Security daily (17-08-2020)

How to use AWS RAM to share your ACM Private CA cross-account

In this post, I use the new Cross-Account feature of AWS Certificate Manager (ACM) Private Certificate Authority (CA) to create a CA in one account and then use ACM in a second account to issue a private certificate that automatically renews the following year. This newly available workflow expands the usability of ACM Private CA […] (AWS Security Blog)

Cruise operator Carnival hit by ransomware

Carnival, the world’s biggest cruise line operator, suffered a ransomware attack on Saturday that exposed personal data on customers and employees, the company said in a Securities and Exchange Commission filing. The intrusion, which hit the IT system of one of Carnival’s brands, led to a portion of the network being encrypted and some data being downloaded, the company said. Legal or regulatory action could follow; Carnival raised the possibility of claims from “guests, employees, shareholders or regulatory agencies” because of the incident. Carnival said it had hired “industry-leading” security firms to recover from the attack and it had notified law enforcement officials of the incident. The cruise line giant did not identify who was responsible for the ransomware attack. In search of payouts to keep business humming, ransomware gangs have targeted companies in just about every sector. Bleeping Computer was first to report on the incident at Carnival. The post Cruise operator Carnival hit by ransomware appeared first on CyberScoop. (CyberScoop)

How a new federal policy for telling election officials about cyber-intrusions got put to use

In early 2020, federal officials changed how they communicated with states about cyber-intrusions affecting election infrastructure. The Department of Homeland Security’s cybersecurity agency and the FBI would now inform senior state officials, and not just IT personnel, of election-related hacking incidents in a given state. Some state officials, who had criticized the federal government for being too slow and not specific enough in sharing data on Russian hacking in 2016, welcomed the new policy as another guardrail against foreign interference in 2020. And in March, at the height of the primary season, the policy was put into action. An unidentified hacker spoofed the email account of a voting-equipment vendor and sent a phishing email to a local election official in Missouri, according to multiple people familiar with the incident who spoke on the condition of anonymity. The official took the bait — a document purporting to be an “election funding report” but which really redirected the official to […] The post How a new federal policy for telling election officials about cyber-intrusions got put to use appeared first on CyberScoop. (CyberScoop)

Trump administration expands economic restrictions on Huawei

The U.S. Department of Commerce announced Monday it was taking several steps to further restrict Huawei’s ability to acquire electronic components developed using U.S. technology. As part of its actions, the department is adding 38 Huawei affiliates around the world to the U.S. government’s economic black list, which will make it difficult for Huawei to obtain semiconductors — even those produced outside of the U.S. — without a U.S. stamp of approval. The additional restrictions build on earlier limitations the Trump administration issued in May, when it aimed to reduce Huawei’s ability to purchase semiconductors produced with U.S. technologies. The move to expand the list comes as the Trump administration is becoming increasingly successful in its efforts to marshal U.S. allies to block Huawei’s operations in their countries, over concerns the company could work with the Chinese government on government spying objectives. Huawei has denied it spies on customers at the behest of […] The post Trump administration expands economic restrictions on Huawei appeared first on CyberScoop. (CyberScoop)

Monday review – catch up on our latest articles and videos

Our recent articles and videos, all in one place. (Naked Security)

How to Crack Password-Protected ZIP Files, PDFs & More with Zydra

Everybody knows not to store sensitive information in unencrypted files, right? PDFs and ZIP files can often contain a treasure trove of information, such as network diagrams, IP addresses, and login credentials. Sometimes, even certain files that are encrypted aren't safe from attackers. That's where Zydra comes in — a tool for cracking RAR files, ZIP files, PDF files, and Linux shadow files.

How Are These Files Encrypted?

Depending on the program used and its version, these sorts of files could be password protected using various encryption algorithms.

For example, the Linux command line... more (Null Byte « WonderHowTo)

ISIS Allegedly Ran A COVID-19 PPE Scam Site

(News ≈ Packet Storm)

The Algorithms That Make Big Decisions About Your Life

(News ≈ Packet Storm)

Huawei Ban Timeline: US Commerce Department Tightens Company's Access To Chips

(News ≈ Packet Storm)

Hackers Change Their Targets With Surprise Linux Malware

(News ≈ Packet Storm)

Researchers Exploited A Bug in Emotet to Stop the Spread of Malware

Emotet, a notorious email-based malware behind several botnet-driven spam campaigns and ransomware attacks, contained a flaw that allowed cybersecurity researchers to activate a kill-switch and prevent the malware from infecting systems for six months.

"Most of the vulnerabilities and exploits that you read about are good news for attackers and bad news for the rest of us," Binary Defense's (The Hacker News)

How AppTrana Managed Cloud WAF Tackles Evolving Attacking Techniques

Web applications suffer continuously evolving attacks, where a web application firewall (WAF) is the first line of defense and a necessary part of organizations' cybersecurity strategies.

WAFs are getting more sophisticated all the time, but as its core protection starts with efficient pattern matching, typically using Regular Expressions, and classifying malicious traffic to block cyber (The Hacker News)

‘EmoCrash’ Exploit Stoppered Emotet For 6 Months

A researcher developed a killswitch exploiting a buffer overflow in Emotet - preventing the malware from infecting systems for six months. (Threatpost)

Jack Daniels, Ritz London Face Cyberattacks

The REvil ransomware and savvy phone scammers have exposed sensitive information. (Threatpost)

Cyberattacks Hit Thousands of Canadian Tax, Benefit Accounts

The Canada Revenue Agency (CRA) suspended online services after accounts were hit in a third wave of credential stuffing attacks this weekend - giving bad actors access to various government services. (Threatpost)


/security-daily/ 18-08-2020 23:44:26