19-05-202121-05-2021

Security daily (20-05-2021)

AWS Shield threat landscape review: 2020 year-in-review

AWS Shield is a managed service that protects applications that are running on Amazon Web Services (AWS) against external threats, such as bots and distributed denial of service (DDoS) attacks. Shield detects network and web application-layer volumetric events that may indicate a DDoS attack, web content scraping, or other unauthorized non-human traffic that is interacting […] (AWS Security Blog)

AWS Verified episode 5: A conversation with Eric Rosenbach of Harvard University’s Belfer Center

I am pleased to share the latest episode of AWS Verified, where we bring you conversations with global cybersecurity leaders about important issues, such as how to create a culture of security, cyber resiliency, Zero Trust, and other emerging security trends. Recently, I got the opportunity to experience distance learning when I took the AWS […] (AWS Security Blog)

'Cybersecurity incident' hampers non-urgent care at hospitals in New Zealand

Health officials in New Zealand have for multiple days been dealing with a “cybersecurity incident” that has hindered non-urgent care at multiple hospitals south of the capital of Auckland. Local media are reporting that ransomware is the cause. The IT systems of Waikato District Health Board, which oversees health services for 425,000 people on New Zealand’s North Island, have been offline as government cyber officials investigate the cause of the incident.  The investigation is ongoing, “but [we] are working on the theory that the initial incursion was via an email attachment,” the health board said in statement Wednesday. Emergency care continues, but the disruption has caused some elective surgeries to be postponed at one of the health board’s facilities, Waikato Hospital, “while a number of outpatient clinics have been reduced,” the board said. Some of the outpatient clinics that have been affected include those dealing with respiratory illness and infectious […] The post 'Cybersecurity incident' hampers non-urgent care at hospitals in New Zealand appeared first on CyberScoop. (CyberScoop)

S3 Ep33: Eufy camera leak, Afterburner crisis, and AirTags (again) [Podcast]

Latest episode - listen now (and tell your friends)! (Naked Security)

4 Vulnerabilities Under Attack Give Hackers Full Control Of Android Devices

(News ≈ Packet Storm)

Fraudsters Employ Amazon Vishing Attacks In Fake Order Scams

(News ≈ Packet Storm)

Apple Isn't Happy About The Amount Of Mac Malware Out There

(News ≈ Packet Storm)

Should Paying Hacker Ransoms Be Illegal?

(News ≈ Packet Storm)

Is Single Sign-On Enough to Secure Your SaaS Applications?

If there's one thing all great SaaS platforms share in common, it's their focus on simplifying the lives of their end-users. Removing friction for users in a safe way is the mission of single sign-on (SSO) providers. With SSO at the helm, users don't have to remember separate passwords for each app or hide the digital copies of the credentials in plain sight. SSO also frees up the IT's bandwidth (The Hacker News)

Watering Hole Attack Was Used to Target Florida Water Utilities

An investigation undertaken in the aftermath of the Oldsmar water plant hack earlier this year has revealed that an infrastructure contractor in the U.S. state of Florida hosted malicious code on its website in what's known as a watering hole attack. "This malicious code seemingly targeted water utilities, particularly in Florida, and more importantly, was visited by a browser from the city of (The Hacker News)

100M Android Users Hit By Rampant Cloud Leaks

Several mobile apps, some with 10 million downloads, have opened up personal data of users to the public internet – and most aren't fixed. (Threatpost)

The Gig Economy Creates Novel Data-Security Risks

Enterprises are embracing on-demand freelance help – but the practice, while growing, opens up entirely new avenues of cyber-risk. (Threatpost)

Four Android Bugs Being Exploited in the Wild

On Wednesday, Google quietly slipped updates into its May 3 Android security bulletin for bugs that its Project Zero group has confirmed are zero-days. (Threatpost)

2021 Attacker Dwell Time Trends and Best Defenses

The time that attackers stay hidden inside an organization’s networks is shifting, putting pressure on defenders and upping the need to detect and respond to threats in real-time. (Threatpost)

Apple Exec Calls Level of Mac Malware ‘Unacceptable’

Company is using threat of attacks as defense in case brought against it by Epic Games after Fortnite was booted from the App Store for trying to circumvent developer fees. (Threatpost)

19-05-202121-05-2021

/security-daily/ 21-05-2021 23:44:23