Security daily (25-03-2021)

US lacks visibility into digital espionage at home, NSA boss says

National Security Agency Director Gen. Paul Nakasone addressed the elephant in the room on Thursday during testimony on Capitol Hill: How could the U.S. government have missed SolarWinds and Microsoft Exchange Server hacking until after the malicious activity was already well underway? “It’s not the fact that we can’t connect the dots — we can’t see all the dots,” Nakasone said, acknowledging that the U.S. government, including the NSA, does not have a view into foreign hacking campaigns when they exploit domestic internet infrastructure. “We have a difficulty as a government understanding the totality of the actual intrusion.” The suspected Russian and Chinese hackers behind the SolarWinds supply chain attack and the hacking stemming from the Microsoft Exchange Server vulnerabilities, respectively, used U.S.-based computers and servers to launch their operations. It’s an indication to some, including White House officials, that intruders deliberately sought to bypass detection by the U.S. intelligence community. […] The post US lacks visibility into digital espionage at home, NSA boss says appeared first on CyberScoop. (CyberScoop)

State prosecutors push Facebook, Twitter to do more to slow virus misinformation

A group of 12 state attorneys general sent a letter on Wednesday to Facebook and Twitter urging them to do more to curtail vaccine misinformation on their platforms. “Misinformation disseminated via your platforms has increased vaccine hesitancy, which will slow economic recovery and, more importantly, ultimately cause even more unnecessary deaths,” the group of attorneys general state in the letter. The letter sent to Facebook CEO Mark Zuckerberg and Twitter CEO Jack Dorsey Wednesday is signed by the attorneys general of Connecticut, Delaware, Iowa, Massachusetts, Michigan, Minnesota, New York, North Carolina, Oregon, Pennsylvania, Rhode Island and Virginia. They note that purveyors of vaccine misinformation have often targeted Black Americans, “members of communities who have suffered the worst health impacts of the virus and whose vaccination rates are lagging.” Bad actors and grifters have been spreading misinformation about vaccines on social media, including on Facebook and Twitter, for years. Some of […] The post State prosecutors push Facebook, Twitter to do more to slow virus misinformation appeared first on CyberScoop. (CyberScoop)

S3 Ep25: Drained accounts, ransomware attacks and Linux badware [Podcast]

New episode - listen now! (Naked Security)

Active Exploits Hit WordPress Sites Vulnerable To Thrive Themes Flaws

(News ≈ Packet Storm)

Microsoft Teams Now Has Its Own Bug Bounty For Researchers

(News ≈ Packet Storm)

Facebook Removes Accounts Of China-Based Hackers Targeting Uighurs

(News ≈ Packet Storm)

Facial Recognition Beats The Covid Mask Challenge

(News ≈ Packet Storm)

How Do Websites Get Hacked?

As much as the web has grown, surprisingly not a lot has changed in how websites get hacked. The most important thing you can do in keeping the web – and your own sites and visitors – safe is to understand these unchanging truths and hold them close to heart. Consider the Scale of Hacked Websites 1.2 billion sites make up today’s World Wide Web. Assuming a 3-second load time, continuous queries, and not a wink of rest, it’d take you over 160 years to just see every site that currently exists. Continue reading How Do Websites Get Hacked? at Sucuri Blog. (Sucuri Blog)

Another Critical RCE Flaw Discovered in SolarWinds Orion Platform

IT infrastructure management provider SolarWinds on Thursday released a new update to its Orion networking monitoring tool with fixes for four security vulnerabilities, counting two weaknesses that could be exploited by an authenticated attacker to achieve remote code execution (RCE). Chief among them is a JSON deserialization flaw that allows an authenticated user to execute arbitrary code via (The Hacker News)

Black Kingdom Ransomware Hunting Unpatched Microsoft Exchange Servers

More than a week after Microsoft released a one-click mitigation tool to mitigate cyberattacks targeting on-premises Exchange servers, the company disclosed that patches have been applied to 92% of all internet-facing servers affected by the ProxyLogon vulnerabilities. The development, a 43% improvement from the previous week, caps off a whirlwind of espionage and malware campaigns that hit (The Hacker News)

Forcing Self-Service Password Reset (SSPR) Registration to Increase ROI

When your organization invests in a new product or service, it is essential that you take advantage of all the features it has to offer. This will help you to maximize your return on investment (ROI). If you have purchased or are thinking about purchasing a self-service password reset (SSPR) tool, one of the most important things you will need to do is make sure that 100% of users are registered (The Hacker News)

Critical Cisco Jabber Bug Could Let Attackers Hack Remote Systems

Cisco on Wednesday released software updates to address multiple vulnerabilities affecting its Jabber messaging clients across Windows, macOS, Android, and iOS. Successful exploitation of the flaws could permit an "attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive information, intercept protected network traffic, or cause a (The Hacker News)

Chinese Hackers Used Facebook to Hack Uighur Muslims Living Abroad

Facebook may be banned in China, but the company on Wednesday said it has disrupted a network of bad actors using its platform to target the Uyghur community and lure them into downloading malicious software that would allow surveillance of their devices. "They targeted activists, journalists and dissidents predominantly among Uyghurs from Xinjiang in China primarily living abroad in Turkey, (The Hacker News)

Fleeceware Apps Bank $400M in Revenue

The cache of apps, found in Apple and Google's official marketplaces, is largely targeted towards children, including several "slime simulators." (Threatpost)

Microsoft Offers Up To $30K For Teams Bugs

A bug-bounty program launched for the Teams desktop videoconferencing and collaboration application has big payouts for finding security holes. (Threatpost)

Facebook Disrupts Spy Effort Aimed at Uyghurs

The social-media giant took down legions of fake profiles aimed at spreading espionage malware. (Threatpost)

Manufacturing’s Cloud Migration Opens Door to Major Cyber-Risk

New research shows that while all sectors are at risk, 70 percent of manufacturing apps have vulnerabilities. (Threatpost)


/security-daily/ 26-03-2021 23:44:23