30-03-202101-04-2021

Security daily (31-03-2021)

7 ways to improve security of your machine learning workflows

In this post, you will learn how to use familiar security controls to build more secure machine learning (ML) workflows. The ideal audience for this post includes data scientists who want to learn basic ways to improve security of their ML workflows, as well as security engineers who want to address threats specific to an […] (AWS Security Blog)

Mayorkas pledges to modernize US cyber-defenses after their failure to detect alleged Russian spies

A suspected Russian hacking campaign exposed glaring shortcomings in the U.S. government’s approach to cybersecurity, Homeland Security Secretary Alejandro Mayorkas said Wednesday while promising to harness federal resources to improve public and private-sector defenses. Mayorkas pledged to improve nearly every major facet of DHS’s cybersecurity work, from helping federal agencies recover from hacks to thwarting them in the first place. Part of that will come through an executive order President Joe Biden is expected to release soon to tighten security requirements for federal agencies and the software vendors that supply them. “Our government got hacked last year and we didn’t know about it for months,” Mayorkas said at the RSA Conference. “This incident is one of many that underscores the need for the federal government to modernize cybersecurity defenses and deepen our partnerships,” Mayorkas said, referring to the alleged Russian spying operation exploiting contractor SolarWinds and other vendors that U.S. […] The post Mayorkas pledges to modernize US cyber-defenses after their failure to detect alleged Russian spies appeared first on CyberScoop. (CyberScoop)

DeepDotWeb boss pleads guilty to laundering millions

The administrator of a website that served as a gateway to dark web marketplaces for purchasing heroin, firearms and hacking tools pleaded guilty to money laundering charges on Wednesday. The Justice Department said that Tal Prihar administered DeepDotWeb, where he received $8.4 million in kickbacks from dark web marketplaces for providing prospective customers with direct links to those sites, which sold illegal goods but weren’t easily found via search engines. When law enforcement indicted Prihar and an alleged co-conspirator in 2019, authorities hailed it as “the single most significant law enforcement disruption of the Darknet to date.” French law enforcement captured Prihar, an Israeli native who had lived in Brazil. Israeli law enforcement arrested the alleged co-owner of the site, Michael Phan, who handled day-to-day operations. U.S. authorities previously seized DeepDotWeb. “For six years, DeepDotWeb was a gateway to facilitate the illegal purchase of items to include dangerous drugs, weapons, […] The post DeepDotWeb boss pleads guilty to laundering millions appeared first on CyberScoop. (CyberScoop)

Suspected North Korean hackers set up fake company to target researchers, Google says

North Korean-linked hackers have set up a fake security company and social media accounts as part of a broad campaign targeting cybersecurity researchers with malware, according to Google research published Wednesday. Hackers have leveraged at least two fake accounts on LinkedIn that impersonate recruiters appearing to be from antivirus software and security companies, Google said. One of the recruiters, supposedly named “Carter Edwards,” works at a company allegedly named “Trend Macro,” which someone quickly searching for a new information security job may confuse with the legitimate security firm Trend Micro. The campaign also relies on a smattering of Twitter accounts. The fake Turkey-based company, which the hackers call “SecuriElite,” claims to be based in Turkey and focused on offensive security, penetration tests, software security assessments and exploits, according to Google. The hackers set up the apparent company in March, Google said. The Twitter account that appears to be linked with the […] The post Suspected North Korean hackers set up fake company to target researchers, Google says appeared first on CyberScoop. (CyberScoop)

The latest malware hiding in video game cheat codes

Gamers have long used cheat codes to enhance their performance in video games. But buyer beware — hackers have recently been lacing malware in video game cheat codes that could allow attackers to hack victims’ microphones or web cameras, according to Cisco Talos research published Wednesday. The campaign, which appears to have targeted video game players and PC modders, features malware hidden in seemingly legitimate files that users can download to run game patches, tweaks or modding tools. The malware hackers have used in this campaign, XtremeRAT, can capture audio or video through victims’ microphones or web cameras, take screenshots, upload and download files or log keystrokes. The victims involved in this campaign have generally accessed the booby-trapped downloads from YouTube videos about game cheats or social media forums about specific games of interest, Cisco Talos said. “This goes to show how dangerous it is to install random software from questionable sources,” […] The post The latest malware hiding in video game cheat codes appeared first on CyberScoop. (CyberScoop)

US to publish details on suspected Russian hacking tools used in SolarWinds espionage

U.S. military and security officials are preparing to publish one of their most detailed analyses yet of the hacking tools used by suspected Russian spies in a campaign that the Biden administration has labeled a national security threat. The “malware analysis report” from U.S. Cyber Command and the Department of Homeland Security, which CyberScoop obtained, spotlights 18 pieces of malicious code allegedly used by Russian hackers, who exploited software made by the federal contractor SolarWinds and other vendors on their way to infiltrating nine U.S. government agencies and 100 companies. The report sheds light on a historic espionage campaign that U.S. officials have, at times, been cautious to publicly detail. It’s an analysis from U.S. government cybersecurity specialists of how the alleged Russian operatives moved from network to network, and builds on private sector reporting. Cyber Command and DHS’s Cybersecurity and Infrastructure Security Agency said the goal of the release […] The post US to publish details on suspected Russian hacking tools used in SolarWinds espionage appeared first on CyberScoop. (CyberScoop)

FBI alert on Egregor ransomware highlighted affiliate cybercrime model

An emerging strain of ransomware that was the subject of a recent FBI report is relying on an extortion technique in which attackers publish stolen data to a public website in the event that a victim organization refuses to meet hackers’ demands.  The Federal Bureau of Investigation in January warned that the gang behind the Egregor ransomware, first detected in September 2020, would compromise a victim’s network, then order a victim to print a physical copy of a ransom note spelling out a demand to pay a specific fee, otherwise risk their stolen data being made public. French and Ukrainian police took action against hackers who used the Egregor malware in February, reportedly arresting “several” suspects.  In its advisory, the bureau said that attackers can rent Egregor as a ransomware-as-a-service malware, and that it relies on other hacking tools as part of an affiliate model. Egregor frequently comes packaged with […] The post FBI alert on Egregor ransomware highlighted affiliate cybercrime model appeared first on CyberScoop. (CyberScoop)

How alleged Iranian hackers are posing as an Israeli scientist to spy on US medical professionals

Suspected Iranian hackers have impersonated a well-known Israeli physicist as part of a broader campaign to break into the email accounts of some two-dozen medical researchers in Israel and the U.S., email security firm Proofpoint said Wednesday.   The intrusion attempts — carefully crafted efforts to spy on senior medical professionals in the genetic, neurology and oncology fields — are the handiwork of the Charming Kitten hacking group, Proofpoint said. A 2019 U.S Justice Department indictment linked the group to the Iranian military. The phishing campaign shows how, more than a decade after the Stuxnet worm’s infiltration of an Iranian nuclear facility, hacking is still central to the high-stakes spying game between Iran, Israel and the U.S. And it is but one of several recent examples, including the targeting of the 2020 U.S. election, of how Iranian hackers are capable of threatening U.S. interests.     In this case, the suspected Iranian […] The post How alleged Iranian hackers are posing as an Israeli scientist to spy on US medical professionals appeared first on CyberScoop. (CyberScoop)

Hacker Exploits Bug In Doom To Run Snake

(News ≈ Packet Storm)

Iranian Credential Thieves Target Medical Researchers

(News ≈ Packet Storm)

Ziggy Ransomware Gang Offers Refunds To Victims

(News ≈ Packet Storm)

Amazon Tweets Trolling Congress Were So Bad That IT Thought Account Was Hacked

(News ≈ Packet Storm)

The Importance of Website Backups

Today is World Backup Day. This date was created to remind people of the importance of having backups set up for everything that matters. I am pretty sure your website falls into the category of precious digital assets.   Why are website backups important?  Imagine waking up in the morning to see that a couple of calls were missed and your email is overloaded with messages saying that your website is down. You go to your computer to check your server and it’s working fine – but oh no,  all your files are deleted from the database. Continue reading The Importance of Website Backups at Sucuri Blog. (Sucuri Blog)

Decided to move on from your NGAV/EDR? A Guide for Small Security Teams to What's Next

You're fully aware of the need to stop threats at the front door and then hunt any that got through that first gate, so your company installed an EPP/ EDR solution. But like most companies, you've already come across its shortcoming – and these are amplified since you have a small security team. More than likely, you noticed that it has its share of detection blind spots and limitations for (The Hacker News)

Hackers are implanting multiple backdoors at industrial targets in Japan

Cybersecurity researchers on Tuesday disclosed details of a sophisticated campaign that deploys malicious backdoors for the purpose of exfiltrating information from a number of industry sectors located in Japan. Dubbed "A41APT" by Kaspersky researchers, the findings delve into a new slew of attacks undertaken by APT10 (aka Stone Panda or Cicada) using previously undocumented malware to deliver (The Hacker News)

Apple, Google Both Track Mobile Telemetry Data, Despite Users Opting Out

Google’s Pixel and Apple’s iPhone both in privacy hot seat for siphoning mobile device data without consent. (Threatpost)

Fraud Ring Launders Money Via Fake Charity Donations

The Cart Crasher gang is testing stolen payment cards while cleaning ill-gotten funds. (Threatpost)

Child Tweets Gibberish from U.S. Nuke Account

Telecommuting social-media manager for the U.S. Strategic Command left the laptop open and unsecured while stepping away. (Threatpost)

APT Charming Kitten Pounces on Medical Researchers

Researchers uncover a credential-stealing campaign targeting genetic, neurology and oncology professionals. (Threatpost)

30-03-202101-04-2021

/security-daily/ 01-04-2021 23:44:23