25-01-202127-01-2021

Security daily (26-01-2021)

AWS is the first global cloud service provider to comply with the new K-ISMS-P standard

We’re excited to announce that Amazon Web Services (AWS) has achieved certification under the Korea-Personal Information & Information Security Management System (K-ISMS-P) standard (effective from December 16, 2020 to December 15, 2023). The assessment by the Korea Internet & Security Agency (KISA) covered the operation of infrastructure (including compute, storage, networking, databases, and security) in […] (AWS Security Blog)

Biden administration prepares for a different kind of Iranian cyberthreat

As President Joe Biden wraps up his first week in the Oval Office, his national security team is still gearing up to face a myriad of looming digital security threats from Iran. Just over a year after the Trump administration used a drone strike to kill Qassem Soleimani, a top Iranian general, Iran is still weighing retaliatory action against the U.S., according to a recent Department of Defense assessment. That’s not the only threat the Biden administration may have to contend with — Iran carried out a number of online efforts meant to intimidate potential American voters prior to the presidential election, allegedly launched a hit list that identified U.S. election officials by name and was behind a reported effort to probe U.S. election websites. “From a geopolitical perspective — with the maximum pressure campaign, the assassination of Soleimani … they are a caged animal and I think they are very […] The post Biden administration prepares for a different kind of Iranian cyberthreat appeared first on CyberScoop. (CyberScoop)

Ransomware hackers launder bitcoin through just a handful of locations, researchers find

It’s starting to look like the ransomware industry is developing its own version of the 1%, where a small number of players enjoy most of the wealth.  Cybercrime investigators have suggested the spiraling trend of increasingly large ransomware cash demands and attack frequency is not the work of a large number of criminals, but instead the result of a specialized black market economy in which hackers will different skill-sets collaborate on a breach, then split the proceeds. A relatively small number of attack groups actually seem to make up most of that black market economy, offering their malicious software on a rental basis and then taking a sizable chunk of the profits and relying on money laundering to cover their tracks.  Researchers now are tracking more of this activity via the blockchain, an accessible ledger through which public bitcoin transactions are recorded. When ransomware victims pay attackers to unlock their systems to decrypt their […] The post Ransomware hackers launder bitcoin through just a handful of locations, researchers find appeared first on CyberScoop. (CyberScoop)

Mimecast confirms SolarWinds attackers breached security certificate, 'potentially exfiltrated' credentials

Email security firm Mimecast on Tuesday confirmed that the hackers behind the SolarWinds espionage campaign compromised a software certificate the firm uses to secure connections to Microsoft cloud services. The revelation underscores how deeply embedded the suspected Russian hackers have been in major technology companies as part of a campaign that has also breached multiple U.S. federal agencies. The hackers may have exfiltrated “certain encrypted service account credentials created by customers hosted” in the U.S. and the U.K., the new Mimecast statement reveals. The company said it wasn’t aware of the hackers decrypting or abusing any of the stolen credentials. But it still told its U.S. and U.K.-hosted customers to reset their credentials as a precaution. Mimecast, which says it has 39,000 customers around the world, offers an attractive target for spies looking to burrow into high-value organizations. A stolen software certificate of this type could allow an intruder to […] The post Mimecast confirms SolarWinds attackers breached security certificate, 'potentially exfiltrated' credentials appeared first on CyberScoop. (CyberScoop)

Signal vows to fight blockage in Iran amid newfound popularity

The Iranian government appears to have blocked Signal usage in recent days amid a newfound surge in popularity. Signal users in Iran began reporting issues connecting to the end-to-end encrypted chat application on Monday, according to Al Jazeera. The Open Observatory of Network Interference noted the apparent Signal blockage the same day. Some of the trouble began as early as Jan. 14 when Iran’s filtering committee labeled encrypted chat applications as “criminal content” and ordered them removed from local application stores. The government effort to restrict access to Signal’s encrypted messaging application comes in the wake of WhatsApp’s decision to announce an update to its privacy policy for business customers that would share their data with Facebook, WhatsApp’s parent company. The move was reportedly off-putting to so many users in Iran it appears to have pushed them to Signal, prompting the newfound attention from the Iranian government. Signal indicated on […] The post Signal vows to fight blockage in Iran amid newfound popularity appeared first on CyberScoop. (CyberScoop)

Ghost hack – criminals use deceased employee’s account to wreak havoc

Most companies are quick to remove ex-staff from the payroll, but often not so quick to shut down their network access. (Naked Security)

Ready to take the red pill? Catch up with Keren Elazari at Sophos Evolve

Learn about the hacker mindset... and how to make it work for you. (Naked Security)

Former LulzSec Hacker Releases SonicWall VPN Zero-Day

(News ≈ Packet Storm)

Dutch COVID-19 Patient Data Sold On The Criminal Underground

(News ≈ Packet Storm)

The History Of The Connected Battlespace, Part One

(News ≈ Packet Storm)

Google: North Korean Hackers Have Targeted Security Researchers Via Social Media

(News ≈ Packet Storm)

Phishing & Malspam with Leaf PHPMailer

It’s common knowledge that attackers often use email as a delivery mechanism for their malicious activity — which can range from enticing victims to click a phishing URL or download a malicious attachment. To support these activities, attackers seek out tools that assist in the mass sending of malspam (malicious spam) emails from a compromised website. PHP scripts like Leaf PHPMailer are well suited for this task.

Hacktool Analysis: Leaf PHPMailer Leaf PHPMailer is a PHP mailer hacktool that lets an attacker send out large amounts of malspam emails from a compromised website’s web server. Continue reading Phishing & Malspam with Leaf PHPMailer at Sucuri Blog. (Sucuri Blog)

Nvidia Squashes High-Severity Jetson DoS Flaw

If exploited, the most serious of these flaws could lead to a denial-of-service condition for Jetson products. (Threatpost)

DanaBot Malware Roars Back into Relevancy

Sophisticated and dangerous, DanaBot has resurfaced after laying dormant for seven months. (Threatpost)

23M Gamer Records Exposed in VIPGames Leak

The personal data of 66,000 users was left wide open on a misconfigured Elasticsearch server, joining a growing list of companies with leaky clouds. (Threatpost)

25-01-202127-01-2021

/security-daily/ 27-01-2021 23:44:25