27-05-202129-05-2021

Security daily (28-05-2021)

Biden budget seeks $750 million to respond to SolarWinds compromises, plus billions more for cyber

President Joe Biden’s fiscal 2022 budget blueprint released Friday proposes $750 million for the federal government to respond to “lessons learned” from the SolarWinds supply chain hack that compromised nine agencies. In all, the budget proposes $9.8 billion in federal civilian cybersecurity funding, a 14% increase from the spending levels allocated for the current fiscal year, according to a summary. That number doesn’t take into account Defense Department funding requests, for which the unclassified total for cyberspace is $10.8 billion. That represents just a portion of DOD funding, too, given the classified nature of many Pentagon cyber functions. “Cybersecurity is a top priority for this Administration, and recent events, such as the SolarWinds cyber incident, have shown that adversaries continue to target Federal systems,” one budget document reads. The blueprint also requests $15 million for the recently-created national cyber director office in the White House, and $20 million for a […] The post Biden budget seeks $750 million to respond to SolarWinds compromises, plus billions more for cyber appeared first on CyberScoop. (CyberScoop)

Fighting, screaming as alleged ATM scammer known as ‘The Shark’ is arrested in Mexico

Police in Mexico have arrested the alleged head of a financial fraud operation that used corrupt ATMs to steal more than $1 billion from tourists in recent years. Florian Tudor, a Romanian man perhaps better known as “The Shark,” was apprehended on Thursday when officials from Mexico’s attorney general’s office took him into custody. The incident erupted in wrestling, shouting and authorities carrying Tudor out of the building by his arms and legs, according to video published by news outlets in Mexico City. Mexico’s federal law enforcement suggested that Tudor’s associates tried to assault a police officer before also being arrested. Así fue la detención de Florian Tudor, líder de la mafia rumana en las Oficinas de la FGR en la CDMX Video: Especial pic.twitter.com/jZM2zcM4Mx — El Universal (@ElUniversalMx) May 27, 2021 The fisticuffs mark the latest twist in a years-long crime spree that law enforcement officials and international journalists […] The post Fighting, screaming as alleged ATM scammer known as ‘The Shark’ is arrested in Mexico appeared first on CyberScoop. (CyberScoop)

SolarWinds hackers are behind a widespread phishing campaign impersonating USAID, Microsoft says

The same Russian spies who exploited SolarWinds software to infiltrate U.S. government agencies have in the last week launched a phishing campaign that aimed to hack some 150 organizations in 24 countries, Microsoft said Thursday. The suspected Russian hackers have posed as the U.S. Agency for International Development, a government agency that funds aid projects around the world, to target some 3,000 individual accounts in a blitz of phishing emails since May 25, Microsoft said in a blog post. The majority of the target organizations are in the U.S., and at least a quarter of them work in international development, humanitarian aid and human rights, Microsoft said. The hackers blasted out the nefarious messages by using a breached account that USAID uses to send marketing emails, according to Tom Burt, Microsoft’s corporate vice president for customer security and trust. A USAID spokesperson said that a forensic investigation into the breach […] The post SolarWinds hackers are behind a widespread phishing campaign impersonating USAID, Microsoft says appeared first on CyberScoop. (CyberScoop)

The Best-Selling VPN Is Now on Sale

The ability to browse the web in coffee shops, libraries, airports, and practically anywhere else you can imagine is more than convenient, but convenience has risks. Using public Wi-Fi allows others to spy on you easily. Even your own internet service provider can see every website you've ever visited. Don't fall into the trap of protecting your identity, data, and devices after it's too late.

A Virtual Private Network (VPN) provides safety and security online, and the leading VPN is also one of the most reliable and trusted services — Private Internet Access. What's a VPN? Watch this, and... more (Null Byte « WonderHowTo)

Unlock Facial Detection & Recognition on the Inexpensive ESP32-Based Wi-Fi Spy Camera

If you've recently built a Wi-Fi spy camera out of an ESP32-CAM, you can use it for a variety of things. A baby monitor at night, a security camera for catching package thieves, a hidden video streamer to catch someone going somewhere they shouldn't be — you could use it for pretty much anything. Best of all, this inexpensive camera module can perform facial detection and facial recognition!

The low-cost ESP32-CAM is an interesting camera module because it has enough RAM to perform those facial detection and facial recognition processes. The detection can spot faces whenever they pop in the... more (Null Byte « WonderHowTo)

Fujitsu SaaS Hack Sends Government Of Japan Scrambling

(News ≈ Packet Storm)

FBI Issues Warning About Fortinet Appliances After APT Group Hacks Local Government Office

(News ≈ Packet Storm)

Russian Hackers Target Aid Groups Says Microsoft

(News ≈ Packet Storm)

Police Raid Cannabis Farm, Find Bitcoin Mine

(News ≈ Packet Storm)

WooCommerce Credit Card Skimmer Hides in Plain Sight

Recently, a client’s customers were receiving a warning from their anti-virus software when they navigated to the checkout page of the client’s ecommerce website. Antivirus software such as Kaspersky and ESET would issue a warning but only once a product had been added to the cart and a customer was about to enter their payment information. This is, of course, a tell-tale sign that there is something seriously wrong with the website and likely a case of credit card exfiltration. Continue reading WooCommerce Credit Card Skimmer Hides in Plain Sight at Sucuri Blog. (Sucuri Blog)

SolarWinds Hackers Target Think Tanks With New 'NativeZone' Backdoor

Microsoft on Thursday disclosed that the threat actor behind the SolarWinds supply chain hack returned to the threat landscape to target government agencies, think tanks, consultants, and non-governmental organizations located across 24 countries, including the U.S. "This wave of attacks targeted approximately 3,000 email accounts at more than 150 different organizations," Tom Burt, Microsoft's (The Hacker News)

Hackers Exploit Post-COVID Return to Offices

Spoofed CIO ‘pandemic guideline’ emails being used to steal credentials. (Threatpost)

HPE Fixes Critical Zero-Day in Server Management Software

The bug in HPE SIM makes it easy as pie for attackers to remotely trigger code, no user interaction necessary. (Threatpost)

Nobelium Phishing Campaign Poses as USAID

Microsoft uncovered the SolarWinds crooks using mass-mail service Constant Contact and posing as a U.S.-based development organization to deliver malicious URLs to more than 150 organizations. (Threatpost)

Building Multilayered Security for Modern Threats

Justin Jett, director of audit and compliance for Plixer, discusses the elements of a successful advanced security posture. (Threatpost)

27-05-202129-05-2021

/security-daily/ 29-05-2021 23:44:23