Security daily (17-11-2020)

Centrally manage AWS WAF (API v2) and AWS Managed Rules at scale with Firewall Manager

Since AWS Firewall Manager was introduced in 2018, it has evolved with many more features and today also supports the newest version of AWS WAF, as well as the latest AWS WAF APIs (AWS WAFV2), and AWS Managed Rules for AWS WAF. (Note that the original AWS WAF APIs are still available and supported under […] (AWS Security Blog)

120 AWS services achieve HITRUST certification

We’re excited to announce that 120 Amazon Web Services (AWS) services are certified for the HITRUST Common Security Framework (CSF) for the 2020 cycle. The full list of AWS services that were audited by a third-party assessor and certified under HITRUST CSF is available on our Services in Scope by Compliance Program page. You can […] (AWS Security Blog)

Symantec implicates APT10 in sweeping hacking campaign against Japanese firms

A Chinese government-linked hacking group whose operatives have been indicted by the U.S. and sanctioned by the European Union is suspected in a year-long effort to steal sensitive data from numerous Japanese companies and their subsidiaries, security researchers said Tuesday. The attackers, known as APT10 or Cicada, have been burrowing into the networks of companies in the automotive, pharmaceutical and engineering sectors, according to researchers from antivirus provider Symantec. They have sometimes lingered for months before trying to extract data and have targeted domain controllers, the servers that act as gatekeepers for organizations’ network traffic. While Symantec did not identify specific targets, the company said many of the organizations have links to Japan, or Japanese companies. China and Japan are, respectively, the second and third biggest economies in the world. The two Asian countries have long had territorial disputes, and Japanese organizations have been a frequent target of alleged Chinese cyber-espionage. […] The post Symantec implicates APT10 in sweeping hacking campaign against Japanese firms appeared first on CyberScoop. (CyberScoop)

Microsoft's new 'Pluton' security processor gets buy-in from Intel, AMD

Microsoft and three major computing vendors — AMD, Intel and Qualcomm Technologies — on Tuesday said they would produce security chips designed to keep attackers from stealing critical data such as encryption keys and credentials from computing systems. The goal is to guard against a relatively new breed of attack techniques, made famous by the 2018 Spectre and Meltdown vulnerabilities, that pry data from a computer’s most sensitive enclaves. To do this, Microsoft said it will store critical data on the chip itself, isolating it from the rest of the system. Advocates of the new security chip, known as Pluton, say it will cut off a key vector for data-stealing attacks: a communication channel between a computing system’s central processing unit (CPU) and another piece of hardware known as the trusted platform module (TPM). In one example of that type of attack, researchers from security company NCC Group in 2018 […] The post Microsoft's new 'Pluton' security processor gets buy-in from Intel, AMD appeared first on CyberScoop. (CyberScoop)

FIN7 recruiter Andrii Kolpakov pleads guilty to role in global hacking scheme

One of the ringleaders of FIN7, a global hacking crew accused of stealing more than $1 billion by posing as a cybersecurity vendor, has admitted his role in the scheme. Andrii Kolpakov pleaded guilty on Monday to conspiracy to commit wire and bank fraud and conspiracy to commit computer hacking as part of his involvement with FIN7. U.S. prosecutors had accused Kolpakov, a Ukrainian national, of working as a manager and recruiter for the crew, a role in which he hired and supervised computer specialists who spent their days stealing payment card information from dozens of companies, including Chipotle, Red Robin and Sonic Drive-In. “During the course of the scheme, [Kolpakov] received compensation for his participation in FIN7, which far exceeds comparable legitimate employment in Ukraine,” the plea deal notes. “For the purposes of this plea agreement, the parties agree that — during [Kolpakov’s] participation in the malware scheme — […] The post FIN7 recruiter Andrii Kolpakov pleads guilty to role in global hacking scheme appeared first on CyberScoop. (CyberScoop)

Sneaky recon on roster of AWS users is possible, Unit 42 says

Knowing exactly who manages a certain cloud service can be valuable information for malicious hackers, and a cybersecurity company says it has found that kind of weakness in products run by one of the biggest cloud providers. More than 20 application programming interfaces (APIs) associated with 16 Amazon Web Services products can be abused to give up basic information about users and their roles, according to Unit 42, the research arm of cybersecurity giant Palo Alto Networks. “A malicious actor may obtain the roster of an account, learn the organization’s internal structure” and then perhaps “launch targeted attacks against individuals,” Unit 42 researcher Jay Chen says in a report released Tuesday morning. Palo Alto Networks says AWS gave permission to release the research. The problem is within a feature that validates “resource-based policies” for things like the commonly used Amazon Simple Storage Service (S3), Unit 42 says. A resource-based policy is basically a […] The post Sneaky recon on roster of AWS users is possible, Unit 42 says appeared first on CyberScoop. (CyberScoop)

Researchers Warn Of Risks With Tesla Backup Gateway

(News ≈ Packet Storm)

Firefox 83 Released With HTTPS-Only Mode

(News ≈ Packet Storm)

Mudge Has Been Named Twitter's Security Chief

(News ≈ Packet Storm)

After Trump Tweets Defcon Hacking Video, Voting Security Experts Call BS

(News ≈ Packet Storm)

Evasive Maneuvers in Data Stealing Gateways

We have already shared examples of many kinds of malware that rely on an external gateway to receive or return data, such as different malware payloads. During a recent investigation, we came across this example of a PHP script that attackers use for many different purposes. What makes the sample interesting is that alongside this PHP, we also found a few data-stealing scripts indicating that the code might have been used to send sensitive data to the attackers. Continue reading Evasive Maneuvers in Data Stealing Gateways at Sucuri Blog. (Sucuri Blog)

Multiple Industrial Control System Vendors Warn of Critical Bugs

Four industrial control system vendors each announced vulnerabilities that ranged from critical to high-severity. (Threatpost)

Defining Security Policies to Manage Remote Insider Threats

This is the time to define the new normal; having well-defined policies in place will help businesses maintain its security posture while bolstering the security of the ever-increasing work-from-home population. (Threatpost)

ThreatList: Pharma Mobile Phishing Attacks Turn to Malware

After the breakout of the COVID-19 pandemic, mobile phishing attacks targeting pharmaceutical companies have shifted their focus from credential theft to malware delivery. (Threatpost)

COVID-19 Antigen Firm Hit by Malware Attack

Global biotech firm Miltenyi, which supplies key components necessary for COVID-19 treatment research, has been battling a malware attack. (Threatpost)

Zoom Takes on Zoom-Bombers Following FTC Settlement

The videoconferencing giant has upped the ante on cybersecurity with three fresh disruption controls. (Threatpost)


/security-daily/ 18-11-2020 23:44:23