Security daily (21-12-2020)

How to deploy public ACM certificates across multiple AWS accounts and Regions using AWS CloudFormation StackSets

In this post, I take you through the steps to deploy a public AWS Certificate Manager (ACM) certificate across multiple accounts and AWS Regions by using the functionality of AWS CloudFormation StackSets and AWS Lambda. ACM is a service offered by Amazon Web Services (AWS) that you can use to obtain x509 v3 SSL/TLS certificates. […] (AWS Security Blog)

Lawmakers throw cold water on splitting Cyber Command from NSA

Although Pentagon officials have suggested in recent days that the nation’s offensive cyber arm should split away from the National Security Agency, Cyber Command is a long way from being ready to stand on its own, according to a bipartisan group of lawmakers. The proposal, which some DOD officials have been entertaining in the last several days, would separate out the command from the Department of Defense’s foreign signals intelligence agency, which it has been co-located with for 10 years in order to help it find its footing. Both the NSA and Cyber Command are currently run by the same leader, Gen. Paul Nakasone, and some critics say the Trump administration has been interested in separating the two in order to carve out a leadership spot for a political ally at the helm of the NSA before his time in the Oval Office expires, according to The Washington Post. But […] The post Lawmakers throw cold water on splitting Cyber Command from NSA appeared first on CyberScoop. (CyberScoop)

Bill Barr: No, we won’t be seizing voting machines

Attorney General William Barr declined to endorse a desperate effort by President Donald Trump’s personal lawyer, Rudy Giuliani, to overturn Trump’s electoral defeat by seizing voting machines. Barr said at a press conference Monday that he had not seen evidence of widespread fraud that could change the result of the election, and that there was “no basis now for seizing machines by the federal government.” He also rejected the idea of naming a special counsel to investigate voter fraud allegations. States have certified their results in the election, which saw Joe Biden win by more than 7 million in the popular vote. Election security officials have declared the election secure. Claims of widespread voting irregularities made by Trump’s lawyers have been roundly rejected in court. Giuliani nonetheless last week pushed Ken Cuccinelli, a senior Department of Homeland Security official, to confiscate voting machines, the New York Times and Wall Street […] The post Bill Barr: No, we won’t be seizing voting machines appeared first on CyberScoop. (CyberScoop)

Zero-click iPhone exploit, NSO Group spyware used to target Mideast journalists, Citizen Lab says

Hackers suspected to work for the governments of Saudi Arabia and the United Arab Emirates breached 36 devices belonging to Al Jazeera journalists in recent months by using a zero-click iPhone exploit and NSO Group spyware, according to new Citizen Lab research published Sunday. The suspected government hackers behind the operations had a particularly pernicious tactic for accessing their targets — an iPhone iMessage that requires zero interaction from the target to work, according to the researchers. Citizen Lab is based at the Munk School of Global Affairs and Public Policy at the University of Toronto. The hacking operations, which researchers attribute to the governments of Saudi Arabia and the UAE with “medium confidence,” could have allowed the operators to record audio, take pictures, track device location and access passwords or stored credentials on compromised phones, the researchers said. Qatar, where Al Jazeera is based, historically has a fraught relationship with […] The post Zero-click iPhone exploit, NSO Group spyware used to target Mideast journalists, Citizen Lab says appeared first on CyberScoop. (CyberScoop)

Microsoft identifies second hacking group affecting SolarWinds software

Microsoft revealed that a second hacking group had deployed malicious code that affects software made by SolarWinds, the federal contractor at the center of a suspected Russian espionage campaign against multiple U.S. government agencies. “[T]he investigation of the whole SolarWinds compromise led to the discovery of an additional malware that also affects the SolarWinds Orion product but has been determined to be likely unrelated to this compromise and used by a different threat actor,” a Microsoft research team said in a blog post on Friday. The discovery underscores the extent to which Texas-based SolarWinds, whose software is used throughout Fortune 500 companies, is a valuable target for hackers. The newly revealed malware, known to researchers as Supernova, differs from the alleged Russian tampering because it does not appear to involve a compromise of the supply chain, Microsoft said. The Supernova code does, however, allow an attacker to send and execute […] The post Microsoft identifies second hacking group affecting SolarWinds software appeared first on CyberScoop. (CyberScoop)

FireEye's Mandia on SolarWinds hack: 'This was a sniper round'

The foreign espionage operation that breached several U.S. government agencies through SolarWinds software updates was unique in its methods and stealth, according to FireEye CEO Kevin Mandia, whose company discovered the activity. “This was not a drive-by shooting on the information highway. This was a sniper round from somebody a mile away from your house,” Mandia said Sunday morning on CBS’s “Face the Nation.” “This was special operations. And it was going to take special operations to detect this breach.” Mandia estimated that about “only about 50 companies or organizations” were the true targets of the operation, which is suspected to be the work of the Russian intelligence agency known as the SVR. Texas-based SolarWinds reportedly has about 300,000 customers overall in government and industry, and the malware in the spy campaign was pushed out to about 18,000 of those, including U.S. government agencies and major corporations. In the CBS […] The post FireEye's Mandia on SolarWinds hack: 'This was a sniper round' appeared first on CyberScoop. (CyberScoop)

Naked Security Live – Watch out for Messenger scams

Here's the latest Naked Security video talk - watch now! (And please share with your friends...) (Naked Security)

A Second Hacking Group Has Targeted SolarWinds Systems

(News ≈ Packet Storm)

Al Jazeera Journalists Hacked Via NSO Group Spyware

(News ≈ Packet Storm)

Kazakhstan Spies On Citizens' HTTPS Traffic

(News ≈ Packet Storm)

Some Of 2020's More Interesting Security Stories

(News ≈ Packet Storm)

Nosy Ex-Partners Armed with Instagram Passwords Pose a Serious Threat

A survey of single people found almost a third are still logging into their ex’s social-media accounts, some for revenge. (Threatpost)

Smart Doorbell Disaster: Many Brands Vulnerable to Attack

Investigation reveals device sector is problem plagued when it comes to security bugs. (Threatpost)

Defending Against State and State-Sponsored Threat Actors

Saryu Nayyar of Gurucul discusses state and state-sponsored threat actors, the apex predators of the cybersecurity world. (Threatpost)

Zero-Click Apple Zero-Day Uncovered in Pegasus Spy Attack

The phones of 36 journalists were infected by four APTs, possibly linked to Saudi Arabia or the UAE. (Threatpost)

Simplifying Proactive Defense With Threat Playbooks

FortiGuard Labs’ Derek Manky talks about how threat playbooks can equip defense teams with the tools they need to fight back against evolving attacker TTPs. (Threatpost)

Dark Web Pricing Skyrockets for Microsoft RDP Servers, Payment-Card Data

Underground marketplace pricing on RDP server access, compromised payment card data and DDoS-For-Hire services are surging. (Threatpost)


/security-daily/ 22-12-2020 23:44:27