Security daily (29-09-2021)

Validate IAM policies in CloudFormation templates using IAM Access Analyzer

In this blog post, I introduce IAM Policy Validator for AWS CloudFormation (cfn-policy-validator), an open source tool that extracts AWS Identity and Access Management (IAM) policies from an AWS CloudFormation template, and allows you to run existing IAM Access Analyzer policy validation APIs against the template. I also show you how to run the tool […] (AWS Security Blog)

Securely extend and access on-premises Active Directory domain controllers in AWS

If you have an on-premises Windows Server Active Directory infrastructure, it’s important to plan carefully how to extend it into Amazon Web Services (AWS) when you’re migrating or implementing cloud-based applications. In this scenario, existing applications require Active Directory for authentication and identity management. When you migrate these applications to the cloud, having a locally […] (AWS Security Blog)

'Almost every nation' now has cyber vulnerability exploitation program, NSA official says

Nearly every country on the planet now has a program to exploit digital vulnerabilities, a top National Security Agency cyber official said Wednesday, and while most are focused on espionage, more are beginning to experiment with more aggressive techniques. Rob Joyce, director of cybersecurity at the NSA, said there’s a lot of focus on China, Iran, North Korea and Russia, but those countries, which he described as the “big four,” are not the only nations weaponizing technology. “Almost every nation in the world now has a cyber exploitation program. The vast majority of those are used for espionage and intelligence purposes,” Joyce said at the Aspen Cyber Summit. “There is interest in dabbling in offensive cyber and outcomes.” Even some smaller nations have proven to be advanced, Joyce said. It’s just that they’re usually more confined in how they pursue their national interests, by things like the amount of money […] The post 'Almost every nation' now has cyber vulnerability exploitation program, NSA official says appeared first on CyberScoop. (CyberScoop)

Ransomware gangs are starting more drama on cybercrime forums, upending 'honor among thieves' conventions

When ransomware group REvil reappeared in September after a nearly two-month downtime, its return was met with a less-than-friendly reception on the cybercriminal underground. Before going dark, the Russia-based gang attracted attention from the White House for two attacks that disrupted U.S. supply chains: the May breach at global meat supplier JBS that netted a reported $11 million payment, and a July hack on the software company Kaseya that immobilized hundreds of clients, some for months. REvil’s sudden disappearance left hackers that had been leasing out the group’s ransomware tools to conduct their own attacks, also known as affiliates, in the lurch. Almost immediately, several affiliates opened arbitration cases against the group on illicit forums. One hacker “Boriselcin” claimed on the XSS forum that REvil owed him money before it disappeared. While the two parties quickly resolved the case, not all disputes end so quietly, according to researchers who study dark web […] The post Ransomware gangs are starting more drama on cybercrime forums, upending 'honor among thieves' conventions appeared first on CyberScoop. (CyberScoop)

Russia arrests Group-IB CEO Illya Sachkov on reported treason charges

Russian authorities have arrested the head of a prominent cybersecurity firm on charges of treason and will keep him in custody for two months, a Moscow court said Wednesday. The Lefortovo District Court of Moscow ordered the arrest of Illya Sachkov, the chief executive of Group-IB, on charges of high treason, the Russian news agency TASS reported. Law enforcement also raided the company’s offices in Moscow. While the exact circumstances of the case remain unclear, Sachkov appears to be charged with transferring intelligence data to special services outside Russia, TASS reported. The CEO has reportedly denied any wrongdoing. In a statement, the company said it is confident in Sachkov’s innocence, and that co-founder Dmitry Volkov will assume leadership during his detention. The firm declined to comment on the charges, citing “ongoing procedural activities.” Group-IB works as a global security vendor known in part for its role in investigating international scammers, […] The post Russia arrests Group-IB CEO Illya Sachkov on reported treason charges appeared first on CyberScoop. (CyberScoop)

Google Launches Rewards Program For Tsunami

(News ≈ Packet Storm)

Cryptocurrency Expert Admits Aiding North Korea

(News ≈ Packet Storm)

Weaponized Telegram Bots Compromise PayPal Accounts

(News ≈ Packet Storm)

German IT Security Watchdog Examines Xiaomi Phone

(News ≈ Packet Storm)

Facebook Releases New Tool That Finds Security and Privacy Bugs in Android Apps

Facebook on Wednesday announced it's open-sourcing Mariana Trench, an Android-focused static analysis platform the company uses to detect and prevent security and privacy bugs in applications created for the mobile operating system at scale. "[Mariana Trench] is designed to be able to scan large mobile codebases and flag potential issues on pull requests before they make it into production," the (The Hacker News)

Beware! This Android Trojan Stole Millions of Dollars from Over 10 Million Users

A newly discovered "aggressive" mobile campaign has infected north of 10 million users from over 70 countries via seemingly innocuous Android apps that subscribe the individuals to premium services costing €36 (~$42) per month without their knowledge. Zimperium zLabs dubbed the malicious trojan "GriftHorse." The money-making scheme is believed to have been under active development starting from (The Hacker News)

[eBook] Your First 90 Days as CISO — 9 Steps to Success

Chief Information Security Officers (CISOs) are an essential pillar of an organization’s defense, and they must account for a lot. Especially for new CISOs, this can be a daunting task. The first 90 days for a new CISO are crucial in setting up their security team, so there is little time to waste, and much to accomplish.  Fortunately. A new guide by XDR provider Cynet (download here) looks to (The Hacker News)

Hackers Targeting Brazil's PIX Payment System to Drain Users' Bank Accounts

Two newly discovered malicious Android applications on Google Play Store have been used to target users of Brazil's instant payment ecosystem in a likely attempt to lure victims into fraudulently transferring their entire account balances into another bank account under cybercriminals' control. "The attackers distributed two different variants of banking malware, named PixStealer and MalRhino, (The Hacker News)

New FinSpy Malware Variant Infects Windows Systems With UEFI Bootkit

Commercially developed FinFisher surveillanceware has been upgraded to infect Windows devices using a UEFI (Unified Extensible Firmware Interface) bootkit that leverages a trojanized Windows Boot Manager, marking a shift in infection vectors that allow it to elude discovery and analysis. Detected in the wild since 2011, FinFisher (aka FinSpy or Wingbird) is a spyware toolset for Windows, macOS, (The Hacker News)

Keep Attackers Out of VPNs: Feds Offer Guidance

The NSA and CISA issued recommendations on choosing and hardening VPNs to prevent nation-state APTs from weaponizing flaws & CVEs to break into protected networks. (Threatpost)

Apple AirTag Zero-Day Weaponizes Trackers

Apple's personal item-tracker devices can be used to deliver malware, slurp credentials, steal tokens and more thanks to XSS. (Threatpost)


/security-daily/ 30-09-2021 23:44:22