17-08-202019-08-2020

Security daily (18-08-2020)

Securing resource tags used for authorization using a service control policy in AWS Organizations

In this post, I explain how you can use attribute-based access controls (ABAC) in Amazon Web Services (AWS) to help provision simple, maintainable access controls to different projects, teams, and workloads as your organization grows. ABAC gives you access to granular permissions and employee-attribute based authorization. By using ABAC, you need fewer AWS Identity and […] (AWS Security Blog)

19 additional AWS services authorized at DoD Impact Level 5 for AWS GovCloud (US) Regions

I’m excited to share that the Defense Information Systems Agency (DISA) has authorized 19 additional AWS services at Impact Level (IL) 5 and four services at IL 4 in the AWS GovCloud (US) Regions. With these additional 19 services, a total of 80 AWS services and features at IL4 and IL 5 are authorized and […] (AWS Security Blog)

Grant Schneider steps down as federal CISO, heads to private sector

Grant Schneider, who has spent nearly three decades in the federal government, is leaving his post as the Trump administration’s chief information security officer for the private sector. Schneider is joining the Washington, D.C., office of law firm Venable as a senior director of cybersecurity services, the firm said in a statement Tuesday. Ari Schwartz, a Venable executive who worked in the Obama administration, lauded Schneider’s work as a federal official on supply chain security and encryption. Schneider spent more than 20 years at the Defense Intelligence Agency, the Pentagon’s spying arm, culminating in a multi-year tenure as chief information officer. He was also a senior official at the Office of Personnel Management in 2015 and 2016 as the agency continued to cope with the fallout of its massive 2014 data breach. At the National Security Council, Schneider was influential in cybersecurity policymaking. He headed the Vulnerabilities Equities Process, the […] The post Grant Schneider steps down as federal CISO, heads to private sector appeared first on CyberScoop. (CyberScoop)

Final Senate Intel report details remarkable contact between Trump campaign, Russian spies

President Donald Trump’s 2016 campaign manager was closely tied to a person the United States considers a Russian intelligence officer, and may have been involved in the Russian hack-and-leak operation targeting Hillary Clinton’s campaign in 2016, the Senate Intelligence Committee said in a bipartisan report released Tuesday. Paul Manafort, Trump’s campaign manager, hired Konstantin Kilimnik, a Russian national and Ukrainian political operative, years ago to manage his consulting office in Ukraine, and had been working with Manafort since the mid-2000s, according to the Department of Justice. But while Special Counsel Robert Mueller previously said Kilimnik had “ties” to Russian intelligence, the bipartisan report identifies him as a Russian intelligence officer, and alleges that he has a possible connection to the Russian military’s hacking-and-dump scheme targeting Clinton and the Democratic National Committee in 2016. “Kilimnik is a Russian intelligence officer,” states the committee’s fifth report, the final installment of the committee’s investigation into Russian election interference in 2016. “Kilimnik may have been […] The post Final Senate Intel report details remarkable contact between Trump campaign, Russian spies appeared first on CyberScoop. (CyberScoop)

US liquor giant hit by ransomware – what the rest of us can do to help

If blackmailers dump data stolen from a company that refused to pay - don't even peek at the data, Reward the refusal... (Naked Security)

Ukraine Arrests Gang Who Ran 20 Crypto Exchanges And Laundered Money For Ransomware Gangs

(News ≈ Packet Storm)

Secret Service Reportedly Paid To Access Phone Location Data

(News ≈ Packet Storm)

US Army Report Says Many North Korean Hackers Operate From Abroad

(News ≈ Packet Storm)

Companies Left Dangling As US, EU Hash Out Data Protection Differences

(News ≈ Packet Storm)

CDN-Filestore Credit Card Stealer for Magento

During a website remediation, we recently discovered a new version of a Magento credit card stealer which sends all compromised data to the malicious domain cdn-filestore[dot]com. My colleague Luke Leal originally wrote about this malware in a blog post earlier this year. Malware Evolution & Evasive Techniques One primary difference between this new version and theone Luke wrote about in April is that it was not packed. This detail suggests that the attackers updated the malware in an attempt to obfuscate it and avoid detection. Continue reading CDN-Filestore Credit Card Stealer for Magento at Sucuri Blog. (Sucuri Blog)

Critical Jenkins Server Vulnerability Could Leak Sensitive Information

Jenkins—a popular open-source automation server software—published an advisory on Monday concerning a critical vulnerability in the Jetty web server that could result in memory corruption and cause confidential information to be disclosed.

Tracked as CVE-2019-17638, the flaw has a CVSS rating of 9.4 and impacts Eclipse Jetty versions 9.4.27.v20200227 to 9.4.29.v20200521—a full-featured tool (The Hacker News)

Researchers Warn of Active Malware Campaign Using HTML Smuggling

A recently uncovered, active campaign called "Duri" makes use of HTML smuggling to deliver malware. (Threatpost)

Large Orgs Plagued with Bugs, Face Giant Patch Backlogs

Vulnerability management continues to challenge businesses, as they face tens of thousands of bugs with every scan. (Threatpost)

AWS Cryptojacking Worm Spreads Through the Cloud

The malware harvests AWS credentials and installs Monero cryptominers. (Threatpost)

IcedID Trojan Rebooted with New Evasive Tactics

Juniper identifies phishing campaign targeting business customers with malware using password protection, among other techniques, to avoid detection. (Threatpost)

17-08-202019-08-2020

/security-daily/ 19-08-2020 23:44:22