AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 09/08/2021

Latest Atlassian Confluence Flaw Exploited to Breach Jenkins Project Server

The maintainers of Jenkins—a popular open-source automation server software—have disclosed a security breach after unidentified threat actors gained access to one of their servers by exploiting a recently disclosed vulnerability in Atlassian Confluence service to install a cryptocurrency miner. The “successful attack,” which is believed to have occurred last week, was mounted against its Confluence service that had been deprecated since October 2019, leading the team to take the server offline, rotate privileged credentials, and reset passwords for developer accounts. “At this time we have no reason to believe that any Jenkins releases, plugins, or source code have been affected,” the company said in a statement published over the weekend.


Apple announces first states to adopt driver’s licenses and state IDs in Apple Wallet

In some states, people will soon be able to show their driver’s license on their phones and watches instead of presenting the actual license. Apple said yesterday that Arizona and Georgia will be the first states to allow residents to add their driver’s license or state identification to Wallet on their iPhone and Apple Watch. Connecticut, Iowa, Kentucky, Maryland, Oklahoma and Utah will be next. “The Transportation Security Administration will enable select airport security checkpoints and lanes in participating airports as the first locations customers can use their driver’s license or state ID in Wallet. Built with privacy at the forefront, Wallet provides a more secure and convenient way for customers to present their driver’s licenses and state IDs on iPhone or Apple Watch,” Apple said in a news release.


Netflix Software Engineer Streams Million into Personal Bank Account

Insider threats are not always as they seem. Ranging from high-level executives to disgruntled employees, they come in all flavors. Over the years, SecureWorld has covered countless insider threat cases. Google executive. Check. FBI agent. Check. Twitter employees. Check. Now, throw a former Netflix software engineer into the mix. Sung Mo Jun and his brother Joon Jun pleaded guilty in U.S. District Court in Seattle to running an insider trader ring that made more than $1 million. Jun was employed by Netflix from July 2016 to February 2017. The Department of Justice says he had access to subscriber data while working for the company. Then he continued using his connections at Netflix to access subscriber data upon his departure. Prosecutors say Jun disclosed that non-public information to his brothers and others, and made serious bucks while doing so.


Biden Administration Releases Draft Zero-Trust Guidance

The federal government is pushing hard for agencies to adopt zero-trust cybersecurity architectures, with new guidance released Tuesday from the administration’s policy arm—the Office of Management and Budget—and lead cybersecurity agency—the Cybersecurity and Infrastructure Security Agency. The administration released several documents Tuesday for public comment, seeking feedback on the overarching federal policy from OMB and draft technical reference architecture and maturity model from CISA. The guidance follows a May executive order on bolstering cybersecurity across the federal government, which cited specific security methods and tools such as multifactor authentication, encryption and zero trust. Zero-trust models continuously check on a user’s credentials as they move throughout a network, verifying not only that they are who they claim to be but also that the user has appropriate privileges to access secure apps and data. In a mature zero-trust architecture, these checks are performed routinely, including whenever a user attempts to access different segments of the network.


ProtonMail deletes ‘we don’t log your IP’ boast from website after French climate activist reportedly arrested

Encrypted email service ProtonMail has become embroiled in a minor scandal after responding to a legal request to hand over to Swiss police a user’s IP address and details of the devices he used to access his mailbox – resulting in the user’s arrest. Police were executing a warrant obtained by French authorities and served on their Swiss counterparts through Interpol, according to social media rumours that ProtonMail chief exec Andy Yen acknowledged to The Register. At the time of writing, the company’s website said: “We believe privacy and security are universal values which cross borders.” After data from ProtonMail was handed to the Swiss and then French police, the author of a left-wing political activists’ blog in France wrote (en français) that a group called Youth for Climate had been targeted.


New Zealand internet outage blamed on DDoS attack on nation’s third largest internet provider

Parts of New Zealand were cut off from the digital world today after a major local ISP was hit by an aggressive DDoS attack. Vocus – the country’s third-largest internet operator which is behind brands including Orcon, Slingshot and Stuff Fibre – confirmed the cyberattack originated at one of its customers. According to a network status update, the company said: “This afternoon a Vocus customer was under DDoS attack… A DDoS mitigation rule was updated to our Arbor DDoS platform to block the attack for the end customer.” Details are still sketchy, but the outage has caused significant disruption across the country with many people working from home due to COVID-19 restrictions.


Windows 11 may not get security updates on unsupported devices

Microsoft is turning a blind eye to a loophole that allows you to install Windows 11 on incompatible hardware but warns that your device may no longer receive security updates. Since Microsoft officially announced Windows 11, they have held firm to strict system requirements required to install the new operating system. Unfortunately, these system requirements, including a TPM 2.0 processor and newer CPUs, leave many Windows 10 users unable to upgrade to Windows 11 without purchasing new hardware. This list of incompatible hardware includes devices using Intel 7th generation and AMD Zen 1 CPUs, most of which are perfectly capable of running Windows 11. The only exception is the 7th generation Intel Core 7820HQ CPU, which coincidentally powers Microsoft’s Surface Studio 2 devices.

Related Posts