Security daily (17-09-2020)

How Security Operation Centers can use Amazon GuardDuty to detect malicious behavior

The Security Operations Center (SOC) has a tough job. As customers modernize and shift to cloud architectures, the ability to monitor, detect, and respond to risks poses different challenges. In this post we address how Amazon GuardDuty can address some common concerns of the SOC regarding the number of security tools and the overhead to […] (AWS Security Blog)

044| 2020 in Cyber Threats, So Far: COVID-19's Effects, Ransomware's Latest Tricks

It's a year like none we've ever experienced. COVID-19's effects have reverberated around the world, and around cyberspace. What's been happening in the threat landscape while we were all preoccupied with the pandemic? How have cyber attackers adapted to the new normal, and how are they exploiting COVID-19? Christine Bejerasco and Calvin Gan, of F-Secure's Tactical Defense Unit, join us to discuss. In this episode: How threat actors are taking advantage of remote work; email and phishing threats; infostealers that profile company networks; and why a ransomware infection may be just the tip of the iceberg. Links: Episode 44 transcript F-Secure report: Attack Landscape H1 2020 (Cyber Security Sauna)

Co-founder of cyber fraud prevention startup arrested for alleged fraud

The co-founder of a cyber fraud prevention company was arrested Thursday and charged with leading an alleged scheme to trick investors into sinking hundreds of millions of dollars into the startup, the Department of Justice and the Securities and Exchange Commission (SEC) announced Thursday. Investors were shown falsified financial documents as part of the pitch for the software-as-a-service provider, Las Vegas-based NS8, the SEC and FBI said. Adam Rogas, the co-founder and former CEO of the startup, touted bank statements showing payments from NS8 customers that never happened, according to the SEC. “As alleged in our complaint, Rogas falsely presented NS8 as a successful business by fabricating revenue figures and providing them to investors,” said Kurt L. Gottschall, Director of the SEC’s Denver Regional Office. “Investors are entitled to accurate information about a company’s financial condition and the SEC is committed to holding accountable corporate executives who deceive investors.” Rogas is also alleged to have pocketed at least […] The post Co-founder of cyber fraud prevention startup arrested for alleged fraud appeared first on CyberScoop. (CyberScoop)

US charges alleged Iranian hackers with scheme to steal aerospace, satellite data

The Department of Justice on Thursday unsealed an indictment charging three Iranian men in connection with a scheme to steal critical data from U.S. aerospace and satellite companies — the latest in a string of U.S. charges against suspected Iranian hackers. U.S. prosecutors accused the three men of “engaging in a coordinated campaign of identity theft and hacking” on behalf of Iran’s Islamic Revolutionary Guard Corps. The scheme allegedly spanned more than three years, through February 2019, and a target list of over 1,8000 online accounts comprising aerospace and satellite companies and government organizations, from the U.S. to the United Kingdom to Israel. Said Pourkarim Arabi, 34, Mohammad Reza Espargham, 25, and Mohammad Bayati, 34, allegedly impersonated Americans working in the aerospace and satellite industries by registering email addresses in their names and then sending other people in those industries spearphishing emails. With access to a target computer, the men allegedly used other hacking […] The post US charges alleged Iranian hackers with scheme to steal aerospace, satellite data appeared first on CyberScoop. (CyberScoop)

The Interior Department OIG clearly had some fun hacking the agency’s Wi-Fi networks

While multibillion-dollar companies hire expensive outside experts to conduct elaborate mock-raids on their networks, federal agencies tend to rely on their inspectors general for that. But a new report from the Department of Interior’s watchdog would make any crack team of corporate security-testers proud. To test the hundreds of wireless security networks at the DOI, inspector general (IG) investigators surreptitiously used cheap hacking tools from publicly accessible areas to intercept and decrypt communications in multiple bureaus at the sprawling department. They found systematic weakness in the department’s security that a malicious hacker could have exploited to steal data. “The department’s failure to securely configure wireless networks has put its wireless and internal networks at high risk of compromise,” IG investigators said in a report published Wednesday. The IG’s mock attacks — which weren’t noticed by either physical security guards or IT staff — were “highly successful,” the watchdog said. In one instance, […] The post The Interior Department OIG clearly had some fun hacking the agency’s Wi-Fi networks appeared first on CyberScoop. (CyberScoop)

Zerologon – hacking Windows servers with a bunch of zeros

Cryptography is hard. And cryptographic blunders can be hard to spot. This one was there for years... (Naked Security)

Game Firms Targeted As Part Of Global Hacking Plot

(News ≈ Packet Storm)

Tony Abbott Hacked After Posting Boarding Pass On Instagram

(News ≈ Packet Storm)

North Korean And Russian Cybercriminals Are Cooperating

(News ≈ Packet Storm)

Hackers Are Launching Fresh Attacks Against Universities

(News ≈ Packet Storm)

Zenscrape: A Simple Web Scraping Solution for Penetration Testers

Did you ever try extracting any information from any website? Well, if you have then you have surely enacted web scraping functions without even knowing it!

To put in simpler terms, Web scraping, or also known as web data extraction, is the process of recouping or sweeping data from web-pages. It is a much faster and easier process of retrieving data without undergoing the time-consuming (The Hacker News)

U.S. Announces Charges Against 2 Russian and 2 Iranian Hackers

Immediately after revealing criminal charges against 5 Chinese and 2 Malaysian hackers, the United States government yesterday also made two separate announcements charging two Iranian and two Russian hackers and added them to the FBI's most-wanted list. The two Russian nationals—Danil Potekhin and Dmitrii Karasavidi—are accused of stealing $16.8 million worth of cryptocurrencies in a series of (The Hacker News)

FBI adds 5 Chinese APT41 hackers to its Cyber's Most Wanted List

The United States government today announced charges against 5 alleged members of a Chinese state-sponsored hacking group and 2 Malaysian hackers that are responsible for hacking more than 100 companies throughout the world.

Named as APT41 and also known as 'Barium,' 'Winnti, 'Wicked Panda,' and 'Wicked Spider,' the cyber-espionage group has been operating since at least 2012 and is not just (The Hacker News)

Mozi Botnet Accounts for Majority of IoT Traffic

Mozi’s spike comes amid a huge increase in overall IoT botnet activity. (Threatpost)

Apple Bug Allows Code Execution on iPhone, iPad, iPod

Release of iOS 14 and iPadOS 14 brings fixes 11 bugs, some rated high-severity. (Threatpost)

Google Play Bans Stalkerware and ‘Misrepresentation’

The official app store is taking on spy- and surveillance-ware, along with apps that could be used to mount political-influence campaigns. (Threatpost)

APT41 Operatives Indicted as Sophisticated Hacking Activity Continues

Five alleged members of the China-linked advanced threat group and two associates have been indicted by a Federal grand jury, on dozens of charges. (Threatpost)

California Elementary Kids Kicked Off Online Learning by Ransomware

The attack on the Newhall District in Valencia is part of a wave of ransomware attacks on the education sector, which shows no sign of dissipating. (Threatpost)


/security-daily/ 18-09-2020 23:44:24