27-04-202129-04-2021

Security daily (28-04-2021)

Integrate CloudHSM PKCS #11 Library 5.0 with serverless workloads

Amazon Web Services (AWS) recently released PCKS #11 Library version 5.0 for AWS CloudHSM. This blog post describes the changes implemented in the new library. We also cover a simple encryption example with the Advanced Encryption Standard (AES) algorithm in Galois/Counter Mode (GCM), dockerized, running on AWS Fargate. The primary change from the previous SDK […] (AWS Security Blog)

053| How to Secure Networks and Influence People

The role of a chief information security officer demands technical knowledge, but it also requires soft skills of leading and influencing - especially over the past year as cybersecurity has grown in visibility for companies. So how can CISOs get their security message across to boards, the business, employees and the security team? Joining Janne are two CISOs, Erka Koivunen of F-Secure and Chani Simms, co-founder and managing director of Meta Defence Labs and founder of SHe CISO Exec community, to discuss communication and the role of emotional intelligence in promoting a culture of security at every level. Links: Episode 53 transcript Report: CISOs’ New Dawn, by F-Secure and Omnisperience (Cyber Security Sauna)

Crypto scammer who threatened victims' families pleads guilty, faces 2-year minimum

A plan to steal cryptocurrency and hard-to-find social media accounts has ended with one schemer set to spend at least two years in prison.  Eric Meiggs, a 23-year-old Massachusetts man, pleaded guilty on Wednesday to participating in a plan to steal social media account names and hundreds of thousands of dollars worth of bitcoin, the U.S. Department of Justice announced. Meiggs and a team of associates used SIM swapping, a practice in which scammers take control of victims’ phone numbers, to try to steal more than $530,000 in cryptocurrency from 10 people, DOJ said.  SIM swapping is the process by which attackers convince a victim’s phone carrier to transfer control of a phone number to an attacker, or group of scammers. From there, the intruders abuse access to that phone number to gather passwords, financial transactions or other sensitive data associated with that number. In recent years, thieves have prioritized […] The post Crypto scammer who threatened victims' families pleads guilty, faces 2-year minimum appeared first on CyberScoop. (CyberScoop)

US arrests alleged ‘Bitcoin Fog’ boss, who is accused of laundering millions

U.S. federal agents on Tuesday arrested the alleged operator of Bitcoin Fog, a cryptocurrency-obfuscation service that the dark web’s most notorious marketplaces have reportedly used to move tens of millions of dollars. Roman Sterlingov, a Russian-Swedish national, was arrested in Los Angeles and charged with money laundering for his alleged role as Bitcoin Fog’s mastermind, according to court documents. Created in 2011, Bitcoin Fog bills itself as a means of further anonymizing cryptocurrency transactions by separating transmitted bitcoin from a particular bitcoin address. Some $336 million in transactions were routed through Bitcoin Fog over a decade, according to a criminal complaint against Sterlingov filed in the U.S. District Court for the District of Columbia. That included tens of millions of dollars laundered for dark web forums like AlphaBay and Silk Road, which were known for trafficking in drugs and hacking tools, as well as other illicit products, before being shut […] The post US arrests alleged ‘Bitcoin Fog’ boss, who is accused of laundering millions appeared first on CyberScoop. (CyberScoop)

'Ghostwriter' disinformation campaign rages on as Biden prepares for NATO trip

For over a year, Stanislaw Zaryn, a Polish government official, has not been shy about exposing what he says are suspected Russian attempts to interfere in Polish politics. Zaryn has posted screenshots on Twitter of fake accounts and slapped a blaring “Disinformation” label on them. He has called out a forged letter that criticized the U.S. troop presence in Poland. But a study published by security firm FireEye on Wednesday makes clear that the propaganda flagged by Zaryn is but one front in a multi-pronged information operations effort aimed at sowing political discord in multiple NATO countries. FireEye has linked more than 30 such incidents in Lithuania, Latvia, Germany and elsewhere in the last five years to a previously disclosed, ongoing influence campaign it calls Ghostwriter. That includes more than 20 newly discovered Ghostwriter incidents since an initial FireEye report last summer, including one as recent as last month. The […] The post 'Ghostwriter' disinformation campaign rages on as Biden prepares for NATO trip appeared first on CyberScoop. (CyberScoop)

Gamers update! Nvidia patches GPU driver kernel escalation bugs

Patch early, patch often. Here's why it's worth it. (Naked Security)

Linux Kernel Vuln Exposes Stack Memory, Causes Data Leaks

(News ≈ Packet Storm)

Apple Patches macOS Gatekeeper Bypass Vulnerability

(News ≈ Packet Storm)

Signal's Cellebrite Hack Is Already Causing Grief For The Law

(News ≈ Packet Storm)

Ransomware Crooks Threaten To ID Informants If Cops Don't Pay Up

(News ≈ Packet Storm)

Cybercriminals Widely Abusing Excel 4.0 Macro to Distribute Malware

Threat actors are increasingly adopting Excel 4.0 documents as an initial stage vector to distribute malware such as ZLoader and Quakbot, according to new research. The findings come from an analysis of 160,000 Excel 4.0 documents between November 2020 and March 2021, out of which more than 90% were classified as malicious or suspicious. <!--adsense--> "The biggest risk for the targeted (The Hacker News)

F5 BIG-IP Found Vulnerable to Kerberos KDC Spoofing Vulnerability

Cybersecurity researchers on Wednesday disclosed a new bypass vulnerability (CVE-2021-23008) in the Kerberos Key Distribution Center (KDC) security feature impacting F5 Big-IP application delivery services. "The KDC Spoofing vulnerability allows an attacker to bypass the Kerberos authentication to Big-IP Access Policy Manager (APM), bypass security policies and gain unfettered access to (The Hacker News)

Attention! FluBot Android Banking Malware Spreads Quickly Across Europe

Attention, Android users! A banking malware capable of stealing sensitive information is "spreading rapidly" across Europe, with the U.S. likely to be the next target. According to a new analysis by Proofpoint, the threat actors behind FluBot (aka Cabassous) have branched out beyond Spain to target the U.K., Germany, Hungary, Italy, and Poland. The English-language campaign alone has been (The Hacker News)

Microsoft Office SharePoint Targeted With High-Risk Phish, Ransomware Attacks

SharePoint servers are being picked at with high-risk, legitimate-looking, branded phish messages and preyed on by a ransomware gang using an old bug. (Threatpost)

Google Chrome V8 Bug Allows Remote Code-Execution

The internet behemoth rolled out the Chrome 90 stable channel release to address this and eight other security vulnerabilities. (Threatpost)

27-04-202129-04-2021

/security-daily/ 29-04-2021 23:46:03