AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 08/08/2023

Microsoft Patches Critical Azure Flaw Following Criticism for ‘Irresponsible’ Security Practices 

Microsoft has fixed a critical vulnerability that could let hackers gain unauthorized access to sensitive data and cross-tenant applications managed by Azure AD. The fix comes shortly after security researchers criticized Microsoft for its “grossly irresponsible” cybersecurity practices. In a post on LinkedIn, Amit Yoran, the CEO of the security firm Tenable, called out Microsoft for failing to address a vulnerability in its Azure platform. It enabled Chinese state-sponsored hackers to steal hundreds of thousands of emails from cloud customers. They obtained an encryption key that granted access to various other Microsoft cloud services. The Tenable security team discovered and reported the security issue to Microsoft back in March. The researchers found that it could give threat actors access to sensitive information, including bank details. Microsoft took over three months to partially address the security vulnerability. The company initially planned to deploy a comprehensive fix by the end of September. 


New Malware Campaign Targets Inexperienced Cyber Criminals with OpenBullet Configs 

A new malware campaign has been observed making use of malicious OpenBullet configuration files to target inexperienced cyber criminals with the goal of delivering a remote access trojan (RAT) capable of stealing sensitive information. Bot mitigation company Kasada said the activity is designed to “exploit trusted criminal networks,” describing it as an instance of advanced threat actors “preying on beginner hackers.” OpenBullet is a legitimate open-source pen testing tool used for automating credential stuffing attacks. It takes in a configuration file that’s tailored to a specific website and can combine it with a password list procured through other means to log successful attempts. 


Exclusive: North Korean hackers breached top Russian missile maker 

An elite group of North Korean hackers secretly breached computer networks at a major Russian missile developer for at least five months last year, according to technical evidence reviewed by Reuters and analysis by security researchersReuters found cyber-espionage teams linked to the North Korean government, which security researchers call ScarCruft and Lazarus, secretly installed stealthy digital backdoors into systems at NPO Mashinostroyeniya, a rocket design bureau based in Reutov, a small town on the outskirts of Moscow. Reuters could not determine whether any data was taken during the intrusion or what information may have been viewed. 


Kubernetes clusters under attack in hundreds of organizations 

Kubernetes (K8s) clusters belonging to more than 350 organizations, open-source projects, and individuals have been detected as openly accessible and unprotected. More than half of those have been breached and had an active campaign with deployed malware/backdoors. That’s according to new findings from Aqua Security following a three-month-long investigation by its research team, Nautilus. Most clusters were tied to small- to medium-sized organizations, but a notable subset was connected to large conglomerates and Fortune 500 companies, Aqua Security said. The exposures were a result of two misconfigurations: one that allows anonymous access with privileges and another that exposes Kubernetes clusters to the internet. 


Zoom responds to controversy, confirms customer consent is needed to train AI 

Zoom found itself in hot water when several reports highlighted the fact that the company’s terms of service suggested customer data could be used to train AI without consent. There was no clear way to opt out of your data being used to train Zoom’s AI models, which caused quite a bit of controversy. Since those reports emerged, Zoom has updated its terms of service regarding user data. The updated Zoom blog post now mentions consent several times when it comes to user data. “For AI, we do not use customer audio, video, or chat content for training our models without customer consent,” states Zoom. 


Related Posts