Security daily (24-09-2020)

With an eye on election interference, Facebook scrubs networks of phony Russian accounts

Facebook on Thursday removed over 200 phony accounts and dozens of pages that originated in Russia and pumped out information on sensitive geopolitical issues targeting people from Turkey to the U.S. Facebook said it traced the fraudulent activity to either people connected with Russian military intelligence services or the Internet Research Agency, a notorious Russia-based troll farm. It’s the latest in a series of actions that Facebook has taken against suspected foreign influence operations heading into the U.S. presidential election. “While we have not seen the networks we removed today…directly target the US 2020 election, they are linked to actors associated with election interference in the US in the past, including those involved in ‘DC leaks’ in 2016,” Nathaniel Gleicher, Facebook’s head of security policy, said in a blog post. As with another suspected Russia-based influence operation that Facebook uncovered this month, the latest activity saw operatives pose as journalists or writers in an […] The post With an eye on election interference, Facebook scrubs networks of phony Russian accounts appeared first on CyberScoop. (CyberScoop)

US Army combines fake hacks, natural disaster simulation to test municipal responses

Cybersecurity experts from the U.S. military and the private sector have spent recent weeks working with two American cities to test their ability to respond during a simulated cyberattack layered with several simulated physical disruptions. The virtual exercise, which has feigned malware and ransomware attacks against targets in Charleston, S.C., and Savannah, Ga., over the last several weeks, is aimed at testing participants’ ability to defend against digital threats while simultaneously facing an array of emergency scenarios in the physical realm. While grappling with seeming malicious software attacks, participants also have needed to deal with a fictional cargo ship accident, a flood and the failure of 911 systems. The U.S. Army, alongside private sector and municipal partners, is wrapping up the exercise, known as Jack Voltaic 3.0, this week. By assessing municipal and commercial responses to such blended crises, officials aim to understand and mitigate any shortfalls in response that could impact the U.S. military’s ability to deploy out of […] The post US Army combines fake hacks, natural disaster simulation to test municipal responses appeared first on CyberScoop. (CyberScoop)

Election cyberthreats have been 'blocked, minimal or easily mitigated,' federal agencies remind voters

For the second time in a week, U.S. national security agencies have publicly reassured voters that election systems are being guarded from hacking and that the integrity of the vote is intact. The FBI and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency “have not identified any threats, to date, capable of preventing Americans from voting or changing vote tallies for the 2020 elections,” the agencies said in a statement published Thursday. “[A]ttempts by cyber actors to compromise election infrastructure could slow but not prevent voting,” the agencies said, adding that any threats to date have “remained localized and were blocked, minimal or easily mitigated.” The announcement follows an advisory from the agencies on Tuesday warning that foreign actors could seize on delays in the reporting of election results to spread disinformation aimed at undermining confidence in the vote. The statements show how federal agencies, which have worked […] The post Election cyberthreats have been 'blocked, minimal or easily mitigated,' federal agencies remind voters appeared first on CyberScoop. (CyberScoop)

SMS phishing scam pretends to be Apple “chatbot” – don’t fall for it!

If you got someone else's "free offer" in what looked like a misdirected message, would you take a peek? (Naked Security)

Become an In-Demand Ethical Hacker with This $15 CompTIA Course

If you're interested in joining the increasingly popular and lucrative world of ethical or "white hat" hacking, you're far from alone. More and more coding and programming pros are turning to this field thanks to the high pay, countless opportunities, and exciting work environment.

But this means that if you want to be competitive, you're going to need to have the right skills and certifications on your resume. The CompTIA PenTest+ (PT0-001) Ethical Hacking Course will help you ace the exam for one of the field's most valuable and in-demand certifications, and it's available right now for... more (Null Byte « WonderHowTo)

Amazon Unveils Flying Ring Security Drone

(News ≈ Packet Storm)

Facebook Shuts Down Russians Posting As Journalists

(News ≈ Packet Storm)

Twitter Prepares For US Elections With Security Training, Pen Tests

(News ≈ Packet Storm)

Microsoft Leaks 6.5TB In Bing Search Data Via Unsecured Elastic Server

(News ≈ Packet Storm)

Major Instagram App Bug Could've Given Hackers Remote Access to Your Phone

Ever wonder how hackers can hack your smartphone remotely? In a report shared with The Hacker News today, Check Point researchers disclosed details about a critical vulnerability in Instagram's Android app that could have allowed remote attackers to take control over a targeted device just by sending victims a specially crafted image. What's more worrisome is that the flaw not only lets attackers (The Hacker News)

Feds Hit with Successful Cyberattack, Data Stolen

The attack featured a unique, multistage malware and a likely PulseSecure VPN exploit. (Threatpost)

Cisco Patch-Palooza Tackles 29 High-Severity Bugs

Patches and workaround fixes address flaws on networking hardware running Cisco IOS XE software. (Threatpost)

Free Apple iPhone 12? Chatbot Scam Spreads Via Texts

Convincing SMS messages tell victims that they've been selected for a pre-release trial for the soon-to-be-launched device. (Threatpost)

Alien Android Banking Trojan Sidesteps 2FA

A new 'fork' of the Cerberus banking trojan, called Alien, targets victims' credentials from more than 200 mobile apps, including Bank of America and Microsoft Outlook. (Threatpost)


/security-daily/ 25-09-2020 23:44:24