Security daily (22-10-2020)

How to enhance Amazon CloudFront origin security with AWS WAF and AWS Secrets Manager

Whether your web applications provide static or dynamic content, you can improve their performance, availability, and security by using Amazon CloudFront as your content delivery network (CDN). CloudFront is a web service that speeds up distribution of your web content through a worldwide network of data centers called edge locations. CloudFront ensures that end-user requests […] (AWS Security Blog)

US Treasury sanctions 5 Iranian organizations for alleged election influence operations

The Treasury Department on Thursday announced sanctions against five Iranian organizations for allegedly trying to influence the U.S. election through disinformation campaigns and other attempts to sow discord. Those sanctioned for the activity included the Islamic Revolutionary Guard Corps, one of its alleged front companies, the IRGC’s Quds Force and media companies allegedly linked to the Quds Force. It’s part of a broader federal effort to push back on foreign influence operations less than two weeks from Election Day. The Iranian media outlets are accused of using English-language articles that amplify “false narratives” to sow divisions among U.S. audiences. “As recently as summer 2020, Bayan Gostar was prepared to execute a series of influence operations directed at the U.S. populace ahead of the presidential election,” Treasury said in a statement, referring to one of the alleged front companies. The Iranian Mission to the United Nations did not immediately respond to […] The post US Treasury sanctions 5 Iranian organizations for alleged election influence operations appeared first on CyberScoop. (CyberScoop)

Why the US was so fast to blame Iran for voter intimidation emails in Florida

By trying to quickly resolve concerns about an apparent Iranian influence operation and bolster Americans’ confidence the country’s electoral process, U.S. officials have sparked an entirely new set of questions: Why were they able to connect Iran to the attack so quickly, and how? During a briefing announced to reporters 10 minutes before it began Wednesday, John Ratcliffe, the director of national intelligence, said the U.S. government had determined Iran was behind an email campaign meant to intimidate American voters. Neither Ratcliffe nor FBI Director Christopher Wray, who was also at the briefing, provided any technical evidence to support the allegation that the emails, purported to be sent by the Proud Boys as threats to Democratic voters in Florida to vote for President Donald Trump, in fact were sent by Iranian attackers. The disclosure came quickly after Motherboard on Tuesday reported on a surge of suspicious emails that seemed to use technical means to try to hide […] The post Why the US was so fast to blame Iran for voter intimidation emails in Florida appeared first on CyberScoop. (CyberScoop)

Russia-linked group that breached US state and local IT draws official accusation from feds

It’s no secret that the hacking group often referred to as Energetic Bear or TEMP.Isotope — linked by multiple security firms to Russia — is the prime suspect in a handful of breaches of state and local networks in recent weeks. But now U.S. federal officials are formally blaming the hackers for the activity. It’s part of a broader U.S effort to more swiftly accuse foreign adversaries of wrongdoing ahead of Election Day while reassuring voters that the election is being protected. In this case, federal officials said the Russian group had used a combination of old and new software vulnerabilities to breach some IT infrastructure used by state and local officials, but that there was no evidence that the “integrity of elections data has been compromised.” “The Russian state-sponsored APT actor has targeted dozens of SLTT [state, local, territorial and tribal] and aviation networks, attempted intrusions at several SLTT organizations, successfully compromised network infrastructure, and as of […] The post Russia-linked group that breached US state and local IT draws official accusation from feds appeared first on CyberScoop. (CyberScoop)

EU slaps sanctions on GRU leader, Fancy Bear, FBI-wanted hacker over Bundestag attack

The European Union on Thursday sanctioned the head of a Russian military intelligence unit, an alleged hacker wanted by the FBI and a Russian government-linked hacking group over a 2015 cyberattack against Germany’s parliament. It’s only the second time the EU has issued cyber-related sanctions, following July sanctions against Russia, China and North Korea in connection with a string of unrelated cyberattacks. Now, as then, the General Staff Main Intelligence Directorate, commonly known as the GRU, is among the targets of the EU’s ire. Igor Kostyukov, head of the GRU, was hit with sanctions in Thursday’s action over the Bundestag hack. So, too, was alleged intelligence officer Dmitry Badin, previously indicted in the U.S. for his role in 2016 election interference. The EU also sanctioned the GRU-connected hacking group known as Fancy Bear, among other names, which the U.S. has likewise connected to 2016 election meddling. “The cyber-attack against the German federal parliament targeted the parliament’s information […] The post EU slaps sanctions on GRU leader, Fancy Bear, FBI-wanted hacker over Bundestag attack appeared first on CyberScoop. (CyberScoop)

US blames Iran for threatening emails sent to Florida voters

Iran is behind a series of intimidating emails sent to registered Democratic voters in Florida in recent days, the U.S. government has assessed. The emails, which appeared to be sent by the Proud Boys, a designated hate group supportive of President Trump, threatened voters to “Vote for Trump or else!” as Motherboard first reported. “You will vote for Trump on Election Day or we will come after you,” said some of the emails received by registered Democrats. The series of “spoofed” messages were part of an influence campaign aimed at interfering in the U.S. election, American officials said. Voters in Alaska and Pennsylvania have also received emails like those received in Florida, according to The Washington Post. “We have already seen Iran sending spoofed emails designed to intimidate voters, incite social unrest,” Director of National Intelligence John Ratcliffe said during a press conference Wednesday. “You may have seen some reporting on this in the last […] The post US blames Iran for threatening emails sent to Florida voters appeared first on CyberScoop. (CyberScoop)

Time for a mobile privacy reset?

Can you remember which permissions you gave to what apps, and why? Nor can we... time for a reset! (Naked Security)

German Bundeswehr Starts Own Responsible Disclosure Program

(News ≈ Packet Storm)

US Says Iran Behind Threatening Proud Boys Emails

(News ≈ Packet Storm)

Oracle Kills 402 Bugs In Massive October Patch Update

(News ≈ Packet Storm)

Cisco Warns Of Severe DoS Flaws In FTD / ASA Software

(News ≈ Packet Storm)

EU Sanctions Russia Over 2015 German Parliament Hack

(News ≈ Packet Storm)

R_Evil WordPress Hacktool & Malicious JavaScript Injections

We often see hackers reusing the same malware, with only a few new adjustments to obfuscate the code so that it is more difficult for scanning tools to detect. However, sometimes entirely new attack tools are created and deployed by threat actors who don’t want to rely on obfuscating existing malware. Confusing Name – REvil vs REvil REvil is a group of ransomware (primarily) that has targeted several high-profile victims throughout 2020 — but are probably most well known for their ransomware attack against Travelex, which netted them a $2.3 million ransom payout. Continue reading REvil WordPress Hacktool & Malicious JavaScript Injections at Sucuri Blog. (Sucuri Blog)

Researcher: I Hacked Trump’s Twitter by Guessing Password

Trump’s weak Twitter password and lack of basic two-factor authentication protections made it shockingly simple to hack his account, Dutch security researcher Victor Gevers reported.   (Threatpost)

Facebook, News and XSS Underpin Complex Browser Locker Attack

An elaborate set of redirections and hundreds of URLs make up a wide-ranging tech-support scam. (Threatpost)


/security-daily/ 23-10-2020 23:44:23