Web / Internet Threats















        AWS has new tool for those leaky S3 buckets so, yeah, you might need to reconfigure a few things. At its
        re:Invent event under way in Las Vegas, Amazon Web Services (AWS) dropped the veil on a new tool to help
        customers to avoid spewing data stored on its S3 (Simple Storage) service to world+dog. "Access Analyzer for
        S3 is a new feature that monitors your access policies, ensuring that the policies provide only the intended
        access to your S3 resources," the cloud giant said. Customers can enable Access Analyzer via a new option in
        the console for IAM (Identity and Access Management). The tool will then alert you when a bucket (an area of
        storage in S3) is configured to allow public access or access to other AWS accounts. The implication of the tool,
        of course, is that this is sometimes done accidentally via misconfigured policies or access control lists (ACLs).

                Source: https://www.theregister.co.uk/2019/12/03/aws_s3_buckets/



        Critical Vulnerability in Microsoft Azure Let Hackers Take Over the Complete Control of the Azure Accounts.
        Researchers discovered a critical vulnerability in Microsoft Azure named “BlackDirect” that allows attackers to
        take over the Azure user’s accounts and creating the Token with the victim’s permissions. The vulnerability
        specifically affected Microsoft’s OAuth 2.0 applications that allow malicious attacker access and control a
        victim’s account. “OAuth is a protocol for authorization that is commonly used as a way for end-users to grant
        websites or applications access to their information from other websites without giving the website or app
        secrets or passwords.” In the next generation, OAuth2 allows third-party applications to grant limited access to
        an HTTP service and accessing clients might be a website or mobile application.
                Source:  https://ctovision.com/critical-vulnerability-in-microsoft-azure-let-hackers-take-over-the-
                complete-control-of-the-azure-accounts/



        Estimating Emotet’s size and reach. As many of you will be aware, Emotet, one of the most dangerous botnets
        in operation, restarted its malicious activity on 16th September 2019. Since its resurgence, Spamhaus Malware
        Labs has been closely monitoring and studying Emotet’s activity. Here’s what we’ve uncovered... One of the
        most noticeable changes that we observed over the past three months was that Emotet had predominantly
        spammed Microsoft Office documents containing malicious macros. This differed significantly from its old
        modus operandi of mixing both infected Office documents and URLs in its malware campaigns. We found this
        rather odd, as most anti-spam solutions these days tend to block or quarantine, by default, all Office
        documents that include macros with suspicious functions like CreateProcess, ShellExecute, etc. We initially
        deduced from this change in behavior that the cyber-criminals using Emotet considered this to be the most
        cost-effective solution. However, over the past few days (approximately 6th December 2019), we are once
        again observing the inclusion of malware URLs. Perhaps those anti-spam solutions were proving too efficient
        at blocking the macro-enabled MS Office documents?
                Source: https://www.spamhaus.org/news/article/791/estimating-emotets-size-and-reach









                                                    www.accumepartners.com
                                                                                                                    16