Security daily (24-04-2020)

Use AWS Firewall Manager and VPC security groups to protect your applications hosted on EC2 instances

You can use AWS Firewall Manager to centrally configure and manage Amazon Virtual Private Cloud (Amazon VPC) security groups across all your AWS accounts. This post will take you through the step-by-step instructions to apply common security group rules, audit your security groups, and detect unused and redundant rules in your security groups across your […] (AWS Security Blog)

Internal EU report on coronavirus disinformation was harsher on China than public release

A publicly-released European Union report on disinformation campaigns related to the novel coronavirus is watered down and less detailed in describing Chinese government activity compared to an internal assessment, according to a copy of the document obtained by CyberScoop. The internal assessment from the European External Action Service (EEAS), the EU’s diplomatic service, was more direct in describing Chinese efforts to manipulate public perceptions of the pandemic. The document, which also covers Russian and Iranian disinformation efforts, singled out “official Chinese sources” for making a “continued and coordinated push” to deflect blame for the virus’s spread. It pointed to reports that China was running “a global disinformation campaign” to both shield itself from criticism and “improve its international image.” But the public report that the EEAS posted online Friday was less direct in its criticism of Beijing, and said that “other actors,” in addition to China, were deflecting blame. The New York Times reported earlier Friday that some EU officials had softened the report, and […] The post Internal EU report on coronavirus disinformation was harsher on China than public release appeared first on CyberScoop. (CyberScoop)

Poland implicates Russia in cyberattack, info op aimed at undercutting U.S. relations

Polish security services on Thursday suggested the Russian government could be behind a cyberattack against an elite Polish military academy and an ensuing effort to undermine U.S.-Polish relations. Stanislaw Zaryn, a spokesman for the Minister-Special Services Coordinator, which oversees Polish security agencies, announced that hackers had breached the website of Poland’s War Studies University. The attack was followed by a disinformation campaign, Zaryn said, in which attackers posted a letter where the head of the university purportedly described the U.S. troop presence in Poland as an “American occupation.” The fake letter was picked up by at least three Polish websites, one with a history of pushing disinformation, Polish officials said. Poland’s government did not conclusively blame the Russian government for the information operation. However, Zaryn said the effort, apparently meant to sow discord between the U.S. and a key ally in Central Europe, would be “congruent with disinformation activities carried out by the Russian Federation against Poland.” “Poland’s special services […] The post Poland implicates Russia in cyberattack, info op aimed at undercutting U.S. relations appeared first on CyberScoop. (CyberScoop)

Facebook: NSO Group used U.S.-based servers in operations against WhatsApp users

Lawyers for WhatsApp’s parent company alleged in documents filed Thursday that NSO Group, the Israeli software surveillance firm accused of spying on over a thousand WhatsApp users, has used U.S.-based servers to launch its attacks. In court documents, Facebook-owned WhatsApp claims NSO Group used a server run by Los Angeles-based hosting provider QuadraNet “more than 700 times during the attack to direct NSO’s malware to WhatsApp user devices in April and May 2019.” Additionally, NSO Group used a remote server hosted by Amazon to target WhatsApp users, WhatsApp software engineer Claudiu Gheorghe said in the filing. The filing is a blow to NSO Group’s claims that its signature product, Pegasus, isn’t capable of running operations in the United States. “That invasion of WhatsApp’s servers and users’ devices constitutes unlawful computer hacking at the heart of the [Computer Fraud and Abuse Act]’s unauthorized-access offense,” WhatsApp claims in the filing. The filing is […] The post Facebook: NSO Group used U.S.-based servers in operations against WhatsApp users appeared first on CyberScoop. (CyberScoop)

Researchers discover how far-right coronavirus protest websites are organized

More evidence that a group of conservative political activists is operating a network of websites meant to inflame pandemic-related tension in the U.S. and solicit donations has been uncovered by a Seattle-based cybersecurity company. Threat intelligence firm DomainTools released research Friday indicating that pro-gun activist Aaron Dorr appears to be using widely available software to operate dozens of websites, many of which include “reopen” in the URL. DomainTools researchers have conducted a technical examination of “reopen” sites — like “ReopenMN” and “ReopenWI” — to determine just how consolidated the sites are, despite the appearance that they exist as standalone entities. The sites are registered to local gun advocacy groups and utilize One Click Politics, a digital organizing service that allows a single person to manage dozens of websites, run email promotion and collect money. The network starts with Dorr’s personal website on top, at least 13 gun rights coalition groups on the […] The post Researchers discover how far-right coronavirus protest websites are organized appeared first on CyberScoop. (CyberScoop)

Text ‘bomb’ crashes iPhones, iPads, Macs and Apple Watches – what you need to know

An innocent-looking message, containing characters in the Sindhi language, can cause your iPhone to crash without warning. Read more in my article on the Hot for Security blog. (Graham Cluley)

Patch now! Microsoft issues unexpected Office fix

You might not have heard of FBX files... but the latest Office versions support them, so don't neglect this patch! (Naked Security)

Shadow Broker leaked NSA files point to unknown APT group

A security researcher claims to have unearthed a previously-unknown APT group after reading the NSA files leaked by the Shadow Brokers in 2016. (Naked Security)

AI helps experts find thousands of child sexual abuse imagery keywords

For years, abusers have used complex keywords to covertly talk about imagery, but analysts have sussed out much of the secret code. (Naked Security)

160,000 Nintendo Accounts Were Compromised

(News ≈ Packet Storm)

Apple Disputes Recent iOS Zero Day Claim

(News ≈ Packet Storm)

Georgia Reopens Businesses As Death Toll Rises

(News ≈ Packet Storm)

A Dozen Nation Backed APTs Tap COVID-19 To Cover Spy Attacks

(News ≈ Packet Storm)

Duplicated Vulnerabilities in WordPress Plugins

During a recent plugin audit, we noticed a weird pattern among many plugins responsible for performing a specific task: Duplicating a page or a post. With a bit of research, we came to the following conclusion: Many of these plugins came from the same source — and contained the same vulnerabilities. SQL Injections in Vulnerable Plugins Let’s talk for a moment about the original code sample that this entire scenario stems from: A blog post from Misha Rudrastyh, written back in 2013, detailing how to duplicate posts without the help of a plugin by inserting a bit of code into a theme’s function.php file. Continue reading Duplicated Vulnerabilities in WordPress Plugins at Sucuri Blog. (Sucuri Blog)

Malicious USB Drives Infect 35,000 Computers With Crypto-Mining Botnet

Cybersecurity researchers from ESET on Thursday said they took down a portion of a malware botnet comprising at least 35,000 compromised Windows systems that attackers were secretly using to mine Monero cryptocurrency.

The botnet, named "VictoryGate," has been active since May 2019, with infections mainly reported in Latin America, particularly Peru accounting for 90% of the compromised (The Hacker News)

SAS@home Virtual Summit Showcases New Threat Intel, Industry Changes

The free online conference, scheduled for April 28-30, will feature top security researchers from across the industry. (Threatpost)

Latest Apple Text-Bomb Crashes iPhones via Message Notifications

Sindhi-language characters can crash iPhones and other iOS/macOS devices if a victim views texts, Twitter posts or messages within various apps containing them. (Threatpost)

News Wrap: Nintendo Account Hacks, Apple Zero Days, NFL Security

Nintendo account hacks, two Apple zero days reportedly being exploited in the wild, and the NFL virtual draft were all hot topics in the security space this week. (Threatpost)

Nintendo Confirms Breach of 160,000 Accounts

After gamers reported unauthorized logins and purchases, Nintendo confirmed that over 160,000 accounts had been hacked. (Threatpost)

Apple Pushes Back Against Zero-Day Exploit Claims

Company said there is no evidence that iOS bugs revealed by ZecOps earlier this week were ever used against customers. (Threatpost)