Security daily (22-07-2020)

How to use AWS Organizations to simplify security at enormous scale

AWS Organizations provides central governance and management across AWS accounts. In this post, we explain how AWS Organizations can make the lives of your Information Security engineers easier, based on our experience in the Information Security team at Amazon. The service control policies (SCPs) feature in AWS Organizations offers you central control over permissions for […] (AWS Security Blog)

Apple's long-awaited security device research program makes its debut

In order to make it easier for security researchers to find vulnerabilities in iPhones, Apple is launching an iPhone Research Device Program that will provide certain hackers with special devices to conduct security research, the company announced Wednesday. Beyond enhancing security for iOS users and making it easier to unearth flaws in iPhones, the program also aims to improve the efficiency of ongoing security research on iOS, Apple said. The launch comes several months after Apple initially teased out the plans for the security device program last year at the Black Hat conference in Las Vegas. For a company normally reluctant to allowing security researchers to find flaws in its code, Apple’s move could mark a step forward in its willingness to work with the broader information security community to expose and root out vulnerabilities in Apple platforms. Security researchers in recent years found it so difficult to access the inner workings […] The post Apple's long-awaited security device research program makes its debut appeared first on CyberScoop. (CyberScoop)

European police bust Polish gang suspected of hacking and stealing cars

German and Polish police agencies announced Wednesday they had dismantled a Polish criminal network accused of stealing dozens of cars by breaching the keyless systems used to start the vehicles. The alleged thieves had racked up at least 34 vehicles worth $1.6 million by the time investigators raided their properties in Poland last week, according to Europol, the European Union’s law enforcement agency. The alleged Polish criminal network appears to be reeling. Seven of its suspected members were arrested last year, and two more in recent months, Europol said. It is unclear exactly how the hacking went down; Europol would only say that the suspects used “technical equipment” to crack the “Keyless Go” systems that allow a driver to unlock and start a car electronically. A Europol spokesperson did not immediately respond to a request for comment. “This is a known issue that has kept car companies up at night […] The post European police bust Polish gang suspected of hacking and stealing cars appeared first on CyberScoop. (CyberScoop)

$2 million in rewards posted for accused SEC hackers

It’s just like the old saying goes: If you can’t beat ’em, tweet about it. The U.S. government embarked on a public awareness campaign Wednesday seeking help in the apprehension of two Ukrainian men accused of hacking the U.S. Securities and Exchange Commission. The State Department offered rewards of up to $1 million apiece for information leading to the arrest or conviction of Artem Radchenko and Oleksandr Ieremenko. The bounty that comes more than a year after the pair were indicted in a scheme to breach an SEC database, steal nonpublic information and then sell it for a profit. The Secret Service, meanwhile, sent a series of tweets highlighting existing charges against the pair, and asked other Twitter users to provide more information. The effort to breach an SEC database resulted in more than $4.5 million in profit, the Secret Service tweeted. “As their criminal reach is worldwide, we welcome the cooperation and […] The post $2 million in rewards posted for accused SEC hackers appeared first on CyberScoop. (CyberScoop)

What's new for North Korean hackers? Kaspersky says they're polishing tools, finding new targets

North Korean government-linked hackers have refined their malware tools and expanded their target lists over the past two years, according to new research from Kaspersky, which says the attackers have devoted “significant resources” to improving their capabilities. In particular, the hackers have aggressively deployed a multi-stage malware framework — which Kaspersky calls MATA — to target Windows, Linux, and macOS operating systems. The framework is capable of deploying more than 15 malware components and has exhibited signs that it allows attackers to move laterally once they have compromised a target network, according to the research. So far, the attackers have used MATA against a software development firm, an e-commerce company and an internet service provider, Kaspersky said. The list of affected countries includes Poland, Germany, Turkey, Japan and India, the researchers said. Based on an analysis of the framework’s filenames and configuration, Kaspersky assesses that the scheme is linked with Lazarus Group, a hacking organization the U.S. government has […] The post What's new for North Korean hackers? Kaspersky says they're polishing tools, finding new targets appeared first on CyberScoop. (CyberScoop)

CISA turns to security experts with street cred to protect health sector

The Department of Homeland Security’s cybersecurity agency is ramping up its efforts to protect medical organizations from hacking during the coronavirus pandemic by hiring multiple security specialists with strong ties to the health care sector, CyberScoop has learned. As the race for a vaccine intensifies, DHS’s Cybersecurity and Infrastructure Security Agency is turning to Josh Corman, who has long evangelized for medical-device security, to help expand the agency’s attempts to secure private-sector networks during the pandemic. Rob Arnold, a former private executive focused on small business’ cybersecurity, is also joining CISA to advise on how COVID-19 has changed cyber risk for critical infrastructure companies. Corman, a former security specialist at IBM, has joined CISA as a visiting researcher and will play a key role in the agency’s COVID-19 response with security advice on health care infrastructure, the agency is expected to announce later Wednesday. Beau Woods, who previously worked on cybersecurity at the U.S. Food and Drug Administration, is also expected […] The post CISA turns to security experts with street cred to protect health sector appeared first on CyberScoop. (CyberScoop)

Prioritize alerts and jump-start your investigations with Recorded Future’s free browser extension. Sign up now.

Graham Cluley Security News is sponsored this week by the folks at Recorded Future. Thanks to the great team there for their support! Drowning in alerts from many different sources and systems? Spending too much valuable time researching potential threats and vulnerabilities? You need Recorded Future Express, a new browser extension from the experts at […] (Graham Cluley)

Hacking macOS: How to Spawn Multi-Threaded Netcat Backdoors on a MacBook

An attacker can create three, five, or even ten new Netcat connections to a compromised MacBook with one command. Performing complex post-exploitation attacks might otherwise be difficult from a single shell without this essential trick.

Why Create Multiple Netcat Threads?

With some macOS post-exploitation attacks, more than one shell may be required. Spawning additional Netcat connections from a single backdoor is possible but can be cumbersome and inconvenient. So I came up with a simple solution that relies on the current date to predict the next time and port number the backdoor will use... more (Null Byte « WonderHowTo)

Critical Adobe Photoshop Flaws Patched In Emergency Update

(News ≈ Packet Storm)

Leak Exposes Private Data Of Genealogy Service Users

(News ≈ Packet Storm)

Justice Charges Chinese Nationals In Hacking Campaign

(News ≈ Packet Storm)

Jan Marsalek Involved In Bizarre Attempt To Buy Hacking Tools

(News ≈ Packet Storm)

University Of York Discloses Data Breach, Staff / Student Records Stolen

(News ≈ Packet Storm)

Skimmers in Images & GitHub Repos

MalwareBytes recently shared some information about web skimmers that store malicious code inside real .ico files. During a routine investigation, we detected a similar issue. Instead of targeting .ico files, however, attackers chose to inject content into real .png files — both on compromised sites and in booby trapped Magento repos on GitHub. Googletagmanager.png Our security analyst Keith Petkus found this piece of malware injected on a compromised Magento 2.x site. Continue reading Skimmers in Images & GitHub Repos at Sucuri Blog. (Sucuri Blog)

US Charges 2 Chinese Hackers for Targeting COVID-19 Research and Trade Secrets

The U.S. Department of Justice (DoJ) yesterday revealed charges against two Chinese nationals for their alleged involvement in a decade-long hacking spree targeting dissidents, government agencies, and hundreds of organizations in as many as 11 countries.

The 11-count indictment, which was unsealed on Tuesday, alleges LI Xiaoyu (李啸宇) and DONG Jiazhi (董家志) stole terabytes of sensitive data, (The Hacker News)

OilRig APT Drills into Malware Innovation with Unique Backdoor

The RDAT tool uses email as a C2 channel, with attachments that hide data and commands inside images. (Threatpost)

Apple Security Research Device Program Draws Mixed Reactions

Apple's Security Research Device program is now open to select researchers - but some are irked by the program's vulnerability disclosure restrictions. (Threatpost)

Lazarus Group Surfaces with Advanced Malware Framework

The North Korean APT has been using the framework, called MATA, for a number of purposes, from spying to financial gain. (Threatpost)

Going Down the Spyware Rabbit Hole with SilkBean Mobile Malware

An Android spyware attack was recently discovered that targeted the Uyghur ethnic minority group - since 2013. (Threatpost)


/security-daily/ 23-07-2020 23:44:22