Security daily (18-05-2020)

AWS Artifact service launches new user interface

AWS Artifact service introduces a new user interface (UI) that provides a more intuitive experience in searching and saving AWS compliance reports, and accepting agreements. The new UI includes AWS Artifact home page equipped with information and videos on how to use the AWS Artifact service for your compliance needs. Additionally, the Reports and Agreements […] (AWS Security Blog)

Taiwan suggests China’s Winnti group is behind ransomware attack on state oil company

Taiwanese authorities have suggested that Chinese hackers were behind a ransomware attack against Taiwan’s state oil company, an aggressive assault on one of the island nation’s strategic assets. Data left behind in the attack, such as a configuration file and domain name, point to the involvement of a group known as Winnti, or something “closely related” to it, Taiwan’s Ministry of Justice said in a statement Friday. Winnti is a broad collection of hackers that cybersecurity researchers have linked with the Chinese government. Cybersecurity analysts say Beijing’s hackers have long conducted operations against Taiwanese targets to gather intelligence. But an attempt to extort Taiwanese company CPC Corp., which is responsible for delivering oil products throughout Taiwan, would be a much more brazen move. Although the attack didn’t affect the CPC’s energy production, it did disrupt some customers’ efforts to use CPC Corp.’s payment cards to purchase gas. CyberScoop could not independently confirm that Winnti was involved in the […] The post Taiwan suggests China’s Winnti group is behind ransomware attack on state oil company appeared first on CyberScoop. (CyberScoop)

US officials say they've cracked Pensacola shooter’s iPhones, blast Apple

Federal law enforcement officials said Monday they had unlocked the iPhones of the perpetrator of a December terrorist attack at a U.S. Naval base — and sharply criticizing Apple for not granting them access to those encrypted communications. FBI technicians cracked the phones of a Saudi aviation student who killed three U.S. sailors at the Naval Air Station Pensacola, uncovering evidence linking him to an Al Qaeda affiliate, Attorney General William Barr said. Barr and FBI Director Christopher Wray urged Silicon Valley companies to write software that allows investigators to access encrypted communications with a warrant, a move that technology firms and security experts have criticized for years. Authorities took their usual claims a step further, though, by criticizing Apple for what they described as effectively standing in the way of their investigation. “We received, effectively, no help from Apple,” Wray asserted at the press conference. He did not detail the […] The post US officials say they've cracked Pensacola shooter’s iPhones, blast Apple appeared first on CyberScoop. (CyberScoop)

Prioritize alerts and jump-start your investigations with Recorded Future’s free browser extension. Sign up now.

Graham Cluley Security News is sponsored this week by the folks at Recorded Future. Thanks to the great team there for their support! Drowning in alerts from many different sources and systems? Spending too much valuable time researching potential threats and vulnerabilities? You need Recorded Future Express, a new browser extension from the experts at […] (Graham Cluley)

Hackers steal $10M in “wonderfully done” fraud from Norway’s State Investment Fund

Norfund, the Norwegian state-owned investment fund for developing countries, has revealed that it has been swindled out of $10,000,000 intended for an institution in Cambodia. Read more in my article on the Bitdefender Business Insight blog. (Graham Cluley)

The ProLock ransomware doesn’t tell you one important thing about decrypting your files

Have your computers been hit by the ProLock ransomware? You might want to read this before you pay any money to the criminals behind the attack. (Graham Cluley)

Edison Mail bug exposed iPhone users’ email accounts to complete strangers

The makers of a popular iOS email app have warned their users that their accounts may have been compromised after a buggy software update made it possible to see strangers’ emails. Read more in my article on the Hot for Security blog. (Graham Cluley)

The RATicate gang – implanting malware in an industry near you

These days, "What does this malware do?" is the question that has dozens of possible answers... here's how and why. (Naked Security)

Senate renews warrantless collection of web histories

The government can keep on surveilling your online life without a warrant. An amendment to ban it failed by just one vote. (Naked Security)

Shiny new Azure login attracts shiny new phishing attacks

Admins working with Microsoft Azure beware: phishers are updating their assets to reflect changes on the company's cloud-based login screen. (Naked Security)

Monday review – the hot 17 stories of the week

From DHL delivery phishes to the top 10 most exploited bugs - and everything in between. It's weekly roundup time. (Naked Security)

How to Audit Web Applications & Servers with Tishna

Penetration-testing frameworks can be incredibly useful since they often streamline certain processes and save time by having a lot of tools available in one place. Of course, the most popular pentesting framework is undoubtedly Metasploit, but there are many others out there that cater to particular needs. For auditing web applications and servers, Tishna comes in handy.

The Tishna pentesting framework is designed to automate some of the processes involved in auditing web apps and web servers. The tool is useful for administrators and IT professionals in that it can audit critical... more (Null Byte « WonderHowTo)

Dutch Spies Helped Britain's GCHQ Break Argentine Crypto During Falklands War

(News ≈ Packet Storm)

London Facial Recognition Rollout Might Be Paused Due To Face Masks

(News ≈ Packet Storm)

Mercedes-Benz Onboard Logic Unit (OLU) Source Code Leaks Online

(News ≈ Packet Storm)

REvil Attackers Change Focus To Attacking A Food Distributor

(News ≈ Packet Storm)

What is FTP? Why use it to clean hacked websites?

The File Transfer Protocol (FTP) is a network protocol used to transfer files between a client server and a network. In other words, it is through FTP that we get text and images onto a website. Why is FTP used to clean up a website? Not only is FTP used to insert files into a website, It’s also necessary for removing malicious files left by a hacker. Let’s take a look at what FTP is and why we need access to it when cleaning infections and removing malware from websites. Continue reading What is FTP? Why use it to clean hacked websites? at Sucuri Blog. (Sucuri Blog)

Ransomware Gang Arrested for Spreading Locky to Hospitals

A group of four people calling themselves "Pentaguard" were arrested in house raids. (Threatpost)

ProLock Ransomware Teams Up With QakBot Trojan to Infect Victims

ProLock is relatively new, but already the ransomware is making waves by using QakBot infections to access networks, gain persistence and avoid detection. (Threatpost)

Edison Mail iOS Bug Exposes Emails to Strangers

A bug introduced in an iOS software update on the Edison Mail app allowed emails to be viewed by strangers. (Threatpost)


/security-daily/ 19-05-2020 23:44:22