AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 09/22/2022

Over 39,000 Unauthenticated Redis Instances Found Exposed on the Internet

An unknown attacker targeted tens of thousands of unauthenticated Redis servers exposed on the internet in an attempt to install a cryptocurrency miner. It’s not immediately known if all of these hosts were successfully compromised. Nonetheless, it was made possible by means of a “lesser-known technique” designed to trick the servers into writing data to arbitrary files – a case of unauthorized access that was first documented in September 2018. “The general idea behind this exploitation technique is to configure Redis to write its file-based database to a directory containing some method to authorize a user (like adding a key to ‘.ssh/authorized_keys’), or start a process (like adding a script to ‘/etc/cron.d’),” Censys said in a new write-up.


Afghanistan’s Taliban government bans TikTok

Afghanistan’s Taliban government has banned made-in-China social network TikTok and first-person shooter PUBG. The bans were announced with a Facebook post from the Afghan Ministry of Communication and Information Technology. According to the BBC, Afghanistan’s government mooted a ban on the two apps in April 2022, after labelling them both as bad influences on the youth of the nation. But the Facebook statement suggests the ban didn’t take effect because local carriers didn’t act to enforce it, so the Ministry convened a meeting of government and telcos to settle the matter. The result was an agreement that TikTok would be made unavailable for a month, with PUBG banished for 90 days.


US Military Bought Mass Monitoring Tool That Includes Internet Browsing, Email Data

Multiple branches of the U.S. military have bought access to a powerful internet monitoring tool that claims to cover over 90 percent of the world’s internet traffic, and which in some cases provides access to people’s email data, browsing history, and other information such as their sensitive internet cookies, according to contracting data and other documents reviewed by Motherboard. Additionally, Sen. Ron Wyden says that a whistleblower has contacted his office concerning the alleged warrantless use and purchase of this data by NCIS, a civilian law enforcement agency that’s part of the Navy, after filing a complaint through the official reporting process with the Department of Defense, according to a copy of the letter shared by Wyden’s office with Motherboard.


SIM Swapper Abducted, Beaten, Held for $200k Ransom

A Florida teenager who served as a lackey for a cybercriminal group that specializes in cryptocurrency thefts was beaten and kidnapped last week by a rival cybercrime gang. The teen’s captives held guns to his head while forcing him to record a video message pleading with his crew to fork over a $200,000 ransom in exchange for his life. The youth is now reportedly cooperating with U.S. federal investigators, who are responding to an alarming number of reports of physical violence tied to certain online crime communities. The grisly kidnapping video has been circulating on a number of Telegram chat channels dedicated to SIM-swapping — the practice of tricking or bribing mobile phone store employees into diverting a target’s phone number, text messages and calls to a device the attackers control.


15-Year-Old Python Vulnerability Present in 350,000 Projects Resurrected

Researchers at threat detection and response company Trellix have resurrected a 15-year-old Python vulnerability, showing that it’s more serious than initially believed and that it could affect hundreds of thousands of applications. The vulnerability in question is CVE-2007-4559, initially described as a directory traversal vulnerability in Python’s ‘tarfile’ module that could allow an attacker to remotely overwrite arbitrary files by convincing users to process specially crafted tar archives. The flaw was never properly patched and instead users were warned not to open archive files from untrusted sources. Researchers at Trellix have now shown that an attacker can exploit the vulnerability to write arbitrary files and from there achieve malicious code execution in most cases.


Australian Telco Optus Warns of ‘Significant’ Data Breach

Australian telecommunications firm Optus is warning current and former customers that their personal details were exposed after it suffered a major data breach. “Information which may have been exposed includes customers’ names, dates of birth, phone numbers, email addresses and for a subset of customers, addresses, ID document numbers such as driver’s license or passport numbers,” the company says in a data breach notification issued Thursday. “Payment detail and account passwords have not been compromised.” Optus has more than 10.2 million customers, accordingly to publicly available data, and is Australia’s second largest telecommunications company, providing landlines, mobile connectivity, internet and cable access, leased lines and more. It is a subsidiary of the Singaporean telecommunications conglomerate Singtel Group.

Related Posts