Security News > 2020 > August

Has the onslaught of lackluster webinars over the past few months left you wanting more? Are you seeking practical, relevant, and usable information and advice on how to stay secure in the cloud? Well, you're in luck! DivvyCloud, the leading provider of cloud and container security and compliance, is partnering with AWS to offer an incredible opportunity to anyone who's interested in making the most out of the native security controls within AWS. This is an important topic because avoiding a data breach has been and continues to be a significant hurdle for any organization seeking to innovate securely in the cloud. As Gartner states, "Through 2022, at least 95 percent of cloud security failures will be the customer's fault." Appropriate use of native security controls in AWS and other CSPs is fundamental to managing cloud risk and avoiding costly breaches.

DEF CON is perhaps the ultimate "Come one/come all" hackers' convention, now in its 28th year, and it famously takes place in Las Vegas each year in a fascinating juxtaposition with Black Hat USA, a corporate cybersecurity event. The DEF CON Villages are breakout zones at the event where where likeminded researchers gather to attend talks and discussions in research fields all the way from Aerospace, Application Security and AI to Social Engineering, Voting Machines and Wireless.

The Kr00k vulnerability disclosed earlier this has only been found to impact devices using Wi-Fi chips from Broadcom and Cypress, but researchers revealed this week that similar flaws have been discovered in chips made by Qualcomm and MediaTek. While Wi-Fi chips from Qualcomm, Ralink, Realtek and MediaTek are not vulnerable to Kr00k attacks, ESET researchers discovered that they are affected by similar flaws.

In May 2020, Microsoft patched CVE-2020-1048, a privilege escalation vulnerability in the Windows Print Spooler service discovered by Peleg Hadar and Tomer Bar from SafeBreach Labs. "The primary component of the printing interface is the print spooler. The print spooler is an executable file that manages the printing process. Management of printing involves retrieving the location of the correct printer driver, loading that driver, spooling high-level function calls into a print job, scheduling the print job for printing, and so on. The spooler is loaded at system startup and continues to run until the operating system is shut down," Microsoft explains.

The putative class-action suit, filed on Wednesday in the Northern district of California [PDF] also alleged that Google was gathering info from TikTok specifically in order to "Unfairly compete against TikTok [with a] competing video platform app called 'Shorts'." The suit further alleged that Lockbox worked "Through Google Mobile Services and allows Google employees to spy on how Android Smartphone users interact with non-Google apps. For example, Google is able to collect data on when and how often an Android smartphone user opens and runs non-Google apps and the amount of time spent in non-Google apps."

The U.S. Treasury Department has fined Capital One $80 million for careless network security practices that enabled a hack that accessed the personal information of 106 million of the bank's credit card holders. The Comptroller of the Currency said in a consent order Thursday that Capital One failed in 2105 to establish effective risk management when it migrated information technology operations to a cloud-based service.

Researchers revealed late on Thursday that the mitigations and patches rolled out in 2018 for the Foreshadow vulnerabilities affecting Intel processors can fail to prevent attacks. A team of researchers from the Graz University of Technology in Austria and the CISPA Helmholtz Center for Information Security have revived the Foreshadow attack and made some other interesting discoveries.

All you need is do is learn assembly and C/C++ programming, plus exploit development, reverse engineering, and Windows internals, and then find and abuse a buggy driver, and inject and install your rootkit, and bam. Write your own malicious driver, sign it with a stolen or leaked certificate or your own paid-for cert so that Windows trusts it, and load it.

Google's Chrome Web Store is once again under fire for poor policing of harmful extensions. The bad extensions consist of fake ad blockers that inject adverts into search results rather than blocking them, fake ad blockers that engage in cookie stuffing to defraud advertisers, and extensions involved in spam-related abuse.

Cybersecurity researchers today highlighted an evasive phishing technique that attackers are exploiting in the wild to target visitors of several sites with a quirk in domain names, and leverage modified favicons to inject e-skimmers and steal payment card information covertly. Called an internationalized domain name homograph attack, the technique has been used by a Magecart group on multiple domains to load the popular Inter skimming kit hidden inside a favicon file.