Security daily (24-06-2020)

What is a cyber range and how do you build one on AWS?

In this post, we provide advice on how you can build a current cyber range using AWS services. Conducting security incident simulations is a valuable exercise for organizations. As described in the AWS Security Incident Response Guide, security incident response simulations (SIRS) are useful tools to improve how an organization handles security events. These simulations […] (AWS Security Blog)

Julian Assange accused of conspiring with Anonymous and LulzSec in superseding US indictment

The U.S. government has broadened its criminal case against Julian Assange in an indictment unsealed Wednesday that accuses the WikiLeaks founder of collaborating with hackers affiliated with the Anonymous and LulzSec hacking groups The new superseding indictment alleges that in 2012 Assange provided LulzSec’s leader, who was an FBI informant at the time, with a list of target organizations to hack including a private U.S. intelligence contractor. The indictment includes the same charges that U.S. prosecutors brought against Assange in an 18-count indictment in May 2019. Assange was charged under the Espionage Act for his role in allegedly publishing classified Department of Defense documents in 2010, which he obtained from Army Intelligence analyst Chelsea Manning. Assange is currently detained in the United Kingdom under a U.S. extradition request. You can read the full superseding indictment below. The post Julian Assange accused of conspiring with Anonymous and LulzSec in superseding US indictment appeared first on CyberScoop. (CyberScoop)

Hackers are still running coronavirus-related campaigns, CrowdStrike warns

Although many municipalities around the world have begun to ease up on stay-at-home orders, hackers are still running spearphishing and disinformation campaigns taking advantage of the pandemic. Adam Meyers, CrowdStrike’s Vice President of Intelligence, says nation-state and criminal spearphishing campaigns that leverage COVID-19 themed lures are still on the rise. “We’ve been seeing an increase of … behavior of social engineering where they’re impersonating things like the WHO, CDC, HHS, hospitals, healthcare [entities], and even insurance companies to entice people to click links or to click on on phishing [and] open files,” Meyers said Wednesday while speaking at the virtual CrowdStrike’s Fal.Con for Public Sector Conference, produced by FedScoop and CyberScoop. “This is an increasing problem and it demonstrates that the threat actors have found an unprecedented level of awareness around COVID-19…and they’re taking advantage of that and they’re capitalizing on it.” Hackers working for China, Russia, Iran, North Korea, Pakistan, […] The post Hackers are still running coronavirus-related campaigns, CrowdStrike warns appeared first on CyberScoop. (CyberScoop)

Securing voter registration databases takes on added importance in pandemic, DHS official says

The expansion of voting by mail during the coronavirus pandemic makes it all the more important that election officials secure voter registration databases from hacking, according to a senior Department of Homeland Security official. The greater amount of absentee voting and mail-in ballots “shifts the risk towards voter registration data security,” Matt Masterson, senior adviser at DHS’s Cybersecurity and Infrastructure Security Agency, said Wednesday during a virtual conference. People voting by mail generally won’t have access to the same provisional-balloting process that those voting in person can use if they’ve been left off of voter rolls due to an administrative error. That makes the integrity of voter registration data all the more important in the era of COVID-19, Masterson said. The novel coronavirus, which has killed more than 120,000 people in the U.S., has forced many states to postpone presidential primaries and ramp up voting-by-mail options. Forty-six states currently offer all of their voters some form […] The post Securing voter registration databases takes on added importance in pandemic, DHS official says appeared first on CyberScoop. (CyberScoop)

Ransomware operators now threatening to publish stolen data in extortion demands

Ransomware attackers typically encrypt files with the promise of decryption if victims make good on hefty ransom demands. But the status quo among ransomware operators has been shaken in the last several months, and they’re now beginning to move away from just demanding ransoms from victims. They’re also running hack-and-leak operations, according to CrowdStrike. “[A] trend that we’re starting to see in the last couple of months is that when victims don’t pay the ransom … threat actors have actually been threatening to disclose their sensitive files. So they’re actually exfiltrating data from the victim and threatening to disclose it,” CrowdStrike vice president of intelligence Adam Meyers said Wednesday while speaking at the virtual CrowdStrike’s Fal.Con for Public Sector Conference, produced by FedScoop and CyberScoop. In at least one case, attackers auctioned stolen data to the highest bidder on a custom-built website, Meyers said. “This is an escalation in the ransomware operations where they’re now moving […] The post Ransomware operators now threatening to publish stolen data in extortion demands appeared first on CyberScoop. (CyberScoop)

Don't expect Huawei on DHS's supply chain task force any time soon

A U.S. cybersecurity task force dedicated to protecting data throughout American networks aims to have a diverse set of opinions. That doesn’t mean just anyone is invited. Since 2018, the Department of Homeland Security’s Information and Communications Technology Supply Chain Task Force has been charged with developing strategies to ensure that government agencies and companies aren’t made vulnerable by partners, vendors, contractors, suppliers or other organizations in their business orbit. Members include a range of government bodies, telecommunication giants like Verizon and AT&T, and global tech firms including Microsoft and Cisco. DHS officials assess potential task force members based on a risk assessment that includes whether an entity might add value to ongoing conversations, and whether possible damage from including that organization outweighs the possible benefits. It’s the kind of criteria that makes the addition of a company like Huawei, the Chinese telecom that U.S. intelligence officials say represents a […] The post Don't expect Huawei on DHS's supply chain task force any time soon appeared first on CyberScoop. (CyberScoop)

US cyber officials try to channel Liam Neeson in responding to coronavirus threats

In early March, as the novel coronavirus swept through the U.S., the Department of Homeland Security’s cybersecurity wing quietly began an initiative that would single out the critical government and private-sector organizations that needed protection from spies and criminals during the pandemic. The list of essential organizations would include U.S. labs working on a vaccine, pharmaceutical firms researching virus treatments and a constellation of equipment suppliers with global supply chains. The initiative turned into something U.S. officials call Project Taken — a multi-agency effort to protect U.S. vaccine research and other data from hacking and infiltration. “We really need to identify the parts of the United States government and industry that are going to get us through this COVID crisis,” recalled Bryan S. Ware, assistant director at DHS’s Cybersecurity and Infrastructure Security Agency. “And we need to prioritize … our capabilities and our outreach to those entities.” While other parts of the […] The post US cyber officials try to channel Liam Neeson in responding to coronavirus threats appeared first on CyberScoop. (CyberScoop)

DDoSecrets' mission is 'unchanged' in wake of 'Blue Leaks' Twitter ban

After Twitter blacklisted an emerging anti-secrecy group for distributing a vast collection of data stolen from U.S. law enforcement agencies, a co-founder of the WikiLeaks-style startup says it won’t go away quietly. Emma Best, who helps lead Distributed Denial of Secrets, announced on a personal account Tuesday that Twitter had permanently banned the @DDoSecrets account for violating the company’s rules about distributing hacked materials. The move came four days after DDoSecrets published 269 GB of information, including training manuals and guides on containing protesters, initially taken from more than 200 U.S. police agencies. That publication marked the most significant form of hacktivism in recent memory, inserting DDoSecrets into the national news cycle alongside reports about police officers killing unarmed Black Americans. Earlier this month, a Twitter account positing itself as tied to Anonymous claimed to leak data tied to the Minneapolis Police Department. That data turned out to be scraped […] The post DDoSecrets' mission is 'unchanged' in wake of 'Blue Leaks' Twitter ban appeared first on CyberScoop. (CyberScoop)

Why the FBI’s cyber attachés are so valuable

On an average day, cybercriminals visiting the Darkode darkweb forum would expect to enter an underground, invitation-only digital marketplace to buy, sell, and trade malware, access to botnets, and stolen personal information. However, in July 2015, users were instead confronted with the emblems of the U.S. Federal Bureau of Investigation (FBI), the U.S. Department of Justice (DOJ), and EUROPOL’s European Cyber Crime Center (EC3) instead of the Darkode homepage. A large, bold warning surrounded by the official seals of 17 additional international police departments prominently proclaimed, “This domain and website have been seized.” This was the culmination of a multi-year joint undercover operation by U.S. and international law enforcement from 20 countries who searched, charged, or arrested 70 of the forum’s members worldwide and indicted 12 individuals with computer fraud conspiracy. This joint effort, known as Operation Shrouded Horizon, exemplifies the collaboration needed to counter the increasingly complex and diffuse […] The post Why the FBI’s cyber attachés are so valuable appeared first on CyberScoop. (CyberScoop)

DDoSecrets thrown off Twitter after distributing 269GB BlueLeaks data dump

The activist group Distributed Denial of Secrets, perhaps better known by their shorter but clumsy moniker DDoSecrets, has been permanently banned from Twitter. Read more in my article on the Hot for Security blog. (Graham Cluley)

HEY pulls feature which could expose email threads without participants’ knowledge

HEY, a new service which aims to revolutionise users’ inboxes, admits it made a mistake which could have made it too easy for private messages to be exposed. (Graham Cluley)

Password security is critical in a remote work environment – see where businesses are putting themselves at risk

Graham Cluley Security News is sponsored this week by the folks at LastPass. Thanks to the great team there for their support! LastPass has analyzed over 47,000 businesses to bring you insights into security behavior worldwide. The takeaway is clear: Many businesses are making significant strides in some areas of password and access security – […] (Graham Cluley)

Pubs and restaurants left guessing after being told to collect customer data as lockdown eases

In just ten days, the UK Government says English pubs, restaurants, and cafes can open again for business. However, they are told that they should collect contact information about every customer and visitor to their premises. But what they’re not told is how they should do this in a way that protects people’s security and privacy. (Graham Cluley)

Glupteba – the malware that gets secret messages from the Bitcoin blockchain

And you thought the Bitcoin blockchain was all about cryptocurrency! (Naked Security)

iOS 14, macOS Big Sur, Safari to give us ‘No, thanks!’ option for ad tracking

At WWDC, Apple promised to double down on data protection in its upcoming iOS 14, macOS Big Sur, and Safari releases. (Naked Security)

Twitter Terminates DDoSecrets Claiming It Will Infect You

(News ≈ Packet Storm)

Facial Recognition To Predict Criminals Sparks Row Over AI Bias

(News ≈ Packet Storm)

This Sneaky Malware Goes To Unusual Lengths To Cover Its Tracks

(News ≈ Packet Storm)

European Union May Quarantine The United States

(News ≈ Packet Storm)

Sucuri Sit-Down Episode 2: Malware Types Explained with Krasimir Konov

Malware comes in many different varieties. Analyst Krasimir Konov is on this month’s Sucuri Sit-Down to help keep them all straight. From malicious iframes to SEO spam, join host Justin Channell as he racks Krasimir’s brain on all the different types of malware. Also, Krasimir discusses his recent blog post about a malicious cURL downloader, and Justin breaks down the latest website security news, including patched plugins you should update.

Podcast Transcript Justin Channell: Hello, and welcome to the Sucuri Sit Down. Continue reading Sucuri Sit-Down Episode 2: Malware Types Explained with Krasimir Konov at Sucuri Blog. (Sucuri Blog)

Emerging Ransomware Targets Photos, Videos on Android Devices

The CryCryptor malware strain is a brand-new family of threats, leveraging COVID-19 to spread. (Threatpost)

Self-Propagating Lucifer Malware Targets Windows Systems

A new devilish malware is targeting Windows systems with cryptojacking and DDoS capabilities. (Threatpost)

New Bill Targeting ‘Warrant-Proof’ Encryption Draws Ire

The Lawful Access to Encrypted Data Act is being decried as "an awful idea" by security experts. (Threatpost)

Experts Denounce Racial Bias of Crime-Predictive Facial-Recognition AI

An open letter signed by experts in the field from MIT, Microsoft and Google aim to stop the ‘tech to prison’ pipeline. (Threatpost)


/security-daily/ 25-06-2020 23:44:27