18-10-202020-10-2020

Security daily (19-10-2020)

Introducing the first video in our new series, Verified, featuring Netflix’s Jason Chan

The year has been a profoundly different one for us all, and like many of you, I’ve been adjusting, both professionally and personally, to this “new normal.” Here at AWS we’ve seen an increase in customers looking for secure solutions to maintain productivity in an increased work-from-home world. We’ve also seen an uptick in requests […] (AWS Security Blog)

Industry alert pins state, local government hacking on suspected Russian group

Suspected Russian hackers were behind multiple recent intrusions of U.S. state and local computer networks, according to an industry analysis obtained by CyberScoop. The group responsible is known as TEMP.Isotope, according to a private advisory distributed by Mandiant, the incident response arm of security company FireEye. The alert notes that the same group has also been described as Energetic Bear, which multiple security firms have linked to Russia. The FBI and the U.S. Cybersecurity and Infrastructure Security Agency on Oct. 9 publicized a hacking campaign in which attackers breached some “elections support systems,” or IT infrastructure that state and local officials use for a range of functions. Those systems are not involved in tallying votes, and the advisory from U.S. officials noted that there was no evidence that the “integrity of elections data has been compromised.” The federal advisory did not blame a particular hacking group for the activity, saying only that the campaign was the work of advanced persistent […] The post Industry alert pins state, local government hacking on suspected Russian group appeared first on CyberScoop. (CyberScoop)

US charges Russian GRU officers for NotPetya, other major hacks

A federal grand jury returned an indictment against six alleged Russian intelligence officers who, collectively, were responsible for “conducting the most disruptive and destructive series of computer attacks ever attributed to a single group,” the Justice Department announced Monday. Their attacks spanned the globe, including the worldwide 2017 NotPetya outbreak that did more than $1 billion in damage to a number of U.S. organizations, according to the indictment; estimates place its worldwide cost at as much as $10 billion. The six accused hackers work for the Russian Main Intelligence Directorate, commonly known as the GRU, that’s been connected to interference in the 2016 U.S. election and other major cyberattacks. Besides NotPetya, the alleged co-conspirators were behind destructive malware attacks beginning in December 2015 that disrupted Ukraine’s electricity grid; 2017 spearphishing campaigns linked to hack-and-leak efforts to interfere in the French election; attacks related to the Winter Olympics in 2017 and 2018, during a […] The post US charges Russian GRU officers for NotPetya, other major hacks appeared first on CyberScoop. (CyberScoop)

Anti-stalkerware group still working to protect domestic abuse victims

When it comes to stamping out the kind of surveillance software that domestic abusers use to spy on their romantic partners, there’s still a long way to go. Security firms, victim advocacy groups and anti-domestic abuse organizations combined forces roughly a year ago to bring an end to stalkerware, the kind of technology that people use to monitor their domestic partners’ devices. The group, known as the Coalition Against Stalkerware, has made progress in the past 12 months or so, though there’s still a long road ahead, said Eva Galperin, the director of cybersecurity at the Electronic Frontier Foundation, one of the founding members of the coalition. The surveillance can be incredibly intrusive — stalkerware can monitor targets’ geolocation, texts, phone calls, cameras, and more — and especially during a pandemic, can be used to box in abuse victims and isolate them from external help and resources. Targets of stalkerware often aren’t aware […] The post Anti-stalkerware group still working to protect domestic abuse victims appeared first on CyberScoop. (CyberScoop)

Naked Security Live – Ping of Death: are you at risk?

Here's the latest Naked Security Live video - enjoy (and please share with your friends)! (Naked Security)

New Malware Uses Remote Overlay Attacks To Hijack Your Bank Account

(News ≈ Packet Storm)

Fancy Bear Imposters Are On A Hacking Extortion Spree

(News ≈ Packet Storm)

Microsoft Is The Most Imitated Brand For Phishing

(News ≈ Packet Storm)

Hackers Smell Blood As Schools Grapple With Virtual Instruction

(News ≈ Packet Storm)

U.S. Charges 6 Russian Intelligence Officers Over Destructive Cyberattacks

The US government on Monday formally charged six Russian intelligence officers for carrying out destructive malware attacks with an aim to disrupt and destabilize other nations and cause monetary losses. The individuals, who work for Unit 74455 of the Russian Main Intelligence Directorate (GRU), have been accused of perpetrating the "most disruptive and destructive series of computer attacks (The Hacker News)

Rapper Scams $1.2M in COVID-19 Relief, Gloats with ‘EDD’ Video

"Nuke Bizzle" faces 22 years in prison after brazenly bragging about an identity-theft campaign in his music video, "EDD." (Threatpost)

DOJ Charges 6 Sandworm APT Members in NotPetya Cyberattacks

DOJ charges six Russian nationals for their alleged part in the NotPetya, Ukraine power grid and Olympics cyberattacks. (Threatpost)

18-10-202020-10-2020

/security-daily/ 20-10-2020 23:44:25