18-08-202020-08-2020

Security daily (19-08-2020)

Privacy conscious cloud migrations: mapping the AWS Cloud Adoption Framework to the NIST Privacy Framework

This post will help you make privacy-conscious cloud migration decisions by mapping the National Institute of Standards and Technology (NIST) Privacy Framework: A Tool for Improving Privacy Through Enterprise Risk Management (NIST Privacy Framework) to the AWS Cloud Adoption Framework (AWS CAF). AWS Professional Services created the AWS CAF to help organizations successfully migrate to […] (AWS Security Blog)

FBI, DHS expose North Korean government malware used in fake job posting campaign

The FBI and DHS’ cybersecurity agency exposed malware Wednesday that North Korean government hackers have been using this year to target defense contractors in the military and energy sectors. The hackers have been targeting contractors with fake job postings from other defense contracting entities to lure them to click through and install the data-gathering implant on their systems, the FBI and Cybersecurity and Infrastructure Security Agency (CISA) said in a joint Malware Analysis Report (MAR). The attacks leverage a remote access trojan (RAT), which the FBI and the CISA call “BLINDINGCAN,” to gain a foothold into networks and then maintain access for further network exploitation, the FBI and CISA said. The hackers, belonging to a group the U.S. government calls Hidden Cobra, have been using the malicious software in an effort to collect intelligence surrounding key military and energy technologies, the FBI and CISA said. As part of their lures, […] The post FBI, DHS expose North Korean government malware used in fake job posting campaign appeared first on CyberScoop. (CyberScoop)

Facebook removes hundreds of QAnon groups, aiming to curb conspiracy's spread

Facebook has removed more than 790 groups, 100 pages and 1,500 advertisements affiliated with QAnon, the social media movement that spreads an unfounded conspiracy theory accusing President Donald Trump’s critics of child sex trafficking. The company said Wednesday it also would limit the reach of more than 10,000 Instagram pages and 2,000 Facebook groups in connection with a conspiracy theory that the Federal Bureau of Investigation has described as a domestic terror threat. Facebook also said it would take action against militia organizations and users who encouraged violence at domestic protests. The announcement added that Facebook has removed 980 groups, 520 pages and 160 advertisements connected to adherents of Antifa, the anti-facist political movement. Facebook’s QAnon removal comes after groups increased by 671% since March, in some cases including more than 1 million members, according to research from the Global Network on Extremism and Technology. The influx coincided with shelter-in-place […] The post Facebook removes hundreds of QAnon groups, aiming to curb conspiracy's spread appeared first on CyberScoop. (CyberScoop)

Taiwan accuses Chinese hackers of aggressive attacks on government agencies

The Taiwanese government on Wednesday accused Chinese government-linked hackers of targeting 10 Taiwanese government agencies and 6,000 email accounts of officials in an escalation of Beijing’s long-running espionage on the island. Over the course of two years, Chinese hackers have infiltrated a variety of Taiwanese government offices in an effort to steal sensitive documents, Liu Chia-zung, an official in the Taiwan Investigation Bureau’s Cyber Security Investigation Office, said at a press conference. Liu conceded that with the breach of key IT infrastructure, at least some data may have been exposed. It is only the latest in a wave of suspected Chinese hacking campaigns to hit Taiwan, which China considers its territory. The Taiwanese semiconductor industry, a centerpiece of the global supply chain for smartphones, has also come under sustained assault from hackers that appear to be based in China, private researchers said earlier this month. And in May, Taiwan suggested that a broad […] The post Taiwan accuses Chinese hackers of aggressive attacks on government agencies appeared first on CyberScoop. (CyberScoop)

Bolton: Russia, China 'undoubtedly' interfering in 2020 US elections

Russia and China are “undoubtedly” working to interfere in the 2020 presidential election in the U.S., Trump’s former national security adviser John Bolton said Tuesday. The comment, which Bolton shared in response to a question from CyberScoop about offensive cyber-operations, came days after the Office of the Director of National Intelligence shared publicly that a whole host of foreign governments, including Russia, China, and Iran, are trying to exert influence over the U.S. presidential election this year. Russia is working to “primarily denigrate former Vice President [Joe] Biden,” while China “prefers” that Trump “does not win reelection,” the U.S. intelligence shows, according to the ODNI. Iran has set its focus on spreading disinformation on social media and seeks to “undermine U.S. democratic institutions, President Trump, and to divide the country,” according to the ODNI. The U.S., however, can and should hit back in cyberspace in an effort to try to […] The post Bolton: Russia, China 'undoubtedly' interfering in 2020 US elections appeared first on CyberScoop. (CyberScoop)

Apple's Attest API tool aims to tighten app security

Apple released a new tool for developers that aims to better protect the user data that flows through iOS apps. The company’s App Attest API, a new software tool meant to “protect against security threats to your app on iOS 14 or later, reducing fraudulent use of your services,” according to an Aug. 3 bulletin to developers. App Attest API generates a cryptographic key on a user’s device that aims to authenticate that an app is what it appears, and ensure that a phone isn’t transmitting user data to a fraudulent app designed to steal their usernames and passwords or other information. Security researchers specializing in iPhones have long said that it’s difficult to determine whether hackers have successfully breached an individual device, in part because of the way Apple limits visibility onto its machines. If an app is trying to exceed its authorized permissions, it’s a challenge for forensic […] The post Apple's Attest API tool aims to tighten app security appeared first on CyberScoop. (CyberScoop)

Hacking macOS: How to Identify Antivirus & Firewall Software Installed on Someone's MacBook

Identifying security software installed on a MacBook or other Apple computer is important to hackers and penetration testers needing to compromise a device on the network. With man-in-the-middle attacks, packets leaving the Mac will tell us a lot about what kind of antivirus and firewall software is installed.

After gaining access to a Wi-Fi router, a hacker will perform a variety of network-based and reconnaissance attacks. Data traversing the network is viewable to anyone with the password without ever authenticating to the router. While that method is excellent for passive observations... more (Null Byte « WonderHowTo)

Boost Your Online Business with This SEO & Ad Training

There's a seemingly endless list of downsides that come with the coronavirus pandemic — ranging from canceled trips abroad and sunny days spent inside to limited communication with friends and family. But one of the undeniable upsides is that there's simply never been a better time to start your own online business since most people will be working from home for the foreseeable future.

The SEO & Social Media Ads Certification Bundle will give you the skills and tools you need to ensure that your new or existing online venture gets the attention and exposure it deserves. Right now, it's on... more (Null Byte « WonderHowTo)

Taiwan Says China Behind Cyberattacks On Government Agencies

(News ≈ Packet Storm)

Fancy Bear Imposters Extort Finance, Retail On DDoS Threat

(News ≈ Packet Storm)

New P2P Botnet Infects SSH Servers All Over The World

(News ≈ Packet Storm)

Senate Committee Finds Trump Campaign Welcomed Russian Hacking Help

(News ≈ Packet Storm)

XDR: The Next Level of Prevention, Detection and Response [New Guide]

One new security technology we keep hearing about is Extended Detection and Response (XDR).

This new technology merges multiple prevention and detection technologies on a single platform to better understand threat signals so that you don't need to purchase, integrate, and manage various control and integration technologies.

Think of XDR as prepackaged EDR, NTA, UEBA (and perhaps other (The Hacker News)

A New Fileless P2P Botnet Malware Targeting SSH Servers Worldwide

Cybersecurity researchers today took the wraps off a sophisticated, multi-functional peer-to-peer (P2P) botnet written in Golang that has been actively targeting SSH servers since January 2020.

Called "FritzFrog," the modular, multi-threaded and file-less botnet has breached more than 500 servers to date, infecting well-known universities in the US and Europe, and a railway company, according (The Hacker News)

Researchers Warn of Flaw Affecting Millions of IoT Devices

A patch has been issued for the flaw in a widely-used module, and researchers are urging IoT manufacturers to update their devices ASAP. (Threatpost)

FritzFrog Botnet Attacks Millions of SSH Servers

The unique, advanced worming P2P botnet drops backdoors and cryptominers, and is spreading globally. (Threatpost)

Airline DMARC Policies Lag, Opening Flyers to Email Fraud

Up to 61 percent out of the IATA (International Air Transport Association) airline members do not have a published DMARC record. (Threatpost)

The Sounds a Key Make Can Produce 3D-Printed Replica

Researchers reveal technology called SpiKey that can ‘listen’ to the clicks a key makes in a lock and create a duplicate from the sounds. (Threatpost)

18-08-202020-08-2020

/security-daily/ 20-08-2020 23:44:22