25-05-202027-05-2020

Security daily (26-05-2020)

How to create SAML providers with AWS CloudFormation

As organizations grow, they often experience an inflection point where it becomes impractical to manually manage separate user accounts in disparate systems. Managing multiple AWS accounts is no exception. Many large organizations have dozens or even hundreds of AWS accounts spread across multiple business units. AWS provides many solutions that can orchestrate a person’s identity […] (AWS Security Blog)

Federal officials have arrested another accused FIN7 hacker

A Ukrainian national was arrested last week in Seattle for his alleged involvement in hacking operations run by FIN7, a syndicate known for stealing approximately $1 billion from its victims in the United States. According to court documents obtained by CyberScoop, Denys Iarmak has been charged with conspiracy to commit computer hacking, accessing a protected computer to commit fraud, intentional damage to a protected computer, access device fraud, conspiracy to commit wire and bank fraud, wire fraud, and aggravated identity theft. The arrest is a significant move against financially motivated FIN7, which has targeted the hospitality and gaming industries in the last several years.  FIN7 has gone after restaurants including Chipotle, Red Robin, Taco John, as well as a credit union and a casino. According to the court documents, Iarmak was part of a scheme where operators allegedly ran spearphishing campaigns to gain unauthorized access to victim computers, deploy malware, conduct […] The post Federal officials have arrested another accused FIN7 hacker appeared first on CyberScoop. (CyberScoop)

German intelligence agencies warn of Russian hacking threats to critical infrastructure

A Kremlin-linked hacking group has continued its long-running efforts to target German companies in the energy, water and power sectors, according to a confidential German government advisory obtained by CyberScoop. Investigators earlier this year uncovered evidence of the hackers’ “longstanding compromises” at unnamed German companies, according to the memo that German intelligence and security agencies sent last week to operators of critical infrastructure. The hacking group — dubbed Berserk Bear and suspected by some industry analysts of operating on behalf of Russia’s FSB intelligence agency — has been using the supply chain to access the German companies’ IT systems, said the alert from the BSI, BND, and BfV federal agencies. “The attackers’ goal is to use publicly available but also specially written malware to permanently anchor themselves in the IT network…steal information or even gain access to productive systems [OT networks],” the advisory said. There was no evidence of a disruptive attack […] The post German intelligence agencies warn of Russian hacking threats to critical infrastructure appeared first on CyberScoop. (CyberScoop)

'Turla' spies have been stealing documents from foreign ministries in Eastern Europe, researchers find

A notorious group of suspected Russian hackers have used a revamped tool to spy on governments in Eastern Europe and quietly steal sensitive documents from their networks, researchers said Tuesday. The discovery shines greater light on the operations of Turla, an elite cyber-espionage group that’s been around well over a decade and is widely believed to be working on behalf of Russia’s FSB intelligence agency. It’s the latest example of Turla’s ability to write code designed to lurk on victim computers for years and extract state secrets. Turla is “still actively developing complex and custom pieces of malware in order to achieve long-term persistence in their target’s network,” said Matthieu Faou, a malware researcher at anti-virus firm ESET, who analyzed the code. The attacks started roughly two years ago, and hit two foreign affairs ministries in Eastern Europe and a national parliament in the Caucasus region bordering Russia, according to […] The post 'Turla' spies have been stealing documents from foreign ministries in Eastern Europe, researchers find appeared first on CyberScoop. (CyberScoop)

UK cyber agency launches review of Huawei presence in 5G networks

The United Kingdom’s cybersecurity agency is reviewing the impact that new U.S. sanctions on Chinese telecommunications company Huawei could have on Britain’s deployment of 5G technology. The review by the National Cyber Security Centre is welcome news for U.S. officials who have lobbied their U.K. counterparts to ban Huawei gear out of concerns over espionage. And it’s a potential change of fate for Huawei’s business in the U.K. after officials decided in January to allow the telecom giant’s equipment in up to 35% of the country’s 5G deployments — albeit not in the most sensitive parts of those networks. “Following the U.S. announcement of additional sanctions against Huawei, the NCSC is looking carefully at any impact they could have to the U.K.’s networks,” the NCSC said in a statement to CyberScoop on Tuesday. “The security and resilience of our networks is of paramount importance.” Prime Minister Boris Johnson’s office, according […] The post UK cyber agency launches review of Huawei presence in 5G networks appeared first on CyberScoop. (CyberScoop)

Trust us, information sharing can work. Here’s how we’re doing it.

You know what’s worse than trying to share cybersecurity information? Writing about it. Everyone has read over and over again about how important information sharing is for cybersecurity. The idea is certainly not new. It’s definitely not cool. It’s also hard. No one has completely nailed it even after talking about it for decades. Why is information sharing so hard and why are we still working on it? We’ve identified plenty of barriers and worked to address them. In many cases, we’ve addressed them quite well. For example, information sharing is tough from a technical perspective because the volume and speed of data continues to increase. So the community developed standards like STIX (Structured Threat Information eXchange) as a common language to share indicators and context at machine speed, TAXII (Trusted Automated eXchange of Intelligence Information) to provide a protocol for the transfer of information, and MITRE’s ATT&CK framework for […] The post Trust us, information sharing can work. Here’s how we’re doing it. appeared first on CyberScoop. (CyberScoop)

How EasyJet customers could make money out of the airline being hacked

If you were one of the many EasyJet customers who received an email from the airline disclosing that your personal information may have been accessed by hackers, you might be eligible for compensation. Here’s one way you might try to do that. (Graham Cluley)

New iPhone jailbreak released

Apple’s latest iOS versions have only been out for a week, but there's already a jailbreak available. (Naked Security)

Internet giants unite to stop warrantless snooping on web histories

7 internet giants, including Mozilla, Reddit and Twitter, asked the House to do what the Senate narrowly missed doing: protect browsing history. (Naked Security)

Docker Desktop danger discovered, patch now

Docker has fixed a vulnerability that could have allowed an attacker to gain control of a Windows system using its service. (Naked Security)

How to Fingerprint Web Apps & Servers for Better Recon

Web applications are ubiquitous in the modern online world, and knowing how to attack them is an increasingly valuable skill. But the key to a successful attack is good recon since it's easier to be focused and efficient with the more information you have. There are many fingerprinting tools available, such as httprint and WebTech, but there are even more that can aid us in reconnaissance.

Common Frameworks & Technologies

Gone are the days of simple websites using HTML, CSS, and vanilla JavaScript. Frameworks dominate the landscape today, providing a robust and modular approach to modern web... more (Null Byte « WonderHowTo)

This Best-Selling Web Development Training Is on Sale for $12

Those of us who've taken the time to learn how to code are relatively well-suited for shakeups in the economy. Despite the recent and notable disruptions caused by the COVID-19 outbreak, demand for talented and trained programmers and developers is still high, and it will likely keep rising as companies in every industry adapt their business models to a more remote world.

But being a developer can mean many things, and not all coding and development pros share the same opportunities or paychecks. Sought after by a growing number of companies ranging from small startups to large-scale Google... more (Null Byte « WonderHowTo)

Huge Rise In Hacking Attacks On Home Workers During Lockdown

(News ≈ Packet Storm)

Chinese City May Adopt Contact Tracing Application Permanently

(News ≈ Packet Storm)

70 Percent Of Mobile, Desktop Apps Contain Open Source Bugs

(News ≈ Packet Storm)

Turla Hacker Group Steals AV Logs To See If Its Malware Was Detected

(News ≈ Packet Storm)

Sucuri Presents: Sucuri Sit-Down and Sucuri Sync-Up Podcast Series

Our main goal at Sucuri is to make the internet a safer place. One of our investments is creating the best educational content about website security to share our knowledge with the community. With that in mind, we have decided to start podcasting. The Sucuri Sit-Down podcast aims at explaining what is going on in the website security field. We are going to talk about the latest website vulnerabilities, attacks and hacks. We are also going to interview website security experts. Continue reading Sucuri Presents: Sucuri Sit-Down and Sucuri Sync-Up Podcast Series at Sucuri Blog. (Sucuri Blog)

New Android Flaw Affecting Over 1 Billion Phones Let Attackers Hijack Apps

Remember Strandhogg?

A security vulnerability affecting Android that malicious apps can exploit to masquerade as any other app installed on a targeted device to display fake interfaces to the users, tricking them into giving away sensitive information.

Late last year, at the time of its public disclosure, researchers also confirmed that some attackers were already exploiting the flaw in the (The Hacker News)

New ComRAT Malware Uses Gmail to Receive Commands and Exfiltrate Data

Cybersecurity researchers today uncovered a new advanced version of ComRAT backdoor, one of the earliest known backdoors used by the Turla APT group, that leverages Gmail's web interface to covertly receive commands and exfiltrate sensitive data.

"ComRAT v4 was first seen in 2017 and known still to be in use as recently as January 2020," cybersecurity firm ESET said in a report shared with (The Hacker News)

StrandHogg 2.0 Critical Bug Allows Android App Hijacking

a malicious app installed on a device can hide behind legitimate apps. (Threatpost)

Turla APT Revamps One of Its Go-To Spy Tools

An updated version of the ComRAT malware was discovered in attacks on governmental targets. (Threatpost)

New iOS Jailbreak Tool Works on iPhone Models iOS 11 to iOS 13.5

Latest version of UnC0ver uses unpatched zero-day exploit to take complete control of devices, even those running iOS 13.5. (Threatpost)

25-05-202027-05-2020

/security-daily/ 27-05-2020 23:44:23