Security daily (23-12-2020)

How to visualize multi-account Amazon Inspector findings with Amazon Elasticsearch Service

Amazon Inspector helps to improve the security and compliance of your applications that are deployed on Amazon Web Services (AWS). It automatically assesses Amazon Elastic Compute Cloud (Amazon EC2) instances and applications on those instances. From that assessment, it generates findings related to exposure, potential vulnerabilities, and deviations from best practices. You can use the […] (AWS Security Blog)

Grid regulator warns utilities of risk of SolarWinds backdoor, asks how exposed they are

The North American electric grid regulator has asked utilities to report how exposed they are to SolarWinds software that is at the center of a suspected Russian hacking operation, and the regulator advised utilities that the vulnerability “poses a potential threat” to parts of the power sector. The North American Electric Reliability Corp. (NERC), a not-for-profit regulatory authority backed by the U.S. and Canadian governments, said in a Dec. 22 advisory to electric utilities that there was no evidence indicating that the malicious tampering of SolarWinds software had impacted power systems. But the fact that software made by Texas-based firm SolarWinds is used in the electric sector has made vigilance important, according to NERC. “At this time, NERC is not aware of any known impacts to bulk power system (BPS) reliability or system outages related to the SolarWinds compromise,” reads the advisory, which CyberScoop obtained. “However, the presence of SolarWinds […] The post Grid regulator warns utilities of risk of SolarWinds backdoor, asks how exposed they are appeared first on CyberScoop. (CyberScoop)

Lawmakers want more transparency on SolarWinds breach from State, VA

Two Democratic senators are calling on the departments of State and Veterans Affairs to brief lawmakers on how their agencies have been impacted by the SolarWinds breach. The breach, in which suspected Russian government-backed hackers backdoored a network management product called SolarWinds Orion, could have infected thousands of federal government agencies and private sector entities with malware, according to SolarWinds. And although the State Department has reportedly been compromised during the course of the supply-chain espionage operation, the department has not been forthcoming about the extent of the damage, according to Sen. Bob Menendez, D-N.J. “While several other cabinet agencies that are victims of this cybersecurity breach have publicly acknowledged having been attacked, to date the Department of State has been silent on whether its computer, communication and information technology systems were compromised,” Menendez wrote in a letter he sent Wednesday to Secretary of State Mike Pompeo. The Department of […] The post Lawmakers want more transparency on SolarWinds breach from State, VA appeared first on CyberScoop. (CyberScoop)

DHS warns US businesses of China’s data-collection practices

As Washington is absorbed with the fallout of a suspected Russian hacking operation against U.S. organizations, the Department of Homeland Security is warning American companies not to be complacent when it comes to cyberthreats from China. A 15-page “business advisory” released Tuesday by DHS cautions that Chinese intelligence services could collect and exploit data held by U.S. firms doing business in China, highlighting longstanding concerns from U.S. officials. Beijing has denied allegations of economic espionage. The advisory is an acknowledgement that, despite efforts by both the Trump and Obama administrations to curb China’s alleged theft of intellectual property, it is still a rampant problem for U.S. officials. It comes after the top U.S. counterintelligence official said this month that China had increased its influence operations targeting incoming Biden administration personnel and their associates. Chinese law requires Chinese businesses and citizens, including in academia, to “take actions related to the collection, […] The post DHS warns US businesses of China’s data-collection practices appeared first on CyberScoop. (CyberScoop)

Pyongyang hackers eye more coronavirus research, Kaspersky says

North Korean-government linked hackers are continuing their effort to break into entities working on coronavirus-related research. In their latest antics, the hackers, suspected to be part of the government-backed hacking team known as Lazarus Group, have zeroed in on a pharmaceutical company and a government health-focused entity, according to Kaspersky research published Wednesday. Kaspersky attribute the hacking spree to Lazarus Group with “high confidence.” Kaspersky did not identify the targeted entities and did not reveal where the pharmaceutical company or the government entity are located. The activity appears to be just the latest of Pyongyang’s campaigns targeting coronavirus-related work. In recent months, North Korean hackers have reportedly gone after Johnson & Johnson and Novavax, both U.S.-based firms working on potential coronavirus vaccines. North Korean hackers have also reportedly targeted three South Korean-based firms and U.K.-based AstraZeneca.  The hackers used malware known as “Bookcode” to target the unidentified pharmaceutical entity in […] The post Pyongyang hackers eye more coronavirus research, Kaspersky says appeared first on CyberScoop. (CyberScoop)

ACLU sues FBI for information about its encryption-cracking skills

The FBI must be more transparent about its ability to break into people’s mobile devices, the American Civil Liberties Union says, and the group is suing for information about what the feds have in their toolkit. The ACLU says the bureau should come clean about what its Electronic Device Analysis Unit (EDAU) is using “to unlock and decrypt information that is otherwise securely stored on cell phones.” The group filed a Freedom of Information Act lawsuit Monday in a San Francisco federal court. “We’re demanding the government release records concerning any policies applicable to the EDAU, its technological capabilities to unlock or access electronic devices, and its requests for, purchases of, or uses of software that could enable it to bypass encryption,” the ACLU says in a news release. The suit is the latest offensive in what some call the Crypto Wars — an ongoing legal and policy struggle over […] The post ACLU sues FBI for information about its encryption-cracking skills appeared first on CyberScoop. (CyberScoop)

US agencies conclude Iran is likely behind website aimed at stoking violence against election officials

The FBI and the Department of Homeland Security have concluded that Iran is very likely behind a website apparently aimed at inciting violence against election officials as well as the FBI director, according to two people with direct knowledge of the matter. The website, titled Enemies of the People, posted photos and purported addresses of state election officials and employees of a voting equipment vendor, as well as information on FBI Director Christopher Wray and Chris Krebs, the former head of DHS’s Cybersecurity and Infrastructure Security Agency. The website, which is now inactive, falsely blamed the officials for the electoral loss of President Donald Trump, and featured a bull’s eye target over the officials’ photos. The revelation shows the extent to which Iran has tried to sow discord in the U.S. before and after the presidential election, which Trump has repeatedly and baselessly claimed was tainted by fraud. Before Election […] The post US agencies conclude Iran is likely behind website aimed at stoking violence against election officials appeared first on CyberScoop. (CyberScoop)

How to Hack Wi-Fi: Build a Software-Based Wi-Fi Jammer with Airgeddon

Airgeddon is a multi-Bash network auditor capable of Wi-Fi jamming. This capability lets you target and disconnect devices from a wireless network, all without joining it. It runs on Kali, and we'll cover installing, configuring, and using its jamming functionalities on a small, inexpensive Raspberry Pi. When done correctly, it will deny service to a wireless network for up to several blocks.

Airgeddon has been covered as a useful tool many times on Null Byte, but in this guide, I want to show how electronic warfare techniques, such as jamming, can be used by hackers to disable devices such... more (Null Byte « WonderHowTo)

US Regulator Charges Ripple Over Its XRP Asset

(News ≈ Packet Storm)

DHS Warns Against Using Chinese Hardware And Digital Services

(News ≈ Packet Storm)

New York Temporarily Bans Facial Recognition In Schools

(News ≈ Packet Storm)

Emotet Returns To Hit 100K Mailboxes Per Day

(News ≈ Packet Storm)

Lazarus Group Hits COVID-19 Vaccine-Maker in Espionage Attack

The nation-state actor is looking to speed up vaccine development efforts in North Korea. (Threatpost)

Third-Party APIs: How to Prevent Enumeration Attacks

Jason Kent, hacker-in-residence at Cequence, walks through online-retail card fraud and what to do about it. (Threatpost)

Hey Alexa, Who Am I Messaging?

Research shows that microphones on digital assistants are sensitive enough to record what someone is typing on a smartphone to steal PINs and other sensitive info. (Threatpost)

Emotet Returns to Hit 100K Mailboxes Per Day

Just in time for the Christmas holiday, Emotet is sending the gift of Trickbot. (Threatpost)


/security-daily/ 24-12-2020 23:44:25