Security daily (20-04-2020)

How to track changes to secrets stored in AWS Secrets Manager using AWS Config and AWS Config Rules

On April 20th, AWS Config announced support for AWS Secrets Manager, making it easier to track configuration changes to the secrets you manage in AWS Secrets Manager. You can now use AWS Config to track changes to secrets’ metadata — such as secret description and rotation configuration, relationship to other AWS sources such as the […] (AWS Security Blog)

Prioritize alerts and jump-start your investigations with Recorded Future’s free browser extension

Graham Cluley Security News is sponsored this week by the folks at Recorded Future. Thanks to the great team there for their support! Access real-time security intelligence from any web-based SIEM, vulnerability solution, or webpage. Stop opening multiple browser tabs and pivoting between them to collect all of your data manually. Recorded Future Express does […] (Graham Cluley)

IT services giant Cognizant hit by Maze ransomware attack

The Maze group’s attacks see corporate victims not only infected with file-encrypting ransomware, but also threatened with the publication of stolen data if extortion demands are not met. Read more in my article on the Hot for Security blog. (Graham Cluley)

How to Use Graffiti to Generate Obfuscated Payloads

It's exciting to get that reverse shell or execute a payload, but sometimes these things don't work as expected when there are certain defenses in play. One way to get around that issue is by obfuscating the payload, and encoding it using different techniques will usually bring varying degrees of success. Graffiti can make that happen.

Graffiti is a tool that can generate obfuscated payloads using a variety of different encoding techniques. It offers an array of one-liners and shells in languages such as Python, Perl, PHP, Batch, PowerShell, and Bash. Payloads can be encoded using base64, hex... more (Null Byte « WonderHowTo)

Judge Rules Against Twitter Transparency Effort

(News ≈ Packet Storm)

Hackers Steal $25 Million Worth Of Cryptocurrency From Uniswap And Lendf.me

(News ≈ Packet Storm)

Hacker Leaks 23 Million Accounts From Webkinz Children's Game

(News ≈ Packet Storm)

Tor Project Loses A Third Of Staff In Coronavirus Cuts

(News ≈ Packet Storm)

COVID-Themed Lures Target SCADA Sectors With Data Stealing Malware

A new malware campaign has been found using coronavirus-themed lures to strike government and energy sectors in Azerbaijan with remote access trojans (RAT) capable of exfiltrating sensitive documents, keystrokes, passwords, and even images from the webcam.

The targeted attacks employ Microsoft Word documents as droppers to deploy a previously unknown Python-based RAT dubbed "PoetRAT" due to (The Hacker News)