Security daily (26-07-2021)

Strengthen the security of sensitive data stored in Amazon S3 by using additional AWS services

In this post, we describe the AWS services that you can use to both detect and protect your data stored in Amazon Simple Storage Service (Amazon S3). When you analyze security in depth for your Amazon S3 storage, consider doing the following: Audit and restrict Amazon S3 access with AWS Identity and Access Management (IAM) […] (AWS Security Blog)

Accused CIA leaker Joshua Schulte allowed to represent himself at next Vault 7 trial

A U.S. judge ruled Monday that a former CIA software engineer accused of providing classified information to WikiLeaks will be allowed to represent himself at his next trial. Judge Paul Crotty, of the Southern District of New York, said in a July 26 decision that Joshua Schulte, a former employee at the Central Intelligence Agency, would be allowed to discharge his current legal representation, and waive his right to counsel.  Schulte is scheduled to stand trial again in October 2021, marking the second time he will face espionage-related charges for allegedly stealing details about U.S. hacking tools from the CIA, then transmitting that data to WikiLeaks. The result, prosecutors say, was the 2017 publication of the so-called Vault 7 files, a cache of data revealing the agency’s ability to compromise consumer technology like smart TVs and web browsers for espionage purposes.  The incident represented the largest leak in CIA history.  […] The post Accused CIA leaker Joshua Schulte allowed to represent himself at next Vault 7 trial appeared first on CyberScoop. (CyberScoop)

Kaseya says it didn't pay ransomware gang for decryption key after hacks affected hundreds

Kaseya, the company at the center of a ransomware outbreak that claimed perhaps thousands of victims, said on Monday that it didn’t pay off the attackers to obtain the decryption tool it announced last week. The Florida IT firm, breached just before the July 4 holiday, did not elaborate on how it obtained the working decryption key, beyond its statement that a “trusted third party” provided it. “While each company must make its own decision on whether to pay the ransom, Kaseya decided after consultation with experts to not negotiate with the criminals who perpetrated this attack and we have not wavered from that commitment,” the company said in a website update. “As such, we are confirming in no uncertain terms that Kaseya did not pay a ransom — either directly or indirectly through a third party — to obtain the decryptor.” Kaseya said it was teaming with the security firm […] The post Kaseya says it didn't pay ransomware gang for decryption key after hacks affected hundreds appeared first on CyberScoop. (CyberScoop)

Scammers are using fake Microsoft 11 installers to spread malware

Windows 11 won’t hit the street until later this year, but that hasn’t stopped hackers from trying to use it to infect victims with malware. Security firm Kaspersky warned on Friday that crooks were exploiting people overeager to get their hands on the Microsoft operating system update, due for fall release, with fake installers. “Although Microsoft has made the process of downloading and installing Windows 11 from its official website fairly straightforward, many still visit other sources to download the software, which often contains unadvertised goodies from cybercriminals (and isn’t necessarily Windows 11 at all),” Kaspersky wrote. Those sarcastic “goodies” range from relatively innocuous adware to password stealers and trojans. It’s not unprecedented for cybercriminals to use demand for a product or service to take advantage of victims, be it coronavirus contact tracing apps or the Telegram encrypted messaging app. Microsoft announced Windows 11 in late June, and shortly after […] The post Scammers are using fake Microsoft 11 installers to spread malware appeared first on CyberScoop. (CyberScoop)

Windows “PetitPotam” network attack – how to protect against it

A cute name but an annoying and potentially damaging attack. Here's what to do. (Naked Security)

Mitre Releases 2021 Top 25 Most Dangerous Software Weaknesses

(News ≈ Packet Storm)

Microsoft Outlines How To Protect Against PetitPotam

(News ≈ Packet Storm)

An Explosive Spyware Report Shows Limits Of iOS, Android Security

(News ≈ Packet Storm)

Emmanuel Macron Pushes For Israel Inquiry Into NSO Spyware Concerns

(News ≈ Packet Storm)

How to Mitigate Microsoft Windows 10, 11 SeriousSAM Vulnerability

Microsoft Windows 10 and Windows 11 users are at risk of a new unpatched vulnerability that was recently disclosed publicly. As we reported last week, the vulnerability — SeriousSAM — allows attackers with low-level permissions to access Windows system files to perform a Pass-the-Hash (and potentially Silver Ticket) attack.  Attackers can exploit this vulnerability to obtain hashed passwords (The Hacker News)

Microsoft Warns of LemonDuck Malware Targeting Windows and Linux Systems

An infamous cross-platform crypto-mining malware has continued to refine and improve upon its techniques to strike both Windows and Linux operating systems by setting its sights on older vulnerabilities, while simultaneously latching on to a variety of spreading mechanisms to maximize the effectiveness of its campaigns. "LemonDuck, an actively updated and robust malware that's primarily known (The Hacker News)

New PetitPotam NTLM Relay Attack Lets Hackers Take Over Windows Domains

A newly uncovered security flaw in the Windows operating system can be exploited to coerce remote Windows servers, including Domain Controllers, to authenticate with a malicious destination, thereby allowing an adversary to stage an NTLM relay attack and completely take over a Windows domain. The issue, dubbed "PetitPotam," was discovered by security researcher Gilles Lionel, who shared (The Hacker News)

Kaseya Gets Universal Decryptor to Help REvil Ransomware Victims

Nearly three weeks after Florida-based software vendor Kaseya was hit by a widespread supply-chain ransomware attack, the company on Thursday said it obtained a universal decryptor to unlock systems and help customers recover their data. <!--adsense--> "On July 21, Kaseya obtained a decryptor for victims of the REvil ransomware attack, and we're working to remediate customers impacted by the (The Hacker News)

Podcast: IoT Piranhas Are Swarming Industrial Controls

Enormous botnets of IoT devices are going after decades-old legacy systems that are rife in systems that control crucial infrastructure. (Threatpost)

Babuk Ransomware Gang Ransomed, New Forum Stuffed With Porn

A comment spammer flooded Babuk’s new ransomware forum with gay orgy porn GIFs and demanded $5K in bitcoin. (Threatpost)

Microsoft Rushes Fix for ‘PetitPotam’ Attack PoC

Microsoft releases mitigations for a Windows NT LAN Manager exploit that forces remote Windows systems to reveal password hashes that can be easily cracked. (Threatpost)

Malware Makers Using ‘Exotic’ Programming Languages

Sprechen Sie Rust? Polyglot malware authors are increasingly using obscure programming languages to evade detection. (Threatpost)

The True Impact of Ransomware Attacks

Keeper’s research reveals that in addition to knocking systems offline, ransomware attacks degrade productivity, cause organizations to incur significant indirect costs, and mar their reputations. (Threatpost)


/security-daily/ 27-07-2021 23:44:22