Security daily (26-08-2020)

Discover sensitive data by using custom data identifiers with Amazon Macie

As you put more and more data in the cloud, you need to rely on security automation to keep it secure at scale. AWS recently launched Amazon Macie, a fully managed service that uses machine learning and pattern matching to help you detect, classify, and better protect your sensitive data stored in the AWS Cloud. […] (AWS Security Blog)

Symantec shakeup creates fresh opening to shift security strategies

Steve McNamara is Regional Vice President Sales for VMware Carbon Black and a former vice president at Symantec. Information technology is always changing and so is the industry behind it. But recent developments surrounding the fate of one of the world’s most widely relied-upon suppliers of enterprise security products have created a significant “disturbance in the force.” In an odd twist on the perils of vendor lock-in, enterprise CIOs who rely on Symantec enterprise security products have found themselves in lock-out, following the decision late last year by Symantec’s new owner, Broadcom, to abandon support for all but 2,000 of Symantec’s most profitable enterprise security customers. Some reports since then suggest that number is closer to 700 accounts. When Broadcom completed its $10.7 billion acquisition of Symantec Enterprise Security in November of last year, it came with all the fanfare of one tech giant acquiring another in the name of […] The post Symantec shakeup creates fresh opening to shift security strategies appeared first on CyberScoop. (CyberScoop)

Two accused email scammers brought to US to face fraud-related charges

Two accused scammers have arrived in the U.S. from Ghana to face charges that they were involved in separate conspiracies to defraud American victims out of millions of dollars. Deborah Mensah, a 33-year-old Ghanian national, stands accused of stealing more than $10 million through business email compromise (BEC) fraud, in which she allegedly targeted businesses and elderly individuals as part of an international scam. Mensah is the eight person to be charged as part of the investigation, the U.S. Department of Justice said Wednesday. The department also announced that another accused BEC scammer, Maxwell Peter, had been extradited to the U.S. to face charges in an unrelated case. “Deborah Mensah is alleged to have been a participant in a conspiracy that resulted in the theft of millions of dollars from businesses and vulnerable individuals across the United States, and the laundering of that money through a network of bank accounts in […] The post Two accused email scammers brought to US to face fraud-related charges appeared first on CyberScoop. (CyberScoop)

US government exposes North Korean government ATM cashout hacking campaign

The U.S. government called out North Korea on Wednesday over a government-led hacking campaign that has been focused on stealing cash from ATMs around the world. The operation, run out of the North Korean government’s Reconnaissance General Bureau — through a hacking group the U.S. government refers to as Hidden Cobra — poses a “significant threat to financial institutions,” the Department of Defense, Department of Homeland Security, FBI, and U.S. Treasury said in a joint release. The scheme comes as North Korea is under the crush of harsh international sanctions, which is forcing the country to find money through any means necessary. In exposing the campaign, the U.S. government says it aims to throttle those efforts. “We know that North Korea uses cyber-enabled tactics and techniques to steal currency, which it would otherwise be denied under international sanctions,” the Pentagon’s Cyber Command Cyber National Mission Force Commander, Brig. Gen. Joe Hartman, […] The post US government exposes North Korean government ATM cashout hacking campaign appeared first on CyberScoop. (CyberScoop)

FBI stopped a ransomware scheme by tricking a suspect to meet in Los Angeles

U.S. police arrested a Russian man accused of offering an American associate $1 million to infect their employer with malicious software, the Department of Justice announced Tuesday. Egor Igorevich Kriuchkov, a 27-year-old Russian citizen, was arrested Aug. 22 on a single count of conspiring to intentionally cause harm to a protected computer. According to an FBI complaint, Kriuchkov traveled to northern Nevada to offer $1 million to an acquaintance to help hack the computer system at an unnamed U.S. company. The plan was to install malware on the machines, then demand a ransom in exchange for unlocking the systems. The scheme went sideways, it seems, when FBI agents contacted Kriuchkov, then urged him to drive to Los Angeles, Calif., where he was taken into custody. The Justice Department announcement does not identify Kriuchkov’s alleged conspirators, the name of the intended victim company or strain of malware they allegedly planned to […] The post FBI stopped a ransomware scheme by tricking a suspect to meet in Los Angeles appeared first on CyberScoop. (CyberScoop)

Malicious Autodesk plugin at root of cyber-espionage campaign

A company involved in billion-dollar real estate deals in New York, London, Australia, and Oman has recently become the target of a cyber-espionage campaign from a set of well-resourced hackers, according to new Bitdefender research published Wednesday. The hackers waged the campaign against the target, an international architectural and video production entity, in a likely effort to collect financial information or negotiation details of competing contracts for a customer, Bitdefender assessed. They infiltrated the victim firm by imitating a plugin for a popular 3D computer graphics software, AutoDesk 3ds Max, and then deploying a malicious file against the target. The perpetrators are likely hackers-for-hire who split their time between running nation-state cyber-operations and conducting corporate espionage on behalf of private sector entities, according to Bitdefender’s analysis. Which foreign government Bitdefender suspects employs the hackers wasn’t immediately clear, but Russia, China, Iran, and North Korea alike frequently rely on contractor talent or […] The post Malicious Autodesk plugin at root of cyber-espionage campaign appeared first on CyberScoop. (CyberScoop)

“Chrome considered harmful” – the Law of Unintended Consequences

A well-written article on the APNIC blog has provoked a thoughtful response from the Chromium coders - and we can all learn from it! (Naked Security)

Hacking Windows 10: How to Evade Detection of Netstat & Tasklist

There are countless tutorials online that show how to use Netstat and Tasklist to find an intruder on your computer. But with a few PowerShell functions, it's possible for a hacker to evade detection from the almighty command line.

Before we dive into the technical sections, have a look at the following GIF. The attacker has manipulated the PowerShell session in a way that's transparent to the target user.

The netstat.exe command identifies an outgoing connection on TCP/4444. This is possibly an intruder as the port is common with default Meterpreter configurations. However, in the second... more (Null Byte « WonderHowTo)

Break into Game Development with This $40 Bundle

It's a common and unfortunate myth that you need to work in web or app development if you have a knack for coding and design. In fact, more and more development pros are entering the exciting and increasingly lucrative world of game design, thanks to a growing demand for strategy games that can be played on multiple platforms.

The Build a Strategy Game Development Bundle will teach you how to create pro-level strategy games from scratch regardless of your previous experience, and it's on sale today for over 95% off at just $39.99.

With 14 hours of content on everything from basic... more (Null Byte « WonderHowTo)

New Zealand Stock Exchange Halted By DDoS Attack

(News ≈ Packet Storm)

Russian Arrested Trying To Hack A Nevada Company

(News ≈ Packet Storm)

Hackers Target Companies With 3Ds Max Malware

(News ≈ Packet Storm)

Medical Data Leaked On GitHub Due To Developer Errors

(News ≈ Packet Storm)

Magento Multiversion (1.x/2.x) Backdoor

The Magento 1 EOL date has already passed, however it’s evident that a large number of websites will continue to use it for the foreseeable future. Unfortunately, attackers are also aware that many websites are straggling with their Magento migrations and post compromise tools have been created to support deployment for both Magento 1.x and 2.x versions, making it easier for them to exploit a larger number of sites. Malicious Forbidden Activity During a recent investigation, our team came across a  tool aptly named Forbidden. Continue reading Magento Multiversion (1.x/2.x) Backdoor at Sucuri Blog. (Sucuri Blog)

Russian Arrested After Offering $1 Million to U.S. Company Employee for Planting Malware

Hackers always find a way in, even if there's no software vulnerability to exploit.

The FBI has arrested a Russian national who recently traveled to the United States and offered $1 million in bribe to an employee of a targeted company for his help in installing malware into the company's computer network manually.

Egor Igorevich Kriuchkov, 27-year-old, entered the United States as a tourist (The Hacker News)

APT Hackers Exploit Autodesk 3ds Max Software for Industrial Espionage

It's one thing for APT groups to conduct cyber espionage to meet their own financial objectives. But it's an entirely different matter when they are used as "hackers for hire" by competing private companies to make away with confidential information.

Bitdefender's Cyber Threat Intelligence Lab discovered yet another instance of an espionage attack targeting an unnamed international (The Hacker News)

Popular iOS SDK Accused of Spying on Billions of Users and Committing Ad Fraud

A popular iOS software development kit (SDK) used by over 1,200 apps—with a total of more than a billion mobile users—is said to contain malicious code with the goal of perpetrating mobile ad-click fraud and capturing sensitive information.

According to a report published by cybersecurity firm Snyk, Mintegral — a mobile programmatic advertising platform owned by Chinese mobile ad tech company (The Hacker News)

Cisco Patches ‘High-Severity’ Bugs Impacting Switches, Fibre Storage

Nine bugs were patched, eight of which are rated ‘high’ severity. (Threatpost)

Hackers Exploit Autodesk Flaw in Recent Cyberespionage Attack

The popular Autodesk software was exploited in a recent cyberespionage campaign against an international architectural company. (Threatpost)

Disinformation Spurs a Thriving Industry as U.S. Election Looms

Threat actors are becoming increasingly sophisticated in launching disinformation campaigns - and staying under the radar to avoid detection from Facebook, Twitter and other platforms. (Threatpost)

Medical Data Leaked on GitHub Due to Developer Errors

Up to 200,000 patient records from Office 365 and Google G Suite exposed by hardcoded credentials and other improper access controls. (Threatpost)

How to Write a Cybersecurity Playbook During a Pandemic

IT teams have had to learn to be dynamic as workforces continue to shift strategies while COVID-19 drags on. (Threatpost)


/security-daily/ 27-08-2020 23:44:23