Security daily (24-06-2021)

Create a portable root CA using AWS CloudHSM and ACM Private CA

With AWS Certificate Manager Private Certificate Authority (ACM Private CA) you can create private certificate authority (CA) hierarchies, including root and subordinate CAs, without the investment and maintenance costs of operating an on-premises CA. In this post, I will explain how you can use ACM Private CA with AWS CloudHSM to operate a hybrid public […] (AWS Security Blog)

Andrii Kolpakov, who supervised hackers for FIN7, sentenced to 7 years in prison

A U.S. court on Thursday sentenced Andrii Kolpakov, a Ukrainian national, to seven years in prison for his role in the FIN7 gang. Kolpakov, 33, functioned as a supervisor for a small team of hackers who between 2016 and 2018 breached victims including Chipotle, Red Robin, Arby’s and other U.S. corporations. Victims experienced “enormous” losses, according to the Justice Department, that by some estimates have exceeded $1 billion. Kolpakov pleaded guilty in November 2020 and faced up to 25 years behind bars. Spanish police arrested him in 2018, ultimately extraditing him to the U.S. “During the course of the scheme, [Kolpakov] received compensation for his participation in FIN7, which far exceeds comparable legitimate employment in Ukraine,” the plea deal noted. “For the purposes of this plea agreement, the parties agree that — during [Kolpakov’s] participation in the malware scheme — FIN7 illegal activity resulted in over $100 million in losses […] The post Andrii Kolpakov, who supervised hackers for FIN7, sentenced to 7 years in prison appeared first on CyberScoop. (CyberScoop)

Tulsa police say 18,000 files are leaked after Conti ransomware hack

Citations and internal police department files from the city of Tulsa, Oklahoma are circulating on cybercriminal marketplaces after a ransomware incident in which hackers stole some 18,000 files, city officials say. A notice posted on a municipal website on June 22 warns that residents’ data including names, birth dates and driver’s license numbers is accessible to scammers following a hack carried out by the Conti ransomware gang. The digital extortionists breached the Tulsa police department in May, leaking stolen data about 22 officers and promising to publish more if the city refused to pay a ransom. “[O]ut of an abundance of caution, anyone who has filed a police report, received a police citation, made a payment with the City, or interacted with the City in any way where [personally identifiable information] was shared, whether online, in-person or on paper, prior to May 2021, is being asked to take monitoring precautions,” […] The post Tulsa police say 18,000 files are leaked after Conti ransomware hack appeared first on CyberScoop. (CyberScoop)

Senate fails to confirm new CISA director before two-week break, drawing criticism

The Senate’s failure to confirm a new director for DHS’s top cybersecurity agency before the chamber goes on a two-week recess has raised ire from cybersecurity leaders who say the role is too important to leave unfilled. President Joe Biden nominated Jen Easterly, a former U.S. National Security Agency official, for CISA director and Chris Inglis as national cyber director in April. The Senate confirmed Inglis last week. Easterly will be tasked with leading the agency at a critical time for U.S. cybersecurity. The agency is still dealing with the aftermath of a high-profile Russian hack of nine federal agencies. It also faces a growing ransomware crisis, including recent high-profile attacks on fuel provider Colonial Pipeline and meat supplier JBS. “It’s completely irresponsible for Republicans to block Jen Easterly’s confirmation and delay getting her on the job at a time when we need all hands on deck to protect against […] The post Senate fails to confirm new CISA director before two-week break, drawing criticism appeared first on CyberScoop. (CyberScoop)

S3 Ep38: Clop busts, destructive Linux hacking, and rooted bicycles [Podcast]

Latest episode - listen now! (Naked Security)

Hackers Use Fake Call Center To Trick Victims Into Installing Ransomware

(News ≈ Packet Storm)

US Seizes 33 Iranian State-Run Media Sites Accused Of Election Disinformation

(News ≈ Packet Storm)

The Final Years Of John McAfee's Controversial Life

(News ≈ Packet Storm)

BIOSConnect Code Execution Bugs Impact Millions Of Dell Devices

(News ≈ Packet Storm)

Clop Gang Partners Laundered $500 Million in Ransomware Payments

The cybercrime ring that was apprehended last week in connection with Clop (aka Cl0p) ransomware attacks against dozens of companies in the last few months helped launder money totaling $500 million for several malicious actors through a plethora of illegal activities. "The group — also known as FANCYCAT — has been running multiple criminal activities: distributing cyber attacks; operating a (The Hacker News)

BIOS Disconnect: New High-Severity Bugs Affect 128 Dell PC and Tablet Models

Cybersecurity researchers on Thursday disclosed a chain of vulnerabilities affecting the BIOSConnect feature within Dell Client BIOS that could be abused by a privileged network adversary to gain arbitrary code execution at the BIOS/UEFI level of the affected device. "As the attacker has the ability to remotely execute code in the pre-boot environment, this can be used to subvert the operating (The Hacker News)

Reduce Business Risk By Fixing 3 Critical Endpoint-to-Cloud Security Requirements

Enterprise applications used to live securely in data centers and office employees connected to internal networks using company-managed laptops or desktops. And data was encircled by a walled perimeter to keep everything safe. All that changed in the last 18 months. Businesses and employees had to adapt quickly to cloud technology and remote work. The cloud gave businesses the agility to respond (The Hacker News)

One-Click Exploit Could Have Let Attackers Hijack Any Atlassian Account

Cybersecurity researchers on Wednesday disclosed critical flaws in the Atlassian project and software development platform that could be exploited to take over an account and control some of the apps connected through its single sign-on (SSO) capability. "With just one click, an attacker could have used the flaws to get access to Atlassian's publish Jira system and get sensitive information, (The Hacker News)

Critical Auth Bypass Bug Affects VMware Carbon Black App Control

VMware has rolled out security updates to resolve a critical flaw affecting Carbon Black App Control that could be exploited to bypass authentication and take control of vulnerable systems. The vulnerability, identified as CVE-2021-21998, is rated 9.4 out of 10 in severity by the industry-standard Common Vulnerability Scoring System (CVSS) and affects App Control (AppC) versions 8.0.x, 8.1.x, (The Hacker News)

Wormable DarkRadiation Ransomware Targets Linux and Docker Instances

Cybersecurity researchers are sounding the alarm bell over a new ransomware strain called "DarkRadiation" that's implemented entirely in Bash and targets Linux and Docker cloud containers, while banking on messaging service Telegram for command-and-control (C2) communications. "The ransomware is written in Bash script and targets Red Hat/CentOS and Debian Linux distributions," researchers from (The Hacker News)

Oh FCUK! Fashion Label, Medical Diagnostics Firm Latest REvil Victims

The infamous ransomware group hit two big-name companies within hours of each other.   (Threatpost)

Musk-Themed ‘$SpaceX’ Cryptoscam Invades YouTube Advertising

Beware: The swindle uses legitimately purchased YouTube ads, real liquidity, legitimate DEX Uniswap, and the real wallet extension MetaMask to create an entirely convincing fake coin gambit. (Threatpost)

Critical VMware Carbon Black Bug Allows Authentication Bypass

The 9.4-rated bug in AppC could give attackers admin rights, no authentication required, letting them attack anything from PoS to industrial control systems. (Threatpost)


/security-daily/ 25-06-2021 23:44:23