Security daily (17-12-2020)

2020 ISO certificates are here, with a new Region and increased in-scope services

Amazon Web Services (AWS) successfully completed the surveillance audits with no findings for ISO 9001, 27001, 27017, or 27018. Ernst and Young Certify Point auditors reissued the certificates on November 6, 2020. The certificates validate ISO compliance of our Information Security Management System from the perspective of third-party auditors. We included 9 additional AWS services […] (AWS Security Blog)

138 AWS services achieve CSA STAR Level 2 certification

We’re excited to announce that Amazon Web Services (AWS) has achieved Cloud Security Alliance (CSA) Security Trust Assurance and Risk (STAR) Level 2 certification with no findings. CSA STAR Level 2 certification is a rigorous third-party independent assessment of the security of a cloud service provider. The certification demonstrates that a cloud service provider conforms […] (AWS Security Blog)

AWS extends its TISAX scope to cover the London and Paris Regions

We’re excited to announce the completion of Trusted Information Security Assessment Exchange (TISAX) certification on December 08, 2020 for the London and Paris regions. These regions were assessed at the HIGH protection level (AL 2) for the control domains Information Handling and Data Protection, according to article 28 (“Processor”) of the European General Data Protection […] (AWS Security Blog)

Energy Department finds SolarWinds-related malware on IT networks, says critical systems unaffected

The Department of Energy on Thursday said it had found malicious software related to the breach of contractor SolarWinds on the department’s IT networks, making it the latest federal agency to be swept up in a hacking campaign reportedly tied to Russia. “At this point, the investigation has found that the malware has been isolated to business networks only, and has not impacted the mission essential national security functions of the Department, including the National Nuclear Security Administration,” Department of Energy spokeswoman Shaylyn Hynes said in a statement. DOE joins a growing list of federal agencies, including the departments of Homeland Security and Treasury, that have been reportedly breached in the hacking campaign. The cyber activity, which The Washington Post reported is connected to a Russian intelligence service, has involved using tampered software from Austin-based SolarWinds, to gain persistence access to victim networks. SolarWinds’ software is also widely used in […] The post Energy Department finds SolarWinds-related malware on IT networks, says critical systems unaffected appeared first on CyberScoop. (CyberScoop)

A ‘coordinated police’ action against the Joker’s Stash took a small domain offline

An ongoing law enforcement operation has disrupted aspects of a leading website where internet scammers frequently buy and sell stolen data, according to the site’s administrators and multiple sources with visibility into the site.  A message posted Thursday on a forum at the Joker’s Stash, a marketplace where members have previously listed millions of payment cards stolen from U.S. restaurant chains, notifies members that “these bastards busted” an “external proxy server” connected to a section of the site. Other aspects of Joker’s Stash remained functioning normally at press time Thursday, though one researcher suggested the action represented a kind of warning to the site that has facilitated fraud since at least 2015.  “This relates to a coordinated police operational activity that is ongoing, and at this time we are not in a position to comment,” Interpol, the inter-governmental law enforcement organization based in France, said in an email. The affected […] The post A ‘coordinated police’ action against the Joker’s Stash took a small domain offline appeared first on CyberScoop. (CyberScoop)

How the US military used a creepy island to test cyberattacks on the grid — in the middle of a pandemic

The U.S. government officials trying to test the country’s ability to respond to a major cyberattack thought they had pulled out all the stops. Engineers had planned to simulate the kind of security incident that would cause an electrical blackout, after all, and had even planned to hold the event on an isolated island off the coast of New York. Even with all that preparation, a once-in-a-century pandemic still wasn’t in the script. Until this year, National Guard personnel, Pentagon contractors and engineers at big U.S. utilities would typically gather in person to run through exercises involving dire scenarios, from a weeks-long power outage to a mock attack on utility computers that appeared to delete data. In October, though, COVID-19 forced planners from the departments of Defense and Energy to figure out how to run the event virtually, with participants plugged in from around the country. And they used the […] The post How the US military used a creepy island to test cyberattacks on the grid — in the middle of a pandemic appeared first on CyberScoop. (CyberScoop)

Biden says he will 'elevate' cybersecurity as US hack investigation goes on

President-elect Joe Biden said on Thursday he has instructed his advisers to learn as much as possible about a hacking campaign that’s roiled the U.S. government, as the investigators warned that the suspected Russian effort represented a “grave risk.” In a statement, Biden pledged to “elevate cybersecurity as an imperative across the government,” following revelations about how hackers have exploited technology built by SolarWinds, a federal contractor, to worm their way into networks belonging to reported victims including the departments of Treasury, Commerce and Homeland Security. “Our adversaries should know that, as President, I will not stand idly by in the face of cyber assaults on our nation,” Biden said in a statement. The Department of Homeland Security also on Thursday released additional technical details on the hacking effort that the Washington Post has connected to a Russian intelligence agency, calling it a “grave risk” to federal and state networks […] The post Biden says he will 'elevate' cybersecurity as US hack investigation goes on appeared first on CyberScoop. (CyberScoop)

When zombie malware leads to big-money ransomware attacks

SophosLabs investigates SystemBC, a malware utility for launching fileless malware attacks, including big-money ransomware. (Naked Security)

S3 Ep11: DIY phishes, sandwich scams and vaccine hacking [Podcast]

Here's the latest podcast - listen now! (Naked Security)

Evil Mobile Emulator Farms Used To Steal Millions From Banks

(News ≈ Packet Storm)

Irish Data Regulator Defends Order To Halt Facebook Data Flow

(News ≈ Packet Storm)

People's Energy Data Breach Affects All 270,000 Customers

(News ≈ Packet Storm)

How Suspected Russian Hackers Outed Their Massive Cyberattack

(News ≈ Packet Storm)

The Dangers of Using Abandoned Plugins & Themes

It’s not very often that we see abandoned components being used on a website — but when we do, it’s most often because the website was exhibiting malware-like behavior and we were called to investigate and clean up the site. Old and abandoned plugins and themes are a good target for opportunistic attackers who are looking for any expired domains that might be used by those components. Once an attacker gets a hold of those domains, they’re able to distribute malware to any users that still have that resource installed on their site. Continue reading The Dangers of Using Abandoned Plugins & Themes at Sucuri Blog. (Sucuri Blog)

How to Increase Your Security Posture with Fewer Resources

Plixer's Justin Jett, Compliance & Audit director, discusses how to prioritize when your security resources are thin. (Threatpost)

Nuclear Weapons Agency Hacked in Widening Cyberattack

The DoE suffered "damage" in the attack, which also likely extends beyond the initially known SolarWinds Orion attack vector. (Threatpost)

5M WordPress Sites Running ‘Contact Form 7’ Plugin Open to Attack

A critical unrestricted file upload bug in Contact Form 7 allows an unauthenticated visitor to take over a site running the plugin. (Threatpost)

Police Vouch for Hacker Who Guessed Trump’s Twitter Password

No charges for Dutch ethical hacker Victor Gevers who prosecutors say did actually access Trump’s Twitter account by guessing his password, “MAGA2020!” last October. (Threatpost)

Air-Gap Attack Turns Memory Modules into Wi-Fi Radios

Attack turns SDRAM buses into a Wi-Fi radio to leak data from air-gapped computers. (Threatpost)


/security-daily/ 18-12-2020 23:44:24