Security daily (25-09-2020)

Improved client-side encryption: Explicit KeyIds and key commitment

I’m excited to announce the launch of two new features in the AWS Encryption SDK (ESDK): local KeyId filtering and key commitment. These features each enhance security for our customers, acting as additional layers of protection for your most critical data. In this post I’ll tell you how they work. Let’s dig in. The ESDK […] (AWS Security Blog)

Israel, UAE say they’re allies in cyberspace. They have plenty of tech power to draw upon.

Israel and the United Arab Emirates say they are collaborating to track and block cyberthreats in a region where hacking remains rampant. For two countries that have invested heavily in offensive hacking tools in recent years, it’s a recognition that collective defense could be more effective than going it alone. The cooperation, which officials are touting just weeks after the countries normalized diplomatic relations, involves spotting hacking threats that could affect both countries and exchanging intelligence among government cybersecurity experts. “We are threatened by the same threats…because of the nature of the region because of the new relationship and because of who we are — strong economically and technologically,” Yigal Unna, head of Israel’s National Cyber Directorate, said during a webinar Thursday with his counterpart, the UAE’s Mohamed al-Kuwaiti. The two men stressed the importance of trading threat data, and floated the idea of joint cyberdefense exercises. They did not single out any foreign governments as […] The post Israel, UAE say they’re allies in cyberspace. They have plenty of tech power to draw upon. appeared first on CyberScoop. (CyberScoop)

Microsoft says it nixed China-linked hackers' apps from Azure cloud

Security researchers at Microsoft say they upended a hacking campaign that used the company’s own Azure commercial cloud service as part of the command-and-control network for malware. The hacking group — labeled Gadolinium by Microsoft and also known as APT40 — was hosting apps on the Azure Active Directory and using open source tools “to enhance weaponization of their malware payload, attempt to gain command and control all the way to the server, and to obfuscate detection,” the researchers said in a report published Thursday. APT40 has been linked to China’s government, and recent targets have reportedly included organizations in Taiwan and Malaysia. The typical goal is data exfiltration for espionage, according to researchers at FireEye, Kaspersky and other security companies. Microsoft’s report does not mention China by name, but notes that the hacking group has previously focused on the maritime and health industries. Beijing has denied in the past that it […] The post Microsoft says it nixed China-linked hackers' apps from Azure cloud appeared first on CyberScoop. (CyberScoop)

Blast from the past! Windows XP source code allegedly leaked online

Windows XP source code! Fair game to take a peek, or best to look away? (Naked Security)

How to Attack Web Applications with Burp Suite & SQL Injection

Web applications are becoming more and more popular, replacing traditional desktop programs at an accelerated rate. With all these new apps out on the web comes various security implications associated with being connected to the internet where anyone can poke and prod at them. One of the simplest, yet the most prevalent types of security flaws found in modern web apps are SQL injections.

A typical web app doesn't actually store any information in the app itself, but rather it communicates with a backend database where data is stored. These requests are handled by SQL queries in which the... more (Null Byte « WonderHowTo)

Alien Android Banking Trojan Sidesteps 2FA

(News ≈ Packet Storm)

Cambridge Analytica's Ex-CEO Banned From Running Companies

(News ≈ Packet Storm)

Instagram Flaw Shows Importance Of Managing Third-Party Apps, Images

(News ≈ Packet Storm)

Update Now: Cisco Warns Over 25 High Impact Flaws

(News ≈ Packet Storm)

Magento Credit Card Stealing Malware: gstaticapi

Our team recently came across a malicious script used on a Magento website titled gstaticapi, which targeted checkout processes to capture and exfiltrate stolen information. To obtain sensitive details, the malware loads external javascript whenever the URL contains “checkout” ⁠— this location typically belongs to the step in Magento’s checkout process where users enter their sensitive credit card information and shipping details.

As seen above, the first if statement looks for the checkout string in the URL using window.location.href.indexOf. Continue reading Magento Credit Card Stealing Malware: gstaticapi at Sucuri Blog. (Sucuri Blog)

FinSpy Spyware for Mac and Linux OS Targets Egyptian Organisations

Amnesty International today exposed details of a new surveillance campaign that targeted Egyptian civil society organizations with previously undisclosed versions of FinSpy spyware designed to target Linux and macOS systems. Developed by a German company, FinSpy is extremely powerful spying software that is being sold as a legal law enforcement tool to governments around the world but has also (The Hacker News)

Fortinet VPN with Default Settings Leave 200,000 Businesses Open to Hackers

As the pandemic continues to accelerate the shift towards working from home, a slew of digital threats have capitalized on the health concern to exploit weaknesses in the remote work infrastructure and carry out malicious attacks. Now according to network security platform provider SAM Seamless Network, over 200,000 businesses that have deployed the Fortigate VPN solution—with default (The Hacker News)

FortiGate VPN Default Config Allows MitM Attacks

The client's default configuration for SSL-VPN has a certificate issue, researchers said. (Threatpost)

Industrial Cyberattacks Get Rarer but More Complex

The first half of 2020 saw decreases in attacks on most ICS sectors, but oil/gas firms and building automation saw upticks. (Threatpost)

Ring’s Flying In-Home Camera Drone Escalates Privacy Worries

Privacy fears are blasting off after Amazon's Ring division unveiled the new Always Home Cam, a smart home security camera drone. (Threatpost)

Microsoft Kills 18 Azure Accounts Tied to Nation-State Attacks

An APT group has started heavily relying on cloud services like Azure Active Directory and OneDrive, as well as open-source tools, to obfuscate its attacks. (Threatpost)


/security-daily/ 26-09-2020 23:44:28