Security daily (21-05-2021)

Building fine-grained authorization using Amazon Cognito, API Gateway, and IAM

Authorizing functionality of an application based on group membership is a best practice. If you’re building APIs with Amazon API Gateway and you need fine-grained access control for your users, you can use Amazon Cognito. Amazon Cognito allows you to use groups to create a collection of users, which is often done to set the […] (AWS Security Blog)

Irish officials analyze decryption tool as long recovery process from ransomware continues

The Irish government expects to dedicate significant resources in the coming days to recovery efforts related to a ransomware incident that has hampered the country’s public health service for the last week, officials said Friday. Irish officials have obtained a decryption key that could unlock the data on the networks of the Health Service Executive (HSE), Ireland’s $25 billion public health system, though the key will need to be tested to ensure it does more harm than good. Meanwhile, medical appointments have dropped by as much as 80% in parts of the country following the breach, health officials have said. It’s an example of the pressure that governments face, often under the international spotlight, to promptly restore connectivity to critical systems held hostage by cash-rich cybercriminals. Emergency care has continued throughout the ordeal, but there have been delays in non-urgent services in parts of Ireland as IT systems supporting maternity […] The post Irish officials analyze decryption tool as long recovery process from ransomware continues appeared first on CyberScoop. (CyberScoop)

Conti ransomware gang victimized US health care, first-responder networks, FBI says

The FBI tracked at least 16 Conti ransomware attacks that struck U.S. health care and first-responder networks within the last year, the bureau said in an alert this week. That accounting only factors in attacks in the past year, and incidents that the FBI itself identified. In all, the alert said Conti has hit 400 organizations, nearly 300 of which were in the U.S. The recent first responder victims include law 9-1-1 dispatch centers, emergency medical services, law enforcement agencies and municipalities, the FBI said. The Conti gang has sought as much as $25 million to decrypt systems it locked up, according to the alert. The FBI warning comes as the Irish health care system is contending with its own Conti ransomware attack. It also comes shortly after a report that CNA Insurance paid a $40 million extortion demand — the biggest yet revealed, as extortionists continue to ratchet up […] The post Conti ransomware gang victimized US health care, first-responder networks, FBI says appeared first on CyberScoop. (CyberScoop)

FBI employee indicted for stealing classified info on FBI cybersecurity work

A federal grand jury has charged an FBI employee for stealing classified documents and keeping them in her home between 2004 and 2017, the FBI announced Friday. The employee, Kendra Kingsley, allegedly took documents that detailed the FBI’s sources and methods the FBI uses to counter cyber threats, as well as those it uses in its counterterrorism and counterintelligence work, according to the indictment. Some of the documents detail specifics of investigations in multiple field offices, details on human sources and gaps in intelligence about foreign intelligence services, according to the indictment. The documents also detail technical capabilities the FBI uses in counterintelligence and counterterrorism work. In some cases, the documents contained information on al Qaeda members and emerging terrorism threats in Africa, as well as a suspected associate of Osama bin Laden, the FBI said. Kingsley worked for the FBI’s Kansas City division as an intelligence analyst, but was […] The post FBI employee indicted for stealing classified info on FBI cybersecurity work appeared first on CyberScoop. (CyberScoop)

Cyber insurance premiums rise as ransomware, hacks continue, GAO finds

A growing number of cybersecurity incidents has led many insurers to raise premiums and some to limit coverage in especially risky areas, such as health care and education, according to new findings from a U.S. government watchdog. “[T]he continually increasing frequency and severity of cyberattacks, especially ransomware attacks, have led insurers to reduce cyber coverage limits for certain riskier industry sectors … and for public entities and to add specific limits on ransomware coverage,” the Government Accountability Office said in a report Thursday, which cited surveys of insurance executives. More than half of the brokers surveyed by an industry group said that their clients saw premiums increase between 10% and 30% in late 2020, the report noted. The findings come amid a period of unprecedented scrutiny for the cyber insurance industry, as multimillion-dollar ransoms come to light and cybercriminals appear to target insurers for a list of their clients to […] The post Cyber insurance premiums rise as ransomware, hacks continue, GAO finds appeared first on CyberScoop. (CyberScoop)

What Makes North Korean Hacking Groups More Creative?

(News ≈ Packet Storm)

100M Android Users Hit By Rampant Cloud Leaks

(News ≈ Packet Storm)

Vulns In Billions Of Wi-Fi Devices Let Hackers Bypass Firewalls

(News ≈ Packet Storm)

CNA Financial Paid $40 Million Ransom To Regain Control Of Systems

(News ≈ Packet Storm)

Air India Hack Exposes Credit Card and Passport Info of 4.5 Million Passengers

India's flag carrier airline, Air India, has disclosed a data breach affecting 4.5 million of its customers over a period stretching nearly 10 years after its Passenger Service System (PSS) provider SITA fell victim to a cyber attack earlier this year. The breach involves personal data registered between Aug. 26, 2011 and Feb. 3, 2021, including details such as names, dates of birth, contact (The Hacker News)

Insurance Firm CNA Financial Reportedly Paid Hackers $40 Million in Ransom

U.S. insurance giant CNA Financial reportedly paid $40 million to a ransomware gang to recover access to its systems following an attack in March, making it one the most expensive ransoms paid to date. The development was first reported by Bloomberg, citing "people with knowledge of the attack." The adversary that staged the intrusion is said to have allegedly demanded $60 million a week after (The Hacker News)

Microsoft Warns of Data Stealing Malware That Pretends to Be Ransomware

Microsoft on Thursday warned of a "massive email campaign" that's pushing a Java-based STRRAT malware to steal confidential data from infected systems while disguising itself as a ransomware infection. "This RAT is infamous for its ransomware-like behavior of appending the file name extension .crimson to files without actually encrypting them," the Microsoft Security Intelligence team said in a (The Hacker News)

23 Android Apps Expose Over 100,000,000 Users' Personal Data

Misconfigurations in multiple Android apps leaked sensitive data of more than 100 million users, potentially making them a lucrative target for malicious actors. "By not following best-practices when configuring and integrating third-party cloud-services into applications, millions of users' private data was exposed," Check Point researchers said in an analysis published today and shared with (The Hacker News)

DarkSide Ransomware Gang Extorted $90 Million from Several Victims in 9 Months

DarkSide, the hacker group behind the Colonial Pipeline ransomware attack earlier this month, received $90 million in bitcoin payments following a nine-month ransomware spree, making it one of the most profitable cybercrime groups. "In total, just over $90 million in bitcoin ransom payments were made to DarkSide, originating from 47 distinct wallets," blockchain analytics firm Elliptic said. " (The Hacker News)

U.S. Pipeline Ransomware Attackers Go Dark After Servers and Bitcoin Are Seized

Just as Colonial Pipeline restored all of its systems to operational status in the wake of a crippling ransomware incident a week ago, DarkSide, the cybercrime syndicate behind the attack, claimed it lost control of its infrastructure, citing a law enforcement seizure. All the dark web sites operated by the gang, including its DarkSide Leaks blog, ransom collection site, and breach data content (The Hacker News)

DarkSide Getting Taken to ‘Hackers’ Court’ For Not Paying Affiliates

A shadow court system for hackers shows how professional ransomware gangs have become. (Threatpost)

Building SIEM for Today’s Threat Landscape

Sivan Tehila, cybersecurity strategist at Perimeter 81, discusses the elements involved in creating a modern SIEM strategy for remote work and cloud-everything. (Threatpost)

WP Statistics Bug Allows Attackers to Lift Data from WordPress Sites

The plugin, installed on hundreds of thousands of sites, allows anyone to filch database info without having to be logged in. (Threatpost)

Email Campaign Spreads StrRAT Fake-Ransomware RAT

Microsoft Security discovered malicious PDFs that download Java-based StrRAT, which can steal credentials and change file names but doesn't actually encrypt. (Threatpost)


/security-daily/ 22-05-2021 23:44:22