Security daily (19-11-2020)

How to deploy the AWS Solution for Security Hub Automated Response and Remediation

In this blog post I show you how to deploy the Amazon Web Services (AWS) Solution for Security Hub Automated Response and Remediation. The first installment of this series was about how to create playbooks using Amazon CloudWatch Events, AWS Lambda functions, and AWS Security Hub custom actions that you can run manually based on […] (AWS Security Blog)

Set up centralized monitoring for DDoS events and auto-remediate noncompliant resources

When you build applications on Amazon Web Services (AWS), it’s a common security practice to isolate production resources from non-production resources by logically grouping them into functional units or organizational units. There are many benefits to this approach, such as making it easier to implement the principal of least privilege, or reducing the scope of […] (AWS Security Blog)

Energy official eyed for senior CISA position after White House throws agency into turmoil

Following President Trump’s removal of the director of the Department of Homeland Security’s cyber division, the man whom the White House tapped for a senior position there in October is preparing to join the agency amid questions about his security clearance. Sean Plankey, currently a senior official at the Department of Energy, has in recent days contacted current and former officials at DHS to discuss working at the Cybersecurity and Infrastructure Security Agency, according to three people with knowledge of the discussions who spoke on the condition of anonymity. Plankey indicated in one conversation that his move to CISA was “imminent,” one source said. The Trump administration in October announced its intention to appoint Plankey as CISA’s assistant director for infrastructure security. The apparent momentum behind Plankey comes days after the president announced via Twitter that he had fired Chris Krebs, CISA’s director, for declaring the Nov. 3 election “the most secure in American history.” The status of Plankey’s security clearance, however, hangs […] The post Energy official eyed for senior CISA position after White House throws agency into turmoil appeared first on CyberScoop. (CyberScoop)

End-to-end encryption coming to Android phones, along with RCS messaging update

Android users will soon be able to take advantage of end-to-end encrypted messaging, Google said in an announcement Thursday. The updated data protection protocol, which will render Android users’ messages only readable by the sender and recipient, will initially be available in beta this month, and those interested in participating in testing will have to sign up, Google said. Once end-to-end encryption is available more broadly for Android users, Google will implement it by default, according to The Verge. The move could bring trustworthy encryption to billions of Android phone users, safeguarding their data in a way that makes it inaccessible to Google, phone carriers and most snoops trying to intercept their communication with traditional forms of surveillance. Russia and China wil be exempt from encryption. “We recognize that your conversations are private and it’s our responsibility to keep your personal information safe,” Drew Rowny, Google’s Product Lead for Messages said in a blog. “We’re continually […] The post End-to-end encryption coming to Android phones, along with RCS messaging update appeared first on CyberScoop. (CyberScoop)

Double-dipping scammers don't need malware to grab card numbers and turn a profit, report says

Stolen credit card numbers sometimes spill onto the dark web for the most mundane reason: People carelessly give them up. According to researchers with Gemini Advisory, a China-based e-commerce scam appears to be harvesting payment information not through direct hacks on companies or using pernicious malware to skim data, but with a simpler approach. The fraudsters set up hundreds of websites that appear to sell legitimate goods, but instead capture card numbers for sale on the dark web, Gemini says. It ends up being a double-dip for the crooks: In addition to vending the card data and other information about shoppers in cybercriminal forums, they also collect money for items that are “faulty, counterfeit, or nonexistent,” Gemini says in a report published Thursday. The dark web sales have led to profits upwards of $500,000 over the past six months, but the total take is “likely significantly larger,” considering all the money the scammers […] The post Double-dipping scammers don't need malware to grab card numbers and turn a profit, report says appeared first on CyberScoop. (CyberScoop)

S3 Ep7: When ransomware crooks get a big fat zero! [Podcast]

Here's the latest podcast - listen now! (Naked Security)

How to Pop a Reverse Shell with a Video File by Exploiting Popular Linux File Managers

What appears to be an ordinary MP4 may have been designed by an attacker to compromise your Linux Mint operating system. Opening the file will indeed play the intended video, but it will also silently create a connection to the attacker's system.

Understanding the Attack

While this article uses Linux Mint as an example, the attack takes advantage of an issue in several Linux file managers. The below GIF demonstrates the attack.

Two files are being extracted in the GIF. The first (realvideo.mp4) is a real MP4 of a movie trailer. The second file (fakevideo.mp4) is a .desktop file... more (Null Byte « WonderHowTo)

Massive, China-State-Funded Hack Hits Companies Around The World, Report Says

(News ≈ Packet Storm)

Liquid Crypto Exchange Compromised By Hackers

(News ≈ Packet Storm)

Cisco Webex Bugs Allow Attackers To Join Meetings As Ghost Users

(News ≈ Packet Storm)

LAPD Bans Facial Recognition, Citing Privacy Concerns

(News ≈ Packet Storm)

Robot Vacuums Suck Up Sensitive Audio in ‘LidarPhone’ Hack

Researchers have unveiled an attack that allows attackers to eavesdrop on homeowners inside their homes, through the LiDAR sensors on their robot vacuums. (Threatpost)

German COVID-19 Contact-Tracing Vulnerability Allowed RCE

Bug hunters at GitHub Security Labs help shore up German contact tracing app security, crediting open source collaboration. (Threatpost)

GO SMS Pro Android App Exposes Private Photos, Videos and Messages

The vulnerable version of the app, which has 100 million users, uses easily predictable URLs to link to private content. (Threatpost)

Tis’ the Season for Online Holiday Shopping; and Phishing

Watch out for these top phishing approaches this holiday season. (Threatpost)

Code42 Incydr Series: Protect IP with Code42 Incydr

The Code42 Incydr data risk detection and response solution focuses on giving security teams simplicity, signal and speed. (Threatpost)


/security-daily/ 20-11-2020 23:44:23