Security daily (21-04-2021)

Whitepaper available: Classic intrusion analysis frameworks for AWS environments

Amazon Web Services (AWS) has released a new whitepaper, Classic intrusion analysis frameworks for AWS environments, to help organizations plan and implement a classic intrusion analysis framework for AWS environments. This whitepaper provides context that will help you understand how such frameworks are used and shows you, in detail, how to mitigate advanced attack tactics […] (AWS Security Blog)

Turnabout: It looks like phone-cracking company Cellebrite had its own vulnerabilities exposed

“Snoop onto them… as they’d snoop onto us.” Moxie Marlinspike, founder of the encrypted messaging app Signal, revealed on Wednesday what he said were vulnerabilities in software that the company Cellebrite uses to break into encrypted phones. To accompany a blog post on what Marlinspike and his team of researchers learned, Signal produced a demonstration video featuring the above line of dialogue from the movie “Hackers.” In a blog post evidently dripping with sarcasm, Marlinspike detailed how he obtained the latest version of the company’s software, named UFED and Physical Analyzer, when he saw a small package fall off the back of a truck, prompting some digital probing. The vulnerabilities would amount to an ironic turn for Cellebrite, which makes its money hacking into smartphones. Its customer base includes the U.S. government and some authoritarian regimes, although the Israeli company recently announced it would stop doing business with Russia or […] The post Turnabout: It looks like phone-cracking company Cellebrite had its own vulnerabilities exposed appeared first on CyberScoop. (CyberScoop)

At least 24 agencies run Pulse Secure software. How many were hacked is an open question.

At least two-dozen U.S. federal agencies run the Pulse Connect Secure enterprise software that two advanced hacking groups have recently exploited, according to the Department of Homeland Security’s cybersecurity agency. Multiple agencies have been breached, but just how many is unclear. “We’re aware of 24 agencies running Pulse Connect Secure devices, but it’s too early to determine conclusively how many have actually had the vulnerability exploited,” Scott McConnell, a spokesman for DHS’s Cybersecurity and Infrastructure Security Agency, told CyberScoop on Wednesday. FireEye, the cybersecurity firm that announced the hacking campaign on Tuesday, said at least one of the two groups had links to China. The suspected Chinese hackers also targeted the trade-secret-rich defense contractors who do business with the Pentagon. CyberScoop’s review of agency records found that multiple U.S. government-funded labs conducting national security-related research appear to run Pulse Connect Secure virtual private network software, which allows employees to log […] The post At least 24 agencies run Pulse Secure software. How many were hacked is an open question. appeared first on CyberScoop. (CyberScoop)

Google releases update to fix another zero-day flaw in Chrome browser

Google released an updated version of the Chrome browser on Tuesday that included seven security fixes, including a patch for a zero-day flaw that hackers may have actively been exploiting, Google said. Google has been dealing with several serious flaws in recent days. The update details four other vulnerabilities and fixes Google had to roll out this week. Google previously fixed another zero-day flaw on April 12, as well. If the zero-day flaw, classified as CVE-2021-21224, was exploited in concert with another vulnerability, hackers would have been able to execute arbitrary code on victims’ systems. VerSprite Inc’s Jose Martinez reported the vulnerability, which Google describes as a Type Confusion in V8, several days ago, linking it to a proof-of-concept exploit that took advantage of the bug. That proof-of-concept code was available on Twitter, and thus accessible to the public, though there were no reports of attackers leveraging the bug in […] The post Google releases update to fix another zero-day flaw in Chrome browser appeared first on CyberScoop. (CyberScoop)

Aiming for the right defense strategy against ransomware threats

Steve Caimi is a security specialist Cisco with nearly 25 years’ experience in cybersecurity.  Ransomware had a banner year in 2020, taking advantage of pandemic-related shifts in network access for remote work, distance learning and telehealth. For critical infrastructure sectors, the threat of seeing data locked up or having systems knocked offline is a risk that these organizations simply can’t afford. While cyber defenders are improving their cyber defenses, hackers are upping their game too. They’re getting better at getting inside, they’re affecting more systems and they’re doing more with the data they steal. That is why organizations need a security strategy that can adapt to the changing threat environment. For ransomware, financial gain is the endgame. We are seeing a growing trend in “big game hunting” — or targeting big-revenue organizations — because attackers know these organizations can, and will, pay up. Two of the top attack vectors should […] The post Aiming for the right defense strategy against ransomware threats appeared first on CyberScoop. (CyberScoop)

Facebook tackles hacking groups with apparent ties to Palestine, Hamas

Facebook on Wednesday detailed steps it took to counter two groups of alleged Palestinian hackers, one with suspected ties to the Palestinian state and another reportedly linked to the Hamas militant group. The hackers linked to Preventive Security Service (PSS), the Palestinian Authority’s internal intelligence organization, targeted victims primarily in the Palestinian territories and Syria, Facebook said. To a lesser degree, they targeted Turkey, Iraq, Lebanon and Libya. Those attackers went after groups and individuals seemingly viewed as a threat to the Fatah-led government, including journalists, dissidents and human rights activists. They also also aimed at military organizations such as the Syrian opposition and Iraqi military, Facebook said. The alleged Hamas-linked hackers, dubbed Arid Viper, by contrast, targeted victims associated with the Palestinian Authority, government organizations and backers of the Fatah-led government, Facebook said. Facebook periodically conducts takedowns of hacking-related activity, most recently related to a campaign that targeted Uighurs […] The post Facebook tackles hacking groups with apparent ties to Palestine, Hamas appeared first on CyberScoop. (CyberScoop)

Hackers exploit SonicWall email software in a banner week for zero-day flaws

It’s only Wednesday, and it’s already been a banner week for previously unknown exploits in popular security software. Unidentified hackers have exploited three “zero-day,” or newly discovered, vulnerabilities in email software made by SonicWall to access an unnamed victim organization’s network, according to Mandiant, the incident response unit of security firm FireEye. “The adversary leveraged these vulnerabilities, with intimate knowledge of the SonicWall application, to install a backdoor, access files and emails, and move laterally into the victim organization’s network,” Mandiant said in a blog on Tuesday evening. Security fixes are available for the flaws, and SonicWall urged customers to apply them. The news came after Mandiant revealed on Tuesday that suspected Chinese hackers had used bugs in another popular enterprise software made by Pulse Secure to break into government and defense-sector networks. Those breaches followed separate intrusion campaigns allegedly carried out by Russian and Chinese hackers exploiting software made […] The post Hackers exploit SonicWall email software in a banner week for zero-day flaws appeared first on CyberScoop. (CyberScoop)

House green lights new State Department cyber bureau

The House of Representatives passed a bill Tuesday that would carve out a top cyber diplomacy office at the State Department to help the U.S. better influence global cyberspace norms. The so-called Cyber Diplomacy Act would require the State Department to develop a strategy for promoting norms in cyberspace around what behavior is acceptable in cyberspace. The proposal would also create an ambassador role for cyber diplomacy, as well as a centralized Bureau of International Cyberspace Policy to push democratic norms in cyberspace and advise the Secretary of State on cyber issues. “In an increasingly connected world, we must have the proper structures in place to promote our values and interests in cyberspace,” Wisconsin Republican Rep. Mike Gallagher, who co-led the bill’s introduction, said in a statement. Added co-sponsor Jim Langevin, D-R.I.: “As the United States confronts increasingly bold challenges from adversaries in cyberspace, designing and implementing a whole-of-government response […] The post House green lights new State Department cyber bureau appeared first on CyberScoop. (CyberScoop)

Hackers pose as Bloomberg employees in email scam

Hackers are impersonating Bloomberg employees in an attempt to install remote access software on target computers, researchers said Wednesday. The ruse seeks to capitalize on the influence of Bloomberg Industry Group (formally known as Bloomberg BNA), whose analysis major corporations use to track markets, according to Cisco Talos, which discovered the activity. The perpetrator is sending fake Bloomberg invoices that are laced with a “remote access trojan” tools that could be used to surveil computer networks or steal data. The goal of the malicious email campaigns, and exactly who was targeted, remain unclear. But the perpetrator has clearly gone beyond the bumbling phishing emails in broken English that typically give other scammers away. It’s a clever piece of social engineering from a cyber actor that has apparently only been active for a year, but which has looked for economical ways into victim networks. One of the tools used, called NanoCore, […] The post Hackers pose as Bloomberg employees in email scam appeared first on CyberScoop. (CyberScoop)

When cryptography attacks – how TLS helps malware hide in plain sight

No IT technology feels quite as much of a double-edged sword as encryption. (Naked Security)

Zero-Day Vulns In SonicWall Email Security Are Being Exploited

(News ≈ Packet Storm)

Mozilla Fixes Firefox Flaw That Allowed Spoofing Of HTTPS Browser Padlock

(News ≈ Packet Storm)

Campaign Targets Bloomberg Clients With RATs

(News ≈ Packet Storm)

Lessons Learned From SolarWinds And Exchange Hacks

(News ≈ Packet Storm)

WPScan Intro: How to Install the WordPress Vulnerability Scanner 

What does your WordPress site look like to hackers? Would it be tough to crack? Or does it have unlocked doors and unlatched windows just waiting for someone to try them? If you want to run a security test on your WordPress site that’ll reveal its weaknesses, get familiar with WPScan.   Even though most hackers don’t have insider knowledge of your site’s weaknesses, there’s a lot they can figure out based on its publicly visible code.  Continue reading WPScan Intro: How to Install the WordPress Vulnerability Scanner  at Sucuri Blog. (Sucuri Blog)

Hackers threaten to leak stolen Apple blueprints if $50 million ransom isn't paid

Prominent Apple supplier Quanta on Wednesday said it suffered a ransomware attack from the REvil ransomware group, which is now demanding the iPhone maker pay a ransom of $50 million to prevent leaking sensitive files on the dark web. In a post shared on its deep web "Happy Blog" portal, the threat actor said it came into possession of schematics of the U.S. company's products such as MacBooks (The Hacker News)

Improve Your Cyber Security Posture by Combining State of the Art Security Tools

Today there are plenty of cybersecurity tools on the market. It is now more important than ever that the tools you decide to use work well together. If they don't, you will not get the complete picture, and you won't be able to analyze the entire system from a holistic perspective.  This means that you won't be able to do the right mitigations to improve your security posture. Here are examples (The Hacker News)

Update Your Chrome Browser ASAP to Patch a Week Old Public Exploit

Google on Tuesday released an update for Chrome web browser for Windows, Mac, and Linux, with a total of seven security fixes, including one flaw for which it says an exploit exists in the wild. Tracked as CVE-2021-21224, the flaw concerns a type confusion vulnerability in V8 open-source JavaScript engine that was reported to the company by security researcher Jose Martinez on April 5 According (The Hacker News)

3 Zero-Day Exploits Hit SonicWall Enterprise Email Security Appliances

SonicWall has addressed three critical security vulnerabilities in its hosted and on-premises email security (ES) product that are being actively exploited in the wild. Tracked as CVE-2021-20021 and CVE-2021-20022, the flaws were discovered and reported to the company by FireEye's Mandiant subsidiary on March 26, 2021, after the cybersecurity firm detected post-exploitation web shell activity on (The Hacker News)

WARNING: Hackers Exploit Unpatched Pulse Secure 0-Day to Breach Organizations

If Pulse Connect Secure gateway is part of your organization network, you need to be aware of a newly discovered critical zero-day authentication bypass vulnerability (CVE-2021-22893) that is currently being exploited in the wild and for which there is no patch available yet. At least two threat actors have been behind a series of intrusions targeting defense, government, and financial (The Hacker News)

1-Click Hack Found in Popular Desktop Apps — Check If You're Using Them

Multiple one-click vulnerabilities have been discovered across a variety of popular software applications, allowing an attacker to potentially execute arbitrary code on target systems. The issues were discovered by Positive Security researchers Fabian Bräunlein and Lukas Euler and affect apps like Telegram, Nextcloud, VLC, LibreOffice, OpenOffice, Bitcoin/Dogecoin Wallets, Wireshark, and Mumble. (The Hacker News)

4 Innovative Ways Cyberattackers Hunt for Security Bugs

David “moose” Wolpoff, co-founder and CTO at Randori, talks lesser-known hacking paths, including unresolved "fixme" flags in developer support groups. (Threatpost)

QR Codes Offer Easy Cyberattack Avenues as Usage Spikes

Usage is way up, but so are cyberattacks: Mobile phishing, malware, banking heists and more can come from just one wrong scan. (Threatpost)

Pulse Secure Critical Zero-Day Security Bug Under Active Exploit

CVE-2021-22893 allows remote code-execution (RCE) and is being used in the wild by nation-state cyberattackers to compromise VPN appliances in defense, finance and government orgs. (Threatpost)

Swiss Army Knife for Information Security: What Is Comprehensive Protection?

Data-breach risk should be tackled with a toolset for monitoring data in motion and data at rest, analysis of user behavior, and the detection of fraud and weak spots. (Threatpost)

Novel Email-Based Campaign Targets Bloomberg Clients with RATs

Attacks dubbed ‘Fajan’ by researchers are specifically targeted and appear to be testing various threat techniques to find ones with the greatest impact. (Threatpost)


/security-daily/ 22-04-2021 23:44:26