Security News for 8Jun2020

#security #cybersecurity #itsecurity #privacy #risk #compliance #nist #ot #ics #nccoe #malware #stealthworker #aws #scp #mimikatz #guloader #darkeye #digilocker #ai #stopdjvu #zorab #sname #ekans #avaddon #darpa #flowcloud #rat #ta410 #higaisa #gh0st #plugx
Image by https://threatpost.com

Privacy

  • “Google is indexing the phone numbers of WhatsApp users that could be abused by threat actors for malicious activities.  Even if Google Search only revealed the phone numbers and not the identities of associated users, ill-intentioned attackers could be able to see users’ profile pictures on WhatsApp and performing a reverse-image search the user’s profile picture to gather additional info on the potential victim (i.e. mining social media accounts where the victim use the same profile picture).” https://securityaffairs.co/wordpress/104445/digital-id/google-indexed-whatsapp-numbers.html
  • “Singapore’s announcement that it is developing a wearable for contact tracing has caused citizens to voice concern for the technology’s impact on their data privacy, with more than 35,000 signing a petition against the devices.” https://threatpost.com/singapore-contact-tracing-wearable-privacy/156397/

Standards, Guidelines, Solutions

  • “NIST SP 1800-23 is a response to the growing digital security challenges confronting organizations with operational technology (OT) assets. The issue for those types of entities is that many of their industrial control systems (ICS) are becoming increasingly interconnected. This development presents an opportunity for attackers insofar as they can abuse those connections to attack an ICS. Depending on the nature of the attack, malicious actors could undermine the functionality of an organization’s assets, systems and networks. Such damages could subsequently produce broader negative effects for society, especially if that organization plays a part in managing their respective host country’s critical energy infrastructure.” https://www.tripwire.com/state-of-security/regulatory-compliance/final-version-nist-sp-1800-23-guides-identification-threats-assets/
  • “IBM has released open-source toolkits implementing fully homomorphic encryption (FHE) that allow researchers to process data while it’s still encrypted.” https://securityaffairs.co/wordpress/104438/security/ibm-fhe-toolkits.html
  • “The addition of secure copy (SCP) capability removes one of the obstacles encountered by users adopting the AWS Session Manager. Cloud asset console access was provided within the AWS management console, but until now, there was no simple way to move files onto the remote systems. In many scenarios, development or administration of a live system may require copying patches or other data onto your live instances, and now Session Manager allows this without the need for additional solutions such as firewalls, bastions or intermediate S3 usage.” https://www.tripwire.com/state-of-security/security-data-protection/cloud/aws-session-manager-enhanced-ssh-scp-capability/
  • “Cyber-attacks are evolving as you are reading this article; according to a study by the University of Maryland, hackers are now attacking computers and networks at a rate of one attack every 39 seconds. The 2020 Cyberthreat Defense Report by CyberEdge Group says that 81% of surveyed organizations were a?ected by a successful cyber-attack in 2019. No organization is safe; cybercriminals are constantly coming up with new ways to compromise organizations. Furthermore, the cost of a successful cyber-attack can be quite hefty.” https://www.threathunting.se/2020/06/08/how-artificial-intelligence-improves-cyber-security-defense/

Red/Blue Teaming

Bug Bounty

Vulnerabilities

Active Threats

Remediated

#security #cybersecurity #itsecurity #privacy #risk #compliance #nist #ot #ics #nccoe #malware #stealthworker #aws #scp #mimikatz #guloader #darkeye #digilocker #ai #stopdjvu #zorab #sname #ekans #avaddon #darpa #flowcloud #rat #ta410 #higaisa #gh0st #plugx