Security daily (25-11-2020)

AWS Security Profiles: Ram Ramani, Senior Security Solutions Architect

In the weeks leading up to re:Invent, we’ll share conversations we’ve had with people at AWS who will be presenting, and get a sneak peek at their work. How long have you been at AWS? I’ve been at AWS for 4 years. What’s your favorite part of your job? The ability to channel the technologist, […] (AWS Security Blog)

Accused email scammers busted in Nigeria for alleged fraud against 50,000 victims

An Interpol-helmed operation led to the arrest of three suspected cybercriminal gang members in Nigeria whose outfit has allegedly targeted victims in more than 150 countries, including schemes that involved offering COVID-19 aid. The sting, announced Wednesday, was part of Operation Falcon, a year-long investigation that teamed with cybersecurity company Group-IB and the Nigeria Police Force. “This group was running a well-established criminal business model,” said Craig Jones, Interpol’s cybercrime director. “From infiltration to cashing in, they used a multitude of tools and techniques to generate maximum profits.” The gang, dubbed TMT, is divided into numerous subgroups, according to Vesta Matveeva, head of Group-IB’s APAC Cyber Investigations Team. The three suspects arrested in Lagos tallied 50,000 victims in government and industry, the company said. Matveeva said via email that TMT overall might have compromised more than 500,000 victims since 2017. TMT’s speciality is business email compromise (BEC), where the attackers pose […] The post Accused email scammers busted in Nigeria for alleged fraud against 50,000 victims appeared first on CyberScoop. (CyberScoop)

Networking giant Belden says hackers accessed data on employees, business partners

Belden, a U.S. manufacturer of networking and industrial cable products, said Tuesday that unidentified attackers had accessed and copied data on current and former employees, and some of its business partners. The St. Louis-based company, which reported more than $2 billion in revenue last year, said in a statement that it believed it prevented the attackers from further accessing data on its servers, and that it had hired lawyers to help it “notify appropriate regulatory authorities [of the incident] around the world.” The company said law enforcement is investigating the incident. Executives did not disclose how many people’s information was compromised. Belden spokesperson Rachael Matthews told CyberScoop the data may have included sensitive personal information, including bank account information and Social Security numbers. “Personal information accessed and stolen may have contained such information as names, birthdates, government-issued identification numbers (for example, Social Security/national insurance), bank account information of North American employees […] The post Networking giant Belden says hackers accessed data on employees, business partners appeared first on CyberScoop. (CyberScoop)

S3 Ep8: A conversation with Katie Moussouris [Podcast]

Here's the latest Naked Security Podcast - listen now! (Naked Security)

Get Started with Python with This One-Hour Course for Just $14.99

If you have information technology or computer science aspirations — even white hat hacking — then Python is a programming language you absolutely have to be familiar with. According to a recent survey of industry experts, Python is the fastest-growing language in the developer field. It's also one of the most sought-after skill sets among employers and is responsible for some of the best hacking tools.

So how exactly can you get familiar with this can't miss programming language? There's no better place to start than with the Python for Beginners: The Basics for Python Development course... more (Null Byte « WonderHowTo)

How to Scan Websites for Potential Vulnerabilities Using the Vega Vulnerability Scanner in Kali Linux

Withstanding an attack from a motivated hacker is one of the most important responsibilities a system administrator must undertake. This is especially true for websites that may contain sensitive customer information and a high volume of users. So it's important for a sysadmin to take proactive measures to find and fix vulnerabilities in their websites.

One tool that can help with this is Vega Vulnerability Scanner, a free, open-source, graphical web-auditing tool developed by the security company Subgraph. This tool contains several interesting features, such as a proxy scanner, but we'll be... more (Null Byte « WonderHowTo)

Laser-Based Hacking Goes Beyond Amazon Alexa

(News ≈ Packet Storm)

Bug Allowed Hackers To Get Anyone's Email Address On Xbox Live

(News ≈ Packet Storm)

Hackers Accidentally Expose Spotify User Data They Stole

(News ≈ Packet Storm)

Home Depot Agrees To $17.5 Million Settlement Over 2014 Data Breach

(News ≈ Packet Storm)

Major BEC Phishing Ring Cracked Open with 3 Arrests

Some 50,000 targeted victims have been identified so far in a massive, global scam enterprise that involves 26 different malwares. (Threatpost)

Critical MobileIron RCE Flaw Under Active Attack

Attackers are targeting the critical remote code-execution flaw to compromise systems in the healthcare, local government, logistics and legal sectors, among others. (Threatpost)

How to Update Your Remote Access Policy – And Why You Should Now

Reducing the risks of remote work starts with updating the access policies of yesterday. (Threatpost)

Laser-Based Hacking from Afar Goes Beyond Amazon Alexa

The team that hacked Amazon Echo and other smart speakers using a laser pointer continue to investigate why MEMS microphones respond to sound. (Threatpost)


/security-daily/ 26-11-2020 23:44:23