Security daily (30-09-2020)

Enhance programmatic access for IAM users using a YubiKey for multi-factor authentication

Organizations are increasingly providing access to corporate resources from employee laptops and are required to apply the correct permissions to these computing devices to make sure that secrets and sensitive data are adequately protected. The combination of Amazon Web Services (AWS) long-term credentials and a YubiKey security token for multi-factor authentication (MFA) is an option […] (AWS Security Blog)

Anthem to pay $39.5 million to states in latest settlement over 2015 hack

Anthem has agreed to pay $39.5 million in penalties and fees resulting from a sweeping 2015 cyberattack on the health insurer as part of a multi-state settlement, the company announced Wednesday. It’s the latest fallout from a major data breach that exposed data on some 79 million people, and which U.S. authorities have blamed on a Chinese hacker. The settlement, based on an investigation by attorneys general in over 40 states, requires Anthem to implement a security program that includes penetration-testing, and logging and monitoring of networks. It also bars Anthem from misrepresenting how the company protects its customers’ privacy and security, according to the New York attorney general’s office. “The company is pleased to have resolved this matter, which is the last open investigation related to the 2015 cyberattack,” Indianapolis-based Anthem said in a statement, adding that it has an “ongoing and consistent focus on protecting information.” The repercussions of the […] The post Anthem to pay $39.5 million to states in latest settlement over 2015 hack appeared first on CyberScoop. (CyberScoop)

ESET catches spyware posing as Telegram, Android messaging apps

A hacking group that typically spies on targets in the Middle East has updated its malware and is distributing it through bogus versions of popular messaging apps such as Telegram, researchers say. The malware has been circulating since May 2019, according to Slovakia-based antivirus company ESET, which identified it in collaboration with researchers at MalwareHunterTeam. ESET does not speculate about the intentions of the group, known as APT-C-23 or Two-tailed Scorpion, but in 2017 and 2018, other researchers linked it to the Palestinian organization Hamas. In most cases, victims are infected by visiting a fake app store, “DigitalApps,” containing both clean and malicious software, ESET said in findings published Wednesday. The malware was hidden in apps posing as Telegram, another messaging platform, Threema, and a utility labeled as AndroidUpdate. Users who downloaded the two messaging apps had the apps’ full functionality, but also were infected with malware, ESET says. By impersonating an encrypted […] The post ESET catches spyware posing as Telegram, Android messaging apps appeared first on CyberScoop. (CyberScoop)

How to Analyze Web Browser Extensions for Possible Malware & Other Malicious Activity

Browser extensions are extremely useful since they can expand web browsers like Google Chrome and Mozilla Firefox beyond their built-in features. However, we don't always know who's behind a browser add-on or what it's doing beyond what's advertised. That's where ExtAnalysis comes into play.

ExtAnalysis will unpack an extension so that we can see what's really going on inside. To start using it, you just need to use either Chrome or Firefox, as well as an extension you want to investigate for possible malicious background activities. We'll be examining a Firefox extension from a computer... more (Null Byte « WonderHowTo)

Senator Asks DHS If Foreign-Controlled Browser Extensions Threaten The US

(News ≈ Packet Storm)

Kylie Jenner Customers Hit By Shopify Data Breach

(News ≈ Packet Storm)

Anthem To Pay Nearly $40 Million To Settle Data Breach Probe

(News ≈ Packet Storm)

$15 Million Business Email Scam In The US Exposed

(News ≈ Packet Storm)

Cisco Issues Patches For 2 High-Severity IOS XR Flaws Under Active Attacks

Cisco yesterday released security patches for two high-severity vulnerabilities affecting its IOS XR software that were found exploited in the wild a month ago.Tracked as CVE-2020-3566 and CVE-2020-3569, details for both zero-day unauthenticated DoS vulnerabilities were made public by Cisco late last month when the company found hackers actively exploiting Cisco IOS XR Software that is installed (The Hacker News)

Chinese APT Group Targets Media, Finance, and Electronics Sectors

Cybersecurity researchers on Tuesday uncovered a new espionage campaign targeting media, construction, engineering, electronics, and finance sectors in Japan, Taiwan, the U.S., and China. Linking the attacks to Palmerworm (aka BlackTech) — likely a China-based advanced persistent threat (APT) — Symantec's Threat Hunter Team said the first wave of activity associated with this campaign began last (The Hacker News)

Researchers Uncover Cyber Espionage Operation Aimed At Indian Army

Cybersecurity researchers uncovered fresh evidence of an ongoing cyberespionage campaign against Indian defense units and armed forces personnel at least since 2019 with an aim to steal sensitive information. Dubbed "Operation SideCopy" by Indian cybersecurity firm Quick Heal, the attacks have been attributed to an advanced persistent threat (APT) group that has successfully managed to stay (The Hacker News)

OAuth Consent Phishing Ramps Up with Microsoft Office 365 Attacks

Attackers gain read-only permissions to snoop around Office 365 accounts, including emails, contacts and more. (Threatpost)

Android Spyware Variant Snoops on WhatsApp, Telegram Messages

The Android malware comes from threat group APT-C-23, also known as Two-Tailed Scorpion and Desert Scorpion. (Threatpost)

Facebook Small Business Grants Spark Identity-Theft Scam

The cybercrooks spread the COVID-19 relief scam via Telegram and WhatsApp, and ultimately harvest account credentials and even pics of IDs. (Threatpost)

Microsoft Exchange Servers Still Open to Actively Exploited Flaw

Despite Microsoft issuing patches almost eight months ago, 61 percent of Exchange servers are still vulnerable. (Threatpost)


/security-daily/ 01-10-2020 23:44:21