Security daily (23-07-2021)

The three most important AWS WAF rate-based rules

In this post, we explain what the three most important AWS WAF rate-based rules are for proactively protecting your web applications against common HTTP flood events, and how to implement these rules. We share what the Shield Response Team (SRT) has learned from helping customers respond to HTTP floods and show how all AWS WAF […] (AWS Security Blog)

Average ransomware payment declined by 38% in second quarter of 2021, new Coveware report says

The tides may be starting to turn on the ransomware epidemic, new industry findings show. The average ransomware payment declined to $136,576 in the second quarter of 2021, according to numbers published Friday by ransomware response firm Coveware. The company did not share how many companies that data was based on. The 38% decrease is a dramatic drop from the average demand of $220,298 that the firm reported in April for the first quarter. That number was a 43% increase from the last quarter of 2020. The decline comes in the shadow of three major ransomware attacks hitting the U.S. supply chain. Since May, U.S. officials have faced three high-profile ransomware attacks against fuel provider Colonial Pipeline, meat supply company JBS, and most recently Florida IT company Kaseya. The latter two attacks have been attributed to REvil, a ransomware gang thought to be based in Russia. The resulting wake-up call in both […] The post Average ransomware payment declined by 38% in second quarter of 2021, new Coveware report says appeared first on CyberScoop. (CyberScoop)

Dutch police bust alleged 'Fraud Family' phishing service members

Dutch police have arrested two people for their alleged involvement in a phishing fraud-as-a-service scheme, one of them a 15-year-old suspect and the other a 24-year-old due to appear in court on Friday. Authorities got an assist from security vendor Group-IB in the arrests for the “Dutch-speaking syndicate that develops, sells and rents sophisticated phishing frameworks,” according to the company. Group-IB had dubbed the syndicate and its “massive” operation “Fraud Family.” The unnamed 24-year-old is accused of developing the phishing service kits, while the 15-year-old allegedly sold them. The younger suspect was released pending further investigation. Dutch police also said they searched a third 18-year-old suspect. Group-IB said the Fraud Family operation, which has mainly hit victims in the Netherlands and Belgium since at least 2020 but perhaps as far back as 2018, is focused on stealing banking credentials. The criminals advertised their service to less-skilled cyber crooks on the […] The post Dutch police bust alleged 'Fraud Family' phishing service members appeared first on CyberScoop. (CyberScoop)

US court gets UK Twitter hack suspect arrested in Spain

O, what a tangled web we weave/When first we practise to deceive! (Naked Security)

Researchers Find New Attack Vector Against Kubernetes Clusters

(News ≈ Packet Storm)

Kaseya Has Acquired The REvil Ransomware Decryption Key

(News ≈ Packet Storm)

Israel To Examine Whether Spyware Export Rules Should Be Tightened

(News ≈ Packet Storm)

Critical Jira Flaw In Atlassian Could Lead To RCE

(News ≈ Packet Storm)

Nasty macOS Malware XCSSET Now Targets Google Chrome, Telegram Software

A malware known for targeting macOS operating system has been updated once again to add more features to its toolset that allows it to amass and exfiltrate sensitive data stored in a variety of apps, including apps such as Google Chrome and Telegram, as part of further "refinements in its tactics." XCSSET was uncovered in August 2020, when it was found targeting Mac developers using an unusual (The Hacker News)

Wake up! Identify API Vulnerabilities Proactively, From Production Back to Code

After more than 20 years in the making, now it's official: APIs are everywhere. In a 2021 survey, 73% of enterprises reported that they already publish more than 50 APIs, and this number is constantly growing. APIs have crucial roles to play in virtually every industry today, and their importance is increasing steadily, as they move to the forefront of business strategies. This comes as no (The Hacker News)

Dutch Police Arrest Two Hackers Tied to "Fraud Family" Cybercrime Ring

Law enforcement authorities in the Netherlands have arrested two alleged individuals belonging to a Dutch cybercriminal collective who were involved in developing, selling, and renting sophisticated phishing frameworks to other threat actors in what's known as a "Fraud-as-a-Service" operation. The apprehended suspects, a 24-year-old software engineer and a 15-year-old boy, are said to have been (The Hacker News)

Kaseya Gets Universal Decryptor to Help REvil Ransomware Victims

Nearly three weeks after Florida-based software vendor Kaseya was hit by a widespread supply-chain ransomware attack, the company on Thursday said it obtained a universal decryptor to unlock systems and help customers recover their data. <!--adsense--> "On July 21, Kaseya obtained a decryptor for victims of the REvil ransomware attack, and we're working to remediate customers impacted by the (The Hacker News)

Discord CDN and API Abuses Drive Wave of Malware Detections

Targets of Discord malware expand far beyond gamers. (Threatpost)

5 Steps to Improving Ransomware Resiliency

Alex Restrepo, cybersecurity researcher at Veritas, lays out the key concepts that organizations should be paying attention to now and implementing today. (Threatpost)

FIN7’s Liquor Lure Compromises Law Firm with Backdoor

Using a lure relating to a lawsuit against the owner of Jack Daniels whiskey, the cybergang launched a campaign that may be bent on ransomware deployment. (Threatpost)

Kaseya Obtains Universal Decryptor for REvil Ransomware

The vendor will work with customers affected by the early July spate of ransomware attacks to unlock files; it's unclear if the ransom was paid. (Threatpost)


/security-daily/ 24-07-2021 23:44:22