Security daily (31-08-2020)

New third-party test compares Amazon GuardDuty to network intrusion detection systems

A new whitepaper is available that summarizes the results of tests by Foregenix comparing Amazon GuardDuty with network intrusion detection systems (IDS) on threat detection of network layer attacks. GuardDuty is a cloud-centric IDS service that uses Amazon Web Services (AWS) data sources to detect a broad range of threat behaviors. Security engineers need to […] (AWS Security Blog)

The FBI's digital security guide for local police actually has good OPSEC advice

An FBI cybersecurity guide instructs local police officers on how to avoid surveillance and harassment online amid ongoing protests against police brutality throughout the U.S. The instructions include a range of advisories for smaller police agencies, ranging from ways to avoid harassment on Facebook to the best methods for removing personal information from publicly available databases. The 354-page document, titled “Digital Exhaust Opt Out Guide,” was released publicly in June as part of the BlueLeaks data dump, a trove of law enforcement materials made public by transparency activists calling themselves Distributed Denial of Secrets. Federal authorities have distributed the guidelines to local police fusion centers — the state-operated hubs where federal, state, local and other law enforcement agencies share threat information and training tools — amid protests over the death of George Floyd and other unarmed Black Americans at the hands of police. A number of other advisories shared through […] The post The FBI's digital security guide for local police actually has good OPSEC advice appeared first on CyberScoop. (CyberScoop)

UK man arrives to face charges in US after alleged $2 million email scam

A man charged as part of a business email compromise money laundering scheme that allegedly defrauded victims out of $2 million over the course of at least six years is set to face a judge in U.S. court in the Southern District of New York. The man, Habeeb Audu, who is a dual citizen of Nigeria and the U.K., was extradited from London last week for his alleged involvement in multiple money laundering and fraud scams, some of which leveraged information stolen during previous business email compromises, according to the U.S. Department of Justice. Audu plans to “deny the charges and fight the case,” Audu’s attorney told CyberScoop in a phone call Monday. One of the operations in which Audu was allegedly involved ran from 2013 to 2018. Audu and several co-conspirators duped banks into giving them access to victim bank accounts to steal money, according to the Justice Department. They did so by using stolen personal information to […] The post UK man arrives to face charges in US after alleged $2 million email scam appeared first on CyberScoop. (CyberScoop)

Democrats furious after intelligence officials cancel in-person election security briefings

The Office of the Director of National Intelligence on Friday said it would provide election-security information to Congress through written materials rather than in-person briefings, sparking outrage among Democrats just two months before the presidential election. In letters to the House and Senate intelligence committees, among others, Director of National Intelligence John Ratcliffe said his office would provide lawmakers with “written finished intelligence products” on foreign threats to the election to prevent leaks of classified information and ensure the materials aren’t “misunderstood” or “politicized.” The move highlights the partisan fight over election security material as U.S. officials warn that Russia is once again interfering in the electoral process for the benefit of President Donald Trump. After one routine election-security briefing for lawmakers in February in which an intelligence official said Russia had a preference for Trump, the president was reportedly irate that Democrats received the information before he did. Trump […] The post Democrats furious after intelligence officials cancel in-person election security briefings appeared first on CyberScoop. (CyberScoop)

Monday review – catch up on our latest articles and videos

Our recent articles and videos, all in one place. (Naked Security)

Ex-Cisco Employee Pleads Guilty To Deleting 16K Webex Teams Accounts

(News ≈ Packet Storm)

DoJ Aims To Seize 280 Cryptocurrency Accounts Used By Hackers

(News ≈ Packet Storm)

Cisco Warns Of Actively Exploited IOS XR Zero Day

(News ≈ Packet Storm)

Malicious npm Package Caught Stealing Discord / Browser Files

(News ≈ Packet Storm)

Apple Accidentally Notarizes Shlayer Malware Used in Adware Campaign

The notarized malware payloads were discovered in a recent MacOS adware campaign, disguised as Adobe Flash Player updates. (Threatpost)

Charming Kitten Returns with WhatsApp, LinkedIn Effort

The Iran-linked APT is targeting Israeli scholars and U.S. government employees in a credential-stealing effort. (Threatpost)

Stolen Fortnite Accounts Earn Hackers Millions Per Year

More than 2 billion breached Fortnite accounts have gone up for sale in underground forums so far in 2020 alone. (Threatpost)

Critical Slack Bug Allows Access to Private Channels, Conversations

The RCE bug affects versions below 4.4 of the Slack desktop app. (Threatpost)


/security-daily/ 01-09-2020 23:44:23