19-04-202121-04-2021

Security daily (20-04-2021)

Review last accessed information to identify unused EC2, IAM, and Lambda permissions and tighten access for your IAM roles

AWS Identity and Access Management (IAM) helps customers analyze access and achieve least privilege. When you are working on new permissions for your team, you can use IAM Access Analyzer policy generation to create a policy based on your access activity and set fine-grained permissions. To analyze and refine existing permissions, you can use last […] (AWS Security Blog)

State-linked hackers hit American, European organizations with Pulse Secure exploits

Two hacking groups, including one with ties to China, have in recent months exploited popular enterprise software to break into defense, financial and public sector organizations in the U.S. and Europe, security firm FireEye warned Tuesday.   Attackers are exploiting old vulnerabilities — and one new one — in virtual private networking software made by Pulse Secure. Corporations and  governments alike use the technology to manage data on their networks, though it has proven a popular foothold for spies over the years. Later on Tuesday, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency confirmed that “U.S. government agencies” and “critical infrastructure entities” had been breached in the activity. “The threat actor is using this access to place webshells on the Pulse Connect Secure appliance for further access and persistence,” CISA said. One of the hacking groups in question uses techniques similar to a Chinese state-backed espionage group, according to FireEye […] The post State-linked hackers hit American, European organizations with Pulse Secure exploits appeared first on CyberScoop. (CyberScoop)

Biden administration unveils plan to defend electric sector from cyberattacks

The Biden administration is buckling down on cyber threats to U.S. power infrastructure. The Department of Energy (DOE) announced a 100-day plan to help shore up the U.S. electric power system against cyber threats Tuesday.  The plan, rolled out with the private sector and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), is meant to help owners and operators develop more comprehensive approaches to detection, mitigation and forensic capabilities, according to the National Security Council. As part of the plan, the DOE’s Office of Cybersecurity, Energy Security, and Emergency Response, will focus on getting industrial control system (ICS) owners and operators to select and use technologies that will help gain real-time awareness of cyber threats, and response capabilities, according to a release. The DOE will also be encouraging the deployment of technologies that boost visibility into threats in both ICS and operational technology networks. “The United States […] The post Biden administration unveils plan to defend electric sector from cyberattacks appeared first on CyberScoop. (CyberScoop)

Firefox 88 patches bugs and kills off a sneaky JavaScript tracking trick

What's in a window name? Turns out that it could be a sneaky tracking code, so Firefox has put a stop to that. (Naked Security)

MI5 Warns Of Spies Using LinkedIn To Trick Staff Into Spilling Secrets

(News ≈ Packet Storm)

Facebook Downplays Data Breach In Internal Email

(News ≈ Packet Storm)

Lazarus Hacking Group Now Hides Payloads In BMP Image Files

(News ≈ Packet Storm)

China-Linked Hackers Used Pulse Secure Flaw To Target US Defense Industry

(News ≈ Packet Storm)

Geico Breach Let Fraudsters Steal Drivers' License Numbers

(News ≈ Packet Storm)

Over 750,000 Users Downloaded New Billing Fraud Apps From Google Play Store

Researchers have uncovered a new set of fraudulent Android apps in the Google Play store that were found to hijack SMS message notifications for carrying out billing fraud. The apps in question primarily targeted users in Southwest Asia and the Arabian Peninsula, attracting a total of 700,000 downloads before they were discovered and removed from the platform. The findings were reported (The Hacker News)

[eBook] Why Autonomous XDR Is Going to Replace NGAV/EDR

For most organizations today, endpoint protection is the primary security concern. This is not unreasonable – endpoints tend to be the weakest points in an environment – but it also misses the forest for the trees. As threat surfaces expand, security professionals are harder pressed to detect threats that target other parts of an environment and can easily miss a real vulnerability by focusing (The Hacker News)

120 Compromised Ad Servers Target Millions of Internet Users

An ongoing malvertising campaign tracked as "Tag Barnakle" has been behind the breach of more than 120 ad servers over the past year to sneakily inject code in an attempt to serve malicious advertisements that redirect users to rogue websites, thus exposing victims to scamware or malware. Unlike other operators who set about their task by infiltrating the ad-tech ecosystem using "convincing (The Hacker News)

Mozilla Fixes Firefox Flaw That Allowed Spoofing of HTTPS Browser Padlock

The Mozilla Foundation releases Firefox 88, fixing 13 bugs ranging from high to low severity. (Threatpost)

GEICO Alerts Customers Hackers Stole Driver License Data for Two Months

The second-largest auto insurance provider in the U.S. has since fixed the vulnerability that exposed information from its website. (Threatpost)

19-04-202121-04-2021

/security-daily/ 21-04-2021 23:44:23