16-05-202118-05-2021

Security daily (17-05-2021)

Spring 2021 SOC 2 Type I Privacy report now available

Your privacy considerations are at the core of our compliance work at Amazon Web Services, and we are focused on the protection of your content while using AWS. Our Spring 2021 SOC 2 Type I Privacy report is now available to demonstrate our privacy compliance commitment to you. The Spring 2021 SOC 2 Type I […] (AWS Security Blog)

Market for software exploits is often focused on Microsoft flaws, years-old technology

Every month Microsoft releases software updates to fix vulnerabilities across the company’s vast line of technology products. The ritual, known as Patch Tuesday, often involves security experts urging users to update their software, and researchers gaining some public recognition after months of quietly working to mitigate the flaws. A new study from antivirus vendor Trend Micro found that cybercriminal forums continue to advertise exploits for a vulnerability years after a patch has been released, though, with sellers adjusting prices to market demand and bundling multiple old exploits together to maximize profits. The study, which spanned nearly two years and numerous illicit marketplaces, found that nearly half of the software exploits requested on forums were for vulnerabilities that were at least three years old. The demand for exploits is also catered to the popularity of software: Microsoft products accounted for 47% of the exploits that forum users requested, according to Trend […] The post Market for software exploits is often focused on Microsoft flaws, years-old technology appeared first on CyberScoop. (CyberScoop)

Ransomware strikes AXA shortly after insurer announces it will stop covering extortion fees

Ransomware gangs have now struck two cybersecurity insurers in as many months, with AXA confirming over the weekend that an attack had affected its Asian operations. AXA joins CNA Insurance, which in April confirmed that a ransomware incident had forced the company to take its operations offline. The attack on AXA, though, comes shortly after the French insurer said it would no longer reimburse ransomware payments under new policies it writes in that country, although a source familiar with the attack said there was no connection between AXA’s decision and the attack on its own networks. The so-called Avaddon ransomware operators posted screenshots of information online that they said they obtained from AXA’s Asia Assistance subsidiary. The screenshots include a claim that the operators stole three terabytes of data, such as customer medical reports and claims, customer IDs and bank account papers, payments to customers and other health information. “Asia […] The post Ransomware strikes AXA shortly after insurer announces it will stop covering extortion fees appeared first on CyberScoop. (CyberScoop)

Irish Prime Minister says government won't pay ransom after hack forces hospitals to alter services

Ireland’s public health care system on Friday shut down its IT systems in response to what it called a “criminal ransomware attack.” Emergency departments have continued to operate normally, but health officials said in a statement Monday that they were working to get computer systems supporting maternity, infant care and radiology back online. The ransomware intrusion at Ireland’s Health Service Executive (HSE), the $25 billion public health system, has forced hospitals in various parts of Ireland to alter their services. In some cases, hospital staffers say they have been in touch with pregnant women and encouraged them to not come to the hospital unless they are near their due date. Irish Prime Minister Micheál Martin has said the government will not pay a ransom. 'We're very clear we will not be paying any ransom or engaging in any of that sort of stuff' Taoiseach @MichealMartinTD says of the ransomware attack […] The post Irish Prime Minister says government won't pay ransom after hack forces hospitals to alter services appeared first on CyberScoop. (CyberScoop)

“Those aren’t my kids!” – Eufy camera owners report video mixups

Hey, that's not my kitchen! Those aren't my kids! And that dreadful wallpaper's certainly not mine! (Naked Security)

RevengeRAT And AysncRAT Target Aerospace And Travel Sectors

(News ≈ Packet Storm)

Ireland Won't Pay Ransom For Attack On Health Service

(News ≈ Packet Storm)

How Apple's AirTag Turns Us Into Unwitting Spies

(News ≈ Packet Storm)

DarkSide Suffers Server Shutdowns

(News ≈ Packet Storm)

Object Injection Vulnerability Affects WordPress Versions 3.7 to 5.7.1

If you haven’t updated your WordPress website since October 2013, this wouldn’t affect you, but we strongly hope that is not the case! There’s a new object injection vulnerability which affects WordPress versions 3.7 to 5.7.1. Be sure to get updated to 5.7.2 as soon as possible! According to WPScan, the new object injection vulnerability is due to versions of PHPMailer library between 6.1.8 and 6.4.0. The original CVE can be found here. Continue reading Object Injection Vulnerability Affects WordPress Versions 3.7 to 5.7.1 at Sucuri Blog. (Sucuri Blog)

Why Password Hygiene Needs a Reboot

In today's digital world, password security is more important than ever. While biometrics, one-time passwords (OTP), and other emerging forms of authentication are often touted as replacements to the traditional password, today, this concept is more marketing hype than anything else. But just because passwords aren't going anywhere anytime soon doesn't mean that organizations don’t need to (The Hacker News)

Experts Warn About Ongoing AutoHotkey-Based Malware Attacks

Cybersecurity researchers have uncovered an ongoing malware campaign that heavily relies on AutoHotkey (AHK) scripting language to deliver multiple remote access trojans (RAT) such as Revenge RAT, LimeRAT, AsyncRAT, Houdini, and Vjw0rm on target Windows systems. At least four different versions of the campaign have been spotted starting February 2021, according to researchers from Morphisec Labs (The Hacker News)

Magecart Goes Server-Side in Latest Tactics Changeup

The latest Magecart iteration is finding success with a new PHP web shell skimmer. (Threatpost)

What a Year It’s Been: RSA 2021 Embraces ‘Resilience’

Keynoters from Cisco, Netflix and RSA highlighted lessons from the last year, and cybersecurity's new mandate in the post-pandemic world: Bounce back stronger. (Threatpost)

DarkSide Hits Toshiba; XSS Forum Bans Ransomware

The criminal forum washed its hands of ransomware after DarkSide's pipeline attack & alleged shutdown: A "loss of servers" that didn't stop another attack. (Threatpost)

Bizarro Banking Trojan Sports Sophisticated Backdoor

The advanced Brazilian malware has gone global, harvesting bank logins from Android mobile users. (Threatpost)

CISOs Struggle to Cope with Mounting Job Stress

Pandemic and evolving IT demands are having a major, negative impact on CISOs' mental health, a survey found. (Threatpost)

16-05-202118-05-2021

/security-daily/ 18-05-2021 23:44:23