Security daily (21-09-2020)

Automatically updating AWS WAF Rule in real time using Amazon EventBridge

In this post, I demonstrate a method for collecting and sharing threat intelligence between Amazon Web Services (AWS) accounts by using AWS WAF, Amazon Kinesis Data Analytics, and Amazon EventBridge. AWS WAF helps protect against common web exploits and gives you control over which traffic can reach your application. Attempted exploitation blocked by AWS WAF […] (AWS Security Blog)

German investigators treating ransomware attack as negligent homicide, reports say

German prosecutors last week opened a homicide investigation into a deadly ransomware incident on a university hospital, according to multiple German media reports. If confirmed, it would be the first documented case of a death stemming, directly or indirectly, from a cyberattack, analysts say. Christoph Hebbecker, a cybercrime prosecutor in the German city of Cologne, said Friday that his office had opened an investigation into the ransomware attack as a “negligent homicide,” the Germany news agency DPA reported. The investigation centers around a ransomware infection that hobbled the IT systems of the University of Duesseldorf’s main hospital earlier this month. The disruption forced a critically ill patient to be redirected to a hospital 20 miles away. The patient later died, according to German media reports. Hebbecker’s spokesperson did not return a request for comment on Monday. The incident highlights the starkly different risks facing organizations with vulnerable software. For some, […] The post German investigators treating ransomware attack as negligent homicide, reports say appeared first on CyberScoop. (CyberScoop)

‘Dark Overlord’ hacker pleads guilty, sentenced to 5 years for extortion threats

Years after he threatened to publicly release information from hacking victims unless they agreed to his digital extortion demands, Nathan Wyatt is headed to a U.S. prison. A judge in the Eastern District of Missouri on Monday sentenced Wyatt, 39, to five years in prison after he pleaded guilty to assisting a hacking crew known as The Dark Overlord. Wyatt, who had previously entered a plea of not guilty, participated in a court hearing by phone from a jail in St. Charles County, Missouri. “I’d like to apologize for the role that I played in this,” Wyatt said, through tears, adding that he struggles with a mental illness that affects his decision-making ability. “I can promise you that I just want to go home to my family. I’m out of that world, and I don’t want to see another computer for the rest of my life.” Wyatt also is subject to […] The post ‘Dark Overlord’ hacker pleads guilty, sentenced to 5 years for extortion threats appeared first on CyberScoop. (CyberScoop)

CISA orders agencies to quickly patch critical Netlogon bug

For several days, security experts have urged organizations to fix a critical vulnerability in a Microsoft protocol that hackers could use to steal sensitive data. Now, U.S. government agencies don’t have a choice but to act. The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency on late Friday evening ordered federal civilian agencies to apply a patch for the vulnerability by the end of the day Monday. The “emergency directive” — only the fourth ever issued by the agency — reflects the “unacceptable risk” the vulnerability poses to federal agencies because the affected software is used throughout the government, officials said. The bug is the latest in a bevy of critical flaws to emerge in popular software this year. In response, CISA has increasingly used its emergency-directive authority to try to keep foreign spies or criminals from burrowing into federal networks. In July, CISA gave agencies 24 hours to address another […] The post CISA orders agencies to quickly patch critical Netlogon bug appeared first on CyberScoop. (CyberScoop)

TikTok, WeChat survive in US app stores — one with a deal, the other with a judge's help

China-based TikTok and WeChat remained in U.S. app stores on Monday, surviving a Trump administration ban that was supposed to take effect at the end of the weekend. TikTok’s reprieve came on Saturday, when President Trump announced that its parent company, ByteDance, would break off the social media app’s U.S. business into a new firm, TikTok Global, with 20% ownership by Oracle and Walmart. The good news for users of WeChat, a globally popular messaging app, arrived Sunday when a federal judge in California blocked the ban. Both apps were subject to Commerce Department rules that would have blocked U.S. users from downloading fresh installs or updates, although existing users would have been able to keep current versions on their phones. The announcement said the apps “threaten the national security, foreign policy, and the economy of the U.S.” given their direct windows into the private activities of Americans. The TikTok ban has been […] The post TikTok, WeChat survive in US app stores — one with a deal, the other with a judge's help appeared first on CyberScoop. (CyberScoop)

FBI hopes a more aggressive cyber strategy will disrupt foreign hackers

Last week saw a flurry of U.S. indictments of alleged Chinese and Iranian hackers as part of a multi-agency crackdown on foreign intelligence services. The Department of Treasury issued sanctions, the Department of Homeland Security advised companies on how to fend off hackers and U.S. intelligence agencies likely kept a close eye on possible reactions from Beijing and Tehran. At the center of the coordinated crackdowns, though, were the FBI agents who tracked the computer infrastructure used by the suspects. The series of events was one of the first examples of the FBI’s new cybersecurity strategy in action. The goal of the effort, which officials revealed this month, is simple: impose harsher consequences on America’s digital adversaries by working more closely with intelligence agencies and data-rich private companies. For the FBI, that could mean trying to put a suspect in handcuffs, burning their identity through an indictment or opting to provide targeting […] The post FBI hopes a more aggressive cyber strategy will disrupt foreign hackers appeared first on CyberScoop. (CyberScoop)

Naked Security Live – “The Zerologon hole: are you at risk?”

Naked Security Live - here's the recorded version of our latest video. Enjoy. (Naked Security)

TikTok Ban: Security Experts Weigh In On The App's Risks

(News ≈ Packet Storm)

Satellite Achieves Sharp Eyed View Of Methane

(News ≈ Packet Storm)

Russians Charged For $16.8m Crypto Coin Heist

(News ≈ Packet Storm)

Code Execution, Defense Evasion Are Top Tactics Used In Critical Attacks Against Corporate Endpoints

(News ≈ Packet Storm)

A Patient Dies After Ransomware Attack Paralyzes German Hospital Systems

German authorities last week disclosed that a ransomware attack on the University Hospital of Düsseldorf (UKD) caused a failure of IT systems, resulting in the death of a woman who had to be sent to another hospital that was 20 miles away. The incident marks the first recorded casualty as a consequence of cyberattacks on critical healthcare facilities, which has ramped up in recent months. The (The Hacker News)

Fileless Malware Tops Critical Endpoint Threats for 1H 2020

When it comes to endpoint security, a handful of threats make up the bulk of the most serious attack tools and tactics. (Threatpost)

Unsecured Microsoft Bing Server Leaks Search Queries, Location Data

Data exposed included search terms, location coordinates, and device information - but no personal data. (Threatpost)

DHS Issues Dire Patch Warning for ‘Zerologon’

The deadline looms for U.S. Cybersecurity and Infrastructure Security Agency’s emergency directive for federal agencies to patch against the so-called ‘Zerologon’ vulnerability. (Threatpost)

Firefox for Android Bug Allows ‘Epic Rick-Rolling’

Anyone on the same Wi-Fi network can force websites to launch, with no user interaction. (Threatpost)


/security-daily/ 22-09-2020 23:44:23