Security daily (22-06-2021)

CloudHSM best practices to maximize performance and avoid common configuration pitfalls

AWS CloudHSM provides fully-managed hardware security modules (HSMs) in the AWS Cloud. CloudHSM automates day-to-day HSM management tasks including backups, high availability, provisioning, and maintenance. You’re still responsible for all user management and application integration. In this post, you will learn best practices to help you maximize the performance of your workload and avoid common […] (AWS Security Blog)

USB-based malware is a growing concern for industrial firms, new Honeywell findings show

The number of cyber threats designed to use USB sticks and other external media devices as launching pads doubled in 2021, according to new research from Honeywell, the industrial automation giant.  Of those threats, 79% could be used to disrupt operational technology systems, researchers found. The report was based on cybersecurity threat data collected from hundreds of industrial facilities over a 12-month period.  “USB-borne malware was a serious and expanding business risk in 2020, with clear indications that removable media has become part of the playbook used by organized and targeted attacks, including ransomware,” Eric Knapp, director of cybersecurity research at Honeywell Connected Enterprise said in a statement.  Since many industrial systems are cut off from the internet, external devices like USB drives can provide hackers with a foothold into sensitive networks. USB drives have been known to carry infamous malware strains including Stuxnet and WannaCry.  The new report noted […] The post USB-based malware is a growing concern for industrial firms, new Honeywell findings show appeared first on CyberScoop. (CyberScoop)

FIN7 scammers posed as SEC officials, sick restaurant customers to hack victims

A hacking group known for innovative fraud techniques impersonated angry restaurant customers and targeted specific individuals with unique access to financial information, U.S. prosecutors argue in a court filing that sheds new light on the scammers’ work. The FIN7 gang, which researchers have blamed for more than $1 billion in theft since 2015, relied on more than 70 members who were assigned to various departments under the larger organization, according to court documents filed on June 17 in U.S. District Court in Seattle. By masquerading as a cybersecurity testing company dubbed Combi Security, FIN7 leaders organized their personnel into separate teams charged with developing malware, crafting phishing documents and collecting money from breached victims. The group targeted hundreds of U.S. companies, prosecutors say, infecting victims as diverse as the burrito chain Chipotle and the department store Saks Fifth Avenue. Court documents filed in the case of Andrii Kolpakov, who pleaded […] The post FIN7 scammers posed as SEC officials, sick restaurant customers to hack victims appeared first on CyberScoop. (CyberScoop)

A plan to label companies vulnerable to hacking is set to spark debate on Capitol Hill

The notion of writing more cybersecurity regulations is gaining traction following the Colonial Pipeline and JBS ransomware incidents, after decades of a largely hands-off approach to private sector-owned critical infrastructure. Top Biden administration team picks have testified about how voluntary standards aren’t getting the job done, and some in Congress have indicated their patience is waning with letting industry go it alone. Enter a proposal that some lawmakers and the Cyberspace Solarium Commission that they say strikes a middle ground between the new zeal for hard rules and the tradition of non-regulation in cyberspace: “systemically important critical infrastructure.” Also known as SICI, it’s an idea that involves labeling hacking targets that are most likely to cause economic, public health or national security disruptions if attacked, then offering the owners of that infrastructure a mixture of government boons in exchange for meeting baseline cybersecurity standards. But even as something of a […] The post A plan to label companies vulnerable to hacking is set to spark debate on Capitol Hill appeared first on CyberScoop. (CyberScoop)

Ransomware: What REALLY happens if you pay the crooks?

Free talk! Join us online for as much fun as you can ethically have while talking about ransomware. (And learn some useful stuff too!) (Naked Security)

Biden Is Worried About Cybersecurity. Japan Says Watch Cartoons.

(News ≈ Packet Storm)

Ransomware Gang Cl0p Announces New Victim After Police Bust

(News ≈ Packet Storm)

SEC Probing SolarWinds Clients Over Cyber Breach Disclosures

(News ≈ Packet Storm)

Lexmark Printers Open To Arbitrary Code Execution Zero Day

(News ≈ Packet Storm)

SonicWall Left a VPN Flaw Partially Unpatched Amidst 0-Day Attacks

A critical vulnerability in SonicWall VPN appliances that was believed to have been patched last year has been now found to be "botched," with the company leaving a memory leak flaw unaddressed, until now, that could permit a remote attacker to gain access to sensitive information. The shortcoming was rectified in an update rolled out to SonicOS on June 22.  Tracked as CVE-2021-20019 (CVSS score (The Hacker News)

Unpatched Flaw in Linux Pling Store Apps Could Lead to Supply-Chain Attacks

Cybersecurity researchers have disclosed a critical unpatched vulnerability affecting Pling-based free and open-source software (FOSS) marketplaces for Linux platform that could be potentially abused to stage supply-chain attacks and achieve remote code execution (RCE). "Linux marketplaces that are based on the Pling platform are vulnerable to a wormable [cross-site scripting] with potential for (The Hacker News)

NVIDIA Jetson Chipsets Found Vulnerable to High-severity Flaws

U.S. graphics chip specialist NVIDIA has released software updates to address a total of 26 vulnerabilities impacting its Jetson system-on-module (SOM) series that could be abused by adversaries to escalate privileges and even lead to denial-of-service and information disclosure. <!--adsense--> Tracked from CVE‑2021‑34372 through CVE‑2021‑34397, the flaws affect products Jetson TX1, TX2 series, (The Hacker News)

BEC Losses Top $1.8B as Tactics Evolve

BEC attacks getting are more dangerous, and smart users are the ones who can stop it. (Threatpost)

Cryptominers Slither into Python Projects in Supply-Chain Campaign

These code bombs lurk in the PyPI package repository, waiting to be inadvertently baked into software developers' applications. (Threatpost)

Email Bug Allows Message Snooping, Credential Theft

A year-old proof-of-concept attack that allows an attacker to bypass TLS email protections to snoop on messages has been patched. (Threatpost)

Kids’ Apps on Google Play Rife with Privacy Violations

One in five of the most-popular apps for kids under 13 on Google Play don't comply with COPPA regulations on how children's information is collected and used. (Threatpost)


/security-daily/ 23-06-2021 23:44:25