Security daily (23-09-2020)

How to add DNS filtering to your NAT instance with Squid

September 23, 2020: The squid configuration file in this blog post and associated YAML template have been updated. September 4, 2019: We’ve updated this blog post, initially published on January 26, 2016. Major changes include: support of Amazon Linux 2, no longer having to compile Squid 3.5, and a high availability version of the solution […] (AWS Security Blog)

Nigerian scammer sentenced for defrauding targets out of $1 million in office supplies

Olumide Ogunremi, a Nigerian national, was sentenced Wednesday to three years in prison for his role in a hacking operation aimed at U.S. government employees, the Department of Justice announced Wednesday. Ogunremi, along with other alleged co-conspirators, targeted government employees with spoofed email pages that imitated U.S. government agencies’ email systems in order to steal their access credentials, prosecutors said. After government personnel visited the pages and fell for the trick, the fraudsters used the stolen usernames and passwords to then fraudulently order office products from General Services Administration vendors, according to the DOJ. The operation, which lasted from approximately July 2013 through December 2013, convinced government vendors to send office products, such as printer toner cartridges, to New Jersey. The products would then be repackaged and shipped overseas to locations controlled by Ogunremi and co-conspirators, the Justice Department said. In some cases, the co-conspirators leveraged web pages that imitated the U.S. Environmental Protection […] The post Nigerian scammer sentenced for defrauding targets out of $1 million in office supplies appeared first on CyberScoop. (CyberScoop)

IG finds data security practices lacking at Customs and Border Protection before big hack

The U.S. Customs and Border Protection agency failed to enforce basic security practices at a contractor that was hacked last year, exposing some 100,000 individual photos of travelers, a new inspector general report has found. Some of the hacked images ended up on the dark web, but the entire episode “may damage the public’s trust in the government’s ability to safeguard biometric data,” the Department of Homeland Security’s inspector general concluded in a report released Wednesday. It’s an example of how, as federal immigration and security agencies increasingly draw on biometric data for their work, the stakes for protecting that data from hackers have grown. The data collection was for a CBP pilot to use facial recognition to screen travelers at ports of entry. The project went awry when surveillance technology company Perceptics, a subcontractor, downloaded sensitive CBP data from an unencrypted device and transferred it to the company’s network, […] The post IG finds data security practices lacking at Customs and Border Protection before big hack appeared first on CyberScoop. (CyberScoop)

Secret Service looks to outsiders to boost financial cybercrime probes

The U.S. Secret Service is pulling in outside expertise from the private sector and U.S. Cyber Command as it weighs changes to its investigative methods in an attempt to keep pace with international hackers. The engagement with Cyber Command, the Pentagon’s offensive cyber unit, is focused on learning from the military’s experience with transnational cybercriminals, a Secret Service official told CyberScoop. The Secret Service’s efforts to consult with private sector experts, meanwhile, is focused on specifically overhauling the agency’s investigative practices. The effort to consult with outside expertise comes as part of a recognition that the Secret Service is interested in bolstering its arsenal of tools with the latest techniques needed to root out financially motivated hackers. To formalize its interest in tapping into the private sector’s understanding of scammers’ latest tactics, the agency earlier this year established an advisory group composed of cybersecurity practitioners from the private sector, academia, and U.S. government, as CyberScoop first reported. Known as the Cyber Investigations Advisory […] The post Secret Service looks to outsiders to boost financial cybercrime probes appeared first on CyberScoop. (CyberScoop)

GAO criticizes rollout of two key Trump administration cyber initiatives

In September 2018, the White House announced a new federal cybersecurity strategy to make critical infrastructure more resilient to hacking, shore up supply chains and “identify, counter, disrupt, degrade and deter behavior in cyberspace.” The ambitious document, which the White House described as the United States’ “first fully articulated cyber strategy” in 15 years, aimed to reduce the occurrence of damaging cyberattacks on U.S. interests. Two years later, a review of the strategy by the Government Accountability Office, a nonpartisan congressional agency, has found key gaps in the way the White House is trying to execute that plan. In the face of persistent cyber-threats from foreign powers, the Trump administration’s effort to mobilize resources to fix important U.S. security weaknesses risks coming up short without a better plan to execute the strategy, GAO said in a report published Tuesday. The National Security Council’s implementation plan for the strategy does not include […] The post GAO criticizes rollout of two key Trump administration cyber initiatives appeared first on CyberScoop. (CyberScoop)

A new ransomware gang is aiming at big Russian targets, researchers say

Medical labs, banks, manufacturers and software developers in Russia are the prime targets for a new ransomware gang that began operating with custom tools as early as March of this year, according to researchers at the security vendor Group-IB. The attackers insert their hacking tools into networks via malware downloaded through spearphishing emails, then encrypt files and hold them ransom for about $50,000, Group IB says. The group, dubbed OldGremlin, has only targeted Russian companies so far, Group-IB says. It’s rare for a Russian-speaking ransomware group to aim at targets inside Russia but there are precedents, according to Group-IB senior digital forensics analyst Oleg Skulkin, who identified the hacking groups Silence and Cobalt as previous perpetrators. “What distinguishes OldGremlin from other Russian-speaking threat actors is their fearlessness to work in Russia,” Skulkin said. “This indicates that the attackers are either fine-tuning their techniques benefiting from home advantage before going global … or […] The post A new ransomware gang is aiming at big Russian targets, researchers say appeared first on CyberScoop. (CyberScoop)

Leaked FinCEN Files Expose Poor Data Security

(News ≈ Packet Storm)

Microsoft Overhauls Patch Tuesday Security Update Guide

(News ≈ Packet Storm)

OldGremlin Ransomware Group Bedevils Russian Orgs

(News ≈ Packet Storm)

The Fight Over The Fight For California's Privacy Future

(News ≈ Packet Storm)

Malicious One-Liner Using Hastebin

Short scripts that deliver malware to a website are nothing new, but during a recent investigation we found a script using hastebin[.]com, which is a domain we see used infrequently. The script was found writing malicious contents into an image directory on a compromised website, allowing an attacker to execute other malicious commands. The attacker was likely leveraging hastebin instead of pastebin since it’s not as frequently used. Continue reading Malicious One-Liner Using Hastebin at Sucuri Blog. (Sucuri Blog)

Detecting and Preventing Critical ZeroLogon Windows Server Vulnerability

If you're administrating Windows Server, make sure it's up to date with all recent patches issued by Microsoft, especially the one that fixes a recently patched critical vulnerability that could allow unauthenticated attackers to compromise the domain controller. Dubbed 'Zerologon' (CVE-2020-1472) and discovered by Tom Tervoort of Secura, the privilege escalation vulnerability exists due to the (The Hacker News)

A New Hacking Group Hitting Russian Companies With Ransomware

As ransomware attacks against critical infrastructure continue to spike in recent months, cybersecurity researchers have uncovered a new entrant that has been actively trying to conduct multistage attacks on large corporate networks of medical labs, banks, manufacturers, and software developers in Russia. The ransomware gang, codenamed "OldGremlin" and believed to be a Russian-speaking threat (The Hacker News)

Zerologon Patches Roll Out Beyond Microsoft

A Samba patch and a micropatch for end-of-life servers have debuted in the face of the critical vulnerability. (Threatpost)

Gamer Credentials Now a Booming, Juicy Target for Hackers

Credential abuse drives illicit market for in-game rare skins, special weapons and unique tools. (Threatpost)

Critical Industrial Flaws Pose Patching Headache For Manufacturers

When it comes to patching critical flaws, industrial firms face various challenges - with some needing to shut down entire factories in order to apply updates. (Threatpost)

CISA: LokiBot Stealer Storms Into a Resurgence

The trojan has seen a big spike in activity since August, the Feds are warning. (Threatpost)

OldGremlin Ransomware Group Bedevils Russian Orgs

The cybercriminal group has plagued firms with ransomware, sent via spear phishing emails with COVID-19 lures, since March. (Threatpost)


/security-daily/ 24-09-2020 23:44:25