26-05-202128-05-2021

Security daily (27-05-2021)

How to implement a hybrid PKI solution on AWS

As customers migrate workloads into Amazon Web Services (AWS) they may be running a combination of on-premises and cloud infrastructure. When certificates are issued to this infrastructure, having a common root of trust to the certificate hierarchy allows for consistency and interoperability of the Public Key Infrastructure (PKI) solution. In this blog post, I am […] (AWS Security Blog)

054| Ransomware Incident Response and the Role of Readiness

The fallout from a ransomware attack is every organization's worst nightmare. But it doesn't necessarily have to be, if you can respond to an attack effectively. As our guests explain, there are things companies can be doing in advance to ensure a proactive response to ransomware when it happens, and to reduce the impact to the company. Incident response experts Jordan LaRose and Matt Lawrence of F-Secure join the show to discuss. Links: Episode 54 transcript Whitepaper - Incident Readiness: Preparing a Proactive Response to Attacks Webinar recording - Preparing for Success in Incident Response: Stories from the Frontline   (Cyber Security Sauna)

Pulse Secure VPN hacking also hit transportation, telecom firms, FireEye says

A sprawling Chinese espionage operation against U.S. and European government organizations extends to additional commercial sectors than previously known and involves four new hacking tools, security firm FireEye said Thursday. All told, two China-linked groups — and other hackers that investigators did not name — are exploiting virtual private network software in breaches that have touched the transportation and telecommunication sectors, according to FireEye. The firm had previously only named the defense, financial and government sectors as affected by the breaches. The attackers are exploiting popular VPN software known as Pulse Connect Secure to burrow into networks and steal sensitive data. Many of the breached organizations “operate in verticals and industries aligned with Beijing’s strategic objectives” that are outlined in the Chinese government’s latest “Five Year Plan” for economic growth, according to Mandiant, FireEye’s incident response arm. The majority of the intrusions have been carried out by a group called […] The post Pulse Secure VPN hacking also hit transportation, telecom firms, FireEye says appeared first on CyberScoop. (CyberScoop)

Hackers target Japanese government, transportation entities

Hackers have been going after Japanese government departments and transportation entities in recent days, according to local reporting. The hackers reportedly infiltrated Fujitsu’s software-as-a-service platform, ProjectWEB. Approximately 76,000 email addresses from the land, infrastructure and transport ministry have leaked, according to the Japanese Broadcasting Corporation (NHK). The hackers also reportedly obtained data on the ministry’s internal mail and internet settings. The hackers have targeted the software at the Narita Airport to steal air traffic control data, NHK reported. Japan’s Embassy in the U.S. did not immediately return request for comment. Fujitsu said in an announcement it suspended its service to probe further into the “unauthorized access from a third party.” Chief Cabinet Secretary Kato Katsunobu said that the cybersecurity center’s operations are not compromised, according to NHK. The incident comes just months before Japan prepares to host the Summer Olympics, which are a perennial hacking target. Hackers working at the […] The post Hackers target Japanese government, transportation entities appeared first on CyberScoop. (CyberScoop)

Cozy Bear revisits one of its greatest hits, researchers say: election skulduggery

It looks like the Russian government-linked hacking group Cozy Bear is back in the election trickery business. The security firm Volexity publicized a spearphishing campaign on Thursday that it identified only days ago, a scheme that uses an election fraud document as a lure. The emails purport to be from the the United States Agency for International Development, with targets including government agencies, research institutions and nongovernmental organizations in the U.S. and Europe. Volexity said it had concluded, with moderate confidence, that Cozy Bear — the group also known as APT29 or the Dukes — was behind the emails. If true, it would be a return to an old favorite subject for Cozy Bear, which the U.S. government and others implicated in the 2016 hacks of the Democratic National Committee and Hillary Clinton’s presidential campaign, among other election interference efforts. More recently, Cozy Bear has garnered attention from the Biden […] The post Cozy Bear revisits one of its greatest hits, researchers say: election skulduggery appeared first on CyberScoop. (CyberScoop)

Possible Chinese hackers pose as UN, human rights group to eavesdrop on beleaguered Uyghur population

Researchers say that suspected Chinese hackers are posing as the United Nations and a fake human rights organization in an ongoing campaign to target Uyghurs, an ethnic group that’s repeatedly been on the receiving end of surveillance and cyberattacks this year. “We believe that these cyber-attacks are motivated by espionage, with the end-game of the operation being the installation of a backdoor into the computers of high-profile targets in the Uyghur community,” said Lotem Finkelsteen, head of threat intelligence at Check Point, which published the research on Wednesday along with fellow security firm Kaspersky. Researchers observed targeting of the Turkic ethnic group in China, Pakistan and China’s Xinjiang Uyghur Autonomous Region. In one attack method, the hackers use malicious documents bearing the name of the United Nations Human Rights Council. They also erected a website for a non-existent Turkic Culture and Heritage Foundation, luring would-be grant applicants to download a […] The post Possible Chinese hackers pose as UN, human rights group to eavesdrop on beleaguered Uyghur population appeared first on CyberScoop. (CyberScoop)

TSA cyber requirements would fine pipeline operators for lax security practices

The Transportation Security Administration will for the first time require pipeline operators to meet mandatory cybersecurity requirements in the wake of a ransomware attack that caused a days-long shutdown of the main artery for delivery fuel to the East Coast. The TSA security directive, expected to be released Thursday, requires certain pipeline operators to report hacking incidents to the Department of Homeland Security’s cybersecurity agency within 12 hours of detection, and would levy fines starting at approximately $7,000 on operators for failing to comply with security guidelines, department officials told reporters in a call. DHS officials estimate that the requirements will apply to roughly 100 pipeline companies, including some of the country’s largest operators. The rules signal a shift to the traditional federal approach to pipeline security, which for years has rested on voluntary guidelines that critics said fell short of meeting the threat. A DHS official said the update […] The post TSA cyber requirements would fine pipeline operators for lax security practices appeared first on CyberScoop. (CyberScoop)

“Unpatchable” vuln in Apple’s new Mac chip – what you need to know

It's all over the news! The bug you can't fix! Fortunately, you don't need to. We explain why. (Naked Security)

Hackers Posing As The United Nations Hacked Uyghur Muslims

(News ≈ Packet Storm)

PDF Feature Certified Widely Vulnerable To Attack

(News ≈ Packet Storm)

U.S. Announces New Security Directives For Pipelines After Hack

(News ≈ Packet Storm)

Biden-Putin Summit Tensions: Feds Say Russia A Hacker Safe Haven

(News ≈ Packet Storm)

Malvertising Campaign On Google Distributed Trojanized AnyDesk Installer

Cybersecurity researchers on Wednesday publicized the disruption of a "clever" malvertising network targeting AnyDesk that delivered a weaponized installer of the remote desktop software via rogue Google ads that appeared in the search engine results pages. The campaign, which is believed to have begun as early as April 21, 2021, involves a malicious file that masquerades as a setup executable (The Hacker News)

Hackers Using Fake Foundations to Target Uyghur Minority in China

The Uyghur community located in China and Pakistan has been the subject of an ongoing espionage campaign aiming to trick the targets into downloading a Windows backdoor to amass sensitive information from their systems. "Considerable effort was put into disguising the payloads, whether by creating delivery documents that appear to be originating from the United Nations using up to date related (The Hacker News)

Newly Discovered Bugs in VSCode Extensions Could Lead to Supply Chain Attacks

Severe security flaws uncovered in popular Visual Studio Code extensions could enable attackers to compromise local machines as well as build and deployment systems through a developer's integrated development environment (IDE). The vulnerable extensions could be exploited to run arbitrary code on a developer's system remotely, in what could ultimately pave the way for supply chain attacks. Some (The Hacker News)

New Bluetooth Flaws Let Attackers Impersonate Legitimate Devices

Adversaries could exploit newly discovered security weaknesses in Bluetooth Core and Mesh Profile Specifications to masquerade as legitimate devices and carry out man-in-the-middle (MitM) attacks. "Devices supporting the Bluetooth Core and Mesh Specifications are vulnerable to impersonation attacks and AuthValue disclosure that could allow an attacker to impersonate a legitimate device during (The Hacker News)

Targeted AnyDesk Ads on Google Served Up Weaponized App

Malicious ad campaign was able to rank higher in searches than legitimate AnyDesk ads. (Threatpost)

Fujitsu SaaS Hack Sends Govt. of Japan Scrambling

Tech giant disables ProjectWEB cloud-based collaboration platform after threat actors gained access and nabbed files belonging to several state entities. (Threatpost)

Biden’s Cybersecurity Executive Order Puts Emphasis on the Wrong Issues

David Wolpoff, CTO at Randori, argues that the call for rapid cloud transition Is a dangerous proposition: "Mistakes will be made, creating opportunities for our adversaries. (Threatpost)

26-05-202128-05-2021

/security-daily/ 28-05-2021 23:44:22