Security daily (30-09-2021)

Enable Security Hub PCI DSS standard across your organization and disable specific controls

At this time, enabling the PCI DSS standard from within AWS Security Hub enables this compliance framework only within the Amazon Web Services (AWS) account you are presently administering. This blog post showcases a solution that can be used to customize the configuration and deployment of the PCI DSS standard compliance standard using AWS Security […] (AWS Security Blog)

The FCC wants to force phone carriers to guard against SIM-swapping scams

The Federal Communications Commission proposed rules Thursday aimed at curbing the threat of attacks in which cybercriminals use a victim’s personal information to steal their phone number and swap it into a scammer-controlled device, a technique known as “SIM-swapping” or “port-out fraud.” Specifically, the proposed rule would amend the rules regarding porting numbers from one account or phone to another to include a requirement that carriers “adopt secure methods of authenticating a customer.” The draft rule also proposes that careers be required to immediately notify customers of any request to swap or port-out their number. Scammers can use such access to reset or takeover other accounts, including social media profiles or financial accounts. The FCC did not publicly rlease the rules by press time Thursday. The agency declined to comment on how the rule will define “secure methods.” SIM-swapping can give cybercriminals more than access to vctims’ messages or calls. […] The post The FCC wants to force phone carriers to guard against SIM-swapping scams appeared first on CyberScoop. (CyberScoop)

Increase cyber resiliency with modern data backup and recovery solutions

Ransomware attacks are a growing concern across both public and private sectors. With new operating system vulnerabilities continually being discovered — and variants of malicious code regularly being developed — keeping up a frontline defense against cyberthreats is an overwhelming task. That is why security leaders recommend that integrating data backup and recovery solutions as a part of any organization’s multi-layered cybersecurity strategy. A recent white paper from Veritas Technologies leans on recommendations from the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework to lay out best practices for a comprehensive data backup strategy. That includes adding capabilities like vision management, identity and access management, immutable storage and data encryption.  When looking for the best data backup and recovery solution, the report recommends that leaders ask themselves some key questions about the vendor they choose to align with, such as: Does the solution provide ransomware resiliency at the core, at the […] The post Increase cyber resiliency with modern data backup and recovery solutions appeared first on CyberScoop. (CyberScoop)

Hackers posed as Amnesty International, promising anti-spyware tool that actually collects passwords

Fraudsters are posing as human rights group Amnesty International to trick individuals into downloading malicious software, researchers at Cisco’s threat intelligence unit Talos report. Masquerading as the human rights group, hackers registered multiple domains using variations on the Amnesty name to advertise a demo for “Amnesty Anti Pegasus” software that could allegedly scan devices for the NSO Group spyware, which Amnesty has closely examined. The malware had a realistic-looking “Anti Pegasus” user interface. In fact, victims downloaded Sarwent, a malicious software that gives attackers a backdoor to a victim’s machine. Hackers can use that access to download and execute other malicious tools as well as exfiltrate data such as passwords. The campaign preys on growing concerns around the threat of spyware. Human rights advocates have long criticized the NSO Group for the use of its technology by governments to spy on activists, dissidents and journalists. A sweeping July report by […] The post Hackers posed as Amnesty International, promising anti-spyware tool that actually collects passwords appeared first on CyberScoop. (CyberScoop)

S3 Ep52: Let’s Encrypt, Outlook leak, and VMware exploit [Podcast]

Latest episode - listen now! (Naked Security)

How to steal money via Apple Pay using the “Express Transit” feature

Could a rogue vendor with a dodgy payment terminal rip you off via Apple Pay? Maybe. Here's what to do about it. (Naked Security)

Conti Ransomware Expands Ability To Blow Up Backups

(News ≈ Packet Storm)

Anonymous Has Leaked Disk Images From Epik

(News ≈ Packet Storm)

Apple AirTags Can Be Weaponized For XSS Attacks

(News ≈ Packet Storm)

Fears Surrounding Pegasus Spyware Prompt New Trojan Campaign

(News ≈ Packet Storm)

Update Google Chrome ASAP to Patch 2 New Actively Exploited Zero-Day Flaws

Google on Thursday pushed urgent security fixes for its Chrome browser, including a pair of new security weaknesses that the company said are being exploited in the wild, making them the fourth and fifth actively zero-days plugged this month alone. The issues, designated as CVE-2021-37975 and CVE-2021-37976, are part of a total of four patches, and concern a use-after-free flaw in V8 JavaScript (The Hacker News)

New Azure AD Bug Lets Hackers Brute-Force Passwords Without Getting Caught

Cybersecurity researchers have disclosed an unpatched security vulnerability in the protocol used by Microsoft Azure Active Directory that potential adversaries could abuse to stage undetected brute-force attacks. "This flaw allows threat actors to perform single-factor brute-force attacks against Azure Active Directory (Azure AD) without generating sign-in events in the targeted organization's (The Hacker News)

Incentivizing Developers is the Key to Better Security Practices

Professional developers want to embrace DevSecOps and write secure code, but their organizations need to support this seachange if they want that effort to grow. The cyber threat landscape is becoming more complex by the day. Attackers are constantly scanning networks for vulnerable applications, programs, cloud instances, and the latest flavor of the month is APIs, widely considered an easy win (The Hacker News)

New Tomiris Backdoor Found Linked to Hackers Behind SolarWinds Cyberattack

Cybersecurity researchers on Wednesday disclosed a previously undocumented backdoor likely designed and developed by the Nobelium advanced persistent threat (APT) behind last year's SolarWinds supply chain attack, joining the threat actor's ever-expanding arsenal of hacking tools. Moscow-headquartered firm Kaspersky codenamed the malware "Tomiris," calling out its similarities to another (The Hacker News)

Cybersecurity Firm Group-IB's CEO Arrested Over Treason Charges in Russia

Russian authorities on Wednesday arrested and detained Ilya Sachkov, the founder of cybersecurity firm Group-IB, for two months in Moscow on charges of state treason following a search of its office on September 28. The Russian company, which is headquartered in Singapore, confirmed the development but noted the "reason for the search was not yet clear," adding "The decentralized infrastructure (The Hacker News)

Google Emergency Update Fixes Two Chrome Zero Days

This is the second pair of zero days that Google's fixed this month, all four of which have been actively exploited in the wild. (Threatpost)

Military’s RFID Tracking of Guns May Endanger Troops

RFID gun tags leave the military exposed to tracking, sniffing and spoofing attacks, experts say.   (Threatpost)

Tips & Tricks for Unmasking Ghoulish API Behavior

Jason Kent, hacker-in-residence at Cequence Security, discusses how to track user-agent connections to mobile and desktop APIs, to spot malicious activity. (Threatpost)

Baby’s Death Alleged to Be Linked to Ransomware

Access to heart monitors disabled by the attack allegedly kept staff from spotting blood & oxygen deprivation that led to the baby's death. (Threatpost)

Innovative Proxy Phantom ATO Fraud Ring Haunts eCommerce Accounts

The group uses millions of password combos at the rate of nearly 2,700 login attempts per minute with new techniques that push the ATO envelope. (Threatpost)

Apple Pay with Visa Hacked to Make Payments via Locked iPhones

Researchers have demonstrated that someone could use a stolen, locked iPhone to pay for thousands of dollars of goods or services, no authentication needed. (Threatpost)


/security-daily/ 01-10-2021 23:44:22