26-10-202028-10-2020

Security daily (27-10-2020)

How to configure Duo multi-factor authentication with Amazon Cognito

Adding multi-factor authentication (MFA) reduces the risk of user account take-over, phishing attacks, and password theft. Adding MFA while providing a frictionless sign-in experience requires you to offer a variety of MFA options that support a wide range of users and devices. Let’s see how you can achieve that with Amazon Cognito and Duo MFA. […] (AWS Security Blog)

AWS achieves FedRAMP P-ATO for 5 services in AWS US East/West and GovCloud (US) Regions

We’re pleased to announce that five additional AWS services have achieved provisional authorization (P-ATO) by the Federal Risk and Authorization Management Program (FedRAMP) Joint Authorization Board (JAB). These services provide the following capabilities for the federal government and customers with regulated workloads: Enable your organization’s developers, scientists, and engineers to easily and efficiently run hundreds […] (AWS Security Blog)

CISA chief rips IG report, touts election security efforts

The head of the U.S. Cybersecurity and Infrastructure Security Agency has slammed a new inspector general report criticizing some of the agency’s election security work, calling the investigation “poorly timed” and its conclusions misleading. The Department of Homeland Security’s inspector general credited CISA for making progress in helping election officials mitigate cyberthreats, but also concluded the agency hadn’t invested enough resources in countering physical threats to election infrastructure. CISA officials say they’ve accounted for those threats in their preparation. Multiple federal agencies, including the FBI, also are working with state officials to guard against cyber and physical threats to the election. “While the OIG [office of the inspector general] recognizes our extensive coordination effort, releasing this report before Election Day fails to account for CISA’s actions throughout the entirety of the actual 2020 election cycle,” CISA Director Chris Krebs said in a statement. “While we can certainly update plans, use […] The post CISA chief rips IG report, touts election security efforts appeared first on CyberScoop. (CyberScoop)

The lowly DDoS attack is still a viable threat for undermining elections

Scenes like what happened to Florida’s voter registration site on Oct. 6 have played out over and over again: A system goes down, and questions fly. Was there a cyberattack, specifically a distributed denial-of-service (DDoS) attack meant to overwhelm a website site with traffic, knocking it offline? Could there have been too many legitimate visitors rushing to the site to beat the voter registration deadline — that surged past what the system could handle? Or, was it something weirder, as in this case, like pop singer Ariana Grande urging fans on Twitter to register to vote? Florida’s chief information officer eventually blamed misconfigured computer servers. The incident, though, was one of several over the course of the past month that exposed ongoing anxieties about how cyberattacks, accidental outages and other technical failures could upend a polling place, or even an election. Few, if any, election security experts would rank the […] The post The lowly DDoS attack is still a viable threat for undermining elections appeared first on CyberScoop. (CyberScoop)

Iran’s bogus email campaign on U.S. elections had a Facebook disinformation prong

Facebook has removed a network of fake accounts and pages with connections to the Iranian government, one of which was peddling misinformation related to the U.S. elections, the company announced Tuesday. The Iranian network broadly focused on the U.S. and Israel, but it included one fake account that was operating as part of the Iranian email misinformation campaign that sent unsubstantiated threats about voting to Democratic voters in the U.S., Facebook’s head of cybersecurity policy Nathaniel Gleicher told reporters in a phone call. The email campaign, which the U.S. government called out last week, threatened targets to vote for President Donald Trump in the upcoming presidential elections. After a tipoff from the FBI, which announced Iran was behind the email misinformation campaign last week, Facebook removed the related account on its platform and discovered it was connected with 11 other fake Facebook accounts, six fake Facebook pages, and 11 fake Instagram accounts. These accounts […] The post Iran’s bogus email campaign on U.S. elections had a Facebook disinformation prong appeared first on CyberScoop. (CyberScoop)

DOD, FBI, DHS warn of active North Korean government-linked hacking operation

The FBI and departments of Defense and Homeland Security issued a joint alert Tuesday warning the private sector about what they say is a global hacking operation run by North Korean government-linked hackers. The hacking group, known as Kimsuky, tends to run intelligence-gathering intrusions against targets in South Korea, Japan and the U.S., according to the alert by the FBI, DHS’s Cybersecurity and Infrastructure Security Agency (CISA) and Cyber Command, DOD’s offensive hacking arm. Kimsuky commonly runs cyber-espionage campaign against South Korean think tanks, as well as targets related to sanctions, nuclear topics, and other issues affecting the Korean Peninsula, according to the U.S. government. To obtain initial access to victims, the hackers typically use spearphishing emails and watering holes to trick victims to give up information, the U.S. government alert says. Kimsuky’s operations, which have been active since at least 2012, are “most likely tasked by the North Korean regime,” according to the report. Researchers have previously linked […] The post DOD, FBI, DHS warn of active North Korean government-linked hacking operation appeared first on CyberScoop. (CyberScoop)

As COVID-19 travel restrictions eased, scammers pounced

You can add travel-booking scams to the ways that cybercriminals have adapted to the pandemic-era economy. After slashing prices on the hacking tools sold on underground forums and targeting software used for remote work, crooks have been monitoring the fluctuations in travel restrictions around the world for an opportunity to hawk illicit travel schemes, according to research published Tuesday by the threat intelligence firm Gemini Advisory. The analysts found an uptick in travel-related chatter on over a dozen cybercriminal forums since July, not long after countries in Europe began loosening travel controls. Mentions of travel-related issues on the forums went from roughly 100 per day in early June to more than 600 per day in early September, Gemini Advisory analysts said. “Numerous dark web forum members and Telegram channels have resumed advertising travel services after being dormant during the peak of COVID-19 pandemic,” Gemini Advisory said in a blog post. “One prominent […] The post As COVID-19 travel restrictions eased, scammers pounced appeared first on CyberScoop. (CyberScoop)

Zoom credits Keybase acquisition with quick turnaround on end-to-end encryption

Zoom says a key deal earlier this year helped it globally implement an important security feature at a time when the videoconferencing app became a household word. The company said Monday that it was officially rolling out end-to-end encryption (E2EE) for all free and paid users, and it credited the acquisition of messaging and file-sharing service Keybase as a crucial decision toward that milestone. “This has been a highly requested feature from our customers, and we’re excited to make this a reality,” Jason Lee, Zoom’s chief information security officer, said in a statement. “Kudos to our encryption team who joined us from Keybase in May and developed this impressive security feature within just six months.” Zoom announced the upgrade a couple of weeks ago, but said it was live as of Monday for Windows, macOS and Android users. Approval for the feature on iOS was awaiting approval from Apple’s App […] The post Zoom credits Keybase acquisition with quick turnaround on end-to-end encryption appeared first on CyberScoop. (CyberScoop)

Facebook “copyright violation” tries to get past 2FA – don’t fall for it!

Watch out for "Facebook copyright violation" emails - even if they link straight back to Facebook.com (Naked Security)

Phone scamming – friends don’t let friends get vished!

You probably back yourself not to be flattered or scared by a voice scammer - but what about vulnerable friends or relatives? (Naked Security)

Nando's Hackers Feast On Customer Accounts

(News ≈ Packet Storm)

Zoom Rolls Out Encryption For All Desktop And Mobile Users

(News ≈ Packet Storm)

Google Boots 21 Bogus Gaming Apps From Play Marketplace

(News ≈ Packet Storm)

Hackers Are Holding Psychotherapy Data Ransom

(News ≈ Packet Storm)

Google Removes 21 Malicious Android Apps from Play Store

Google has stepped in to remove several Android applications from the official Play Store following the disclosure that the apps in question were found to serve intrusive ads. The findings were reported by the Czech cybersecurity firm Avast on Monday, which said the 21 malicious apps (list here) were downloaded nearly eight million times from Google's app marketplace. The apps masqueraded as (The Hacker News)

26-10-202028-10-2020

/security-daily/ 28-10-2020 23:44:23