Security daily (29-09-2020)

Isolating network access to your AWS Cloud9 environments

In this post, I show you how to create isolated AWS Cloud9 environments for your developers without requiring ingress (inbound) access from the internet. I also walk you through optional steps to further isolate your AWS Cloud9 environment by removing egress (outbound) access. Until recently, AWS Cloud9 required you to allow ingress Secure Shell (SSH) […] (AWS Security Blog)

Updated IRAP reference architectures and consumer guidance for Australian public sector organizations building workloads at PROTECTED level

In July 2020, we announced that 92 Amazon Web Services (AWS) services had successfully assessed compliant with the Australian government’s Information Security Registered Assessors Program (IRAP) for operating workloads at the PROTECTED level. This enables organizations to use AWS to build a wide range of applications and services for the benefit of all residents of […] (AWS Security Blog)

LinkedIn hacker Nikulin sentenced to 7 years in prison after years of legal battles

One of the most-watched cybercrime cases in recent memory has come to a close. A U.S. judge on Tuesday sentenced Yevgeniy Nikulin to 88 months in prison, or more than seven years, capping an international legal drama that’s involved three countries over a span of eight years. Prosecutors had requested nearly 12 years in prison. A jury in California found Nikulin, now 33, guilty in July of hacking LinkedIn and Formspring in a pair of 2012 data breaches in which he stole credentials belonging to 117 million Americans. He was charged in 2016 with felony counts including computer intrusion and aggravated identity theft for stealing Americans’ usernames and passwords, then trying to sell them to other members of a Russian-speaking cybercriminal forum. “This is a hard one because when he returns [to Russia] I think he will return to being a hacker again,” Judge William Alsup said during. the sentencing […] The post LinkedIn hacker Nikulin sentenced to 7 years in prison after years of legal battles appeared first on CyberScoop. (CyberScoop)

Ohio medical center offline following another security incident in the health sector

A cybersecurity incident has forced the computer systems of an Ohio medical center offline for multiple days and prompted the clinic to postpone elective procedures for patients. A statement Tuesday from the Ashtabula County Medical Center, which includes a hospital of more than 200 beds, said the emergency department remains open and that outpatient care has continued as outside security experts investigate the disruption. The medical center did not specify the cause of the security incident, though Wired reported that ransomware was the cause. A spokesperson for the medical center did not respond to a request for comment Tuesday. NBC News first reported on the medical center’s statement. The disruption at Ashtabula County Medical Center comes as Universal Health Services, which describes itself as one of the largest health care providers in the U.S. grapples with a suspected ransomware attack. In what has become a familiar refrain in health care organizations’ response to cyberattacks, […] The post Ohio medical center offline following another security incident in the health sector appeared first on CyberScoop. (CyberScoop)

Judge orders Georgia to use paper records at polling places to avoid Election Day delays

A federal judge on Monday ordered polling places across Georgia to keep updated, backup paper records of eligible voters to avoid long lines and disenfranchisement on Election Day. The ruling is intended to prevent a repeat of the June primary election in Georgia, in which voting integrity groups say the malfunctioning of electronic pollbooks caused long waits at the polls. It comes as election officials across the country prepare for an unprecedented election marked by changes in procedure because of the coronavirus. The order from U.S. District Judge Amy Totenberg instructs Georgia Secretary of State Brad Raffensperger, a Republican, to “provide at least a modicum of the voting backup plan tools essential to protect” voters’ rights to cast a ballot. Civil society groups had sought the injunction after the difficulties in the primary. “It is not too late for [Raffensperger and other election officials] to take these reasonable concrete measures to mitigate […] The post Judge orders Georgia to use paper records at polling places to avoid Election Day delays appeared first on CyberScoop. (CyberScoop)

IPO all over again: McAfee prepares for return to Nasdaq

More than two decades since its last initial public offering, McAfee is planning another one. The Silicon Valley cybersecurity giant filed Monday for an IPO on the Nasdaq, a move that would separate the company from buyout firm TPG, which spun off McAfee from Intel in 2017. McAfee set a placeholder valuation of $100 million for the IPO, but the actual number is expected to be about $8 billion. There is no guarantee the company will have a successful IPO, or raise that amount of money, even as investors pour funds into public firms at a breakneck pace. The IPO market is nearing the end of the busiest third quarter for deals since 2000, the Wall Street Journal reported. Another company with cybersecurity interests, the big-data firm Palantir, is set to begin trading Wednesday on the New York Stock Exchange. Intel had acquired McAfee in 2010 for $7.7 billion. In 2017, TPG took a […] The post IPO all over again: McAfee prepares for return to Nasdaq appeared first on CyberScoop. (CyberScoop)

Microsoft looks to expose espionage groups taking aim at NGOs, US politics

Foreign espionage groups, including those bent on undermining the U.S. political process, have targeted non-government organizations and think tanks more than any other sector in a bid to gather intelligence, according to new data from Microsoft. Of the thousands of notifications Microsoft made to customers about state-linked hacking activity from mid-2019 to mid-2020, NGOs accounted for 32% of those alerts, the company said in a report released Tuesday. And over 90% of those notifications have been outside of critical infrastructure sectors. The focus on targets outside Washington suggests hacking groups could be in search of softer targets during an election season when Democratic and Republican campaigns have enlisted more people and technology to protect their networks. Those changes came after suspected Russian military hackers breached the Democratic National Committee in 2016 and leaked emails aimed at damaging Hillary Clinton’s campaign. “At the national level and the leading campaigns, there’s a much higher degree of vigilance,” Microsoft’s Tom Burt told CyberScoop, comparing the state of […] The post Microsoft looks to expose espionage groups taking aim at NGOs, US politics appeared first on CyberScoop. (CyberScoop)

Putin To Trump: Let's Collude To Stop Election Hacking

(News ≈ Packet Storm)

Flightradar24 Hit By Third Cyber Attack In Two Days

(News ≈ Packet Storm)

These Hackers Spent Months Hiding Out In Company Networks Undetected

(News ≈ Packet Storm)

US Government Won't Detail How TikTok Is A Security Threat

(News ≈ Packet Storm)

Malicious Pop-up Redirects Baidu Traffic

Malicious pop-ups and redirects have become two extremely common techniques used by attackers to drive traffic wherever they want. \ During a recent investigation, we came across an obfuscated pop-up script leveraging baidu[.]com search results to redirect users to the attacker’s own domain. Below is the encoded JavaScript:

Once decoded, the behavior becomes a bit more clear:

A check occurs for the cookie clickund_expert before the script verifies if the browser is Chrome. Continue reading Malicious Pop-up Redirects Baidu Traffic at Sucuri Blog. (Sucuri Blog)

LIVE Webinar on Zerologon Vulnerability: Technical Analysis and Detection

I am sure that many of you have by now heard of a recently disclosed critical Windows server vulnerability—called Zerologon—that could let hackers completely take over enterprise networks. For those unaware, in brief, all supported versions of the Windows Server operating systems are vulnerable to a critical privilege escalation bug that resides in the Netlogon Remote Control Protocol for Domain (The Hacker News)

Why Web Browser Padlocks Shouldn’t Be Trusted

Popular ‘safe browsing’ padlocks are now passe as a majority of bad guys also use them. (Threatpost)

Zerologon Attacks Against Microsoft DCs Snowball in a Week

The attempted compromises, which could allow full control over Active Directory identity services, are flying thick and fast just a week after active exploits of CVE-2020-1472 were first flagged. (Threatpost)

The Network Perimeter: This Time, It’s Personal

Botnets and IoT devices are forming a perfect storm for IT staff wrestling with WFH employee security. (Threatpost)

Las Vegas Students’ Personal Data Leaked, Post-Ransomware Attack

A researcher said he discovered an open data cache with names, grades, birthdates and more, after the Clark County School District refused to pay the ransom. (Threatpost)

Telehealth Poll: How Risky Are Remote Doctor Visits?

Threatpost's latest poll probes telehealth security risks and asks for IT cures. (Threatpost)


/security-daily/ 30-09-2020 23:44:23