Security daily (31-08-2021)

How to use ACM Private CA for enabling mTLS in AWS App Mesh

Securing east-west traffic in service meshes, such as AWS App Mesh, by using mutual Transport Layer Security (mTLS) adds an additional layer of defense beyond perimeter control. mTLS adds bidirectional peer-to-peer authentication on top of the one-way authentication in normal TLS. This is done by adding a client-side certificate during the TLS handshake, through which […] (AWS Security Blog)

Scammers pounce on internet-for-rent services, generating cryptocurrency in quiet

As if ransomware and email fraud didn’t already create enough revenue for cybercriminals, scammers now are auctioning access to their victims’ internet connections in an effort to find more profits. Hackers are seizing on a category of legitimate digital services that allow internet users to rent out access to their web connection in exchange for a small payment. While the stated goal of each of these services varies — one, Honeygain, markets itself as a tool for “effortlessly” earning a “passive income” — they typically promise to enable broadband customers to collect a fee every time an outsider connects to their hotspot. The promise of using an emerging technology to earn a quick buck has been enough to generate consistent engagement on forum sites like Reddit. Hackers are watching, too, of course. Fraudsters are “taking multiple avenues to monetize these new platforms” for their own gain, Cisco’s Talos threat intelligence […] The post Scammers pounce on internet-for-rent services, generating cryptocurrency in quiet appeared first on CyberScoop. (CyberScoop)

Accellion breach exposed data from patients at major Michigan hospital system

A major Michigan hospital system on Friday notified roughly 1,500 patients that their information may have been exposed as a result of a hack against file-sharing service Accellion. The law firm Goodwin Proctor notified Beaumont Health in February that patient data shared by the hospital with legal counsel may have been entangled in the wide-reaching hack through the firm’s use of Accellion. Beaumonth Health is a network of health facilities that reported $4.58 billion in total revenue for 2020. A follow-up investigation by Beaumont found that impacted patient health data included patient name, procedure name, physician name, internal medical record number and dates of service. No patient financial information was impacted, the hospital stated in a press release. Beaumont Health joins a list of at least 11 healthcare organizations that were affected by a December breach of the file sharing service Accellion. Two of the victims, Kroger Pharmacy and healthcare insurer […] The post Accellion breach exposed data from patients at major Michigan hospital system appeared first on CyberScoop. (CyberScoop)

SEC fines brokerage firms over email hacks, customer data exposure

The Securities and Exchange Commission has fined several brokerages a total of $750,000 for exposing the sensitive personal information of thousands of customers and clients after hackers took over employee email accounts. All of the companies settled the SEC charges, in three separate actions: Cetera Advisor Networks, Cetera Investment Services, Cetera Financial Specialists, Cetera Advisors, and Cetera Investment Advisers; Cambridge Investment Research and Cambridge Investment Research Advisors; and KMS Financial Services. The firms ran afoul of the SEC’s “Safeguards Rule,” which requires companies to write and adopt procedures for protecting customer records and information. “Investment advisers and broker dealers must fulfill their obligations concerning the protection of customer information,” said Kristina Littman, chief of the SEC Enforcement Division’s Cyber Unit. “It is not enough to write a policy requiring enhanced security measures if those requirements are not implemented or are only partially implemented, especially in the face of known attacks.” […] The post SEC fines brokerage firms over email hacks, customer data exposure appeared first on CyberScoop. (CyberScoop)

Skimming the CREAM – recursive withdrawals loot $13M in cryptocash

Recursion [noun]: see recursion. (Naked Security)

HPE Warns Sudo Bug Gives Attackers Root Privileges To Aruba Platform

(News ≈ Packet Storm)

LockBit Gang To Publish 103GB Of Bangkok Air Customer Data

(News ≈ Packet Storm)

Coinbase Erroneously Reported 2FA Changes To 125,000 Customers

(News ≈ Packet Storm)

Singapore Government Expands Bug Hunt With Hacker Rewards

(News ≈ Packet Storm)

LockFile Ransomware Uses Never Before Seen Encryption To Avoid Detection

(News ≈ Packet Storm)

Attackers Can Remotely Disable Fortress Wi-Fi Home Security Alarms

New vulnerabilities have been discovered in Fortress S03 Wi-Fi Home Security System that could be potentially abused by a malicious party to gain unauthorized access with an aim to alter system behavior, including disarming the devices without the victim's knowledge. The two unpatched issues, tracked under the identifiers CVE-2021-39276 (CVSS score: 5.3) and CVE-2021-39277 (CVSS score: 5.7), (The Hacker News)

Researchers Propose Machine Learning-based Bluetooth Authentication Scheme

A group of academics has proposed a machine learning approach that uses authentic interactions between devices in Bluetooth networks as a foundation to handle device-to-device authentication reliably. Called "Verification of Interaction Authenticity" (aka VIA), the recurring authentication scheme aims to solve the problem of passive, continuous authentication and automatic deauthentication once (The Hacker News)

CISA Adds Single-Factor Authentication to the List of Bad Practices

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added single-factor authentication to the short list of "exceptionally risky" cybersecurity practices that could expose critical infrastructure as well as government and the private sector entities to devastating cyberattacks. Single-factor authentication is a method of signing in users to websites and remote systems by (The Hacker News)

Fortress Home Security Open to Remote Disarmament

A pair of unpatched security vulnerabilities can allow unauthenticated cyberattackers to turn off window, door and motion-sensor monitoring. (Threatpost)

Cream Finance DeFi Platform Rooked For $29M

Cream is latest DeFi platform to get fleeced in rash of attacks. (Threatpost)

Proxyware Services Open Orgs to Abuse – Report

Services that let consumers resell their bandwidth for money are ripe for abuse, researchers warn. (Threatpost)

WooCommerce Pricing Plugin Allows Malicious Code-Injection

The popular Dynamic Pricing and Discounts plugin from Envato can be exploited by unauthenticated attackers. (Threatpost)

QNAP Is Latest to Get Dinged by OpenSSL Bugs Fallout

The NAS maker issued two security advisories about the RCE and DoS flaws, adding to a flurry of advisories from the vast array of companies whose products use OpenSSL. (Threatpost)

Top 3 API Vulnerabilities: Why Apps are Pwned by Cyberattackers

Jason Kent, hacker-in-residence at Cequence, talks about how cybercriminals target apps and how to thwart them. (Threatpost)


/security-daily/ 01-09-2021 23:44:23