Security daily (25-06-2020)

How COVID-19 changed Cyber Command's 'Cyber Flag' exercise

This year when U.S. Cyber Command convened with allied countries to test how they would collectively defend against a cyber-operation targeting allied networks, the units came together for what appeared to be a straightforward simulation of an attack against a European airbase. The worldwide coronavirus pandemic made the simulation less than straightforward. For the first time ever, participants conducted the exercise from home on a new platform, according to U.S. military cyber commanders involved in the exercise. The annual simulation, which simulated an attack that impacted both information technology (IT) and operational technology (OT), took place on the Persistent Cyber Training Environment (PCTE). “The impact of COVID-19 is pretty clear and it’s been a challenge for us. But it didn’t pause the action that’s been going on in cyberspace,” U.S. Coast Guard Rear Admiral John Mauger, the director of Cyber Command exercises and training, told reporters Wednesday. “Within Cyber Command we couldn’t stop […] The post How COVID-19 changed Cyber Command's 'Cyber Flag' exercise appeared first on CyberScoop. (CyberScoop)

Lawmakers call for cyber leadership as they introduce bill that would create White House post

After then-national security adviser John Bolton eliminated the position of White House cybersecurity coordinator in the spring of 2018, Democratic lawmakers quickly introduced a bill to restore the position, arguing that it was crucial for the White House to show leadership on the issue. The bill never went anywhere. But two years later, the push for creating a top White House cybersecurity post is gaining fresh traction, with support from Republicans. A bipartisan group of House members on Thursday introduced new legislation that would create a “national cyber director” at the White House. The director would serve a similar role to the coordinator, but have more authority to examine cybersecurity budgets and oversee national incident response. Instituting a national cyber director was a key recommendation put forth by the congressionally mandated Cyberspace Solarium Commission, which released a report in March arguing for big changes to U.S. cybersecurity policy. Two leading members […] The post Lawmakers call for cyber leadership as they introduce bill that would create White House post appeared first on CyberScoop. (CyberScoop)

Find a Playstation 4 vulnerability and earn over $50,000

Do you think you have found a vulnerability in the Sony PlayStation 4 or the PlayStation Network? You could be heading towards a sizeable sum of money, after Sony announced details of its new bug bounty program. Just be sure to play by the rules… Read more in my article on the Tripwire State of Security blog. (Graham Cluley)

The inside story of the Maersk NotPetya ransomware attack, from someone who was there

Gavin Ashton was an IT security guy working at Maersk at the time of it was hit hard by the NotPetya ransomware. Now he’s written an article about his experiences, and shares advice for others. (Graham Cluley)

Smashing Security podcast #184: Vanity Bitcoin wallets, BlueLeaks, and a Coronavirus app conspiracy

A conspiracy spreads on social media about Coronavirus tracing apps, US police find decades’ worth of sensitive data leaked online, and is there a Bitcoin bonanza to be had from watching Elon Musk YouTube videos? All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by Graham Cluley and Carole Theriault, joined this week by the BBC’s Zoe Kleinman. (Graham Cluley)

Patch time! NVIDIA fixes kernel driver holes on Windows and Linux

Kernel driver bugs often let crooks take over your entire system from even the weediest foothold. (Naked Security)

Twitter apologizes for leaking businesses’ financial data

Twitter emailed business clients to tell them that their financial data may have been seen by the uninvited.

(Naked Security)

Assange Charged With Recruiting And Conspiring With Hackers

(News ≈ Packet Storm)

PlayStation Announces Bug Bounty Program

(News ≈ Packet Storm)

FBI Warns K12 Schools Of Ransomware Attacks Via RDP

(News ≈ Packet Storm)

Microsoft: Patch Your Exchange Servers, They're Under Attack

(News ≈ Packet Storm)

WikiLeaks Founder Charged With Conspiring With LulzSec & Anonymous Hackers

The United States government has filed a superseding indictment against WikiLeaks founder Julian Assange accusing him of collaborating with computer hackers, including those affiliated with the infamous LulzSec and "Anonymous" hacking groups.

The new superseding indictment does not contain any additional charges beyond the prior 18-count indictment filed against Assange in May 2019, but it (The Hacker News)

Docker Images Containing Cryptojacking Malware Distributed via Docker Hub

With Docker gaining popularity as a service to package and deploy software applications, malicious actors are taking advantage of the opportunity to target exposed API endpoints and craft malware-infested images to facilitate distributed denial-of-service (DDoS) attacks and mine cryptocurrencies.

According to a report published by Palo Alto Networks' Unit 42 threat intelligence team, the (The Hacker News)

Critical Bugs and Backdoor Found in GeoVision's Fingerprint and Card Scanners

GeoVision, a Taiwanese manufacturer of video surveillance systems and IP cameras, recently patched three of the four critical flaws impacting its card and fingerprint scanners that could've potentially allowed attackers to intercept network traffic and stage man-in-the-middle attacks.

In a report shared exclusively with The Hacker News, enterprise security firm Acronis said it discovered the (The Hacker News)

Nationwide Facial Recognition Ban Proposed By Lawmakers

Lawmakers proposed a new bill that would ban the use of facial recognition by law enforcement nationwide. (Threatpost)

Golang Worm Widens Scope to Windows, Adds Payload Capacity

A first-stage malware loader spotted in active campaigns has added additional exploits and a new backdoor capability. (Threatpost)

Nvidia Warns Windows Gamers of Serious Graphics Driver Bugs

Several high-severity flaws in Nvidia's GPU display drivers for Windows users could lead to code-execution, DoS and more. (Threatpost)

Office 365 Users Targeted By ‘Coronavirus Employee Training’ Phish

Threat actors shift focus from COVID-19 to employee coronavirus training and current events like Black Lives Matter as cyber-attacks continue to rise. (Threatpost)


/security-daily/ 26-06-2020 23:44:21