AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 09/09/2021

Half a million Fortinet VPN passwords leaked online

A cybercriminal has released credentials associated with almost half a million Fortinet VPN accounts online. The account information was supposedly scraped from Fortinet devices, by exploiting a security vulnerability that first came to light in April. Although months have elapsed since a patch was released, many of the credentials remain current, the hacker claims. The data was made public by a threat actor known as Orange, who has a previous affiliation with the Babuk ransomware operation. A link to the data was posted to a new underground forum called Ramp, which Orange now administrates. Commentators have suggested the release of Fortinet VPN account details was a promotional stunt designed to attract new members.


Russia’s Yandex says it repelled biggest DDoS attack in history

A cyber attack on Russian tech giant Yandex’s servers in August and September was the largest known distributed denial-of-service (DDoS) attack in the history of the internet, the company said on Thursday. The DDoS attack, in which hackers try to flood a network with unusually high volumes of data traffic in order to paralyse it when it can no longer cope with the scale of data requested, began in August and reached a record level on Sept. 5. “Our experts did manage to repel a record attack of nearly 22 million requests per second (RPS). This is the biggest known attack in the history of the internet,” Yandex said in a statement. Yandex said it had seen 5.2 million RPS on Aug. 7, 6.5 million RPS on Aug. 9, 9.6 million RPS on Aug. 29, 10.9 million RPS on Aug. 31 and finally 21.8 million RPS on Sept. 5.


Windows 10 Zero-Day Exploit Triggered by Visiting a Website, Opening Office Documents

Windows 10 users are facing the threat of a new zero-day exploit which allows remote code to be executed. The bad news is, it can be triggered simply by visiting a website or opening a malicious document in Microsoft Office. As KrebsonSecurity reports, the exploit takes advantage of the MSHTML component in Internet Explorer, which may have many users sighing with relief because they long ago switched to the Edge browser or one of the other popular alternatives. However, because the exploit uses a malicious ActiveX control, it can also be triggered using a Microsoft Office document. Both Office 2019 and Office 365 users are vulnerable, but it does require opening a malicious document which hopefully most people won’t do. Microsoft doesn’t have a patch to fix the vulnerability yet, but in an advisory some workarounds are suggested.  For anyone still using Internet Explorer, Microsoft suggests disabling the installation of ActiveX controls.


Whitehat hacker shows how to detect hidden cameras in Airbnb, hotels

If you are following Hackread.com for some years you would recognize Marcus Hutchins, a British whitehat hacker and IT security researcher known for halting WannaCry ransomware. Hutchins recently joined TikTok where he makes short videos on cybersecurity and social engineering (it’s a must-follow TikTok account). Last week, Hutchins who goes by the TikTok handle of @malwaretech come forward to share his tips for detecting hidden cameras in Airbnb homes. The video has been viewed over 13 million times and is regarded as a ray of hope for those who want to learn more about identifying hidden cameras and recording devices. Hutchins explained his tips using the fire alarm as an example. He says that you only need to shine a bright light on the fire alarm to detect any hidden device in the video. If the light hits a camera lens, it will emit a bluish reflection. Try shining a light on your phone’s camera lens or check out how it appears when placed under a flashlight to understand how this tip works.


Enterprises are missing the warning signs of insider threats

Organizations struggle to identify the warning signs of insider threats, according to a report by the Ponemon Institute. The report surveyed a global pool of 1,249 IT and IT security practitioners and found that 53% of companies find it impossible or very difficult to prevent an insider attack when data is being aggregated, a key indicator of intent of an attack. “The vast majority of security threats follow a pattern or sequence of activity leading up to an attack, and insider threats are no exception,” said Dr. Larry Ponemon, Chairman and Founder, Ponemon Institute.  “Many security professionals are already familiar with Lockheed Martin’s Cyber Kill Chain and the MITRE ATT&CK framework, both of which describe the various stages of an attack and the tactics utilized by an external adversary. Since human behavior is more nuanced than machine behavior however, insider attacks follow a slightly different path and, therefore, require modern approaches to combat.”

Related Posts