29-06-202101-07-2021

Security daily (30-06-2021)

AWS Security Reference Architecture: A guide to designing with AWS security services

Amazon Web Services (AWS) is happy to announce the publication of the AWS Security Reference Architecture (AWS SRA). This is a comprehensive set of examples, guides, and design considerations that you can use to deploy the full complement of AWS security services in a multi-account environment that you manage through AWS Organizations. The architecture and […] (AWS Security Blog)

Feds use gag orders to collect cloud data in secret, Microsoft executive tells Congress

The Justice Department is abusing secret subpoenas to collect cloud user data at alarming rates, a top Microsoft executive testified in front of the House Judiciary Committee on Wednesday. Tom Burt, Microsoft’s vice president of customer security and trust, told lawmakers that the company currently receives between 2,400 to 3,500 secrecy orders each year. That’s roughly a third of the total number of requests that federal law enforcement sends to Microsoft, and it’s a number that has grown as more companies and organizations rely on cloud providers to serve as their virtual offices. The hearing comes on the heels of a revelation earlier this month that the Justice Department had used such gag orders to secretly subpoena Microsoft and Apple for data from two members of Congress, Capitol Hill staffers and some family members. “If law enforcement wants to secretly search someone’s physical office, it must meet a heightened burden […] The post Feds use gag orders to collect cloud data in secret, Microsoft executive tells Congress appeared first on CyberScoop. (CyberScoop)

SolarWinds hackers had access to Denmark's central bank, report says

A group of Russian hackers is accused of compromising a Danish bank in the latest example of fallout involving cyber-espionage emanating from Moscow, according to a European media outlet that cites documents related to the incident. Denmark’s central bank, or Danmarks Nationalbank, was compromised by the same spies who used software made by the U.S. federal contractor SolarWinds to breach nine U.S. government agencies and dozens of companies, Version 2, a Danish new site, reported Tuesday. By leveraging the SolarWinds technology, hackers infiltrated the company’s partners and clients, spending at least seven months inside the networks of the Danish financial institution, the site reported based on internal emails sent to the bank from outside investigators. Bank officials disputed the Verison 2 report, saying in a statement that the notion hackers had a backdoor into the organization for seven months is incorrect. Investigators have suggested that the Russian hacking group known […] The post SolarWinds hackers had access to Denmark's central bank, report says appeared first on CyberScoop. (CyberScoop)

International cops seize DoubleVPN, a service allegedly meant to shield ransomware attacks from investigators

A security tool that hackers used to disguise their ransomware attacks, email scams and other nefarious activity is offline following a global law enforcement action. Servers and web domains belonging to DoubleVPN, a virtual private network (VPN), were seized during an investigation by the Dutch National Police, the FBI, the U.K.’s National Crime Agency and Europol, authorities said Wednesday. Accused cybercriminals advertised DoubleVPN throughout Russian and English-speaking hacker markets as a means of helping customers hide their location and internet traffic from police for prices as low as $25. “Law enforcement gained access to the servers of DoubleVPN and seized personal information, logs and statistics kept by DoubleVPN about all of its customers,” a seizure notice on the site advised. “DoubleVPN’s owners failed to provide the services they promised.” The police announcement did not identify the specific ransomware gangs that allegedly used DoubleVPN. Internet users throughout the world rely on […] The post International cops seize DoubleVPN, a service allegedly meant to shield ransomware attacks from investigators appeared first on CyberScoop. (CyberScoop)

PrintNightmare, the zero-day hole in Windows – here’s what to do

All bugs are equal. But some bugs are more equal than others. (Naked Security)

Colombian police arrest Gozi malware suspect after 8 years at large

Safe at home, apparently, but not so safe overseas. (Naked Security)

Police warn of WhatsApp scams in time for Social Media Day

Happy Social Media Day! Make it a day to review whether your social media security really is up to scratch. (Naked Security)

Microsoft Executive Says U.S. Overuses Secret Orders For Americans' Data

(News ≈ Packet Storm)

This VPN Service Used By Ransomware Gangs Was Just Taken Down By Police

(News ≈ Packet Storm)

You Can Hijack Google Cloud VMs Using DHCP Floods

(News ≈ Packet Storm)

Cobalt Strike Usage Explodes Among Cybercrooks

(News ≈ Packet Storm)

Feds Told To Better Manage Facial Recognition

(News ≈ Packet Storm)

Online Credit Card Theft – A Brief Overview of Online Fraud and Abuse – Part 2

In my previous post about ecommerce credit card swipers I described the general overview of the online ecommerce environment as well as some of the reasons behind why websites become compromised with this type of malware. In this post I will go into some more detail of the taxonomy of web-based credit card swipers, review some good online resources on vulnerabilities as well as some steps to protect yourself, your website and your customers. Different Types of Swipers Now that we have reviewed the broader ecommerce web environment in the previous post, let’s take a look at some actual swipers and the different “flavours” that they come in. Continue reading Online Credit Card Theft – A Brief Overview of Online Fraud and Abuse – Part 2 at Sucuri Blog. (Sucuri Blog)

Microsoft Discloses Critical Bugs Allowing Takeover of NETGEAR Routers

Cybersecurity researchers have detailed critical security vulnerabilities affecting NETGEAR DGN2200v1 series routers, which they say could be reliably abused as a jumping-off point to compromise a network's security and gain unfettered access. The three HTTPd authentication security weaknesses (CVSS scores: 7.1 – 9.4) impact routers running firmware versions prior to v1.0.0.60, and have since (The Hacker News)

Authorities Seize DoubleVPN Service Used by Cybercriminals

A coordinated international law enforcement operation resulted in the takedown of a VPN service called DoubleVPN for providing a safe haven for cybercriminals to cover their tracks. "On 29th of June 2021, law enforcement took down DoubleVPN," the agencies said in a seizure notice splashed on the now-defunct site. "Law enforcement gained access to the servers of DoubleVPN and seized personal (The Hacker News)

[Webinar] How Cyber Attack Groups Are Spinning a Larger Ransomware Web

Organizations today already have an overwhelming number of dangers and threats to look out for, from spam to phishing attempts to new infiltration and ransomware tactics. There is no chance to rest, since attack groups are constantly looking for more effective means of infiltrating and infecting systems. Today, there are hundreds of groups devoted to infiltrating almost every industry, (The Hacker News)

Researchers Leak PoC Exploit for a Critical Windows RCE Vulnerability

A proof-of-concept (PoC) exploit related to a remote code execution vulnerability affecting Windows Print Spooler and patched by Microsoft earlier this month was briefly published online before being taken down. Identified as CVE-2021-1675, the security issue could grant remote attackers full control of vulnerable systems. Print Spooler manages the printing process in Windows, including loading (The Hacker News)

GitHub Launches 'Copilot' — AI-Powered Code Completion Tool

GitHub on Tuesday launched a technical preview of a new AI-powered pair programming tool that aims to help software developers write better code across a variety of programming languages, including Python, JavaScript, TypeScript, Ruby, and Go. Copilot, as the code synthesizer is called, has been developed in collaboration with OpenAI, and leverages Codex, a new AI system that's trained on (The Hacker News)

Cisco ASA Flaw Under Active Attack After PoC Exploit Posted Online

A security vulnerability in Cisco Adaptive Security Appliance (ASA) that was addressed by the company last October, and again earlier this April, has been subjected to active in-the-wild attacks following the release of proof-of-concept (PoC) exploit code. The PoC was published by researchers from cybersecurity firm Positive Technologies on June 24, following which reports emerged that attackers (The Hacker News)

SolarWinds Hackers Breach Microsoft Customer Support to Target its Customers

In yet another sign that the Russian hackers who breached SolarWinds network monitoring software to compromise a slew of entities never really went away, Microsoft said the threat actor behind the malicious cyber activities used password spraying and brute-force attacks in an attempt to guess passwords and gain access to its customer accounts. "This recent activity was mostly unsuccessful, and (The Hacker News)

Indexsinas SMB Worm Campaign Infests Whole Enterprises

The self-propagating malware's attack chain is complex, using former NSA cyberweapons, and ultimately drops cryptominers on targeted machines. (Threatpost)

Why MTTR is Bad for SecOps

Kerry Matre, senior director at Mandiant, discusses the appropriate metrics to use to measure SOC and analyst performance, and how MTTR leads to bad behavior. (Threatpost)

29-06-202101-07-2021

/security-daily/ 01-07-2021 23:44:22