17-05-202119-05-2021

Security daily (18-05-2021)

Spring 2021 SOC reports now available with 133 services in scope

At AWS, we’re committed to providing our customers with continued assurance over the security, availability and confidentiality of the AWS control environment. We’re proud to deliver the System and Organizational (SOC) 1, 2 and 3 reports to enable our AWS customers to maintain confidence in AWS services. For the Spring 2021 SOC reports, covering 10/01/2020 […] (AWS Security Blog)

Botnet traced to computer at hacked Florida water plant

On Feb. 5, an unidentified hacker broke into the computer system of a water treatment plant in the Florida town of Oldsmar and temporarily changed the plant’s sodium hydroxide setting to a potentially dangerous level, according to local officials. It turns out that hacker wasn’t alone on the network. While law enforcement officials still haven’t publicly identified the perpetrator of the well-publicized hack, industrial security firm Dragos on Tuesday revealed a separate suspected intrusion that same day of one of the Oldsmar Water Treatment Facility’s computers. Dragos has tied the malicious code to a botnet, or horde of infected computers used by spammers, whose code scanned the computers of local water utilities in Florida in recent months. There is no connection between the incidents — whoever tampered with the Oldsmar facility’s chemical settings is not involved in the botnet — but the revelation shows how two very different types of hackers […] The post Botnet traced to computer at hacked Florida water plant appeared first on CyberScoop. (CyberScoop)

National security officials outline hopes for US data breach notification law

Top U.S. national security officials on Tuesday explained some ideal elements to a potential national data breach reporting law, describing the idea as one pathway to stopping massive security incidents like the SolarWinds hack. A national data breach reporting law would need to be clear and concise for companies to follow it, and generally not be a huge burden, said Tonya Ugoretz, deputy assistant director of the FBI. It also might function as an alternative to government surveillance of private sector networks, a controversial idea previously suggested as a means of detecting cyber-espionage. Such a law should be focused on receiving reports about only especially sensitive breaches, such as those which jeopardize national security and critical infrastructure or that compromise U.S. government information, Ugoretz said during a prerecorded segment that aired at the virtual 2021 RSA Conference. However, Ugoretz and Adam Hickey, the deputy assistant attorney general and the Justice […] The post National security officials outline hopes for US data breach notification law appeared first on CyberScoop. (CyberScoop)

Colonial Pipeline says ransomware recovery efforts caused network outage for shippers

The communication system that Colonial Pipeline customers use to request fuel experienced network issues on Tuesday, a result of the company’s efforts to recover from a ransomware attack. “Our internal server that runs our nomination system experienced intermittent disruptions this morning due to some of the hardening efforts that are ongoing and part of our restoration process,” Colonial Pipeline said in a statement. “These issues were not related to the ransomware or any type of reinfection.” Shippers told Reuters and Bloomberg News that they were unable to access the communication system, which allows Colonial Pipeline customers to “nominate,” or make formal requests for gasoline and other fuel, and to receive updates on fuel shipments. Colonial Pipeline said it “continues to deliver refined products as nominated by our shippers.” “We are working diligently to bring our nomination system back online and will continue to keep our shippers updated,” the company’s statement […] The post Colonial Pipeline says ransomware recovery efforts caused network outage for shippers appeared first on CyberScoop. (CyberScoop)

Stalkers using surveillance software on partners are exposing their own data, research finds

Stalkerware applications, which domestic abusers rely on to monitor their romantic partners’ devices without their consent, often fail to secure the personal information collected during their use, according to ESET research published Monday. Stalkerware, which is frequently advertised as benign parental controls or employee monitoring software, can surveil targets’ geolocation, texts, phone calls, cameras and more, all without obtaining targets’ consent. ESET examined 86 stalkerware applications, only to identify 158 serious security and privacy issues, according to findings presented at the virtual RSA Conference this week. The most common security issue affecting the applications was the insecure transmission of stalkers’ and targets’ personally identifiable information from devices to app servers. This vulnerability could allow outsiders to intercept text messages, call logs, contact lists, keystrokes, browsing histories, recorded phone calls, pictures and screenshots, according to ESET. Other issues included applications storing sensitive information on external media, and exposing  data like Facebook […] The post Stalkers using surveillance software on partners are exposing their own data, research finds appeared first on CyberScoop. (CyberScoop)

Lawmakers say Colonial Pipeline's refusal to discuss ransom undermines US efforts

U.S. lawmakers are demanding to know whether Colonial Pipeline paid a ransom to hackers who forced the company to shut down operations for days. Following a Monday briefing with Colonial Pipeline, the heads of the House Homeland Security and Oversight and Reform committees said the company’s refusal to share information on any ransom payment hindered their ability to craft legislation to address the ransomware problem. Bloomberg News reported that Colonial Pipeline, which says it supplies 45% of the fuel consumed on the East Coast, paid cybercriminals nearly $5 million to recover their computer systems. “We’re disappointed that the company refused to share any specific information regarding the reported payment of ransom during today’s briefing,” Democratic Reps. Bennie Thompson of Mississippi and Carolyn Maloney of New York said in a statement. “In order for Congress to legislate effectively on ransomware, we need this information.” When contacted by CyberScoop on Tuesday, a […] The post Lawmakers say Colonial Pipeline's refusal to discuss ransom undermines US efforts appeared first on CyberScoop. (CyberScoop)

Microsoft, Adobe Exploits Top List Of Crooks' Wish List

(News ≈ Packet Storm)

Bizarro Banking Trojan Sports Sophisticated Backdoor

(News ≈ Packet Storm)

SolarWinds Hack: Russian Denial Unconvincing

(News ≈ Packet Storm)

City Pays $350k After Suing "Hackers" For Opening Dropbox Link It Sent To Them

(News ≈ Packet Storm)

Free "vCISO Clinic" offers Resource-Constrained InfoSec Leaders a Helping Hand

Leaders in the InfoSec field face a strange dilemma. On the one hand, there are hundreds of thousands of resources available to find online to read (or watch) if they have questions – that's a benefit of a digital-first field. On the other hand, most leaders face challenges that – while not entirely unique each time – tend to require a specific touch or solution. For most, it would be great to (The Hacker News)

Experts Reveal Over 150 Ways to Steal Control of 58 Android Stalkerware Apps

A total of 158 privacy and security issues have been identified in 58 Android stalkware apps from various vendors that could enable a malicious actor to take control of a victim's device, hijack a stalker's account, intercept data, achieve remote code execution, and even frame the victim by uploading fabricated evidence. The new findings, which come from an analysis of 86 stalkerware apps for (The Hacker News)

70 European and South American Banks Under Attack By Bizarro Banking Malware

A financially motivated cybercrime gang has unleashed a previously undocumented banking trojan, which can steal credentials from customers of 70 banks located in various European and South American countries. Dubbed "Bizarro" by Kaspersky researchers, the Windows malware is "using affiliates or recruiting money mules to operationalize their attacks, cashing out or simply to helping [sic] with (The Hacker News)

Apple's Find My Network Can be Abused to Exfiltrate Data From Nearby Devices

Latest research has demonstrated a new exploit that enables arbitrary data to be uploaded from devices that are not connected to the Internet by simply sending "Find My" Bluetooth broadcasts to nearby Apple devices. "It's possible to upload arbitrary data from non-internet-connected devices by sending Find My [Bluetooth Low Energy] broadcasts to nearby Apple devices that then upload the data for (The Hacker News)

U.S. Pipeline Ransomware Attackers Go Dark After Servers and Bitcoin Are Seized

Just as Colonial Pipeline restored all of its systems to operational status in the wake of a crippling ransomware incident a week ago, DarkSide, the cybercrime syndicate behind the attack, claimed it lost control of its infrastructure, citing a law enforcement seizure. All the dark web sites operated by the gang, including its DarkSide Leaks blog, ransom collection site, and breach data content (The Hacker News)

Scammers Pose as Meal-Kit Services to Steal Customer Data

Attackers are sending messages disguised as offers from meal-kit services, like HelloFresh. (Threatpost)

Stalkerware Apps Riddled with Security Bugs

Attackers can take advantage of the fact these apps access, gather, store and transmit more information than any other app their victims have installed. (Threatpost)

It’s Time to Prepare for a Rise in Insider Threats

Anurag Kahol, CTO at Bitglass, discusses options for detecting malicious or dangerous activity from within an organization. (Threatpost)

Unsuccessful Conti Ransomware Attack Still Packs Costly Punch

Separate attacks last week on the country’s Department of Health and Health Service Executive forced the shutdown of networks and services that still haven’t been fully restored. (Threatpost)

Microsoft, Adobe Exploits Top List of Crooks’ Wish List

You can’t possibly patch all CVEs, so focus on the exploits crooks are willing to pay for, as tracked in a study of the underground exploit market. (Threatpost)

17-05-202119-05-2021

/security-daily/ 19-05-2021 23:44:22