Security daily (19-05-2021)

How to verify AWS KMS signatures in decoupled architectures at scale

AWS Key Management Service (AWS KMS) makes it easy to create and manage cryptographic keys in your applications. The service supports both symmetric and asymmetric customer master keys (CMKs). The asymmetric CMKs offer digital signature capability, which data consumers can use to verify that data is from a trusted producer and is unaltered in transit. […] (AWS Security Blog)

Colonial Pipeline CEO to face questions from Congress on $4.4 million ransom payment

After Colonial Pipeline CEO Joseph Blount confirmed Wednesday that his company had paid hackers $4.4 million to recover its data, lawmakers said they would press Blount for more information at a congressional hearing next month. “I’ll have some questions about Blount’s judgement when he appears before [the committee] in a couple weeks,” tweeted Rep. Jim Langevin, D-R.I., an influential member of the House Homeland Security Committee. The FBI has advised companies for years not to pay a ransom, and cybersecurity experts warn that doing so fuels yet more ransomware hacks that have already cost U.S. companies hundreds of millions of dollars.But the breach of Colonial Pipeline’s IT systems, which caused a multi-day shutdown of the pipeline system and indirectly resulted in shortages at gas stations in multiple states, has thrust the issue of ransomware payments into the national limelight. Blount defended the decision in an interview with The Wall Street […] The post Colonial Pipeline CEO to face questions from Congress on $4.4 million ransom payment appeared first on CyberScoop. (CyberScoop)

Russian scammer 'Kusok,' who stole $1.5 million via tax fraud, sentenced to 5 years

A U.S. federal judge on Wednesday sentenced a Russian man to five years in prison for his role in a scheme to use malicious software to steal the equivalent of $1.5 million in tax returns meant for American taxpayers.  Anton Bogdanov, 35, worked as part of a small crew that used vulnerabilities in accounting software to redirect tax refunds into their own accounts. By logging into the software, Bogdanov and his associates would access customer information and change the recipient information, directing money from the Internal Revenue Service to debit cards under their control, according to an indictment.  Bogdanov, who was better known by the alias “Kusok,” lived in Russia during the crime spree, and would take a cut of the stolen money. He was arrested in Bangkok, Thailand in November 2018 while waiting to board a flight to Russia, becoming one of a number of accused cybercriminals whom U.S. […] The post Russian scammer 'Kusok,' who stole $1.5 million via tax fraud, sentenced to 5 years appeared first on CyberScoop. (CyberScoop)

Misinformation on Israel-Gaza violence prompts Facebook 24-hour tracking program

Amid rampant misinformation spreading on social media about Israel’s attacks against targets in the Gaza Strip, Facebook has stood up a 24-hour operations center to address the lies spreading on its platform, Facebook said Wednesday. Israel’s escalating assault on targets in the Gaza Strip continued Wednesday and at least nine people died there Wednesday, according to The Associated Press. Israeli airstrikes have killed dozens of civilians in recent days, and in one of its deadliest bombardments yet, Israel killed 42 people on Sunday, according to Palestinian medics, CBS News reported. Hamas has launched missiles over Israel as well, killing numerous civilians. In all, 227 Palestinians have been killed, according to the Gaza Health Ministry. Twelve people have been killed in Israel, according to The Associated Press. But in recent days misinformation and disinformation has tainted the discourse around the violence. Lies about the conflict that have spread online include misinformation […] The post Misinformation on Israel-Gaza violence prompts Facebook 24-hour tracking program appeared first on CyberScoop. (CyberScoop)

SolarWinds CEO reveals much earlier hack timeline, regrets company blaming intern

SolarWinds saw signs of hackers invading their networks as early as January of 2019, about eight months earlier than the previously publicly disclosed timeline for the sweeping cyber-espionage campaign, and nearly two years before anyone discovered the breach. SolarWinds CEO Sudhakar Ramakrishna said in an appearance at the 2021 RSA Conference that while the federal contractor had once estimated the hackers’ first suspicious activity at around September or October of 2019, the company has “recently” learned that the attackers may have in fact “been in our environment” much earlier. “As we look back, they were doing very early [reconnaissance] activities in January of 2019,” he said. Ramakrishna’s revelation provides a deeper understanding yet of the stealthy nature of what U.S. government officials and cybersecurity firms have labeled an incredibly sophisticated attack, even by the standards of the alleged Russian government-connected hackers behind the effort. By leveraging seemingly trustworthy updates of SolarWinds […] The post SolarWinds CEO reveals much earlier hack timeline, regrets company blaming intern appeared first on CyberScoop. (CyberScoop)

Irish officials warn of ongoing disruptions to health system, long recovery following ransomware incident

Irish officials say it will take “many weeks” to fully restore the IT infrastructure of the country’s $25 billion public health system following a ransomware attack last week. While emergency departments continue to operate normally, Ireland’s Health Service Executive (HSE), as the public health  system is known, said Wednesday that patients seeking non-urgent care should expect long delays. “Work continues today in assessing the impact and beginning to restore HSE IT systems,” the statement said. “This work will take many weeks and we anticipate major disruption will continue due to the shutdown of our IT systems. We should start to see some early signs of recovery in some sites over the coming days.” The incident, which Irish officials have blamed on a popular strain of ransomware called Conti, has rocked the Irish public health system. One maternity hospital in Dublin told pregnant women not to come to the hospital unless they […] The post Irish officials warn of ongoing disruptions to health system, long recovery following ransomware incident appeared first on CyberScoop. (CyberScoop)

Regulator fines COVID-19 tracker for turning contact data into sales leads

Would you like marketing material with your track-and-trace? (Naked Security)

Amazon Extends Ban On Police Using Rekognition

(News ≈ Packet Storm)

Florida Water Plant Compromise Came Hours After Worker Visited Malicious Site

(News ≈ Packet Storm)

How Dow Jones Used The Pandemic To Undergo A Zero Trust Overhaul

(News ≈ Packet Storm)

What Beijing's New Crackdown Means For Crypto In China

(News ≈ Packet Storm)

Android Issues Patches for 4 New Zero-Day Bugs Exploited in the Wild

Google on Wednesday updated its May 2021 Android Security Bulletin to disclose that four of the security vulnerabilities that were patched earlier this month by Arm and Qualcomm may have been exploited in the wild as zero-days. "There are indications that CVE-2021-1905, CVE-2021-1906, CVE-2021-28663 and CVE-2021-28664 may be under limited, targeted exploitation," the search giant said in an (The Hacker News)

DarkSide Ransomware Gang Extorted $90 Million from Several Victims in 9 Months

DarkSide, the hacker group behind the Colonial Pipeline ransomware attack earlier this month, received $90 million in bitcoin payments following a nine-month ransomware spree, making it one of the most profitable cybercrime groups. "In total, just over $90 million in bitcoin ransom payments were made to DarkSide, originating from 47 distinct wallets," blockchain analytics firm Elliptic said. " (The Hacker News)

Mozilla Begins Rolling Out 'Site Isolation' Security Feature to Firefox Browser

Mozilla has begun rolling out a new security feature for its Firefox browser in nightly and beta channels that aims to protect users against a new class of side-channel attacks from malicious sites. Called "Site Isolation," the implementation loads each website separately in its own operating system process and, as a result, prevents untrusted code from a rogue website from accessing (The Hacker News)

A Simple 1-Click Compromised Password Reset Feature Coming to Chrome Browser

Google on Tuesday announced a new feature to its password manager that could be used to change a stolen password automatically with a single tap. Automated password changes build on the tool's ability to check the safety of saved passwords. Thus when Chrome finds a password that may have been compromised as part of a data breach, it will prompt users with an alert containing a "Change Password" (The Hacker News)

How Apple Gave Chinese Government Access to iCloud Data and Censored Apps

In July 2018, when Guizhou-Cloud Big Data (GCBD) agreed to a deal with state-owned telco China Telecom to move iCloud data belonging to Apple's China-based users to the latter's servers, the shift raised concerns that it could make user data vulnerable to state surveillance. Now, according to a deep-dive report from The New York Times, Apple's privacy and security concessions have "made it (The Hacker News)

Can Nanotech Secure IoT Devices From the Inside-Out?

Work's being done with uber-lightweight nanoagents on every IoT device to stop malicious behavior, such as a scourge of botnet attacks, among other threats. (Threatpost)

Microsoft, Google Clouds Hijacked for Gobs of Phishing

Attackers sent 52M malicious messages leveraging the likes of Office 365, Azure, OneDrive, SharePoint, G-Suite and Firebase storage in Q1 2021. (Threatpost)

Keksec Cybergang Debuts Simps Botnet for Gaming DDoS

The newly discovered malware infects IoT devices in tandem with the prolific Gafgyt botnet, using known security vulnerabilities. (Threatpost)

Windows PoC Exploit Released for Wormable RCE

The exploit pries open CVE-2021-31166, a bug with a CVSS score of 9.8 that was the baddest of the bad in Microsoft's Patch Tuesday release last week. (Threatpost)

Bug Exposes Eufy Camera Private Feeds to Random Users

Customers panic and question parent company Anker’s security and privacy practices after learning their home videos could be accessed and even controlled by strangers due to a server-upgrade glitch. (Threatpost)


/security-daily/ 20-05-2021 23:44:22