Security daily (20-07-2021)

How to restrict IAM roles to access AWS resources from specific geolocations using AWS Client VPN

You can improve your organization’s security posture by enforcing access to Amazon Web Services (AWS) resources based on IP address and geolocation. For example, users in your organization might bring their own devices, which might require additional security authorization checks and posture assessment in order to comply with corporate security requirements. Enforcing access to AWS […] (AWS Security Blog)

Chinese government-backed hackers infiltrated US pipeline companies, FBI says

State-sponsored Chinese cybercriminals successfully hacked into the control systems of several U.S. oil and natural gas pipelines between December 2011 to 2013, a Wednesday alert from the Department of Homeland Security’s cyber outfit and the FBI reveals. The hackers stole information that would have allowed them to access control networks and provided them with “sufficient access to allow them to remotely perform unauthorized operations on the pipeline with physical consequences,” says the alert. The campaign compromised at least 13 companies. Of the 23 targets, eight had an unknown level of intrusions. The Cybersecurity Infrastructure and Security Agency and the FBI provided assistance to victims at the time. “CISA and the FBI assess that these actors were specifically targeting U.S. pipeline infrastructure for the purpose of holding U.S. pipeline infrastructure at risk,” the alert says. “Additionally, CISA and the FBI assess that this activity was ultimately intended to help China develop […] The post Chinese government-backed hackers infiltrated US pipeline companies, FBI says appeared first on CyberScoop. (CyberScoop)

TSA pushes more cybersecurity mandates on critical pipeline owners, emphasizing ransomware

The Transportation Security Administration on Tuesday handed down additional cybersecurity requirements for owners of major pipelines, this time focused on ransomware. It’s the second time the Department of Homeland Security’s TSA has issued a security directive to critical pipeline owners since ransomware attackers struck Colonial Pipeline in May, an incident that spurred panic-buying amid fears of a gas shortage. The specific requirements of the directive were not immediately clear. “This Security Directive requires owners and operators of TSA-designated critical pipelines to implement specific mitigation measures to protect against ransomware attacks and other known threats to information technology and operational technology systems, develop and implement a cybersecurity contingency and recovery plan, and conduct a cybersecurity architecture design review,” a DHS statement reads. The same month of the Colonial Pipeline attack, TSA threatened to fine certain pipeline owners — an estimated 100 companies — if they failed to meet cybersecurity guidelines. TSA […] The post TSA pushes more cybersecurity mandates on critical pipeline owners, emphasizing ransomware appeared first on CyberScoop. (CyberScoop)

Apple iPhone patches are out – no news if recent Wi-Fi bug is fixed

Remember that weird iPhone Wi-Fi bug from a week or so ago? Let's hope this update patches it! (Naked Security)

Hundreds Of Touchscreen Ticket Machines Hit By Ransomware Attack

(News ≈ Packet Storm)

China Denies Being Behind Major Microsoft Hack

(News ≈ Packet Storm)

Apple Under Pressure Over iPhone Security After NSO Spyware Claims

(News ≈ Packet Storm)

Chinese Hackers Hid Hacked Data In A Donald Trump Picture

(News ≈ Packet Storm)

HP Patches Vulnerable Driver Lurking In Printers For 16 Years

(News ≈ Packet Storm)

New Windows and Linux Flaws Give Attackers Highest System Privileges

Microsoft's Windows 10 and the upcoming Windows 11 versions have been found vulnerable to a new local privilege escalation vulnerability that permits users with low-level permissions access Windows system files, in turn, enabling them to unmask the operating system installation password and even decrypt private keys. "Starting with Windows 10 build 1809, non-administrative users are granted (The Hacker News)

16-Year-Old Security Bug Affects Millions of HP, Samsung, Xerox Printers

Details have emerged about a high severity security vulnerability affecting a software driver used in HP, Xerox, and Samsung printers that has remained undetected since 2005. Tracked as CVE-2021-3438 (CVSS score: 8.8), the issue concerns a buffer overflow in a print driver installer package named "SSPORT.SYS" that can enable remote privilege and arbitrary code execution. Hundreds of millions of (The Hacker News)

This New Malware Hides Itself Among Windows Defender Exclusions to Evade Detection

Cybersecurity researchers on Tuesday lifted the lid on a previously undocumented malware strain dubbed "MosaicLoader" that singles out individuals searching for cracked software as part of a global campaign. "The attackers behind MosaicLoader created a piece of malware that can deliver any payload on the system, making it potentially profitable as a delivery service," Bitdefender researchers (The Hacker News)

Researchers: NSO Group’s Pegasus Spyware Should Spark Bans, Apple Accountability

Our roundtable of experts weighs in on implications for Apple and lawmakers in the wake of the bombshell report showing widespread surveillance of dissidents, journalists and others. (Threatpost)

Law Firm to the Fortune 500 Breached with Ransomware

Deep-pocketed clients' customers & suppliers could be in the attacker's net, with potential PII exposure from an A-list clientele such as Apple, Boeing and IBM. (Threatpost)

Why Your Business Needs a Long-Term Remote Security Strategy

Chris Hass, director of information security and research at Automox, discusses the future of work: A hybrid home/office model that will demand new security approaches. (Threatpost)

16-Year-Old HP Printer-Driver Bug Impacts Millions of Windows Machines

The bug could allow cyberattackers to bypass security products, tamper with data and run code in kernel mode. (Threatpost)


/security-daily/ 21-07-2021 23:44:22