Security daily (20-07-2020)

How to lower costs by automatically deleting and recreating HSMs

You can use AWS CloudHSM to help manage your encryption keys on FIPS 140-2 Level 3 validated hardware security modules (HSMs). AWS recommends running a high-availability production architecture with at least two CloudHSM HSMs in different Availability Zones. Although many workloads must be available 24/7, quality assurance or development environments typically do not have this […] (AWS Security Blog)

Dem lawmakers want FBI briefing on foreign interference efforts in 2020 election

Four senior Democratic lawmakers have asked the FBI to brief all members of Congress on foreign efforts to interfere in the 2020 presidential election, citing an ongoing disinformation campaign. “We are gravely concerned, in particular, that Congress appears to be the target of a concerted foreign interference campaign, which seeks to launder and amplify disinformation in order to influence congressional activity, public debate and the presidential election in November,” wrote Speaker of the House Rep. Nancy Pelosi and Senate Minority Leader Charles Schumer in a letter to FBI Director Christopher Wray last week. Rep. Adam Schiff, D-Calif., chairman of the House Intelligence Committee, and Sen. Mark Warner, D-Va., vice chairman of the Senate Intelligence Committee, also signed the letter. The four lawmakers did not elaborate on the nature of the foreign interference campaign targeting Congress, but they did include a classified addendum to the letter that draws on the Trump administration’s […] The post Dem lawmakers want FBI briefing on foreign interference efforts in 2020 election appeared first on CyberScoop. (CyberScoop)

Accused Cypriot scammer threatened to publish stolen data if victims didn't pay huge extortion fees

The government of Cyprus has extradited a 21-year-old accused cybercriminal to the United States after he was accused of breaching a number of U.S. companies as part of a years-long extortion effort. Joshua Epifaniou, a Cypriot national, arrived in New York City on Friday, more than two years after he was initially arrested in connection with a corporate hacking spree. Epifaniou is charged with stealing personal information from at least four sites, then demanding a payment in exchange for not publishing that data, according to the U.S. Department of Justice. Epifaniou also hacked Ripoff Report, a business accountability site, and charged his clients between $3,000 and $5,000 to delete relevant complaints, prosecutors contend. Epifaniou also allegedly worked with a search engine optimization firm to research companies disparaged on Ripoff Report that would be most likely to pay for his services. The Justice Department announced Saturday that Epifaniou was the first […] The post Accused Cypriot scammer threatened to publish stolen data if victims didn't pay huge extortion fees appeared first on CyberScoop. (CyberScoop)

Mitre, the creepy company checking your fingerprints on Facebook for the US Government

Cybercrime reporter Thomas Brewster has written a fascinating exposé of the activities of Mitre Corporation, which has taken on some eyebrow-raising projects for the US government. (Graham Cluley)

Career Notes podcast – Have to be able to communicate to everybody

The folks behind The Cyberwire podcast interviewed me for a new series of shows, looking at how people joined the cybersecurity industry. (Graham Cluley)

7 VPNs that leaked their logs – the logs that “didn’t exist”

Just how private is your Virtual Private Network? (Naked Security)

Monday review – the hot stories of the week

Catch up on the past week's stories, and watch our latest Naked Security Live video. (Naked Security)

Ransomware Gang Demands $7.5 Million From Argentinian ISP

(News ≈ Packet Storm)

Hardest To Crack Enigma Code Machine Sells For $437,000

(News ≈ Packet Storm)

Twitter Says Hackers Downloaded Private Account Data

(News ≈ Packet Storm)

Government Admits Breaking Privacy Law With NHS Test And Trace

(News ≈ Packet Storm)

21-Year-Old Cypriot Hacker Extradited to U.S. Over Fraud and Extortion Charges

The United States Department of Justice has extradited two criminals from the Republic of Cyprus—one is a computer hacker suspected of cyber intrusions and extortion, and the other is a money launderer with known connections to the terrorist organization Hezbollah.

Both suspects—Joshua Polloso Epifaniou, 21, a resident of Nicosia, and Ghassan Diab, 37, a citizen of Lebanon—were arrested (The Hacker News)

Facebook’s NSO Group Lawsuit Over WhatsApp Spying Set to Proceed

A federal judge in California ruled that the spyware vendor does not have sovereign immunity. (Threatpost)

Mac Cryptocurrency Traders Targeted by Trojanized Apps

Four trojanized cryptocurrency trading apps have been found spreading malware that drains cryptocurrency wallets and collects Mac users' browsing data. (Threatpost)

Paving the Path to Passwordless

Password management tools and apps can help ease the pain of passwords, but even those don’t totally solve all of the password challenges all of the time.  (Threatpost)


/security-daily/ 21-07-2020 23:44:22