Security daily (23-09-2021)

Biden administration officials push Congress to shape breach reporting mandates

U.S. cybersecurity officials are seeking to put their stamp on cyber incident reporting legislation, wading into debates on Capitol Hill about questions like how swiftly companies must report attacks to federal agencies — and what happens if they don’t. The head of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency testified at a Senate hearing Thursday in favor of requiring critical infrastructure owners and operators, federal contractors and agencies to report attacks to CISA within 24 hours of detection. There are three leading proposals in Congress, each with a different timeframe for reporting attacks. The leaders of the Senate Intelligence Committee favor a 24-hour deadline. A draft bill from leaders of the Senate Homeland Security and Governmental Affairs Committee would set the range at between 72 hours and seven days, as determined by CISA. And a draft from leading members of the House Homeland Security Committee proposes leaving […] The post Biden administration officials push Congress to shape breach reporting mandates appeared first on CyberScoop. (CyberScoop)

Phone scammers use COVID-19 vaccine appointments to try tricking victims into downloading malware

Hackers are targeting American and Canadian victims with a malware strain that used coronavirus-themed messages to dupe users into downloading software that collects their personal information, according to findings published Thursday. The scammers, whose identities are unknown, rely on SMS text messages focused on fictional COVID-19 regulations and vaccine information to trick recipients into clicking a link. That link triggers a malicious software — dubbed TangleBot — that infects a user device to collect call data, microphone and camera access and can be combined with other hacking tools to gather financial data. The latest research from Cloudmark, a subsidiary of the email security firm Proofpoint, comes amid ongoing revelations about the ways that attackers have weaponized mobile technology to gather information about unwitting users. Some 85% of Americans now own smartphones, up from 35% in 2011, and increasingly trust the devices to communicate and browse the internet in a way […] The post Phone scammers use COVID-19 vaccine appointments to try tricking victims into downloading malware appeared first on CyberScoop. (CyberScoop)

Espionage group targeted hotels, governments, seized on Microsoft Exchange vulnerability

ESET said it discovered the group, which has been active since 2019. The post Espionage group targeted hotels, governments, seized on Microsoft Exchange vulnerability appeared first on CyberScoop. (CyberScoop)

STILL ALIVE! iOS 12 gets 3 zero-day security patches – update now

It wasn't dead, just resting. (Naked Security)

How Outlook “autodiscover” could leak your passwords – and how to stop it

The Microsoft Autodiscover "Great Leak" explained - and how to prevent it (Naked Security)

FamousSparrow APT Spies On Hotels, Governments

(News ≈ Packet Storm)

Will Crypto Exchange Sanctions Slow Ransomware?

(News ≈ Packet Storm)

ExpressVPN Employees Question Company About Exec Working For UAE Spy Unit

(News ≈ Packet Storm)

VoIP Company Battles Massive Random DDoS Attack

(News ≈ Packet Storm)

Urgent Apple iOS and macOS Updates Released to Fix Actively Exploited Zero-Days

Apple on Thursday released security updates to fix multiple security vulnerabilities in older versions of iOS and macOS that it says have been detected in exploits in the wild, in addition to expanding patches for a previously plugged security weakness abused by NSO Group's Pegasus surveillance tool to target iPhone users. <!--adsense--> Chief among them is CVE-2021-30869, a type confusion flaw (The Hacker News)

Microsoft Exchange Bug Exposes ~100,000 Windows Domain Credentials

An unpatched design flaw in the implementation of Microsoft Exchange's Autodiscover protocol has resulted in the leak of approximately 100,000 login names and passwords for Windows domains worldwide. "This is a severe security issue, since if an attacker can control such domains or has the ability to 'sniff' traffic in the same network, they can capture domain credentials in plain text (HTTP (The Hacker News)

A New Bug in Microsoft Windows Could Let Hackers Easily Install a Rootkit

Security researchers have disclosed an unpatched weakness in Microsoft Windows Platform Binary Table (WPBT) affecting all Windows-based devices since Windows 8 that could be potentially exploited to install a rootkit and compromise the integrity of devices. "These flaws make every Windows system vulnerable to easily-crafted attacks that install fraudulent vendor-specific tables," researchers (The Hacker News)

Why You Should Consider QEMU Live Patching

Sysadmins know what the risks are of running unpatched services. Given the choice, and unlimited resources, most hardworking administrators will ensure that all systems and services are patched consistently. But things are rarely that simple. Technical resources are limited, and patching can often be more complicated than it appears at first glance. Worse, some services are so hidden in the (The Hacker News)

New Android Malware Targeting US, Canadian Users with COVID-19 Lures

An "insidious" new SMS smishing malware has been found targeting Android mobile users in the U.S. and Canada as part of an ongoing campaign that uses SMS text message lures related to COVID-19 regulations and vaccine information in an attempt to steal personal and financial data. Proofpoint's messaging security subsidiary Cloudmark coined the emerging malware "TangleBot." <!--adsense--> "The (The Hacker News)

Colombian Real Estate Agency Leak Exposes Records of Over 100,000 Buyers

More than one terabyte of data containing 5.5 million files has been left exposed, leaking personal information of over 100,000 customers of a Colombian real estate firm, according to cybersecurity company WizCase. The breach was discovered by Ata Hakçıl and his team in a database owned by Coninsa Ramon H, a company that specializes in architecture, engineering, construction, and real estate (The Hacker News)

Microsoft Warns of a Wide-Scale Phishing-as-a-Service Operation

Microsoft has opened the lid on a large-scale phishing-as-a-service (PHaaS) operation that's involved in selling phishing kits and email templates as well as providing hosting and automated services at a low cost, thus enabling cyber actors to purchase phishing campaigns and deploy them with minimal efforts. "With over 100 available phishing templates that mimic known brands and services, the (The Hacker News)

New Nagios Software Bugs Could Let Hackers Take Over IT Infrastructures

As many as 11 security vulnerabilities have been disclosed in Nagios network management systems, some of which could be chained to achieve pre-authenticated remote code execution with the highest privileges, as well as lead to credential theft and phishing attacks.  Industrial cybersecurity firm Claroty, which discovered the flaws, said flaws in tools such as Nagios make them an attractive (The Hacker News)

REvil Affiliates Confirm: Leadership Were Cheating Dirtbags

After news of REvil's rip-off-the-affiliates backdoor & double chats, affiliates fumed, reiterating prior claims against the gang in "Hackers Court." (Threatpost)

5 Tips for Achieving Better Cybersecurity Risk Management

Casey Ellis, founder, CTO and chairman of Bugcrowd, discusses a roadmap for lowering risk from cyberattacks most effectively. (Threatpost)

100M IoT Devices Exposed By Zero-Day Bug

A high-severity vulnerability could cause system crashes, knocking out sensors, medical equipment and more. (Threatpost)

FamousSparrow APT Wings in to Spy on Hotels, Governments

A custom "SparrowDoor" backdoor has allowed the attackers to collect data from targets around the globe. (Threatpost)

Google Report Spotlights Uptick in Controversial ‘Geofence Warrants’ by Police

Digital privacy rights defenders contend that geofencing warrants grab data on everyone near a crime, without cause. (Threatpost)

Acronis Offers up to $5,000 to Users Who Spot Bugs in Its Cyber Protection Products

Once available only to the cybersecurity community, Acronis has opened its bug-hunting program to the public and aims to double the total bounties paid. (Threatpost)


/security-daily/ 24-09-2021 23:44:22