Security daily (25-08-2020)

How to think about cloud security governance

When customers first move to the cloud, their instinct might be to build a cloud security governance model based on one or more regulatory frameworks that are relevant to their industry. Although this can be a helpful first step, it’s also critically important that organizations understand what the control objectives for their workloads should be. […] (AWS Security Blog)

Everything you need to know about voting by mail

State and local governments, those running for office and the American electorate are facing an unprecedented election process this year in which mail-in ballots will play a large part in how voters pick their elected officials during a once-in-a-century pandemic. In doing so, they have to navigate a U.S. Postal Service that has warned of tardy ballot deliveries, cut through the din of misinformation coming from President Donald Trump, and overcome a process that can be confusing on a number of different levels. While mail-in voting and cybersecurity don’t seem to go hand-in-hand, security officials are heavily involved in making sure the entire operation can be trusted once it’s complete. Here’s what you need to know about mail-in balloting and how it will play a greater role in this presidential election: How long has voting by mail been going on, and how is it used today? Mail-in voting is not […] The post Everything you need to know about voting by mail appeared first on CyberScoop. (CyberScoop)

Cyber Command deploys abroad to fend off foreign hacking ahead of the 2020 election

The Department of Defense has sent personnel abroad to hunt for malicious software that adversaries may be using against U.S. voting infrastructure or networks prior to Election Day. Gen. Paul Nakasone announced Tuesday in a Foreign Affairs editorial that Cyber Command personnel would be deployed as part of a plan to allow defensive cyber-operators from the Pentagon to identify malware targeting other countries’ networks and systems. Similar attacks could later be used for attempted intrusions aimed at disrupting American technologies. The announcement coincides with ongoing efforts between Cyber Command, the military’s offensive hacking outfit, and the National Security Agency to monitor threats to the 2020 U.S. presidential election from Russia, China, Iran, North Korea. It was not immediately clear where the military personnel were deployed. Cyber Command has run multiple so-called Hunt Forward missions in Montenegro. Russian military hackers have aimed to disrupt the political process there, as they did with a hack-and-leak operation against the Democratic National Committee […] The post Cyber Command deploys abroad to fend off foreign hacking ahead of the 2020 election appeared first on CyberScoop. (CyberScoop)

Police investigators blame Algerian for coronavirus-themed phishing attacks

An Algerian web developer who claims to have “a demonstrated history of working in the internet industry” has launched coronavirus-themed email scams and helped build other hacking tools, according to a police intelligence report. Samir Djelal, who allegedly used the internet alias Cazanova Haxor, developed malicious software that was used in a phishing attack aimed at California city accounts in March 2020, states an internal report from the California Cyber Security Integration Center, a state organization meant to facilitate information sharing about digital threats. The threat profile, dated April 6, 2020, was made public as part of BlueLeaks, the 269 GB database containing data on police bulletins, training materials and other law resources taken from law enforcement fusion centers. Distributed Denial of Secrets, a WikiLeaks-style transparency group, appears to have obtained the trove of information after hackers breached Netsential, a Texas internet company that handles websites for police agencies throughout […] The post Police investigators blame Algerian for coronavirus-themed phishing attacks appeared first on CyberScoop. (CyberScoop)

A Tale Of Escaping A Hardened Docker Container

(News ≈ Packet Storm)

Containment Grows, Cal Fire Crews Remain Positive About CZU Lightning Fire Complex

(News ≈ Packet Storm)

Shoring Up The 2020 Election: Secure Vote Tallies Aren't The Problem

(News ≈ Packet Storm)

Lessons From 15 Years Of Bug Bounties

(News ≈ Packet Storm)

Global Pandemic Opening Up Can Of Security Worms

(News ≈ Packet Storm)

Get Lifetime Access to 1000+ Premium Online Training Courses for Just $59

"In today's knowledge economy, continual learning is an imperative." — Those words from Aytekin Tank, the founder of JotForm, are particularly important for anyone working in IT or development.

With over 1,000 premium courses (complete list) from top instructors, StackSkills Unlimited provides endless learning opportunities. Right now, you can grab lifetime membership for $59.

Categories of (The Hacker News)

Four More Bugs Patched in Microsoft’s Azure Sphere IoT Platform

Researchers have unearthed more vulnerabilities in Microsoft’s IoT security solution. (Threatpost)

Safari Bug Revealed After Apple Takes Nearly a Year to Patch

Polish security researcher unveiled the flaw in a cross-browser sharing API that could allow attackers to steal user files. (Threatpost)

Lazarus Group Targets Cryptocurrency Firms Via LinkedIn Messages

The North Korean-linked APT's latest campaign shows that it is shifting focus to target the cryptocurrency and financial verticals. (Threatpost)

Shoring Up the 2020 Election: Secure Vote Tallies Aren’t the Problem

With many in the public sphere warning about a potential compromise of the integrity of the Presidential Election, security researchers instead flag online resources and influence campaigns as the biggest problem areas. (Threatpost)


/security-daily/ 26-08-2020 23:44:25