Security daily (20-10-2020)

How to automate incident response in the AWS Cloud for EC2 instances

One of the security epics core to the AWS Cloud Adoption Framework (AWS CAF) is a focus on incident response and preparedness to address unauthorized activity. Multiple methods exist in Amazon Web Services (AWS) for automating classic incident response techniques, and the AWS Security Incident Response Guide outlines many of these methods. This post demonstrates […] (AWS Security Blog)

TrickBot really is on the run after Microsoft, Cyber Command disruption

After some initial doubts, Tuesday brought encouraging signs that a multi-front attempt to dismantle the massive TrickBot botnet in advance of Election Day has taken root, perhaps thanks to an extra push. In recent weeks, a Pentagon hacking division and a coalition of organizations led by Microsoft took aim at TrickBot, one of of the world’s largest armies of zombie computers. Fears that attackers could use the botnet to deploy ransomware and disrupt the 2020 election motivated the takedown bids. Microsoft said on Tuesday that, as of the start of this week, it had disabled 120 out of 128 command-and-control servers the company identified as part of TrickBot’s infrastructure, good for a 94% takedown rate. Nearly 60 of the 128 sprung up as cybercriminals sought to fortify its infrastructure, after which Microsoft said it shut down all but one. “To be clear, these numbers will change regularly as we expect action we’ve already […] The post TrickBot really is on the run after Microsoft, Cyber Command disruption appeared first on CyberScoop. (CyberScoop)

How US security officials are watching for threats ahead of Election Day

FBI Director Christopher Wray once called the 2018 midterm elections a “dress rehearsal for the big show” of protecting the 2020 presidential election from foreign interference. The big show is finally here, and American officials say they are pulling out all the stops to keep it secure. U.S. intelligence, law enforcement and national security agencies have for weeks been in an “enhanced operational posture” to share any election-related threats with state and local officials, said Chris Krebs, director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. The week before Election Day, which is Nov. 3, those security efforts will kick into overdrive. Officials from the Department of Defense, FBI, the Election Assistance Commission, political campaigns and the private sector are scheduled to gather at CISA’s operations center outside of Washington, D.C. The U.S. Postal Service, which is playing an expanded role in this year’s election with the increase in […] The post How US security officials are watching for threats ahead of Election Day appeared first on CyberScoop. (CyberScoop)

Why social media disinformation represents such a security threat

Disinformation works on you, too. Coordinated social media campaigns aimed at influencing public opinion, both in the U.S. and abroad, represent such a threat to democratic discourse because propagandists seize on emotional conversations with little accountability. By using Facebook and Twitter to plant misinformation, attackers implicitly nudge readers into the kind of tunnel vision that accelerates a cycle of mistrust, according to two researchers who have spent years examining the issue. Graham Brookie, the director and managing editor of the Atlantic Council’s Digital Forensic Research Lab, and Nina Jankowicz, author of “How to Lose the Information War,” said during a panel Tuesday that stopping disinformation requires the kind of cooperation that increasingly is difficult to find in American society. “The tricky thing about disinformation is that everybody thinks of it as somebody else’s problem, right?” Brookie said Tuesday during CyberTalks, a virtual summit hosted by CyberScoop. “We’re all looking at social […] The post Why social media disinformation represents such a security threat appeared first on CyberScoop. (CyberScoop)

NSA warns defense contractors of recent Chinese government-backed hacking

U.S. defense contractors should be wary of Chinese government-backed hackers who are actively exploiting a multitude of known vulnerabilities to target — and successfully breach — victim networks, the National Security Agency said in an advisory Tuesday. The hackers are specifically going after 25 known vulnerabilities that primarily affect products used for remote access or for external web services, which the NSA lays out in detail in the advisory. Vulnerabilities the Chinese hackers are exploiting include those of Pulse Secure VPNs, which could allow attackers to steal victim passwords, as well as F5 Networks’ Big-IP Traffic Management User Interface, Windows Domain Name System servers, a series of flaws in Citrix ADC and Gateway devices, and several others. System administrators in the defense industrial base should immediately patch the vulnerabilities the Chinese hackers are exploiting, the NSA warned. “NSA is aware that National Security Systems, Defense Industrial Base, and Department of Defense networks are consistently […] The post NSA warns defense contractors of recent Chinese government-backed hacking appeared first on CyberScoop. (CyberScoop)

What the FBI did to make headway against COVID-19 research hackers

As the FBI investigated alleged Chinese hacking of American COVID-19 research, it used information it found in known victims’ networks to identify others who had been victimized or potentially might be, according to a top bureau official. It was just one step of several in how the FBI confronted threats to that research, said Tonya Ugoretz, deputy assistant director in the bureau’s cyber division, speaking Tuesday at CyberTalks, a virtual summit hosted by Scoop News Group. The FBI’s role in defending vaccine makers and others combating the virus is part of a government-wide effort, which has included indictments and public joint agency warnings sounding the alarm that both China and Russia have been trying to steal U.S. research secrets. The FBI deployed personnel to aid hacking victims and those who faced attempted hacks with their consent, which allowed investigators to collect evidence to aid other potential victims. But that evidence also would be “valuable for any future […] The post What the FBI did to make headway against COVID-19 research hackers appeared first on CyberScoop. (CyberScoop)

Operator of bitcoin 'mixers' that served dark web markets faces $60 million FinCEN penalty

The operator of two “mixer” or “tumbler” services that exchanged cryptocurrency for users on “the darkest spaces of the internet” is facing $60 million in civil penalties from the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN). The decision against Larry Dean Harmon, who operated the services known as Helix from 2014-17 and Coin Ninja from 2017-20, is the first of its kind from FinCEN against a bitcoin mixer. The agency said he failed to register both as money services businesses and violated federal obligations “to develop, implement, and maintain an anti-money laundering compliance program; and to meet all applicable reporting and recordkeeping requirements.” More specifically, Harmon failed to file suspicious activity reports for transactions within dark web markets, as required by the Bank Secrecy Act. “Mr. Harmon operated Helix as a bitcoin mixer, or tumbler, and advertised its services in the darkest spaces of the internet as a way for […] The post Operator of bitcoin 'mixers' that served dark web markets faces $60 million FinCEN penalty appeared first on CyberScoop. (CyberScoop)

Alleged KickassTorrents founder Artem Vaulin jumped bail in Poland

It looks like the alleged founder of a notorious piracy website is on the run. Artem Vaulin, the accused operator of KickassTorrents, has eluded custody in Poland, where he was arrested in 2016. The site — which is frequently blocked by internet browsers for linking to malicious software — has illegally distributed more than $1 billion worth of movies, video games, television shows and music downloads, U.S. prosecutors say. Polish authorities released Vaulin on bail in May 2017 for health reasons, pending his extradition to the U.S. Now, though, the 34-year-old Ukrainian defendant “has left Poland in violation of his release conditions, and his current whereabouts are unknown,” the U.S. Department of Justice said in a court filing dated Oct. 7. Extradition proceedings have ceased. A former attorney in Poland for Vaulin did not immediately respond to a request for comment. KickassTorrents, often abbreviated to KAT, functions as a directory for torrent […] The post Alleged KickassTorrents founder Artem Vaulin jumped bail in Poland appeared first on CyberScoop. (CyberScoop)

Russian “government hackers” charged with cybercrimes by the US

What can we learn from the US DOJ indictments against the "Sandworm Team"? (Naked Security)

NSA Publishes List Of Vulns Targeted By Chinese Hackers

(News ≈ Packet Storm)

FCC Trying To Help Trump Win Election With Twitter Crackdown

(News ≈ Packet Storm)

Mysterious Robin Hood Hackers Donating Stolen Money

(News ≈ Packet Storm)

Russian Hackers Targeted Tokyo Olympics, UK Says

(News ≈ Packet Storm)

Windows GravityRAT Malware Now Also Targets macOS and Android Devices

A Windows-based remote access Trojan believed to be designed by Pakistani hacker groups to infiltrate computers and steal users' data has resurfaced after a two-year span with retooled capabilities to target Android and macOS devices. According to cybersecurity firm Kaspersky, the malware — dubbed "GravityRAT" — now masquerades as legitimate Android and macOS apps to capture device data, contact (The Hacker News)

Download Ultimate 'Security for Management' Presentation Template

There is a person in every organization that is the direct owner of breach protection. His or her task is to oversee and govern the process of design, build, maintain, and continuously enhance the security level of the organization.

Title-wise, this person is most often either the CIO, CISO, or Directory of IT. For convenience, we'll refer to this individual as the CISO.

This person is the (The Hacker News)

Ransomware Group Makes Splashy $20K Donation to Charities

Cybercriminal gang Darkside sent $20K in donations to charities in a ‘Robin Hood’ effort that’s likely intended to draw attention to future data dumps, according to experts. (Threatpost)

Adobe Fixes 16 Critical Code-Execution Bugs Across Portfolio

The out-of-band patches follow a lighter-than-usual Patch Tuesday update earlier this month. (Threatpost)

Facebook: A Top Launching Pad For Phishing Attacks

Amazon, Apple, Netflix, Facebook and WhatsApp are top brands leveraged by cybercriminals in phishing and fraud attacks - including a recent strike on a half-million Facebook users. (Threatpost)

Pharma Giant Pfizer Leaks Customer Prescription Info, Call Transcripts

Hundreds of medical patients taking cancer drugs, Premarin, Lyrica and more are now vulnerable to phishing, malware and identity fraud. (Threatpost)


/security-daily/ 21-10-2020 23:44:24