22-03-202124-03-2021

Security daily (23-03-2021)

How to implement the principle of least privilege with CloudFormation StackSets

AWS CloudFormation is a service that lets you create a collection of related Amazon Web Services and third-party resources and provision them in an orderly and predictable fashion. A typical access control pattern is to delegate permissions for users to interact with CloudFormation and remove or limit their permissions to provision resources directly. You can […] (AWS Security Blog)

BlackKingdom ransomware still exploiting insecure Exchange servers

Remember Hafnium? Here's the bad news - it's not over yet! Learn why and what to do... (Naked Security)

Encrypted Phone Firm Encrochat Used Signal Protocol

(News ≈ Packet Storm)

Ransomwared Bank Tells Customers It Lost Their SSNs

(News ≈ Packet Storm)

Energy Giant Shell Is Latest Victim Of Accellion Attacks

(News ≈ Packet Storm)

CISA Warns Of Security Flaws In GE Power Management Devices

(News ≈ Packet Storm)

Purple Fox Rootkit Can Now Spread Itself to Other Windows Computers

Purple Fox, a Windows malware previously known for infecting machines by using exploit kits and phishing emails, has now added a new technique to its arsenal that gives it worm-like propagation capabilities. The ongoing campaign makes use of a "novel spreading technique via indiscriminate port scanning and exploitation of exposed SMB services with weak passwords and hashes," according to  (The Hacker News)

Critical Flaws Affecting GE's Universal Relay Pose Threat to Electric Utilities

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned of critical security shortcomings in GE's Universal Relay (UR) family of power management devices. "Successful exploitation of these vulnerabilities could allow an attacker to access sensitive information, reboot the UR, gain privileged access, or cause a denial-of-service condition," the agency said in an advisory (The Hacker News)

WARNING: A New Android Zero-Day Vulnerability Is Under Active Attack

Google has disclosed that a now-patched vulnerability affecting Android devices that use Qualcomm chipsets is being weaponized by adversaries to launch targeted attacks. Tracked as CVE-2020-11261 (CVSS score 8.4), the flaw concerns an "improper input validation" issue in Qualcomm's Graphics component that could be exploited to trigger memory corruption when an attacker-engineered app requests (The Hacker News)

Security Analysis Clears TikTok of Censorship, Privacy Accusations  

TikTok’s source code is in line with industry standards, security researchers say. (Threatpost)

Office 365 Cyberattack Lands Disgruntled IT Contractor in Jail

A former IT contractor is facing jailtime after a retaliatory hack into a company’s network and wiping the majority of its employees’ Microsoft Office 365 accounts. (Threatpost)

MangaDex Site Offline Following Hacking Incident

A cyberattacker taunted the site about open security vulnerabilities, prompting a code review. (Threatpost)

Hobby Lobby Exposes Customer Data in Cloud Misconfiguration

The arts-and-crafts retailer left 138GB of sensitive information open to the public internet. (Threatpost)

Podcast: Microsoft Exchange Server Attack Onslaught Continues

Derek Manky, Chief of Security Insights & Global Threat Alliances at Fortinet’s FortiGuard Labs, gives insight into the surge in attacks against vulnerable Microsoft Exchange servers over the last week. (Threatpost)

22-03-202124-03-2021

/security-daily/ 24-03-2021 23:44:26