Security daily (29-07-2020)

Logical separation: Moving beyond physical isolation in the cloud computing era

We’re sharing an update to the Logical Separation on AWS: Moving Beyond Physical Isolation in the Era of Cloud Computing whitepaper to help customers benefit from the security and innovation benefits of logical separation in the cloud. This paper discusses using a multi-pronged approach—leveraging identity management, network security, serverless and containers services, host and instance […] (AWS Security Blog)

Suspected Chinese hackers targeting Vatican in advance of Beijing negotiations

Over the course of the last three months, hackers with suspected links to the Chinese government have been targeting the Vatican, according to research from security firm Recorded Future. The targeting, which was delivered in a series of spearphishing emails with malware-laden documents imitating legitimate Vatican correspondence and news about Hong Kong’s national security law, appears to have begun in May of this year, Recorded Future researchers said. The suspected Chinese government hackers have also targeted mail servers of other Catholic entities, including an international missionary center in Italy and the Catholic Diocese of Hong Kong. The hacking group appears to be linked with the China-based hacking group Mustang Panda, given several overlaps in techniques, infrastructure, and tooling, including a method for delivering malware that both groups employ as well as a method for obfuscating their attacks, the researchers said in a blog. However, given several different encryption mechanisms used […] The post Suspected Chinese hackers targeting Vatican in advance of Beijing negotiations appeared first on CyberScoop. (CyberScoop)

New bug in PC booting process could take years to fix, researchers say

In June, the antivirus company ESET stumbled across an insidious strain of ransomware that prevents a computer from loading and locks its data. A saving grace was that, in order for the attack to work, a ubiquitous feature known as UEFI Secure Boot, which protects computers from getting malicious code slipped on their systems, would have to be disabled. Now, researchers at hardware security company Eclypsium say they’ve found a vulnerability that, if exploited, would even work on computers that have that Secure Boot feature enabled.  Exploiting the flaw, which researchers say affects just about every Linux-based operating system in existence, would make successful attacks using the ransomware spotted by ESET more likely. It would also open the door to stealthy attacks that compromise a machine’s loading process, where control over the computer is at its highest. “It’s this foundational part of the system, and everything you loaded up on […] The post New bug in PC booting process could take years to fix, researchers say appeared first on CyberScoop. (CyberScoop)

Anti-NATO disinformation effort uses coronavirus to poke political tensions

A propaganda campaign is using the coronavirus pandemic to inflame anxieties about NATO troops throughout Eastern Europe, security researchers have determined. The group, dubbed Ghostwriter, has been focused on amplifying anti-Western narratives in Poland, Latvia and Lithuania since 2017. Operatives have planted fabricated diplomatic documents, tried spreading the false narrative that Canadian soldiers had been spreading COVID-19 through Latvia and leveraged news sites to spread articles that appear to be legitimate, according to a report the security firm FireEye published Tuesday. While researchers have not attributed the effort to the Russian government, the findings are the latest addition to a growing consensus that pro-Kremlin entities are seizing on COVID-19 to inflame existing political divisions. Russia’s military intelligence agency, the GRU, is using three websites to try to spread disinformation about the U.S. response to the virus, U.S. officials told the Associated Press. “We believe the assets and operations…are for the […] The post Anti-NATO disinformation effort uses coronavirus to poke political tensions appeared first on CyberScoop. (CyberScoop)

Here's how Army Cyber Command plans to take on information warfare

Amid burgeoning Russian, Chinese, and Iranian influence operations aimed at manipulating U.S. politics and Americans’ understanding of the coronavirus pandemic, the Army’s top cybersecurity official has released a ten-year plan to reform his command into a more capable information warfare unit. The plan, which Lt. Gen. Stephen Fogarty outlined this week in Cyber Defense Review, a publication from the Army Cyber Institute, is meant to reorganize Army Cyber Command into a series of units that can work to counter adversaries’ efforts to destabilize the U.S., including by influencing adversaries’ behavior and decision-making through jamming up their signals, or by messaging and running social media information operations to control the narrative, for instance. In some cases, the reformulated Army Cyber Command (ARCYBER) will focus on “skillfully communicating (or obscuring), the location, capability, and intent of Army forces,” Fogarty said. The final goal of the ten-year plan is to get ARCYBER to be able to outsmart and outmaneuver adversaries in the information space — in concert with other […] The post Here's how Army Cyber Command plans to take on information warfare appeared first on CyberScoop. (CyberScoop)

US files superseding indictment against former Twitter employees accused of spying for Saudi Arabia

U.S. prosecutors have filed a superseding indictment in federal court against two former Twitter employees for allegedly spying on dissidents on behalf of Saudi Arabia. The Department of Justice had alleged last year that a Saudi national with ties to the royal family had recruited two former Twitter employees, Ahmad Abouammo and Ali Alzabarah, to abuse their access to Twitter to collect sensitive information about Saudi dissidents, including location data, email addresses, and phone numbers. The former Twitter employees allegedly targeted a close associate of American journalist Jamal Khashoggi, who was murdered in 2018 at the behest of Saudi Crown Prince Mohammed bin Salman, according to the CIA. A grand jury has now charged Abouammo, Alzabarah, and Ahmed Almutairi, their alleged intermediary with the Saudi Kingdom, with acting as agents of a foreign government, wire fraud, and money laundering, among other charges. Abouammo is also accused of falsifying records in an effort to obstruct the investigation. Abouammo previously worked as Twitter’s head of […] The post US files superseding indictment against former Twitter employees accused of spying for Saudi Arabia appeared first on CyberScoop. (CyberScoop)

Thousands of websites at risk from critical WordPress commenting plugin vulnerability

A critical vulnerability in a third-party comments plugin installed on over 70,000 websites running WordPress could allow hackers to execute malicious code remotely. If you’re using the wpDIscuz commenting plugin, make sure you’ve kept it up to date – or your website might be hijacked… or wiped. Read more in my article on the Hot for Security blog. (Graham Cluley)

Hacker plays cat-and-mouse with the EBRD’s Twitter account

The European Bank for Reconstruction and Development (EBRD) found itself very publicly tussling with a hacker on its Twitter account this morning. (Graham Cluley)

US tax service says, “2FA is a must!”

We know it's an old drum, but we're not tired of beating it yet: 2FA is your friend. (Naked Security)

How to Beat File Upload Restrictions on Web Apps to Get a Shell

One of the most promising avenues of attack in a web application is the file upload. With results ranging from XSS to full-blown code execution, file uploads are an attractive target for hackers, but there are usually restrictions in place that can make it challenging to execute an attack. However, there are various techniques a hacker could use to beat file upload restrictions to get a shell.

Method 1: Bypassing Blacklists

The first method we'll explore is how to bypass blacklisting. Blacklisting is a type of protection where certain strings of data, in this case, specific extensions, are... more (Null Byte « WonderHowTo)

Live: US Tech Giants Face Congress Grilling

(News ≈ Packet Storm)

OKCupid Fixed Serious Security Vulnerability After Alert

(News ≈ Packet Storm)

Microsoft To Remove All SHA-1 Windows Downloads Next Week

(News ≈ Packet Storm)

GRUB2: There's A Hole In The Boot

(News ≈ Packet Storm)

Critical GRUB2 Bootloader Bug Affects Billions of Linux and Windows Systems

A team of cybersecurity researchers today disclosed details of a new high-risk vulnerability affecting billions of devices worldwide—including servers and workstations, laptops, desktops, and IoT systems running nearly any Linux distribution or Windows system.

Dubbed 'BootHole' and tracked as CVE-2020-10713, the reported vulnerability resides in the GRUB2 bootloader, which, if exploited, could (The Hacker News)

Is Your Security Vendor Forcing You To Move to the Cloud? You Don't Have To!

Many endpoint security vendors are beginning to offer their applications only in the cloud, sunsetting their on-premise offerings. This approach may be beneficial to the vendor, but many clients continue to need on-premise solutions.

Vendors that sunset on-premise solutions force clients that prefer on-premise solutions to either change their operating environment and approach or change (The Hacker News)

Industrial VPN Flaws Could Let Attackers Target Critical Infrastructures

Cybersecurity researchers have discovered critical vulnerabilities in industrial VPN implementations primarily used to provide remote access to operational technology (OT) networks that could allow hackers to overwrite data, execute malicious code, and compromise industrial control systems (ICS).

A new report published by industrial cybersecurity company Claroty demonstrates multiple severe (The Hacker News)

OkCupid Dating App Flaws Could've Let Hackers Read Your Private Messages

Cybersecurity researchers today disclosed several security issues in popular online dating platform OkCupid that could potentially let attackers remotely spy on users' private information or perform malicious actions on behalf of the targeted accounts.

According to a report shared with The Hacker News, researchers from Check Point found that the flaws in OkCupid's Android and web applications (The Hacker News)

Critical Magento Flaws Allow Code Execution

Adobe has released patches for critical and important-severity flaws in its popular Magento e-commerce platform. (Threatpost)

Billions of Devices Impacted by Secure Boot Bypass

The "BootHole" bug could allow cyberattackers to load malware, steal information and move laterally into corporate, OT, IoT and home networks. (Threatpost)

Critical Bugs in Utilities VPNs Could Cause Physical Damage

Gear from Secomea, Moxa and HMS Networks are affected by remote code-execution flaws, researchers warn. (Threatpost)

Critical Security Flaw in WordPress Plugin Allows RCE

WordPress plugin Comments – wpDiscuz, which is installed on over 70,000 sites, has issued a patch. (Threatpost)

Facial-Recognition Flop: Face Masks Thwart Virus, Stump Security Systems

Algorithms clocked error rates of between 5% to 50% when comparing photos of people wearing digitally created masks with unmasked faces. (Threatpost)

OkCupid Security Flaw Threatens Intimate Dater Details

Attackers could have exploited various flaws in OkCupid's mobile app and webpage to steal victims' sensitive data and even send messages out from their profiles. (Threatpost)


/security-daily/ 30-07-2020 23:44:24