Security daily (20-11-2020)

Automatically update security groups for Amazon CloudFront IP ranges using AWS Lambda

Amazon CloudFront is a content delivery network that can help you increase the performance of your web applications and significantly lower the latency of delivering content to your customers. For CloudFront to access an origin (the source of the content behind CloudFront), the origin has to be publicly available and reachable. Anyone with the origin […] (AWS Security Blog)

AWS Security Profile: Phillip Miller, Principal Security Advisor

In the weeks leading up to re:Invent, we’ll share conversations we’ve had with people at AWS who will be presenting, and get a sneak peek at their work. How long have you been at AWS and what do you do in your current role? I’ve been at AWS since September 2019. I help executives and […] (AWS Security Blog)

UK formally unveils GCHQ's offensive cyber-operation shop

The U.K. has drummed up an offensive cyber-operations unit dedicated to disrupting British adversaries in cyberspace, British Prime Minister Boris Johnson announced Thursday. The unit, known as the National Cyber Force (NCF), is capable of launching targeted campaigns against adversaries, from those that interfere with terrorists’ communications devices and cellphones to those that support British military operations, according to the announcement. The British government has been developing the force for approximately two years. The NCF, which is expected to grow to 3,000 strong in the coming years, consists of personnel from the country’s signals intelligence agency, the Government Communications Headquarters (GCHQ), as well as the Ministry of Defense, the country’s Secret Intelligence Service (MI6) and the Defence Science and Technology Laboratory. The force, which operates alongside GCHQ’s defensive cyber unit — the National Cyber Security Centre — currently only has a couple hundred staff. The announcement coincides with efforts from British […] The post UK formally unveils GCHQ's offensive cyber-operation shop appeared first on CyberScoop. (CyberScoop)

Police arrest 2 in connection with CyberSeal, Dataprotector crime services

Romanian police have arrested two people for allegedly distributing malicious software designed to evade anti-virus protections to more than 1,560 accused cybercriminals, Europol, the European Union’s law enforcement agency, said Friday. The international crackdown, which Europol and the FBI supported, targeted a decade-long scheme that provided crooks with relatively cheap access to victim computers, which they used to carry out information-stealing and ransomware attacks. The two Romanian suspects, whom authorities did not identify, allegedly ran “crypting” services designed to sneak malicious code past anti-virus software. The services, dubbed CyberSeal and Dataprotector, sold for between $40 to $300, according to Europol. The two suspects also allegedly offered cybercriminals access to a platform to test their malware against anti-virus software for as little as $7. It’s the latest effort by global law enforcement agencies to strike at the heart of infrastructure used by people accused of facilitating costly hacking schemes. Europol and Australian police […] The post Police arrest 2 in connection with CyberSeal, Dataprotector crime services appeared first on CyberScoop. (CyberScoop)

Apple says iOS anti-tracking feature is still on the way, also takes shot at Facebook

Apple affirmed Thursday that its mobile operating system will soon get a new privacy feature opposed by the advertising industry, and it specifically called out Facebook for showing a “disregard for user privacy.” The privacy technology — App Tracking Transparency (ATT) — will arrive in early 2021, according to a letter that Jane Horvath, Apple’s senior director for global privacy, sent to Ranking Digital Rights, an organization that has agitated for big tech companies to do more to improve security and privacy. The nonprofit had urged Apple in October to push forward with the feature. ATT essentially will block iOS apps from tracking the use of other apps on a device. The goal is to limit the information that advertising networks collect about Apple device users. “We delayed the release of ATT to early next year to give developers the time they indicated they needed to properly update their systems and […] The post Apple says iOS anti-tracking feature is still on the way, also takes shot at Facebook appeared first on CyberScoop. (CyberScoop)

Facebook patches Messenger audio snooping bug – update now!

Do you ever make, ahem, "pointed remarks" just before answering calls from people you would rather avoid? (Naked Security)

Learn How to Build & Deploy Apps Fast with Django for Only $26

Everybody wants to build an app, but no one wants to start it from scratch. Building a full-blown application — or any other digital product for that matter — from the ground up entails some tedious work, which is why frameworks exist. Django, a Python-based framework, happens to be one of the best

Django allows you to build a variety of web products with ease. It's no wonder why Pinterest, The Washington Post, Dropbox, and Spotify were built using it.

If you want to learn to create projects with this framework, the 3-Course Django Developer Certification Bundle will show you the ropes... more (Null Byte « WonderHowTo)

Two Romanians Arrested For Running Three Malware Services

(News ≈ Packet Storm)

Dutch Police Investigate Trump Twitter Hack

(News ≈ Packet Storm)

Tech Giants Align To Fight Covid Vaccine Conspiracies

(News ≈ Packet Storm)

Robot Vacuums Suck Up Sensitive Audio In LidarPhone Hack

(News ≈ Packet Storm)

Google Services Weaponized to Bypass Security in Phishing, BEC Campaigns

Attackers exploiting an array of Google Services, including Forms, Firebase, Docs and more to boost phishing and BEC campaigns. (Threatpost)

VMware Fixes Critical Flaw in ESXi Hypervisor

The critical and important-severity flaws were found by a team at the China-based Tiunfu Cup hacking challenge. (Threatpost)

Good Heavens! 10M Impacted in Pray.com Data Exposure

The information exposed in a public cloud bucket included PII, church-donation information, photos and users' contact lists. (Threatpost)

New Grelos Skimmer Variants Siphon Credit Card Data

Domains related to the new variant of the Grelos web skimmer have compromised dozens of websites so far. (Threatpost)

Facebook Messenger Bug Allows Spying on Android Users

The company patched a vulnerability that could connected video and audio calls without the knowledge of the person receiving them. (Threatpost)


/security-daily/ 21-11-2020 23:44:24