16-09-202118-09-2021

Security daily (17-09-2021)

How to automate incident response to security events with AWS Systems Manager Incident Manager

Incident response is a core security capability for organizations to develop, and a core element in the AWS Cloud Adoption Framework (AWS CAF). Responding to security incidents quickly is important to minimize their impacts. Automating incident response helps you scale your capabilities, rapidly reduce the scope of compromised resources, and reduce repetitive work by your […] (AWS Security Blog)

Anonymous says it's leaking hacked data from Epik, a right-wing hosting service

Members of the umbrella hacking movement Anonymous say they leaked information about a range of fringe websites after breaching Epik, a web hosting provider and domain registrar service, marking the latest update in a generation of internet activism from the group. Anonymous claimed in a series of posts they have released 180 GB of information, amounting to “a decade’s worth of data” about Epik, which has made it possible for right-wing clients including the Republican Party of Texas, the social network Gab, the Twitter alternative Parler and the extremist site 8chan to remain online. Leaked data reportedly includes details about domain purchases and website registration information about apparent operators of websites that promote militant ideologies. Epik has denied any awareness of a breach, and said it is investigating the claims. The news, first reported Sept. 13 by Steven Monacelli, represents the latest example of Anonymous — made up of self-professed […] The post Anonymous says it's leaking hacked data from Epik, a right-wing hosting service appeared first on CyberScoop. (CyberScoop)

Cryptocurrency Launchpad Hit By $3 Million Supply Chain Attack

(News ≈ Packet Storm)

Telegram Emerges As New Dark Web For Cyber Criminals

(News ≈ Packet Storm)

Tesla To Work With Global Regulators On Data Security

(News ≈ Packet Storm)

Microsoft MSHTML Flaw Exploited By Ryuk Ransomware Gang

(News ≈ Packet Storm)

New Malware Targets Windows Subsystem for Linux to Evade Detection

A number of malicious samples have been created for the Windows Subsystem for Linux (WSL) with the goal of compromising Windows machines, highlighting a sneaky method that allows the operators to stay under the radar and thwart detection by popular anti-malware engines. The "distinct tradecraft" marks the first instance where a threat actor has been found abusing WSL to install subsequent (The Hacker News)

Malware Attack on Aviation Sector Uncovered After Going Unnoticed for 2 Years

A targeted phishing campaign aimed at the aviation industry for two years may be spearheaded by a threat actor operating out of Nigeria, highlighting how attackers can carry out small-scale cyber offensives for extended periods of time while staying under the radar. Cisco Talos dubbed the malware attacks "Operation Layover," building on previous research from the Microsoft Security Intelligence (The Hacker News)

Critical Flaws Discovered in Azure App That Microsoft Secretly Installs on Linux VMs

Microsoft on Tuesday addressed a quartet of security flaws as part of its Patch Tuesday updates that could be abused by adversaries to target Azure cloud customers and elevate privileges as well as allow for remote takeover of vulnerable systems. The list of flaws, collectively called OMIGOD by researchers from Wiz, affect a little-known software agent called Open Management Infrastructure (The Hacker News)

Porn Problem: Adult Ads Persist on US Gov’t, Military Sites

Cities, states, federal and military agencies should patch the Laserfiche CMS post-haste, said the security researcher whose jaw dropped at 50 sites hosting porn and Viagra spam. (Threatpost)

Ditch the Alert Cannon: Modernizing IDS is a Security Must-Do

Jeff Costlow, CISO at ExtraHop, makes the case for implementing next-gen intrusion-detection systems (NG-IDS) and retiring those noisy 90s compliance platforms. (Threatpost)

AT&T Phone-Unlocking Malware Ring Costs Carrier $200M

With the help of malicious insiders, a fraudster was able to install malware and remotely divorce iPhones and other handsets from the carrier's U.S. network -- all the way from Pakistan. (Threatpost)

Microsoft MSHTML Flaw Exploited by Ryuk Ransomware Gang

Microsoft and RiskIQ researchers have identified several campaigns using the recently patched zero-day, reiterating a call for organizations to update affected systems. (Threatpost)

16-09-202118-09-2021

/security-daily/ 18-09-2021 23:44:21