28-06-202130-06-2021

Security daily (29-06-2021)

AWS Verified episode 6: A conversation with Reeny Sondhi of Autodesk

I’m happy to share the latest episode of AWS Verified, where we bring you global conversations with leaders about issues impacting cybersecurity, privacy, and the cloud. We take this opportunity to meet with leaders from various backgrounds in security, technology, and leadership. For our latest episode of Verified, I had the opportunity to meet virtually […] (AWS Security Blog)

US watchdog urges federal law enforcement to better track facial recognition amid accuracy concerns

More than a dozen U.S. federal agencies where law enforcement officers use facial recognition technology are unable to account for which systems their employees use, according to a federal watchdog report released Tuesday. The U.S. Secret Service, Customers and Border Protection and the FBI are among the agencies that don’t track the type of facial recognition technologies used used from sources other than the federal government, according to a Government Accountability Office report examining use of the surveillance technology. The examination provides an unprecedented look at the use of facial recognition systems in the federal government, and illuminates a lack of accountability could lead to increased privacy risks for the public, government auditors concluded. “In particular, these risks can relate to privacy and the accuracy of a system,” the agency warned. That concern stems from a growing body of evidence that facial recognition technologies, which are unregulated by the federal […] The post US watchdog urges federal law enforcement to better track facial recognition amid accuracy concerns appeared first on CyberScoop. (CyberScoop)

White House weighs cracking down on secret ransomware payments, pursuing hackers

Going on offense against attackers and penetrating the secrecy surrounding attacks are two ways the Biden administration is pondering to tackle ransomware, a top White House official said on Tuesday. Anne Neuberger, the deputy national security adviser, said that that a joint FBI, U.S. Cyber Command and private sector effort to cripple the Trickbot botnet, a hacking tool that U.S. officials had feared would disrupt 2020 election season, should be the kind of operation used to tackle ransomware gangs in the future. “Certainly that serves as a model to say where we identify actors and infrastructure that are used … to conduct ransomware attacks, we want to ensure that we make it a lot harder for those actors to operate,” Neuberger said at an event hosted by the Silverado Policy Accelerator, a nonprofit think tank. In advance of the 2020 election, Cyber Command and Microsoft led missions to weaken Trickbot, […] The post White House weighs cracking down on secret ransomware payments, pursuing hackers appeared first on CyberScoop. (CyberScoop)

Ransomware group 'Hades' claims more victims as investigators seek answers

A ransomware group that targets billion-dollar companies — but that has stubbornly defied attribution consensus among cybersecurity researchers — has claimed at least seven victims since its discovery late last year. What’s more, it has taken additional steps in an apparent bid to baffle investigators who have tried to pin down who, exactly, the operators are, according to Accenture Security research released Tuesday. The update on the operators of the self-proclaimed Hades ransomware variant adds to its mystery as much as it subtracts from it. Accenture said it “is not yet able to confidently make attribution claims,” though other researchers have variously described Hades as a new group, suggested  it is connected to a wel known Russian ransomware gang, or linked the Hades activity to a Chinese nation-state hacking outfit thought to be behind this year’s Microsoft Exchange Server attack. What Accenture says it knows is this: First, the Hades […] The post Ransomware group 'Hades' claims more victims as investigators seek answers appeared first on CyberScoop. (CyberScoop)

Cybercriminals are deploying legit security tools far more than before, researchers conclude

Financially motivated cybercriminals are increasingly turning to Cobalt Stike, a legitimate tool that cybersecurity professionals use to test system security, researchers at Proofpoint found. The cybersecurity firm declined to disclose specific numbers but reported a 161% increase in attacks using Cobalt Strike in 2020 compared to 2019. Proofpoint researchers have already seen tens of thousands of organizations targeted by the tool this year and expect those numbers to climb in 2021, according to the report the firm released Tuesday. Threat groups are able to get ahold of the tool from pirated versions circulating the dark web, according to Sherrod DeGrippo, senior director of threat research and detection at Proofpoint. Cobalt Strike is a popular tool for security testing because of the variety of attacks it enables. Most notable among them is Cobalt Strike Beacon, a malware that allows hackers to mask their activity and communications with a system once it’s infiltrated. Russian hackers […] The post Cybercriminals are deploying legit security tools far more than before, researchers conclude appeared first on CyberScoop. (CyberScoop)

Microsoft Approved A Windows Driver With Rootkit Malware

(News ≈ Packet Storm)

Hackers Exploited 0-Day, Not 2018 Bug, To Mass-Wipe My Book Live Devices

(News ≈ Packet Storm)

A Well-Meaning Feature Leaves Millions Of Dell PCs Vulnerable

(News ≈ Packet Storm)

Data For 700M LinkedIn Users Posted For Sale

(News ≈ Packet Storm)

Unpatched Virtual Machine Takeover Bug Affects Google Compute Engine

An unpatched security vulnerability affecting Google's Compute Engine platform could be abused by an attacker to take over virtual machines over the network. "This is done by impersonating the metadata server from the targeted virtual machine's point of view," security researcher Imre Rad said in an analysis published Friday. "By mounting this exploit, the attacker can grant access to themselves (The Hacker News)

New API Lets App Developers Authenticate Users via SIM Cards

Online account creation poses a challenge for engineers and system architects: if you put up too many barriers, you risk turning away genuine users. Make it too easy, and you risk fraud or fake accounts. The Problem with Identity Verification The traditional model of online identity – username/email and password – has long outlived its usefulness. This is how multi-factor or two-factor (The Hacker News)

Google now requires app developers to verify their address and use 2FA

Google on Monday announced new measures for the Play Store, including requiring developer accounts to turn on 2-Step Verification (2SV), provide an address, and verify their contact details later this year. The new identification and two-factor authentication requirements are a step towards strengthening account security and ensuring a safe and secure app marketplace, Google Play Trust and (The Hacker News)

Hackers Trick Microsoft Into Signing Netfilter Driver Loaded With Rootkit Malware

Microsoft on Friday said it's investigating an incident wherein a driver signed by the company turned out to be a malicious Windows rootkit that was observed communicating with command-and-control (C2) servers located in China. The driver, called "Netfilter," is said to target gaming environments, specifically in the East Asian country, with the Redmond-based firm noting that "the actor's goal (The Hacker News)

Users Clueless About Cybersecurity Risks: Study

The return to offices, coupled with uninformed users (including IT pros) has teed up an unprecedented risk of enterprise attack. (Threatpost)

Microsoft Translation Bugs Open Edge Browser to Trivial UXSS Attacks

The bug in Edge's auto-translate could have let remote attackers pull off RCE on any foreign-language website just by sending a message with an XSS payload. (Threatpost)

Details of RCE Bug in Adobe Experience Manager Revealed

Disclosure of a bug in Adobe’s content-management solution - used by Mastercard, LinkedIn and PlayStation – were released. (Threatpost)

Cobalt Strike Usage Explodes Among Cybercrooks

The legit security tool has shown up 161 percent more, year-over-year, in cyberattacks, having “gone fully mainstream in the crimeware world.” (Threatpost)

28-06-202130-06-2021

/security-daily/ 30-06-2021 23:44:23