Security daily (24-08-2021)

Confidential computing: an AWS perspective

Customers around the globe—from governments and highly regulated industries to small businesses and start-ups—trust Amazon Web Services (AWS) with their most sensitive data and applications. At AWS, keeping our customers’ workloads secure and confidential, while helping them meet their privacy and data sovereignty requirements, is our highest priority. Our investments in security technologies and rigorous […] (AWS Security Blog)

How to automate forensic disk collection in AWS

In this blog post you’ll learn about a hands-on solution you can use for automated disk collection across multiple AWS accounts. This solution will help your incident response team set up an automation workflow to capture the disk evidence they need to analyze to determine scope and impact of potential security incidents. This post includes […] (AWS Security Blog)

Hackers exploit WhatsApp modification tool to snoop on texts, force paid subscriptions

A malicious version of a popular modification or “mod” of the encrypted messaging app WhatsApp is carrying a mobile trojan that can launch advertisements, issue paid subscriptions and intercept text messages, security researchers said Tuesday. According to Kaspersky, hackers inserted the Triada trojan into a modified version of FMWhatsapp, a WhatsApp mod. Such mods have a following among users who want to customize WhatsApp, such as being able to send larger files or apply custom animated themes. FMWhatsapp isn’t available on the Google Play store and is only available via third party websites, which means users who desire the extra features the mod offers don’t get the security protections inherent in more officially-vetted apps. Kaspersky first spotted Triada in 2016, when the company deemed the hacking tool “one of the most advanced mobile Trojans our malware analysts have ever encountered.” Users grant FMWhatsapp permission to read SMS messages, Kaspersky said, […] The post Hackers exploit WhatsApp modification tool to snoop on texts, force paid subscriptions appeared first on CyberScoop. (CyberScoop)

New CISA director wants to spend less time cleaning up after big hacks, more time preparing for them

U.S. cybersecurity officials have scrambled to respond to one major hacking incident after another over the past nine months, from the alleged Russian intrusions into federal networks using bugged SolarWinds software, to the extortion of Colonial Pipeline, which controls the East Coast’s biggest fuel artery. Jen Easterly, the new director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), wants to break that cycle, and spend less time putting out fires and more time preparing for incidents in an attempt to reduce their impact. It’s a goal that will draw on Easterly’s experience working on cyber operations for the military, and her time trying to safeguard one of the largest U.S. investment banks from hackers. To date, actions taken by federal and private sector organizations “to protect us from threats are just not keeping pace,” she said in a recent interview. This month, Easterly set up the Joint Cyber Defense […] The post New CISA director wants to spend less time cleaning up after big hacks, more time preparing for them appeared first on CyberScoop. (CyberScoop)

Bahrain hacked activists' iPhones with NSO Group spyware, Citizen Lab says

Government hackers used NSO Group surveillance technology to infiltrate the phones of nine Bahraini activists, according to a new report from Citizen Lab. The victims included a blogger, activist, members of political organization Waad and members of the Bahrain Center for Human Rights. Five of the targets identified by Citizen Lab, an internet watchdog from from the University of Toronto, were listed on a list of individuals obtained by Amnesty International as a part of its “Pegasus Project” investigation. The list is believed to comprise potential targets of NSO Group’s customers. Hackers used fake texts that linked out to malicious software as well as “zero-click” attacks, which do not require any user interaction. Researchers found that attackers successfully exploited the most recent versions of Apple iOS, circumventing protections introduced by the company in January to protect users against such attacks. Amnesty Tech has also reported zero-click exploits successfully exploiting iOS […] The post Bahrain hacked activists' iPhones with NSO Group spyware, Citizen Lab says appeared first on CyberScoop. (CyberScoop)

Researchers show how to tamper with medication in popular infusion pumps using software flaws

McAfee Enterprise researchers on Tuesday said they had found multiple vulnerabilities in infusion pump software that, under certain conditions, a skilled hacker could use to alter a patient’s medication dose to a potentially unsafe level. The vulnerabilities are in equipment made by multinational vendor B. Braun that are used in pediatric and adult health care facilities in the United States. While there are no reports of malicious exploitation of the flaws, the research illustrates the challenge of securing devices conceived decades ago from 21st-century digital threats. The findings come as the health care sector reckons with a series of ransomware attacks that hit aging hospital computer networks during the pandemic. Medical devices “remain vulnerable to legacy issues that have persisted for many years and have exceptionally slow update or upgrade cycles,” said Steve Povolny, who heads the Advanced Threat Research team at McAfee Enterprise. In a statement, B. Braun said […] The post Researchers show how to tamper with medication in popular infusion pumps using software flaws appeared first on CyberScoop. (CyberScoop)

How a gaming mouse can get you Windows superpowers!

When a helpful feature (that you probably didn't need) turns into an exploitable vulnerability... (Naked Security)

Windows 10 Admin Rights Gobbled By Razer Devices

(News ≈ Packet Storm)

Video Shows Moment Iranian Prison Realizes It Was Hacked

(News ≈ Packet Storm)

Microsoft Spills 38 Million Sensitive Data Records

(News ≈ Packet Storm)

Tech CEOs To Meet With Biden Over Infrastructure Security

(News ≈ Packet Storm)

7 Ways to Secure Magento 1

While unpatched installations of Magento 2 contain many vulnerabilities, I’m going to focus my attention on Magento 1 for this article. This is because Magento 2 provides regularly updated patches for many of the most common vulnerabilities targeting the platform. While Magento 1 also contains patches for many known vulnerabilities, those patches are not currently maintained. Magento 1 reached its end-of-support on June 30, 2020. When Magento 2 was released, the focus was to improve security, include speed improvements, support the latest PHP installations, include SEO optimizations and provide a more user-friendly interface. Continue reading 7 Ways to Secure Magento 1 at Sucuri Blog. (Sucuri Blog)

Modified Version of WhatsApp for Android Spotted Installing Triada Trojan

A modified version of the WhatsApp messaging app for Android has been trojanized to intercept text messages, serve malicious payloads, display full-screen ads, and sign up device owners for unwanted premium subscriptions without their knowledge. "The Trojan Triada snuck into one of these modified versions of the messenger called FMWhatsApp 16.80.0 together with the advertising software (The Hacker News)

Bahraini Activists Targeted Using a New iPhone Zero-Day Exploit From NSO Group

A previously undisclosed "zero-click" exploit in Apple's iMessage was abused by Israeli surveillance vendor NSO Group to circumvent iOS security protections and target nine Bahraini activists. "The hacked activists included three members of Waad (a secular Bahraini political society), three members of the Bahrain Center for Human Rights, two exiled Bahraini dissidents, and one member of Al Wefaq (The Hacker News)

Researchers Warn of 4 Emerging Ransomware Groups That Can Cause Havoc

Cybersecurity researchers on Tuesday took the wraps off four up-and-coming ransomware groups that could pose a serious threat to enterprises and critical infrastructure, as the ripple effect of a recent spurt in ransomware incidents show that attackers are growing more sophisticated and more profitable in extracting payouts from victims. "While the ransomware crisis appears poised to get worse (The Hacker News)

38 Million Records Exposed from Microsoft Power Apps of Dozens of Organisations

More than 38 million records from 47 different entities that rely on Microsoft's Power Apps portals platform were inadvertently left exposed online, bringing into sharp focus a "new vector of data exposure." "The types of data varied between portals, including personal information used for COVID-19 contact tracing, COVID-19 vaccination appointments, social security numbers for job applicants, (The Hacker News)

Cybercrime Group Asking Insiders for Help in Planting Ransomware

A Nigerian threat actor has been observed attempting to recruit employees by offering them to pay $1 million in bitcoins to deploy Black Kingdom ransomware on companies' networks as part of an insider threat scheme. "The sender tells the employee that if they're able to deploy ransomware on a company computer or Windows server, then they would be paid $1 million in bitcoin, or 40% of the (The Hacker News)

Poly Network Recoups $610M Stolen from DeFi Platform

The attacker returned the loot after being offered a gig as chief security advisor with Poly Network. (Threatpost)

Pegasus Spyware Uses iPhone Zero-Click iMessage Zero-Day

Cybersecurity watchdog Citizen Lab saw the new zero-day FORCEDENTRY exploit successfully deployed against iOS versions 14.4 & 14.6, blowing past Apple's new BlastDoor sandboxing feature to install spyware on the iPhones of Bahraini activists – even one living in London at the time. (Threatpost)

Custom WhatsApp Build Delivers Triada Malware

Researchers have spotted the latest version of the Triada trojan targeting mobile devices via an advertising SDK. (Threatpost)

Effective Threat-Hunting Queries in a Redacted World

Chad Anderson, senior security researcher for DomainTools, demonstrates how seemingly disparate pieces of infrastructure information can form perfect fingerprints for tracking cyberattackers' infrastructure. (Threatpost)


/security-daily/ 25-08-2021 23:44:23