AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 04/18/2022

CISA Alert on ICS, SCADA Devices Highlights Growing Enterprise IoT Security Risks

On April 13, the Department of Energy (DoE), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) released a joint Cybersecurity Advisory to warn that certain industrial control systems (ICS) and supervisory control and data acquisition (SCADA) devices can be targeted by advanced persistent threat (APT) actors who have the capability to gain full system access. The alert warned that vulnerable products include Schneider Electric programmable logic controllers, OMRON Sysmac NEX PLCs and Open Platform Communications Unified Architecture (OPC UA) servers.

 

GitHub: Attacker breached dozens of orgs using stolen OAuth tokens

GitHub revealed today that an attacker is using stolen OAuth user tokens (issued to Heroku and Travis-CI) to download data from private repositories. Since this campaign was first spotted on April 12, 2022, the threat actor has already accessed and stolen data from dozens of victim organizations using Heroku and Travis-CI-maintained OAuth apps, including npm. “The applications maintained by these integrators were used by GitHub users, including GitHub itself,” revealed today Mike Hanley, Chief Security Officer (CSO) at GitHub.

 

Another top NFT marketplace may have a serious security flaw

A potentially major security flaw has been discovered on Rarible, a popular marketplace for non-fungible tokens (NFT), which could lead to users losing not just their NFTs, but also the cryptocurrencies right from their wallets. A report from Check Point Research (CPR) identified a vulnerability that would allow a potential attacker to steal someone’s digital belongings in a single transaction. The worst part is that everything would happen on the marketplace itself, a place people would generally feel less suspicious. According to CPRs report, the methodology is simple, and includes creating a “malicious NFT”. Should someone stumble upon it, and click on it, the malicious NFT would execute JavaScript code in an attempt to send a setApprovalForAll request to the victim.

 

Atlassian finally explains the cause of ongoing cloud outage

Atlassian has finally revealed the exact cause of an ongoing cloud services outage the company estimates could impact some of its customers for up to two more weeks. When we first reported on this outage, Atlassian told us that a routine maintenance script blocked some customers’ access to their data after “unintentionally” disabled the sites of roughly 400 out of its over 200,000 customers. Atlassian’s Chief Technology Officer Sri Viswanath shared how hundreds of customer sites were deleted on April 5th accidentally, triggering a weeks-long incident the company is still working to address. As he explained, the outage resulted from communication issues between two Atlassian teams who were working on deactivating the standalone legacy “Insight – Asset Management” app used by Jira Service Management and Jira Software on all customer sites.

 

Hetzner lost customer data and gave 20€ as compensation

Hetzner Online GmbH, a German cloud services provider, told some customers this week that their data had been irreversibly lost and were provided a 20€ compensation in online credit. Hetzner, which operates several data centers in Germany and Finland, suffered a rare occurrence of multiple hardware failures that have wiped some customers’ snapshots, with no way of recovering them. The news of this data loss comes from a letter shared by a Hetzner customer on Y Combinator stating one of Hetzner’s clusters located in Nuremberg was impacted by a very unfortunate series of events where multiple disks failed in brief succession.

 

Instagram’s dark side: sexual harassers, crypto scammers, ID thieves

A platform for everyone to seamlessly share their best moments online, Instagram is slowly turning into a mecca for the undesirables—from sexual harassers to crypto “investors” helping you “get rich fast.” The Gram today has a dark side that goes beyond fancy filters and reels. The network is being actively abused by shady marketers to promote obscene content or by Bitcoin investors with dubious whereabouts. It’s one thing to appreciate, like, and share people’s finest shots taken from the comfort of their vacation cottage or shiny new Cadillac, but you’d be wise to steer clear of lavish Instagram profiles that look far too promising.

Related Posts