18-07-202120-07-2021

Security daily (19-07-2021)

Implement a centralized patching solution across multiple AWS Regions

In this post, I show you how to implement a centralized patching solution across Amazon Web Services (AWS) Regions by using AWS Systems Manager in your AWS account. This helps you to initiate, track, and manage your patching events across AWS Regions from one centralized place. Enterprises with large, multi-Region hybrid environments must determine whether […] (AWS Security Blog)

Sweeping report details how NSO Group spyware leverages iOS software for surveillance

NSO Group’s Pegasus spyware may be actively exploiting the most recent software in the iPhone 12 to monitor victims through the world, according to a sweeping new report from Amnesty International. “These most recent discoveries indicate NSO Group’s customers are currently able to remotely compromise all recent iPhone models and versions of iOS,” the group wrote in a report published on July 18. “We have reported this information to Apple, who informed us they are investigating the matter.” The revelation comes as part of a broader investigation into the use of the notorious spyware. Between July 2014 and July 2021, the NSO group’s Pegasus software was used to target more than three dozen smartphones belonging to journalists, human rights activists and business executives, according to a joint investigation between Amnesty, French journalism nonprofit Forbidden Stories and 17 media organizations including The Washington Post. Targets included Hatice Cengiz, fiancee of murdered […] The post Sweeping report details how NSO Group spyware leverages iOS software for surveillance appeared first on CyberScoop. (CyberScoop)

US blames China for Microsoft hacking, ransomware attacks as part of global condemnation

The U.S. and its allies on Monday blamed China for exploiting flaws in Microsoft Exchange Server that enabled worldwide ransomware attacks on tens of thousands of victims. It was part of a multi-front response Monday from the European Union, NATO U.S. intelligence partners that included the announcement of charges against four Chinese hackers that the Justice Department said worked on behalf of Beijing to breach U.S. companies and institutions over a span of seven years. For the first time, the U.S. government also accused the Chinese government of employing criminal hackers who have conducted criminal attacks. U.S. government agencies also released a technical report Monday, first reported by CyberScoop, that warned of China’s ongoing appetite for targeting the defense, medical, semiconductor and other industries to steal intellectual property. “No one action can change China’s behavior in cyberspace and neither can just one country acting on its own,” a senior administration […] The post US blames China for Microsoft hacking, ransomware attacks as part of global condemnation appeared first on CyberScoop. (CyberScoop)

S3 Ep41: Crashing iPhones, PrintNightmares, and Code Red memories [Podcast]

Latest episode - listen now! (Naked Security)

Hackers Got Past Windows Hello By Tricking A Webcam

(News ≈ Packet Storm)

Swedish Man Sentenced For Gold-Backed Cryptocurrency Scam

(News ≈ Packet Storm)

UK And White House Blame China For Microsoft Exchange Server Hack

(News ≈ Packet Storm)

Facebook Catches Iranian Spies Catfishing US Military Targets

(News ≈ Packet Storm)

Researchers Warn of Linux Cryptojacking Attackers Operating from Romania

A threat group likely based in Romania and active since at least 2020 has been behind an active cryptojacking campaign targeting Linux-based machines with a previously undocumented SSH brute-forcer written in Golang. Dubbed "Diicot brute," the password cracking tool is alleged to be distributed via a software-as-a-service model, with each threat actor furnishing their own unique API keys to (The Hacker News)

Turns Out That Low-Risk iOS Wi-Fi Naming Bug Can Hack iPhones Remotely

The Wi-Fi network name bug that was found to completely disable an iPhone's networking functionality had remote code execution capabilities and was silently fixed by Apple earlier this year, according to new research. The denial-of-service vulnerability, which came to light last month, stemmed from the way iOS handled string formats associated with the SSID input, triggering a crash on any (The Hacker News)

Five Critical Password Security Rules Your Employees Are Ignoring

According to Keeper Security's Workplace Password Malpractice Report, many remote workers aren't following best practices for password security. Password security was a problem even before the advent of widespread remote work. So, what happened post-pandemic? Keeper Security's Workplace Password Malpractice Report sought to find out. In February 2021, Keeper surveyed 1,000 employees in the U.S. (The Hacker News)

Researcher Uncovers Yet Another Unpatched Windows Printer Spooler Vulnerability

Merely days after Microsoft sounded the alarm on an unpatched security vulnerability in the Windows Print Spooler service, possibly yet another zero-day flaw in the same component has come to light, making it the fourth printer-related shortcoming to be discovered in recent weeks. "Microsoft Windows allows for non-admin users to be able to install printer drivers via Point and Print," CERT (The Hacker News)

New Leak Reveals Abuse of Pegasus Spyware to Target Journalists Globally

A sweeping probe into a data leak of more than 50,000 phone numbers has revealed an extensive misuse of Israeli company NSO Group's Pegasus "military-grade spyware" to facilitate human rights violations by surveilling heads of state, activists, journalists, and lawyers around the world. Dubbed the "Pegasus Project," the investigation is a collaboration by more than 80 journalists from a (The Hacker News)

China's New Law Requires Vendors to Report Zero-Day Bugs to Government

The Cyberspace Administration of China (CAC) has issued new stricter vulnerability disclosure regulations that mandate software and networking vendors affected with critical flaws to mandatorily disclose them first-hand to the government authorities within two days of filing a report. The "Regulations on the Management of Network Product Security Vulnerability" are expected to go into effect (The Hacker News)

Israeli Firm Helped Governments Target Journalists, Activists with 0-Days and Spyware

Two of the zero-day Windows flaws rectified by Microsoft as part of its Patch Tuesday update earlier this week were weaponized by an Israel-based company called Candiru in a series of "precision attacks" to hack more than 100 journalists, academics, activists, and political dissidents globally. The spyware vendor was also formally identified as the commercial surveillance company that Google's (The Hacker News)

What’s Next for REvil’s Victims? 

Podcast: Nothing, says a ransomware negotiator who has tips on staying out of the sad subset of victims left in the lurch, mid-negotiation, after REvil's servers went up in smoke. (Threatpost)

Unpatched iPhone Bug Allows Remote Device Takeover

A format-string bug believed to be a low-risk denial-of-service issue turns out to be much nastier than expected. (Threatpost)

Ruthless Attackers Target Florida Condo Collapse Victims

Hackers are stealing the identities of those lost in the condo-collapse tragedy. (Threatpost)

Protecting Phones From Pegasus-Like Spyware Attacks

Podcast: Can a new SIM card and prepaid service from an MVNO help? Former spyware insider, current mobile white hat hacker Adam Weinberg on how to block spyware attacks. (Threatpost)

18-07-202120-07-2021

/security-daily/ 20-07-2021 23:44:23