27-10-202029-10-2020

Security daily (28-10-2020)

New! Streamline existing IAM Access Analyzer findings using archive rules

AWS Identity and Access Management (IAM) Access Analyzer generates comprehensive findings to help you identify resources that grant public and cross-account access. Now, you can also apply archive rules to existing findings, so you can better manage findings and focus on the findings that need your attention most. You can think of archive rules as […] (AWS Security Blog)

European ransomware group strikes US hospital networks, analysts warn

An Eastern European cybercriminal group has conducted ransomware attacks at multiple U.S. hospitals in recent days in some of the most disruptive cyber-activity in the sector during the coronavirus pandemic, cybersecurity company FireEye said Wednesday. The group, which FireEye calls UNC1878, has been deploying Ryuk ransomware and taking multiple hospital IT networks offline, said Charles Carmakal, senior vice president of Mandiant, FireEye’s incident response arm. “UNC1878 is one of most brazen, heartless and disruptive threat actors I’ve observed over my career,” Carmakal said. The group’s activity “is deliberately targeting and disrupting U.S. hospitals, forcing them to divert patients to other healthcare providers,” he said. The company did not detail any specific attacks, or the timing of the activity it says it observed. The announcement coincides with multiple reported ransomware incidents, including an attack earlier this week on Oregon’s Sky Lakes Medical Center. The medical center carried on with emergency and urgent […] The post European ransomware group strikes US hospital networks, analysts warn appeared first on CyberScoop. (CyberScoop)

Why, and how, Turla spies keep returning to European government networks

Turla, a group of suspected Russian hackers known for pinpoint espionage operations, has used updated tools to breach the computer network of an unnamed European government organization, according to new research. The research from consulting giant Accenture shows how, despite a large body of public data on Turla techniques, and a warning from Estonian authorities linking the hackers with Russia’s FSB intelligence agency, the group remains adept at infiltrating European government networks. The hacking tools are tailored to the victim organization, which Accenture did not name, and have been used over the last few months to burrow into the internal network and then ping an external server controlled by the attackers. The stealth is typical of Turla, which is known for stalking embassies and foreign affairs ministries in Europe and elsewhere for sensitive data. Turla’s tools are associated with a damaging breach of U.S. military networks in the mid-to-late 1990s, and an attack on U.S. […] The post Why, and how, Turla spies keep returning to European government networks appeared first on CyberScoop. (CyberScoop)

Monero scam was at the center of Trump campaign website defacement

The brief defacement of President Trump’s campaign website Tuesday night serves as another reminder that when cybercriminals want to cast a wide net for a scam, U.S. politics present plenty of opportunities — especially in the final days of a highly fraught election season. The front page of the site was replaced with a message claiming that hackers had compromised “multiple devices” and stolen “strictly classified information” — claims that the Trump campaign rejected. There was a call to action, too: Visitors had the choice to “vote” on whether the material should be made public, by sending the cryptocurrency Monero to online wallets marked “yes” or “no.” Any payments to those accounts would be irreversible. It’s hardly the first time this year that scammers have used Trump’s name to reel people in. Most recently, the Republican president’s COVID-19 diagnosis was a lure; other schemes have involved naming fake ransomware after Trump. Democratic presidential nominee Joe Biden and […] The post Monero scam was at the center of Trump campaign website defacement appeared first on CyberScoop. (CyberScoop)

Munich Security Conference attendees targeted with Iran-linked spearphishing, Microsoft says

Iranian government-linked hackers have been sending spearphishing emails to large swaths of high-profile potential attendees of the upcoming Munich Security Conference as well as the Think 20 Summit in Saudi Arabia, according to Microsoft research. The Iranian attackers, known as Phosphorous, have disguised themselves as conference organizers and have sent fake invitations containing PDF documents with malicious links to over 100 possible invitees of the conferences, both of which are prominent summits dedicated to international security and policies of the world’s largest economies, respectively. In some cases the attackers have been successful in guiding some victims to those links, which lead victims to credential-harvesting pages, Tom Burt, corporate vice president of Microsoft Security and Trust announced in a blog published Wednesday morning. “We believe Phosphorus is engaging in these attacks for intelligence collection purposes,” Burt wrote in the blog. “The attacks were successful in compromising several victims, including former ambassadors and other senior policy experts who help […] The post Munich Security Conference attendees targeted with Iran-linked spearphishing, Microsoft says appeared first on CyberScoop. (CyberScoop)

Code a Dead Man's Switch in Python 3 to Encrypt & Delete Files Whenever You Don't Check In

A dead man's switch is a fairly simple concept. If you don't perform a specific task before a set amount of time, it'll perform a specific action you set. They can be handy not just for hackers but for everyone who wants to protect themselves, someone else, or something tangible or intangible from harm. While there are more nefarious uses for a dead man's switch, white hats can put one to good use.

These switches have appeared in pop culture in many different forms, and examples can be seen in films such as "Point Break," "Speed," and "Crimson Tide." For a more recent example, in the film... more (Null Byte « WonderHowTo)

ICE, IRS Explored Using Hacking Tools, New Documents Show

(News ≈ Packet Storm)

Facebook, Twitter, And Google Face Questions From US Senators

(News ≈ Packet Storm)

Experian Told To Stop Sharing Data Without Consent

(News ≈ Packet Storm)

Trump Campaign Website Defaced In Apparent Hack

(News ≈ Packet Storm)

5 Places Where You’d Never Expect to Get Hacked

For every gleaming new IoT device that hits the market, a hacker somewhere is figuring out how to compromise it. Today, even routine activities can land you in the sights of a bad actor. Imagine what a bad day could look like in this era of ubiquitous connectivity… it’d play like some dystopian grindhouse film. What an appropriate way to head into Halloween and conclude Cybersecurity Awareness Month! If you’re ready for a good cyber-scare, let’s look at five real-life scenarios where you’d never expect to get hacked — but just might. Continue reading 5 Places Where You’d Never Expect to Get Hacked at Sucuri Blog. (Sucuri Blog)

FBI, DHS Warn Of Possible Major Ransomware Attacks On Healthcare Systems

The US Federal Bureau of Investigation (FBI), Departments of Homeland Security, and Health and Human Services (HHS) issued a joint alert Wednesday warning of an "imminent" increase in ransomware and other cyberattacks against hospitals and healthcare providers. "Malicious cyber actors are targeting the [Healthcare and Public Health] Sector with TrickBot malware, often leading to ransomware (The Hacker News)

[Webinar and eBook]: Are You’re Getting The Best Value From Your EDR Solution?

Many companies rely on Endpoint Detection and Response (EDR) solutions as their primary security tool to protect their organizations against cyber threats. EDR was introduced around eight years ago, and analysts now peg the EDR market size as $1.5 to $2.0 billion in annual revenue globally, expecting it to quadruple over the next five years. The recent introduction of Extended Detection and (The Hacker News)

TrickBot Linux Variants Active in the Wild Despite Recent Takedown

Efforts to disrupt TrickBot may have shut down most of its critical infrastructure, but the operators behind the notorious malware aren't sitting idle. According to new findings shared by cybersecurity firm Netscout, TrickBot's authors have moved portions of their code to Linux in an attempt to widen the scope of victims that could be targeted. TrickBot, a financial Trojan first detected in 2016 (The Hacker News)

2 More Hospitals Hit by Growing Wave of Ransomware Attacks, As Feds Issue Warning

Hospitals in New York and Oregon were targeted on Tuesday by threat actors who crippled systems and forced ambulances with sick patients to be rerouted, in some cases. (Threatpost)

Microsoft’s SMBGhost Flaw Still Haunts 108K Windows Systems

While Microsoft patched the bug known as CVE-2020-0796 back in March, more than one 100,000 Windows systems are still vulnerable. (Threatpost)

27-10-202029-10-2020

/security-daily/ 29-10-2020 23:44:23