishing Campaigns Swim Past Security Checks

A pair of recent campaigns aim to lift credentials and other personal information under the guise of Amazon package-delivery notices. (Threatpost)

Threat Actors Introduce Unique ‘Newbie’ Hacker Forum

CryptBB becomes more inclusive by inviting less experienced hackers to learn from expert cybercriminals and one another. (Threatpost)

LokiBot Redux Attacks Massive List of Common Android Apps

BlackRock, based on the Xerxes source code, can steal info not only from financial apps but also TikTok, Tinder, Instagram, Uber and many others. (Threatpost)

15-07-202017-07-2020

/security-daily/ 17-07-2020 23:44:24