17-12-202019-12-2020

Security daily (18-12-2020)

AWS publishes FINMA ISAE 3000 Type 2 attestation report for the Swiss financial industry

Gaining and maintaining customer trust is an ongoing commitment at Amazon Web Services (AWS). Our customers’ industry security requirements drive the scope and portfolio of compliance reports, attestations, and certifications we pursue. Following up on our announcement in November 2020 of the new EU (Zurich) Region, AWS is pleased to announce the issuance of the […] (AWS Security Blog)

NSA warns defense contractors of potential SolarWinds fallout

It’s been widely reported that the suspected hacking team behind the massive and rapidly snowballing SolarWinds breach is linked with the Russian government. But the U.S. has not publicly named any one culprit behind the espionage operation, in which hackers concealed malware in SolarWinds network management tool updates, possibly infecting thousands of organizations across the U.S. federal government and the private sector. The National Security Agency, the U.S. Department of Defense’s foreign signals intelligence agency, on Thursday warned about an ongoing Russian state-sponsored hacking campaign that could by exacerbated by the SolarWinds breach.  The NSA issued an alert warning defense contractors and Pentagon IT staff that the SolarWinds Orion compromise could be used in concert with a previously identified Russian state-sponsored hacking effort to access contractors’ data. The NSA did not claim that Russian hackers, who have been exploiting a VMWare flaw to access data, are involved in the SolarWinds […] The post NSA warns defense contractors of potential SolarWinds fallout appeared first on CyberScoop. (CyberScoop)

US officials shut down scam websites impersonating Moderna, Regeneron

U.S. Justice Department officials on Friday said they had seized two internet domains purporting to belong to biotechnology firms developing treatments for the coronavirus, but which really were used to collect visitors’ personal data as part of a scam. The scammers appeared to impersonate pharmaceutical giants Moderna and Regeneron, and collected information that could be used for fraud, or to steal users’ credentials and deploy malicious software, the U.S. Attorney for the District of Maryland said. It wasn’t immediately clear how much personal data was stolen, or how it was used, if at all. But the domain seizures are a reminder of the staggering amount of coronavirus-related fraud that has occurred this year, as crooks all over the world have exploited the pandemic to sell counterfeit pills and conduct ransomware attacks.  Americans have reported more than $211 million in losses from COVID-19-related fraud, according to the Federal Trade Commission. In […] The post US officials shut down scam websites impersonating Moderna, Regeneron appeared first on CyberScoop. (CyberScoop)

How the Russian hacking group Cozy Bear, suspected in the SolarWinds breach, plays the long game

As U.S. government agencies and thousands of companies around the world assess whether they’ve been compromised in the SolarWinds breach, cybersecurity experts are concerned that the full reach of the suspected hackers may only be just coming to light. People familiar with the matter have told outlets including The Washington Post that the culprit is one of the most persistent and savvy hacking groups on the planet: the Russian government-backed APT29, also known as Cozy Bear. Cyber threat intelligence firms have been more cautious in assigning blame, even as they acknowledge significant similarities. The group, reportedly linked to Russia’s foreign intelligence service, the SVR, and sometimes the FSB, is notorious for running multi-pronged efforts, and for not backing down from espionage operations, even after they are discovered. APT29 has historically gone to great lengths to conceal its activities, at times running years-long espionage operations, according to security researchers. “This is […] The post How the Russian hacking group Cozy Bear, suspected in the SolarWinds breach, plays the long game appeared first on CyberScoop. (CyberScoop)

When Fancy Bear isn’t so Fancy: APT group’s ‘crude’ methods continue to work

While the cybersecurity industry marvels at the sophistication of the suspected Russian hackers who breached contractor SolarWinds and multiple federal agencies, another set of alleged Russian operatives continues to succeed with far less advanced techniques in their espionage campaigns. Fancy Bear, the hacking group linked with Russia’s GRU military intelligence agency, is showing a penchant for using blunt digital instruments to break into computers and try to steal data, according to analysts. It’s an example of how so-called advanced persistent threats don’t actually need advanced tools to accomplish their goals. Instead, they often rely on defensive weaknesses that plague the internet. “It looks like this is all part of a strategy: commit crude and aggressive attacks on infrastructure worldwide,” said Feike Hacquebord, a researcher a security firm Trend Micro. The hacking campaign involving tampered SolarWinds software, which the Washington Post has linked to another Russian intelligence service, the SVR, used […] The post When Fancy Bear isn’t so Fancy: APT group’s ‘crude’ methods continue to work appeared first on CyberScoop. (CyberScoop)

SolarWinds attack is not 'espionage as usual,' Microsoft president says

The breach of SolarWinds software that allowed widespread espionage on U.S. government agencies and other organizations worldwide is more than just a shocking use of digital spycraft, Microsoft’s top executive said Thursday. The incident “represents an act of recklessness that created a serious technological vulnerability for the United States and the world,” writes the company’s president, Brad Smith, in a blog post. “In effect, this is not just an attack on specific targets, but on the trust and reliability of the world’s critical infrastructure in order to advance one nation’s intelligence agency.” The breach, which multiple U.S. sources have pinned on Russian intelligence, “is not ‘espionage as usual,’ even in the digital age,” Smith writes. In an addendum to the blog post, Microsoft said that it found no indications that its own software systems were used to attack others, but it did find “malicious SolarWinds binaries in our environment, which […] The post SolarWinds attack is not 'espionage as usual,' Microsoft president says appeared first on CyberScoop. (CyberScoop)

“Is it you in the video?” – don’t fall for this Messenger scam

If a friend asks "is it you in the video", don't be in hurry to find out! (Naked Security)

GitHub Plans To Eradicate Password Usage Next Year

(News ≈ Packet Storm)

Add Microsoft To The List Of SolarWinds Victims

(News ≈ Packet Storm)

Five Russian Hacks That Transformed US Cybersecurity

(News ≈ Packet Storm)

NSA Warns Of Federated Login Abuse For Local-To-Cloud Attacks

(News ≈ Packet Storm)

Cloud is King: 9 Software Security Trends to Watch in 2021

Researchers predict software security will continue to struggle to keep up with cloud and IoT in the new year. (Threatpost)

Sunburst’s C2 Secrets Reveal Second-Stage SolarWinds Victims

Examining the backdoor's DNS communications led researchers to find a government agency and a big U.S. telco that were flagged for further exploitation in the spy campaign. (Threatpost)

Microsoft Caught Up in SolarWinds Spy Effort, Joining Federal Agencies

The ongoing, growing campaign is “effectively an attack on the United States and its government and other critical institutions,” Microsoft warned. (Threatpost)

Cyberpunk 2077 Headaches Grow: New Spyware Found in Fake Android Download

Threat actors impersonate Google Play store in scam as Sony pulls the game off the PlayStation store due to myriad performance issues. (Threatpost)

Insider Threats: What Are They, Really?

"Insider threat" or "human error" shows up a lot as the major cause of data breaches across all types of reports out there. But often it's not defined, or it's not clearly defined, so people conjure up their own definition. (Threatpost)

17-12-202019-12-2020

/security-daily/ 19-12-2020 23:44:24