17-02-202119-02-2021

Security daily (18-02-2021)

How to continuously audit and limit security groups with AWS Firewall Manager

At AWS re:Invent 2019 and in a subsequent blog post, Stephen Schmidt, Chief Information Security Officer for Amazon Web Services (AWS), laid out the top 10 security items that AWS customers should pay special attention to if they want to improve their security posture. High on the list is the need to manage your network […] (AWS Security Blog)

AWS and EU data transfers: strengthened commitments to protect customer data

Last year we published a blog post describing how our customers can transfer personal data in compliance with both GDPR and the new “Schrems II” ruling. In that post, we set out some of the robust and comprehensive measures that AWS takes to protect customers’ personal data. Today, we are announcing strengthened contractual commitments that […] (AWS Security Blog)

050| Getting the Most out of Infosec Conferences

Infosec conferences give cybersecurity professionals a chance to network, hear the latest research, exchange ideas, and demo hacks and new tools. But with so many conferences, how do you decide which ones to attend? How can you get the most out of your experience? Are they worth your time and money? What's it like to be a presenter, or even an organizer? Janne speaks to Noora Hammar, head of comms for the Nordic security event Disobey and vice-chairwoman for HelSec Association; and F-Secure's Tomi Tuominen, founder of the T2 infosec conference. Links: Episode 50 transcript Ghost in the Locks: Hotel Room Keys can be Hacked (Cyber Security Sauna)

Misinformation flooded Parler around Capitol insurrection, research finds

The overwhelming majority of news links shared on Parler in the days surrounding the Capitol insurrection last month were filled with misinformation, according to an analysis by NewsGuard and PeakMetrics. In all, 87% of news links shared on Parler around the Jan. 6 riots contained misinformation, the analysis published Wednesday concluded.  One of the most popular sites shared across the social networking platform was a site that appeared to be an American news outlet, called American Conservatives Today, but which actually was run from North Macedonia and plagiarized stories from The Gateway Pundit. The site, which was created in December of last year, spread lies that the voting equipment maker Dominion Voting Systems was switching votes from then-President Donald Trump to then-candidate Joe Biden. Other popular misinformation-based sites that spread falsehoods on Parler included a video website linked with Alex Jones, InfoWars.com’s founder, which spread lies that Biden was interested […] The post Misinformation flooded Parler around Capitol insurrection, research finds appeared first on CyberScoop. (CyberScoop)

S3 Ep20: Corporate megahacking, true love gone bad, and tax grabs [Podcast]

Latest episode, listen now! (Includes special gardening safety section at no extra charge!) (Naked Security)

US names three North Koreans in laundry list of cybercrime charges

Trio alleged to have been at it for more than a decade, and to have made off with well over a billion dollars. (Naked Security)

Masslogger Swipes Outlook, Google Chrome Credentials

(News ≈ Packet Storm)

ScamClub Cybergang Campaign Leveraged Safari Flaw

(News ≈ Packet Storm)

SolarWinds Attack Hit 100 Companies And Took Months Of Planning, Says White House

(News ≈ Packet Storm)

Three More North Korean Hackers Charged

(News ≈ Packet Storm)

Cybercriminal Enterprise ‘Ringleaders’ Stole $55M Via COVID-19 Fraud, Romance Scams

The Department of Justice (DoJ) cracked down on a Ghana-based cybercriminal enterprise behind a slew of romance scams, COVID-19 fraud attacks and business email compromise schemes since 2013. (Threatpost)

Apple Outlines 2021 Security, Privacy Roadmap

Latest Apple Platform Security update folds iOS, macOS and hardware into security 2021 roadmap. (Threatpost)

Kia Motors Hit With $20M Ransomware Attack – Report

DoppelPaymer ransomware gang claims credit for Kia’s outage, demands $20 million in double-extortion attack. (Threatpost)

Exploit Details Emerge for Unpatched Microsoft Bug

A malicious website or malicious ad can trigger an exploit for the IE zero-day bug, opening the door for data theft and code execution, new analysis notes. (Threatpost)

Mac Malware Targets Apple’s In-House M1 Processor

A malicious adware-distributing application specifically targets Apple's new M1 SoC, used in its newest-generation MacBook Air, MacBook Pro and Mac mini devices. (Threatpost)

SDK Bug Lets Attackers Spy on User’s Video Calls Across Dating, Healthcare Apps

Apps like eHarmony and MeetMe are affected by a flaw in the Agora toolkit that went unpatched for eight months, researchers discovered. (Threatpost)

17-02-202119-02-2021

/security-daily/ 19-02-2021 23:44:25