Security daily (20-08-2020)

How to use AWS Config to determine compliance of AWS KMS key policies to your specifications

One of the top security methodologies is the principle of least privilege, which is the practice of limiting user, application, and service permissions to only those necessary to perform a function or task. In this post, I will describe how you can use AWS Config to create compliance rules that will scan AWS Key Management […] (AWS Security Blog)

Former Uber CSO criminally charged with covering up 2016 data breach

U.S. prosecutors have charged the former Chief Security Officer at Uber with allegedly covering up a data breach at the ride-hailing company that exposed information tied to roughly 57 million people. Joe Sullivan was charged Thursday in the U.S. District Court in San Francisco with failing to disclose details of the security incident to the proper authorities. Sullivan, who now works as the chief information security officer at Cloudflare, allegedly committed two felonies by not informing investigators about the hack while they probed the circumstances surrounding a prior data breach. Sullivan was charged with obstruction of justice and misprision of a felony. The maximum sentence if convicted on both charges is eight years in prison. The complaint pertains to a 2016 incident in which two hackers contacted Uber via email to report that they had accessed personal information about 57 million Uber users and drivers, including driver’s license numbers. The […] The post Former Uber CSO criminally charged with covering up 2016 data breach appeared first on CyberScoop. (CyberScoop)

Weeks after malware disruption, New York hospital is getting back online

For three weeks, a 290-bed medical facility in upstate New York has been grappling with a cybersecurity incident that prevented doctors from accessing patients’ electronic medical records (EMRs). The EMRs and payroll and accounting systems are now back online, the Samaritan Medical Center said in a statement Wednesday, but restoring the entire computer network will still take time. The not-for-profit Watertown, New York, institution — which says it generates $395 million annually in economic activity — blamed a “malware attack” for the disruption. There was no evidence that patient data had been compromised. It was unclear who was responsible for the attack. A facility spokesperson did not respond to multiple requests for comment. The incident highlights how malicious cyber-activity has continued to disrupt IT systems in the health sector as it fights a global pandemic. Multiple ransomware attacks have hit pharmaceutical or biomedical firms working on coronavirus treatments, while health care providers in […] The post Weeks after malware disruption, New York hospital is getting back online appeared first on CyberScoop. (CyberScoop)

List of 2020 election meddlers includes Cuba, Saudi Arabia and North Korea, US intelligence official says

Cuba, Saudi Arabia, and North Korea are working to influence U.S. elections by running information operations, according to the top counterintelligence official in the Trump administration. All three seek to sow discord as Election Day looms, according to Bill Evanina, the Director of the National Counterintelligence and Security Center at the Office of the Director of National Intelligence. He did not specify the nature and duration of the operations. “I believe we’re going to have a lot of things that occur in the next 70 days that are going to impact and influence those issues, from nation-state threat actors, whether it be Iran, China, and obviously Russia. We have other countries getting in the nexus because they think it works,” Evanina said during a U.S. Chamber of Commerce virtual event Wednesday. “They want to be able to provide their optics for discord in the United States … countries like Cuba, and […] The post List of 2020 election meddlers includes Cuba, Saudi Arabia and North Korea, US intelligence official says appeared first on CyberScoop. (CyberScoop)

CISA infrastructure security official Brian Harrell steps down

Brian Harrell, a senior official in charge of physical infrastructure protection at the Department of Homeland Security’s cybersecurity agency, resigned his post on Thursday and is headed to the private sector. “During my time at [the Cybersecurity and Infrastructure Security Agency], we have responded to hurricanes and historic floods, provided expertise after mass-shootings, engaged thousands of critical infrastructure owners and operators, and we are now providing the private sector assistance during COVID-19,” Harrell wrote in a resignation letter to President Donald Trump. Harrell, a former security executive in the electric sector, Harrell joined DHS in December 2018. He has helped organize cybersecurity drills for critical infrastructure companies, including the recently completed “Cyber Storm” exercise, which drew 2,000 participants. Harrell also helped run CISA’s security team for the last two Super Bowls. Starting Monday, CISA Deputy Assistant Director Steve Harris will fill Harrell’s role in an acting capacity, an agency spokesperson said. […] The post CISA infrastructure security official Brian Harrell steps down appeared first on CyberScoop. (CyberScoop)

UK suit seeks compensation for Marriott data breach victims

Marriott International is the subject of a lawsuit in the United Kingdom brought by millions of former guests seeking compensation for the exposure of their data in a massive breach. The class action-style lawsuit, filed by U.K. resident Martin Bryant, comes in response to a security incident in which hackers accessed information about more than 300 million people between July 2014 and September 2018. The breach, first revealed in 2018, included data such as email addresses, phone numbers and credit card data about people who booked reservations through the Starwood Hotels chain, which Marriott acquired. U.S. officials privately attributed the breach to hackers working on behalf of China’s Ministry of State Security, the New York Times reported. Passport numbers belonging to some 25 million people were also involved. In a statement, Bryant said he filed the lawsuit because the hotel operators had failed to “take adequate steps to ensure the […] The post UK suit seeks compensation for Marriott data breach victims appeared first on CyberScoop. (CyberScoop)

Cisco Critical Flaw Patched In WAN Software Solution

(News ≈ Packet Storm)

Senate Bill Would Expand Facial Recognition Restrictions Nationwide

(News ≈ Packet Storm)

QAnon: Facebook Takes Action On Conspiracy Groups

(News ≈ Packet Storm)

Gmail Bug Fixed Seven Hours After Exploit Details Go Public

(News ≈ Packet Storm)

COVID-19 Chloroquine Pharmaspam

A recent SiteCheck scan of an organization’s website showed an interesting pharmacy spam injection targeting COVID-19-related pages of websites. The HTML that was flagged by our SiteCheck signature, spam-seo.hiddencontent?100.2, shows why the pharmacy spam text was not displayed on the infected web page: This spammer is trying to obfuscate their link injection by assigning a custom function, getstyle, to store the none display element value. This essentially hides any of the element’s text that comes after the function is called, then uses the custom function end_ to remove the none display element. Continue reading COVID-19 Chloroquine Pharmaspam at Sucuri Blog. (Sucuri Blog)

Former Uber Security Chief Charged Over Covering Up 2016 Data Breach

The federal prosecutors in the United States have charged Uber's former chief security officer, Joe Sullivan, for covering up a massive data breach that the ride-hailing company suffered in 2016.

According to the press release published by the U.S. Department of Justice, Sullivan "took deliberate steps to conceal, deflect, and mislead the Federal Trade Commission about the breach" that also (The Hacker News)

Hackers Target Defense Contractors' Employees By Posing as Recruiters

The United States Cybersecurity and Infrastructure Security Agency (CISA) has published a new report warning companies about a new in-the-wild malware that North Korean hackers are reportedly using to spy on key employees at government contracting companies.

Dubbed 'BLINDINGCAN,' the advanced remote access trojan acts as a backdoor when installed on compromised computers.

According to the FBI (The Hacker News)

Experian South Africa Suffers Data Breach Affecting Millions; Attacker Identified

The South African arm of one of the world's largest credit check companies Experian yesterday announced a data breach incident that exposed personal information of millions of its customers.

While Experian itself didn't mention the number of affect customers, in a report, the South African Banking Risk Information Centre—an anti-fraud and banking non-profit organization who worked with (The Hacker News)

Microsoft Issues Emergency Security Updates for Windows 8.1 and Server 2012 R2

Microsoft has issued an emergency out-of-band software update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 systems to patch two new recently disclosed security vulnerabilities.

Tracked as CVE-2020-1530 and CVE-2020-1537, both flaws reside in the Remote Access Service (RAS) in a way it manages memory and file operations and could let remote attackers gain elevated privileges after (The Hacker News)

Experts Reported Security Bug in IBM's Db2 Data Management Software

Cybersecurity researchers today disclosed details of a memory vulnerability in IBM's Db2 family of data management products that could potentially allow a local attacker to access sensitive data and even cause a denial of service attacks.

The flaw (CVE-2020-4414), which impacts IBM Db2 V9.7, V10.1, V10.5, V11.1, and V11.5 editions on all platforms, is caused by improper usage shared memory, (The Hacker News)

IBM Settles Lawsuit Over Weather Channel App Data Privacy

The lawsuit alleged that the IBM-owned Weather Channel mobile app did not let users know it was selling their geolocation data. (Threatpost)

Transparent Tribe Mounts Ongoing Spy Campaign on Military, Government

The group has added a management console and a USB worming function to its main malware, Crimson RAT. (Threatpost)

Microsoft Out-of-Band Security Update Fixes Windows Remote Access Flaws

The unscheduled security update addresses two "important"-severity flaws in Windows 8.1 and Windows Server 2012. (Threatpost)

Senate Bill Would Expand Facial-Recognition Restrictions Nationwide

The proposed law comes as police departments around the country for their use of facial recognition to identify allegedly violent Black Lives Matter protesters. (Threatpost)

Cisco Critical Flaw Patched in WAN Software Solution

Cisco has issued a fix for a critical flaw in its Virtual Wide Area Application Services (vWAAS), software for optimizing WAN on virtual private cloud infrastructure. (Threatpost)

IBM AI-Powered Data Management Software Subject to Simple Exploit

A low-privileged process on a vulnerable machine could allow data harvesting and DoS. (Threatpost)


/security-daily/ 21-08-2020 23:44:25