27-09-202129-09-2021

Security daily (28-09-2021)

Introducing the Ransomware Risk Management on AWS Whitepaper

AWS recently released the Ransomware Risk Management on AWS Using the NIST Cyber Security Framework (CSF) whitepaper. This whitepaper aligns the National Institute of Standards and Technology (NIST) recommendations for security controls that are related to ransomware risk management, for workloads built on AWS. The whitepaper maps the technical capabilities to AWS services and implementation […] (AWS Security Blog)

Manage your AWS Directory Service credentials using AWS Secrets Manager

AWS Secrets Manager helps you protect the secrets that are needed to access your applications, services, and IT resources. With this service, you can rotate, manage, and retrieve database credentials, API keys, OAuth tokens, and other secrets throughout their lifecycle. The secret value rotation feature has built-in integration for services like Amazon Relational Database Service […] (AWS Security Blog)

NSA, CISA share guidelines for securing VPNs as hacking groups keep busy

Cautioning that foreign government-backed hackers are actively exploiting vulnerabilities in virtual private network devices, the National Security Agency and the Department of Homeland Security’s cyber wing on Tuesday published guidelines for securing VPNs. While the advice is broad, the NSA and DHS’ Cybersecurity and Infrastructure Security Agency specifically said it would help protect the Defense Department, national security systems and defense contractors against such advanced persistent threat groups, a term that typically refers to state-sponsored hacking groups. The NSA has specifically warned in the past about Chinese hackers exploiting VPN vulnerabilities, as has CISA, but the history of advanced groups seizing on VPN vulnerabilities is far broader and lengthier. “VPN servers are entry points into protected networks, making them attractive targets,” Rob Joyce, director of cybersecurity at the NSA, said on Twitter. “APT actors have and will exploit VPNs.” In one case, the FBI warned in May about hackers leveraging […] The post NSA, CISA share guidelines for securing VPNs as hacking groups keep busy appeared first on CyberScoop. (CyberScoop)

Convicted scammer who had starring role in dispute between Russia, Israel unexpectedly deported

A convicted Russian scammer who was the focus of an international standoff was deported to his home country 14 months after receiving a long prison sentence in the U.S., Russian media reported. Officers from Russia’s Ministry of Internal Affairs detained Aleksei Burkov at Sheremetyevo Airport in Moscow following his deportation from the U.S., the state-owned media conglomerate RIA reported on Sept. 28. The move comes after an American court sentenced Burkov to nine years in a U.S. prison after he pleaded guilty to charges related to operating two illicit web forums that hackers used to trade stolen data and pool their resources. Israeli authorities initially arrested Burkov in November 2015, sparking a legal fight over extradition between Russia, Israel and the U.S. Kremlin officials spent years trying to convince an Israeli judge to send Burkov to Russia, where he reportedly faces separate charges. When it became clear that Israel would […] The post Convicted scammer who had starring role in dispute between Russia, Israel unexpectedly deported appeared first on CyberScoop. (CyberScoop)

Serious Security: Let’s Encrypt gets ready to go it alone (in a good way!)

Let's Encrypt is set to become a mainstream, self-certifying web certificate authority - here's why it took so many years. (Naked Security)

CIA Officials Under Trump Discussed Assassinating Julian Assange

(News ≈ Packet Storm)

Credential Spear-Phishing Uses Spoofed Zix Encrypted Email

(News ≈ Packet Storm)

UK Umbrella Payroll Firm GiantPay Confirms Attack

(News ≈ Packet Storm)

Microsoft Warns Of Malware With Persistent Backdoor For Hackers

(News ≈ Packet Storm)

What is Cryptocurrency Mining Malware?

Cryptocurrency mining malware is typically a stealthy malware that farms the resources on a system (computers, smartphones, and other electronic devices connected to the internet) to generate revenue for the cyber criminals controlling it.  Instead of using video game consoles or graphics card farms, these particular cryptominers are using the computers and servers of the people around them for their processing power – without permission. This type of malware mines cryptocurrencies on the systems of their targets or even steals cryptocurrency from other targets, using its resources in such a way that the owner wouldn’t know. Continue reading What is Cryptocurrency Mining Malware? at Sucuri Blog. (Sucuri Blog)

Atlassian Confluence RCE Flaw Abused in Multiple Cyberattack Campaigns

Opportunistic threat actors have been found actively exploiting a recently disclosed critical security flaw in Atlassian Confluence deployments across Windows and Linux to deploy web shells that result in the execution of crypto miners on compromised systems. Tracked as CVE-2021-26084 (CVSS score: 9.8), the vulnerability concerns an OGNL (Object-Graph Navigation Language) injection flaw that (The Hacker News)

New BloodyStealer Trojan Steals Gamers' Epic Games and Steam Accounts

A new advanced trojan sold on Russian-speaking underground forums comes with capabilities to steal users' accounts on popular online video game distribution services, including Steam, Epic Games Store, and EA Origin, underscoring a growing threat to the lucrative gaming market. Cybersecurity firm Kaspersky, which coined the malware "BloodyStealer," said it first detected the malicious tool in (The Hacker News)

How to Prevent Account Takeovers in 2021

Dave Stewart, Approov CEO, lays out six best practices for orgs to avoid costly account takeovers. (Threatpost)

Gamers Beware: Malware Hunts Steam, Epic and EA Origin Accounts

The BloodyStealer trojan helps cyberattackers go after in-game goods and credits. (Threatpost)

SAS 2021: FinSpy Surveillance Kit Re-Emerges Stronger Than Ever

A 'nearly impossible to analyze' version of the malware sports a bootkit and 'steal-everything' capabilities. (Threatpost)

Working Exploit Is Out for VMware vCenter CVE-2021-22005 Flaw

UPDATE: Indicators of compromise are now available. The unredacted RCE exploit released on Monday allows unauthenticated, remote attackers to upload files to the vCenter Server analytics service. (Threatpost)

27-09-202129-09-2021

/security-daily/ 29-09-2021 23:44:22