Security daily (24-05-2021)

How to import AWS IoT Device Defender audit findings into Security Hub

AWS Security Hub provides a comprehensive view of the security alerts and security posture in your accounts. In this blog post, we show how you can import AWS IoT Device Defender audit findings into Security Hub. You can then view and organize Internet of Things (IoT) security findings in Security Hub together with findings from […] (AWS Security Blog)

Alleged North Korean hackers scouted crypto exchange employees before stealing currency, researchers say

Suspected North Korean hackers have breached cryptocurrency exchanges in Japan, Europe, the U.S. and Israel in an effort to steal millions of dollars from the platforms in the last three years, according to a new private sector report. The analysis published Monday by the Israeli security firm ClearSky names Lazarus Group, which U.S. officials say works on behalf of the North Korean government, as the suspect in a hacking campaign that began with attackers scouting cryptocurrency exchange employees and ended with money leaving user accounts. Cryptocurrency helps North Korea blunt the financial impact of international sanctions, as virtual payment techniques are popular on black markets, difficult to trace and exist largely outside the global financial system. A United Nations panel in 2019 implicated North Korean hackers in the theft of $571 million from five cryptocurrency exchanges in Asia. Those hacks are “probably” done to fund North Korean “government priorities, such […] The post Alleged North Korean hackers scouted crypto exchange employees before stealing currency, researchers say appeared first on CyberScoop. (CyberScoop)

Court rules encrypted email provider Tutanota must monitor messages in blackmail case

The Federal Court of Justice (BGH) in Germany has ruled that encrypted email provider Tutanota must monitor for three months the messages of accounts implicated in a blackmail case. The decision, which impacts two accounts in all, comes months after the Regional Court of Cologne ruled that Tutanota must provide said emails. Tutanota had asked BGH to re-examine that decision given that Tutanota does not consider itself a telecommunications service and therefore should not be required to monitor them under German law. The Cologne decision also appeared to contradict an earlier ruling from the Hanover Regional Court, which affirmed Tutanota did not provide telecommunications services, according to Tutanota. BGH ruled late last month that the Tutanota request was admissible, but unfounded. BGH found that providers like Tutanota that provide “over-the-top” services are also considered to be providing telecommunications services under the Code of Criminal Procedure. The ruling only surfaced in […] The post Court rules encrypted email provider Tutanota must monitor messages in blackmail case appeared first on CyberScoop. (CyberScoop)

Hack of IT provider exposes data on 4.5 million Air India passengers

Data on 4.5 million Air India passengers was compromised in a hack of a major IT provider to the airline industry, Air India announced last week. The initial breach of the IT provider, SITA — disclosed in March — affected numerous airlines from Lufthansa to Cathay Pacific, but the investigation has now revealed one of its biggest victims yet in India’s flagship air carrier. The breach covers nearly a decade of data on Air India passengers, and includes passport, ticket information and credit card information, Air India said in a statement. Air India said it has secured the hacked servers, notified credit card firms of the breach and reset passwords for frequent flyer accounts. The airline also advised passengers to change their own passwords where applicable. “[O]ur data processor has ensured that no abnormal activity was observed after securing the compromised servers,” the statement said. It is still unclear who is […] The post Hack of IT provider exposes data on 4.5 million Air India passengers appeared first on CyberScoop. (CyberScoop)

Naked Security Live – Jacked and hacked: how safe are tracking tags?

New episode - watch now! (And please tell your friends about our channel.) (Naked Security)

DarkSide Getting Taken To Hackers' Court For Not Paying Affiliates

(News ≈ Packet Storm)

Data Of Millions Of Air India Customers Compromised

(News ≈ Packet Storm)

FBI Identifies 16 Conti Ransomware Attacks Striking US Healthcare, First Responders

(News ≈ Packet Storm)

China Crypto Mining Business Hit By Beijing Crackdown, Bitcoin Tumbles

(News ≈ Packet Storm)

Apple‌ Issues Patches to Combat Ongoing 0-Day Attacks on macOS, tvOS

Apple on Monday rolled out security updates for iOS, macOS, tvOS, watchOS, and Safari web browser to fix multiple vulnerabilities, including an actively exploited zero-day flaw in macOS Big Sur and expand patches for two previously disclosed zero-day flaws.  Tracked as CVE-2021-30713, the zero-day concerns a permissions issue in Apple's Transparency, Consent, and Control (TCC) framework in macOS (The Hacker News)

Researchers Link CryptoCore Attacks On Cryptocurrency Exchanges to North Korea

State-sponsored hackers affiliated with North Korea have been behind a slew of attacks on cryptocurrency exchanges over the past three years, new evidence has revealed. Attributing the attack with "medium-high" likelihood to the Lazarus Group (aka APT38 or Hidden Cobra), researchers from Israeli cybersecurity firm ClearSky said the campaign, dubbed "CryptoCore," targeted crypto exchanges in (The Hacker News)

What To Do When Your Business Is Hacked

As businesses move to a remote workforce, hackers have increased their activity to capitalize on new security holes. Cybercriminals often use unsophisticated methods that continue to be extremely successful. These include phishing emails to harvest credentials and gain easy access to business-critical environments. Hackers are also using ransomware to hold your data hostage, demanding a ransom (The Hacker News)

Details Disclosed On Critical Flaws Affecting Nagios IT Monitoring Software

Cybersecurity researchers disclosed details about 13 vulnerabilities in the Nagios network monitoring application that could be abused by an adversary to hijack the infrastructure without any operator intervention. "In a telco setting, where a telco is monitoring thousands of sites, if a customer site is fully compromised, an attacker can use the vulnerabilities to compromise the telco, and then (The Hacker News)

American Express Fined for Sending Millions of Spam Messages

British regulators ruled that Amex sent 4 million nuisance emails to opted-out customers. (Threatpost)

Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

A WordPress reservation plugin has a vulnerability that allows unauthenticated hackers to access reservation data stored by site owners. (Threatpost)

FBI Analyst Indicted for Theft of Osama bin Laden Threat Intel

An FBI employee allegedly made off with top-secret documents, keeping them in her home for more than a decade. (Threatpost)


/security-daily/ 25-05-2021 23:44:22