28-07-202130-07-2021

Security daily (29-07-2021)

Spring 2021 PCI DSS report now available with nine services added in scope

We’re continuing to expand the scope of our assurance programs at Amazon Web Services (AWS) and are pleased to announce that nine new services have been added to the scope of our Payment Card Industry Data Security Standard (PCI DSS) certification. This provides our customers with more options to process and store their payment card […] (AWS Security Blog)

Five reasons why I’m excited to attend AWS re:Inforce 2021 in Houston, TX

You may have seen the recent invitation from Stephen Schmidt, Chief Information Security Officer (CISO) at Amazon Web Services, to join us at AWS re:Inforce in Houston, TX on August 24 and 25. I’d like to dive a little bit deeper into WHY you should attend and HOW to make the most of your time there. […] (AWS Security Blog)

Criminals are using call centers to spread ransomware in a crafty scheme

An ongoing ransomware campaign that employs phony call centers to trick victims into downloading malware may be more dangerous than previously thought, Microsoft researchers say. Because the malware isn’t in a link or document within the email itself, the scam helps attackers bypass some phishing and malware detecting services, Microsoft researchers noted in a report Thursday. When the company first examined it in May, the scheme features attackers posing as subscription service providers who lure victims onto the phone to cancel a non-existent subscription. Once there, the call center worker guides them to download malware onto their computer. Researchers now say that the malware not only allows hackers a one-time backdoor into the device, as previously thought, but to also remotely control the affected system. That means it’s even easier for them to sweep for files and find high-end user credentials that could be used to drop ransomware such as Ryuk or […] The post Criminals are using call centers to spread ransomware in a crafty scheme appeared first on CyberScoop. (CyberScoop)

Wyden bill would require digital signatures for sensitive court orders

Miscreants have leveraged counterfeit court documents to authorize wiretaps on romantic interests or dupe Google into removing embarrassing links from search results, among other instances of fraud, in recent years. Sen. Ron Wyden on Wednesday is unveiling bipartisan legislation to counter that kind of forgery by requiring federal, state and tribal courts to use digital signatures — which rely on encryption technology — for orders that authorize surveillance, domain seizures and online content removal. The legislation, first reported by CyberScoop, also directs the National Institute for Standards and Technology to develop standards for court order digital signatures within two years, for federal courts to test out the technology and then for state and tribal courts to adopt it within four years after the rules are finished. The senator said the bill aims to curb opportunities for fraud by forcing the use of digital signatures, which are rapidly surging in popularity. […] The post Wyden bill would require digital signatures for sensitive court orders appeared first on CyberScoop. (CyberScoop)

Microsoft researcher found Apple 0-day in March, didn’t report it

Ut tensio, sic uis! Does twice the bug pile on twice the pressure to fix it? (Naked Security)

Israeli Authorities Inspect NSO Offices After Damning Investigation

(News ≈ Packet Storm)

Call For Hungarian Ministers To Resign In Wake Of Pegasus Revelations

(News ≈ Packet Storm)

Reboot Of PunkSpider Tool At DEF CON Stirs Debate

(News ≈ Packet Storm)

Feds List The Top 30 Most Exploited Vulnerabilities

(News ≈ Packet Storm)

Hackers Exploit Microsoft Browser Bug to Deploy VBA Malware on Targeted PCs

An unidentified threat actor has been exploiting a now-patched zero-day flaw in Internet Explorer browser to deliver a fully-featured VBA-based remote access trojan (RAT) capable of accessing files stored in compromised Windows systems, and downloading and executing malicious payloads as part of an "unusual" campaign. The backdoor is distributed via a decoy document named "Manifest.docx" that (The Hacker News)

New Ransomware Gangs — Haron and BlackMatter — Emerge on Cybercrime Forums

Two new ransomware-as-service (RaaS) programs have appeared on the threat radar this month, with one group professing to be a successor to DarkSide and REvil, the two infamous ransomware syndicates that went off the grid following major attacks on Colonial Pipeline and Kaseya over the past few months. "The project has incorporated in itself the best features of DarkSide, REvil, and LockBit," the (The Hacker News)

Best Practices to Thwart Business Email Compromise (BEC) Attacks

Business email compromise (BEC) refers to all types of email attacks that do not have payloads. Although there are numerous types, there are essentially two main mechanisms through which attackers penetrate organizations utilizing BEC techniques, spoofing and account take-over attacks. In a recent study, 71% of organizations acknowledged they had seen a business email compromise (BEC) attack (The Hacker News)

New Android Malware Uses VNC to Spy and Steal Passwords from Victims

A previously undocumented Android-based remote access trojan (RAT) has been found to use screen recording features to steal sensitive information on the device, including banking credentials, and open the door for on-device fraud. Dubbed "Vultur" due to its use of Virtual Network Computing (VNC)'s remote screen-sharing technology to gain full visibility on targeted users, the mobile malware was (The Hacker News)

Top 30 Critical Security Vulnerabilities Most Exploited by Hackers

Intelligence agencies in Australia, the U.K., and the U.S. issued a joint advisory on Wednesday detailing the most exploited vulnerabilities in 2020 and 2021, once again demonstrating how threat actors are able to swiftly weaponize publicly disclosed flaws to their advantage. "Cyber actors continue to exploit publicly known—and often dated—software vulnerabilities against broad target sets, (The Hacker News)

Several Bugs Found in 3 Open-Source Software Used by Several Businesses

Cybersecurity researchers on Tuesday disclosed nine security vulnerabilities affecting three open-source projects — EspoCRM, Pimcore, and Akaunting — that are widely used by several small to medium businesses and, if successfully exploited, could provide a pathway to more sophisticated attacks. All the security flaws in question, which impact EspoCRM v6.1.6, Pimcore Customer Data Framework (The Hacker News)

Microsoft Warns of LemonDuck Malware Targeting Windows and Linux Systems

An infamous cross-platform crypto-mining malware has continued to refine and improve upon its techniques to strike both Windows and Linux operating systems by setting its sights on older vulnerabilities, while simultaneously latching on to a variety of spreading mechanisms to maximize the effectiveness of its campaigns. "LemonDuck, an actively updated and robust malware that's primarily known (The Hacker News)

UC San Diego Health Breach Tied to Phishing Attack

Employee email takeover exposed personal, medical data of students, employees and patients. (Threatpost)

CISA’s Top 30 Bugs: One’s Old Enough to Buy Beer

There are patches or remediations for all of them, but they're still being picked apart. Why should attackers stop if the flaws remain unpatched, as so many do? (Threatpost)

Israeli Government Agencies Visit NSO Group Offices

Authorities opened an investigation into the secretive Israeli security firm. (Threatpost)

Six Malicious Linux Shell Scripts Used to Evade Defenses and How to Stop Them

Uptycs Threat Research outline how malicious Linux shell scripts are used to cloak attacks and how defenders can detect and mitigate against them. (Threatpost)

28-07-202130-07-2021

/security-daily/ 30-07-2021 23:44:22