16-03-202118-03-2021

Security daily (17-03-2021)

AWS achieves its first ISMAP certification in Japan

Earning and maintaining customer trust is an ongoing commitment at Amazon Web Services (AWS). Our customers’ industry security requirements drive the scope and portfolio of the compliance reports, attestations, and certifications we pursue. We’re excited to announce that AWS has achieved certification under the Information System Security Management and Assessment Program (ISMAP) program, effective from March […] (AWS Security Blog)

More than $4 billion in cybercrime losses reported to FBI in 2020

American victims reported $4.2 billion in losses as a result of cybercrime and internet fraud to the FBI in 2020, a roughly 20% uptick in the money known to be lost to scammers in 2019, the bureau said in a new report.  The FBI’s Internet Crime Complaint Center, the organization through which U.S. citizens and businesses report financial losses from hackers, said in its annual report released Wednesday that it received an average of more than 2,000 complaints per day through 2020.  The uptick in crime reporting — the bureau says it received an average of 1,200 complaints per day in 2019 — is driven largely by business email compromise (BEC), ransomware attacks and widespread technology support scams, in which fraudsters impersonate customer support representatives from tech firms or financial institutions, only to dupe victims into sending wire transfers.  BEC scams were the cause of more than 19,000 complaints in […] The post More than $4 billion in cybercrime losses reported to FBI in 2020 appeared first on CyberScoop. (CyberScoop)

SolarWinds hackers stole Mimecast source code

Attackers behind the SolarWinds hacking campaign successfully stole Mimecast source code as part of their sweeping espionage operation, the email security firm said in an incident report published Tuesday. The hackers, which U.S. government officials suggested are “likely” Russian actors, “accessed and downloaded a limited number of our source code repositories, but we found no evidence of any modifications to our source code nor do we believe there was any impact on our products,” Mimecast said in the incident report. Mimecast added that it has replaced all compromised servers and that it has no reason to believe the hackers accessed email or archive content of customers. Mimecast had previously disclosed that the hackers compromised a security certificate the company used to secure connections. The latest revelation, which comes more than two months after its disclosure the certificate was compromised, now underscores just how long it may take to get a […] The post SolarWinds hackers stole Mimecast source code appeared first on CyberScoop. (CyberScoop)

New global model needed to dismantle ransomware gangs, experts warn

Ransomware gangs are making a killing — they’re encrypting data at schools and hospitals around the world at an alarming rate, and they’re raking in hundreds of millions of dollars’ worth doing it, by some counts. But it doesn’t have to be that way. Security experts and former diplomats are in the early stages of urging governments to work together to create a different kind of world — one with fewer examples of hackers taking data hostage or knocking organizations offline to demand ransoms or extortion fees, and one in which hackers are held accountable for targeting vulnerable organizations. Government officials increasingly have been working together to tamp down on malicious cyber activity in recent years, as evidenced by a European Union sanctions regime focused on hacking rolled out in the past year, and a 2015 agreement among United Nations members that cyberattacks intended to damage critical infrastructure are off limits. […] The post New global model needed to dismantle ransomware gangs, experts warn appeared first on CyberScoop. (CyberScoop)

Serious Security: The Linux kernel bugs that surfaced after 15 years

Anyone could have found these bugs, but everyone assumed someone would, and in the end, no one did. (Until now.) (Naked Security)

Bitcoin scammer who hacked celeb Twitter accounts gets 3 years

Youngster behind blue-flag Twitter hack of Elon Musk, Bill Gates, Apple Inc. and many others will do three years in prison. (Naked Security)

Mimecast Says SolarWinds Hackers Breached Its Network And Spied On Its Customers

(News ≈ Packet Storm)

Teen Mastermind Pleads Guilty To Celeb Twitter Hack

(News ≈ Packet Storm)

Exchange Cyberattacks Escalate As Microsoft Rolls One-Click Fix

(News ≈ Packet Storm)

Adobe Forces Takedown Of Tweet Linking To 27-Year-Old Product

(News ≈ Packet Storm)

Flaws in Two Popular WordPress Plugins Affect Over 7 Million Websites

Researchers have disclosed vulnerabilities in multiple WordPress plugins that, if successfully exploited, could allow an attacker to run arbitrary code and take over a website in certain scenarios. The flaws were uncovered in Elementor, a website builder plugin used on more than seven million sites, and WP Super Cache, a tool used to serve cached pages of a WordPress site. According to Wordfence (The Hacker News)

Mimecast Finds SolarWinds Hackers Stole Some of Its Source Code

Email security firm Mimecast on Tuesday revealed that the state-sponsored SolarWinds hackers who broke into its internal network also downloaded source code out of a limited number of repositories. "The threat actor did access a subset of email addresses and other contact information and hashed and salted credentials," the company said in a write-up detailing its investigation, adding the (The Hacker News)

[Webinar] Oy Vey, We Hired a Large, Hairy Hacker…

It's not every day that one of the best-known independent cybersecurity individuals joins a cybersecurity company. The two are generally on opposite sides of the coin, with little crossover. After all, they're usually concerned with different parts of the cybersecurity puzzle – one providing platforms and tools to defend organizations, the other keeping them accountable and looking for blind (The Hacker News)

18-Year-Old Hacker Gets 3 Years in Prison for Massive Twitter 'Bitcoin Scam' Hack

A Florida teen accused of masterminding the hacks of several high-profile Twitter accounts last summer as part of a widespread cryptocurrency scam pled guilty to fraud charges in exchange for a three-year prison sentence. Graham Ivan Clark, 18, will also serve an additional three years on probation. The development comes after the U.S. Department of Justice (DoJ) charged Mason Sheppard (aka (The Hacker News)

Apple May Start Delivering Security Patches Separately From Other OS Updates

Apple may be changing the way it delivers security patches to its devices running iOS and iPadOS mobile operating systems. According to code spotted in iOS 14.5, the iPhone maker is reportedly working on a method for delivering security fixes independently of other OS updates. The changes were first reported by the 9to5Mac website. <!--adsense--> While Google's Android has had monthly security (The Hacker News)

New Mirai Variant and ZHtrap Botnet Malware Emerge in the Wild

Cybersecurity researchers on Monday disclosed a new wave of ongoing attacks exploiting multiple vulnerabilities to deploy new Mirai variants on internet connected devices. "Upon successful exploitation, the attackers try to download a malicious shell script, which contains further infection behaviors such as downloading and executing Mirai variants and brute-forcers," Palo Alto Networks' Unit 42 (The Hacker News)

CEO of Encrypted Chat Platform Indicted for Aiding Organised Criminals

The U.S. Department of Justice (DoJ) on Friday announced an indictment against Jean-Francois Eap, the CEO of encrypted messaging company Sky Global, and an associate for wilfully participating in a criminal enterprise to help international drug traffickers avoid law enforcement. Eap (also known as "888888") and Thomas Herdman, a former high-level distributor of Sky Global devices, have been (The Hacker News)

Cisco Plugs Security Hole in Small Business Routers

The Cisco security vulnerability exists in the RV132W ADSL2+ Wireless-N VPN Routers and RV134W VDSL2 Wireless-AC VPN Routers. (Threatpost)

Teen Behind Twitter Bit-Con Breach Cuts Plea Deal

The ‘young mastermind’ of the Twitter hack will serve three years in juvenile detention.  (Threatpost)

$4,000 COVID-19 ‘Relief Checks’ Cloak Dridex Malware

The American Rescue Act is the latest zeitgeisty lure being circulated in an email campaign. (Threatpost)

Mimecast: SolarWinds Attackers Stole Source Code

A new Mimecast update reveals the SolarWinds hackers accessed several "limited" source code repositories. (Threatpost)

State-sponsored Threat Groups Target Telcos, Steal 5G Secrets

Researchers say China-linked APTs lure victims with bogus Huawei career pages in what they dub ‘Operation Diànxùn’. (Threatpost)

16-03-202118-03-2021

/security-daily/ 18-03-2021 23:44:24