Security daily (16-07-2021)

OSPAR 2021 report now available with 127 services in scope

We are excited to announce the completion of the third Outsourced Service Provider Audit Report (OSPAR) audit cycle on July 1, 2021. The latest OSPAR certification includes the addition of 19 new services in scope, bringing the total number of services to 127 in the Asia Pacific (Singapore) Region. You can download our latest OSPAR […] (AWS Security Blog)

Amnesty sues NYPD, seeking details about facial recognition technology and arrest data

Two watchdog groups sued the New York Police Department over the agency’s refusal to disclose public records about its acquisition of facial recognition technology and other surveillance tools. The lawsuit, filed by Amnesty International and Surveillance Technology Oversight Project, could force the NYPD to hand over records that will shed light on the depth of its surveillance capabilities. “It’s so outrageous that when New Yorkers came out to protest police abuse they were just met with more of the same,” said Albert Fox Cahn, executive director of S.T.O.P. “We have no idea how often they were using this technology to track New Yorkers who were exercising their First Amendment rights.” Amnesty International last September filed a request seeking public records about the procurement, functionality and general use of facial recognition technology, drones and other surveillance technologies by the NYPD before and during Black Lives Matters protests. The NYPD denied the […] The post Amnesty sues NYPD, seeking details about facial recognition technology and arrest data appeared first on CyberScoop. (CyberScoop)

US agencies circulate warning about 'aggressive' Chinese hacking effort to steal secrets from a range of targets

Chinese government-backed hackers’ rampant appetite for intellectual property represents a “major threat to U.S. and allied cyberspace assets,” according to a U.S. government assessment obtained by CyberScoop. The analysis from the National Security Agency, FBI and Department of Homeland Security’s cyber agency warns that Beijing-linked hackers are still “aggressively” targeting U.S. and allied defense and semiconductor firms, medical institutions and universities to steal sensitive corporate data and personally identifiable information. The advisory is a reminder that, despite the Biden administration’s heightened attention on ransomware gangs based in Russia, Chinese state-backed hacking remains a formidable threat to U.S. interests. The document is scheduled to be released publicly in the coming weeks, perhaps as soon as Monday. “NSA, [the Cybersecurity and Infrastructure Security Agency], and FBI have observed increasingly sophisticated Chinese state-sponsored cyber activity targeting U.S. political, economic, military, educational, and [critical infrastructure] personnel and organizations,” says the advisory. “These cyber operations […] The post US agencies circulate warning about 'aggressive' Chinese hacking effort to steal secrets from a range of targets appeared first on CyberScoop. (CyberScoop)

Cryptographers unearth vulnerabilities in Telegram's encryption protocol

An international team of computer scientists reported on Friday that they found four cryptographic vulnerabilities in the popular encrypted message app Telegram. The weaknesses range “from technically trivial and easy to exploit to more advanced and of theoretical interest,” according to the security analysis. But ultimately they prove that the four key issues “could be done better, more securely and in a more trustworthy manner with a standard approach to cryptography,” said ETH Zurich Professor Kenny Paterson, who was part of the team that uncovered the flaw. The most significant of the vulnerabilities the researchers uncovered is what they called the “crime-pizza” vulnerability. In it, an attacker could alter the order of messages coming from a client to a cloud server that Telegram operates. “For example, if the order of the messages in the sequence ‘I say “yes” to’, ‘pizza’, ‘I say “no” to’, “crime” was altered then it would […] The post Cryptographers unearth vulnerabilities in Telegram's encryption protocol appeared first on CyberScoop. (CyberScoop)

More PrintNightmare: “We TOLD you not to turn the Print Spooler back on!”

The PrintNightmare continues. So does our advice, even though it stops your printer working. (Naked Security)

Want to earn $10 million? Snitch on a cybercrook!

Will going after the big guns help to discourage and disrupt the rest of the cybercrime ecosystem? Have your say... (Naked Security)

U.S. Gov't Offers $10 Million For Info On Hackers Targeting Infrastructure

(News ≈ Packet Storm)

Chinese APT LuminousMoth Abuses Zoom Brand For Gov't Attacks

(News ≈ Packet Storm)

Hooking Candiru: Another Mercenary Spyware Comes Into Focus

(News ≈ Packet Storm)

Microsoft: New Unpatched Bug In Windows Print Spooler

(News ≈ Packet Storm)

Israeli Firm Helped Governments Target Journalists, Activists with 0-Days and Spyware

Two of the zero-day Windows flaws patched by Microsoft as part of its Patch Tuesday update earlier this week were weaponized by an Israel-based company called Candiru in a series of "precision attacks" to hack more than 100 journalists, academics, activists, and political dissidents globally. The spyware vendor was also formally identified as the commercial surveillance company that Google's (The Hacker News)

The Definitive RFP Templates for EDR/EPP and APT Protection

Advanced Persistent Threats groups were once considered a problem that concerns Fortune 100 companies only. However, the threat landscape of the recent years tells otherwise—in fact, every organization, regardless of vertical and size is at risk, whether as a direct target, supply chain or collateral damage.

The vast majority of security decision-makers acknowledge they need to address the APT (The Hacker News)

Facebook Suspends Accounts Used by Iranian Hackers to Target US Military Personnel

Facebook on Thursday disclosed it dismantled a "sophisticated" online cyber espionage campaign conducted by Iranian hackers targeting about 200 military personnel and companies in the defense and aerospace sectors in the U.S., U.K., and Europe using fake online personas on its platform. The social media giant pinned the attacks to a threat actor known as Tortoiseshell (aka Imperial Kitten) based (The Hacker News)

Linux Variant of HelloKitty Ransomware Targets VMware ESXi Servers

HelloKitty joins the growing list of ransomware bigwigs going after the juicy target of VMware ESXi, where one hit gets scads of VMs. (Threatpost)

Top CVEs Trending with Cybercriminals

An analysis of criminal forums reveal what publicly known vulnerabilities attackers are most interested in. (Threatpost)

The Evolving Role of the CISO

Curtis Simpson, CISO at Armis, discusses the top qualities that all CISOs need to possess to excel. (Threatpost)

Critical Juniper Bug Allows DoS, RCE Against Carrier Networks

Telecom providers, including wireless carriers, are at risk of disruption of network service if the bug in SBR Carrier is exploited. (Threatpost)

Windows 0-Days Used Against Dissidents in Israeli Broker’s Spyware

Candiru, aka Sourgum, allegedly sells the DevilsTongue surveillance malware to governments around the world. (Threatpost)

Microsoft: New Unpatched Bug in Windows Print Spooler           

Another vulnerability separate from PrintNightmare allows for local elevation of privilege and system takeover. (Threatpost)


/security-daily/ 17-07-2021 23:44:23