22-06-202124-06-2021

Security daily (23-06-2021)

Security is the top priority for Amazon S3

Amazon Simple Storage Service (Amazon S3) launched 15 years ago in March 2006, and became the first generally available service from Amazon Web Services (AWS). AWS marked the fifteenth anniversary with AWS Pi Week—a week of in-depth streams and live events. During AWS Pi Week, AWS leaders and experts reviewed the history of AWS and […] (AWS Security Blog)

055| When AI Goes Awry

AI and machine learning are shaping our online experience, from product recommendations, to customer support chatbots, to virtual assistants like Siri and Alexa. These are powerful tools for enabling business - but powerful doesn't mean perfect. F-Secure data scientist Samuel Marchal and security consultant Jason Johnson join Janne for this episode to talk about some of the security issues with machine learning and how to address them. Links: Episode 55 transcript (Cyber Security Sauna)

Craig Newmark Philanthropies donated $450k to boost anti-ransomware coalition

The Institute for Security and Technology received a $450,000 donation from Craig Newmark Philanthropies to continue its work combatting ransomware, the organization shared first with CyberScoop. The money will go towards continuing the work started by the Ransomware Task Force, a public-private collaboration launched earlier this year by the Institute. The task force brought together representatives from more than 60 companies and organizations across government, nonprofits and the private sector. Microsoft, Rapid 7, the Cyber Threat Alliance, FBI and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency are among the participants. The Ransomware Task Force released a report at the end of April offering four dozen recommendations for policymakers and industry to take on the problem. The task force recommended that governments establish a fund to support ransomware response, and closer regulation of the cryptocurrency. IST will use the funding from Newmark, the founder of Craigslist, and other forthcoming […] The post Craig Newmark Philanthropies donated $450k to boost anti-ransomware coalition appeared first on CyberScoop. (CyberScoop)

John McAfee found dead after Spanish court approved extradition to US

John McAfee, a cybersecurity industry pioneer who would go on to promote various cryptocurrencies and flee international law enforcement, has died in Spain, according to multiple news reports. McAfee, 75, died in a jail cell in Barcelona while awaiting extradition to the U.S. on charges of tax evasion, the Spanish newspaper El Pais reported Wednesday. Spain’s High Court had authorized McAfee’s transfer to the U.S. hours before, some eight months after police arrested McAfee in a Barcelona airport. “Everything indicates that it could be a death by suicide,” Spanish justice officials told El Mundo newspaper. Officers at the Brians 2 prison outside Barcelona tried to revive McAfee after finding the businessman non-responsive, only for a medical examiner to declare him deceased, the Associated Press reported. McAfee faced up to 30 years in prison if he was convicted of evading taxes in the U.S. Prosecutors in Tennessee charged McAfee with failing […] The post John McAfee found dead after Spanish court approved extradition to US appeared first on CyberScoop. (CyberScoop)

US seizes more than 30 websites connected to Iran, alleging disinformation and sanctions violations

The U.S. on Tuesday seized more than two dozen websites for allegedly violating sanctions and spreading disinformation on behalf of the Iranian government. The Department of Justice said Iran’s Islamic Radio and Television Union controlled 33 websites, months after the U.S. issued sanctions against the same organization for what officials described as spreading disinformation meant to influence Americans’ opinions prior to the presidential election in 2020. Press TV, Iran’s state-owned news broadcaster, and three other sites that the U.S. said are connected to Kata’ib Hizballah, a foreign terrorist organization, also broadcast messages saying the Justice Department had taken control of the domains. In what seems to be a coordinated action, a similar message appears on the websites of Iranian and regional television networks that claims the domains of the websites have been “seized by the United States Government.” pic.twitter.com/JloU56LvpL — Press TV (@PressTV) June 22, 2021 The Treasury Department issued […] The post US seizes more than 30 websites connected to Iran, alleging disinformation and sanctions violations appeared first on CyberScoop. (CyberScoop)

John McAfee Reportedly Dead From Suspected Suicide In Spanish Jail

(News ≈ Packet Storm)

ChaChi: A New GoLang Trojan Used In Attacks Against US Schools

(News ≈ Packet Storm)

Zephyr OS Bluetooth Vulns Left Smart Devices Open To Attack

(News ≈ Packet Storm)

SonicWall Botches October Patch For Critical VPN Bug

(News ≈ Packet Storm)

Unpatched Linux Marketplace Bugs Allow RCE

(News ≈ Packet Storm)

EU Wants Emergency Team For Nightmare Cyber-Attacks

(News ≈ Packet Storm)

Six Flags To Pay $36 Million Over Collection Of Fingerprints

(News ≈ Packet Storm)

Online Credit Card Theft – A Brief Overview of Online Fraud and Abuse – Part 1

Many clients that we work with host and operate ecommerce websites which are frequent targets of attackers. The goal of these attacks is to steal credit card details from unsuspecting victims and sell them on the black market for a profit. The online ecommerce environment is diverse, constituting many different content management system (CMS) platforms and payment gateways all of which have their own features and risks. In this post I will attempt to demystify this cluttered environment, provide some context for the different attack vectors, and reasons how customer’s credit card details become compromised. Continue reading Online Credit Card Theft – A Brief Overview of Online Fraud and Abuse – Part 1 at Sucuri Blog. (Sucuri Blog)

Antivirus Pioneer John McAfee Found Dead in Spanish Jail

Controversial mogul and antivirus pioneer John McAfee on Wednesday died by suicide in a jail cell in Barcelona, hours after reports that he would be extradited to face federal charges in the U.S. McAfee was 75. He is said to have died by hanging "as his nine months in prison brought him to despair," according to McAfee's lawyer Javier Villalba, Reuters reported. Security personnel at the Brians (The Hacker News)

Pakistan-linked hackers targeted Indian power company with ReverseRat

A threat actor with suspected ties to Pakistan has been striking government and energy organizations in the South and Central Asia regions to deploy a remote access trojan on compromised Windows systems, according to new research. "Most of the organizations that exhibited signs of compromise were in India, and a small number were in Afghanistan," Lumen's Black Lotus Labs said in a Tuesday (The Hacker News)

[Whitepaper] Automate Your Security with Cynet to Protect from Ransomware

It seems like every new day brings with it a new ransomware news item – new attacks, methods, horror stories, and data being leaked. Ransomware attacks are on the rise, and they've become a major issue for organizations across industries. A recent report estimated that by 2031, ransomware attacks would cost the world over $260 billion. A new whitepaper from XDR provider Cynet demonstrates how (The Hacker News)

Patch Tor Browser Bug to Prevent Tracking of Your Online Activities

Open-source Tor browser has been updated to version 10.0.18 with fixes for multiple issues, including a privacy-defeating bug that could be used to uniquely fingerprint users across different browsers based on the apps installed on a computer. In addition to updating Tor to 0.4.5.9, the browser's Android version has been upgraded to Firefox to version 89.1.1, alongside incorporating patches (The Hacker News)

Wormable DarkRadiation Ransomware Targets Linux and Docker Instances

Cybersecurity researchers are sounding the alarm bell over a new ransomware strain called "DarkRadiation" that's implemented entirely in Bash and targets Linux and Docker cloud containers, while banking on messaging service Telegram for command-and-control (C2) communications. "The ransomware is written in Bash script and targets Red Hat/CentOS and Debian Linux distributions," researchers from (The Hacker News)

Cyber espionage by Chinese hackers in neighbouring nations is on the rise

A string of cyber espionage campaigns dating all the way back to 2014 and likely focused on gathering defense information from neighbouring countries have been linked to a Chinese military-intelligence apparatus. In a wide-ranging report published by Massachusetts-headquartered Recorded Future this week, the cybersecurity firm's Insikt Group said it identified ties between a group it tracks as " (The Hacker News)

Iran Media Websites Seized by U.S. in Disinformation Campaign

DoJ uses sanctions laws to shut down an alleged Iranian government malign influence campaign. (Threatpost)

Pandemic-Bored Attackers Pummeled Gaming Industry

Akamai's 2020 gaming report shows that cyberattacks on the video game industry skyrocketed, shooting up 340 percent in 2020. (Threatpost)

Critical Palo Alto Cyber-Defense Bug Allows Remote ‘War Room’ Access

Remote, unauthenticated cyberattackers can infiltrate and take over the Cortex XSOAR platform, which anchors unified threat intelligence and incident responses. (Threatpost)

REvil Ransomware Code Ripped Off by Rivals

The LV ransomware operators likely used a hex editor to repurpose a REvil binary almost wholesale, for their own nefarious purposes. (Threatpost)

22-06-202124-06-2021

/security-daily/ 24-06-2021 23:44:23