17-09-202019-09-2020

Security daily (18-09-2020)

Get ready for upcoming changes in the AWS Single Sign-On user sign-in process

To improve security, enhance user experience, and address compatibility with future AWS Identity changes, AWS Single Sign-On (SSO) is making changes to the sign-in process that will affect some AWS SSO customers. The changes will go into effect globally in early October 2020. The AWS SSO sign-in pages are moving to a new top-level DNS […] (AWS Security Blog)

Lame-duck versions of TikTok and WeChat are definitely a problem, security experts say

Cybersecurity experts and privacy advocates said Friday that TikTok and WeChat users should probably stop using the applications in the coming days, given that the Trump administration’s new ban on them will effectively block users from downloading updates. Updates, of course, provide security fixes and not just new features. In just the last year, TikTok has had to issue multiple patches for vulnerabilities that could allow hackers to capture users’ data without their permission or send them malicious links, for instance. WeChat has also had to address several flaws in the last year. “The order … harms the privacy and security of millions of existing TikTok and WeChat users in the United States by blocking software updates, which can fix vulnerabilities and make the apps more secure,” the Director of the American Civil Liberties Union’s National Security Project, Hina Shamsi, said in a statement. The ban won’t eliminate the apps on current […] The post Lame-duck versions of TikTok and WeChat are definitely a problem, security experts say appeared first on CyberScoop. (CyberScoop)

Twitter bolsters security for political accounts as election looms

Just weeks away from the U.S. presidential election, Twitter says it is taking extra steps to secure high-profile accounts, such as political campaigns and major news outlets, whose compromise could impact voter perceptions. Twitter began rolling out the new security features, such as strong password requirements, on Thursday to the election-related accounts, including secretaries of state overseeing the vote and federal agencies and lawmakers. Accounts will be “strongly encouraged” to use two-factor authentication to prevent hacking, the social media platform said. In the weeks ahead, Twitter said it would implement “more sophisticated detections and alerts” to keep hackers from breaking into accounts. The eleventh-hour move to heighten account security reflects what Twitter executives described as the “unique sensitivities of the election period.” Four years ago, Russian bots and trolls spread disinformation on Twitter in a bid to damage Hillary Clinton’s campaign and boost Donald Trump. This year, U.S. intelligence agencies […] The post Twitter bolsters security for political accounts as election looms appeared first on CyberScoop. (CyberScoop)

A real-life Maze ransomware attack – “If at first you don’t succeed…”

The crooks wanted $15,000,000. They didn't get it. Huzzah! (Naked Security)

Apple Bug Allows Code Exec On iPhone, iPad, iPod

(News ≈ Packet Storm)

Twitter Beefs Up Security For US Election Candidates

(News ≈ Packet Storm)

Police Launch Homicide Inquiry After German Hospital Hack

(News ≈ Packet Storm)

US Govenrment Bans TikTok, WeChat Citing National Security Risk

(News ≈ Packet Storm)

Google Play Bans Stalkerware And Misrepresentation

(News ≈ Packet Storm)

FBI Opens China-Related Counter Intelligence Case Every 10 Hours

(News ≈ Packet Storm)

The Hidden PHP Malware that Reinfects Cleaned Files

Website reinfections are a serious problem for website owners, and it can often be difficult to determine the cause behind the reinfection — especially if you lack access to necessary logs, which is usually the case for shared hosting services. Some of the more common causes of reinfections are issues like cross- site contamination or unpatched website software security vulnerabilities that get re-exploited. In this post, I’ll share with you a different method: how attackers can reinfect your website files in under a second by having a single malicious process running on the web server. Continue reading The Hidden PHP Malware that Reinfects Cleaned Files at Sucuri Blog. (Sucuri Blog)

U.S. Treasury Sanctions Hacking Group Backed by Iranian Intelligence

The U.S. government on Thursday imposed sweeping sanctions against an Iranian threat actor backed by the country's Ministry of Intelligence and Security (MOIS) for carrying out malware campaigns targeting Iranian dissidents, journalists, and international companies in the telecom and travel sectors. According to the U.S. Treasury and the Federal Bureau of Investigation (FBI), the sanctions target (The Hacker News)

Android 11 — 5 New Security and Privacy Features You Need to Know

After a long wait and months of beta testing, Google last week finally released Android 11, the latest version of the Android mobile operating system—with features offering billions of its users more control over their data security and privacy. Android security is always a hot topic and almost always for the wrong reason, including Google's failure to prevent malicious apps from being (The Hacker News)

2 Hackers Charged for Defacing Sites after U.S. Airstrike Killed Iranian General

The US Department of Justice (DoJ) on Tuesday indicted two hackers for their alleged involvement in defacing several websites in the country following the assassination of Iranian major general Qasem Soleimani earlier this January.

Behzad Mohammadzadeh (aka Mrb3hz4d), 19, and Marwan Abusrour (aka Mrwn007), 25, have been charged with conspiracy to commit intentional damage to a protected (The Hacker News)

The TikTok Ban: Security Experts Weigh in on the App’s Risks

With no hard evidence of abuse, are bans warranted? The real security concerns will likely come after the ban goes into effect, researchers said in our exclusive roundtable. (Threatpost)

Stubborn WooCommerce Plugin Bugs Get Third Patch

Users of the Discount Rules for WooCommerce WordPress plugin are urged to apply a third and (hopefully) final patch. (Threatpost)

SecOps Teams Wrestle with Manual Processes, HR Gaps

Enterprise security teams are "drowning in alerts." (Threatpost)

Security Takeaways from the Great Work-from-Home Experiment

As the pandemic drags on and remote workforces stay remote, zero-trust and other lessons learned should come to the fore. (Threatpost)

Maze Ransomware Adopts Ragnar Locker Virtual-Machine Approach

Maze continues to adopt tactics from rival cybercrime gangs. (Threatpost)

17-09-202019-09-2020

/security-daily/ 19-09-2020 23:44:25