Security daily (27-08-2021)

How to securely create and store your CRL for ACM Private CA

In this blog post, I show you how to protect your Amazon Simple Storage Service (Amazon S3) bucket while still allowing access to your AWS Certificate Manager (ACM) Private Certificate Authority (CA) certificate revocation list (CRL). A CRL is a list of certificates that have been revoked by the CA. Certificates can be revoked because […] (AWS Security Blog)

AWS introduces changes to access denied errors for easier permissions troubleshooting

To help you more easily troubleshoot your permissions in Amazon Web Services (AWS), we’re introducing additional context in the access denied error messages. We’ll start to introduce this change in September 2021, and gradually make it available in all AWS services over the next few months. If you’re currently relying on the exact text of […] (AWS Security Blog)

Justice Department adds fellowship program to boost legal efforts against cybercrime

The Justice Department is launching a fellowship program designed to develop legal talent to deal with the increasing cyber threats to national security. “As we have witnessed this past year, cyber threats pose a significant and increasing risk to our national security, our economic security, and our personal security,” Deputy Attorney General  Lisa Monaco said in a statement. “We need to develop the next generation of prosecutors with the training and experience necessary to combat the next generation of cyber threats.” The fellowship is the next step in the Justice Department’s efforts to ramp up U.S. legal action against cybersecurity threats. Monaco in June issued a memo to U.S. prosecutors throughout the nation requiring them to notify department officials of urgent ransomware reports. The agency also launched a four-month review in May of its cybersecurity strategy in light of recent hacking campaigns by foreign adversaries, including Russia and China, as […] The post Justice Department adds fellowship program to boost legal efforts against cybercrime appeared first on CyberScoop. (CyberScoop)

FBI warns that Hive ransomware hackers are calling victims by phone

Americans already trying to avoid calls from telemarketers, call support scammers and long-winded in-laws now have another reason to ignore that ringing phone: ransomware hackers. Scammers affiliated with a digital extortion outfit known as Hive are using phone calls to dial victims who are infected with a malicious software strain that locks up their files until they agree to pay a hostage fee, according to an August 25 FBI alert. Investigators first observed hackers deploying the malware in June, with attackers leveraging Microsoft’s Remote Desktop Protocol to infect business networks. In some cases, if victims don’t pay the demanded fee within two to six days, they have reported receiving phone calls from the hacking group. It’s the latest iteration of a personal tactic pioneered by other gangs — Maze, Conti and Ryuk, for instance — in which malware operators are thought to outsource tasks to a call center. Security firms […] The post FBI warns that Hive ransomware hackers are calling victims by phone appeared first on CyberScoop. (CyberScoop)

Microsoft Azure vulnerability exposed thousands of cloud databases

Microsoft is warning customers of its Azure cloud platform about a software vulnerability that exposed data belonging to thousands of clients for roughly two years. The flaw would have allowed any Azure Cosmos DB user to read, write and delete another customer’s information without authorization, researchers found. Cosmos DB is used by thousands of organizations, including Coca Cola, Exxon Mobil and a number of other Fortune 500 companies. Microsoft has since resolved the issue, the company said. “We fixed this issue immediately to keep our customers safe and protected,” a Microsoft spokesperson told CyberScoop. There was no evidence that hackers or any other outsider exploited the vulnerability to access customer data, according to the company. Reuters first reported on the vulnerability, which was discovered by Wiz research team. Microsoft fixed the vulnerability within 48 hours of its disclosure on August 12, but that the vulnerability had been exploitable since mid-2019, […] The post Microsoft Azure vulnerability exposed thousands of cloud databases appeared first on CyberScoop. (CyberScoop)

Big bad decryption bug in OpenSSL – but no cause for alarm

The buggy code's in there, alright. Fortunately, it's hard to get OpenSSL to use it even if you want to, which mitigates the risk. (Naked Security)

Kaseya Issues Patches for Two New 0-Day Flaws Affecting Unitrends Servers

U.S. technology firm Kaseya has released security patches to address two zero-day vulnerabilities affecting its Unitrends enterprise backup and continuity solution that could result in privilege escalation and authenticated remote code execution. The two weaknesses are part of a trio of vulnerabilities discovered and reported by researchers at the Dutch Institute for Vulnerability Disclosure ( (The Hacker News)

Critical Cosmos Database Flaw Affected Thousands of Microsoft Azure Customers

Cloud infrastructure security company Wiz on Thursday revealed details of a now-fixed Azure Cosmos database vulnerability that could have been potentially exploited to grant any Azure user full admin access to other customers' database instances without any authorization. The flaw, which grants read, write, and delete privileges, has been dubbed "ChaosDB," with Wiz researchers noting that "the (The Hacker News)

F5 Releases Critical Security Patch for BIG-IP and BIG-IQ Devices

Enterprise security and network appliance vendor F5 has released patches for more than two dozen security vulnerabilities affecting multiple versions of BIG-IP and BIG-IQ devices that could potentially allow an attacker to perform a wide range of malicious actions, including accessing arbitrary files, escalating privileges, and executing JavaScript code. Of the 29 bugs addressed, 13 are (The Hacker News)

Parallels Offers ‘Inconvenient’ Fix for High-Severity Bug

Firm offers guidance on how to mitigate a five-months-old privilege escalation bug impacting Parallels Desktop 16 for Mac and all previous versions. (Threatpost)

Experts: WH Cybersecurity Summit Should Be Followed by Regulation, Enforcement

Amazon, Google, Microsoft etc. making major commitments to shore up nation’s cyber-defenses just won't be enough, researchers say. (Threatpost)

Winning the Cyber-Defense Race: Understand the Finish Line

Kerry Matre, Mandiant senior director, clears up misconceptions about the value to business for enterprise cyber-defense. Hint: It's not achieving visibility. (Threatpost)

FIN8 Targets US Bank With New ‘Sardonic’ Backdoor

The latest refinement of the APT's BadHatch backdoor can leverage new malware on the fly without redeployment, making it potent and nimble. (Threatpost)

Critical Azure Cosmos DB Bug Allows Full Cloud Account Takeover

It's unclear if Microsoft customers were breached during the months-long period where the #ChaosDB bug in Jupyter Notebooks was exploitable. (Threatpost)

Ragnarok Ransomware Gang Bites the Dust, Releases Decryptor

The cybercriminal group, active since late 2019, has closed its doors and released the key to unlocking victims’ files on its dark web portal. (Threatpost)

Top Strategies That Define the Success of a Modern Vulnerability Management Program

Modern vulnerability management programs require a strategy that defines what success means for your organization’s cybersecurity goals. By incorporating a few simple cyber hygiene routines to your daily security routine, you’ll set up your IT teams to be better equipped to steer off cyberattacks. (Threatpost)

‘Pay Ransom’ Screen? Too Late, Humpty Dumpty – Podcast

Splunk’s Ryan Kovar discusses the rise in supply-chain attacks a la Kaseya & how to get ahead of encryption leaving your business a pile of broken shells.  (Threatpost)


/security-daily/ 28-08-2021 23:44:22