AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 1/21/2020

1 – Hacker leaks passwords for more than 500,000 servers, routers, and IoT devices

A hacker has published this week a massive list of Telnet credentials for more than 515,000 servers, home routers, and IoT (Internet of Things) “smart” devices. The list, which was published on a popular hacking forum, includes each device’s IP address, along with a username and password for the Telnet service, a remote access protocol that can be used to control devices over the internet. According to experts to who ZDNet spoke this week, and a statement from the leaker himself, the list was compiled by scanning the entire internet for devices that were exposing their Telnet port. The hacker than tried using (1) factory-set default usernames and passwords, or (2) custom, but easy-to-guess password combinations.


2 – Worried about a cyberattack from Iran? Here’s how feds prepare

A half-dozen former federal chief information officers, department CIOs and CISOs described to Fifth Domain how a military strike on an advanced cyber actor, such as Iran, would change their day-to-day routines as the top cybersecurity and IT officials in government. Several of those interviewed coordinated the response to the breach of the Office of Personnel Management, disclosed in 2015, which ultimately resulted in more than 21 million stolen records. These officials described several ways government officials prepared: increasing information sharing, more frequently communicating with the Department of Homeland Security and the intelligence community, stepping up communication within agencies’ cybersecurity components and reviewing disaster response and business continuity plans.


3 – Fraudsters Set Up Site Selling Temporary Social Security Numbers

Some fraudsters have set up a scam site claiming to be for a data protection fund created by the U.S. Federal Trading Commission (FTC) to offer financial compensation to users whose personal data appeared in information leaks. This is a reinterpretation of the classic advance-fee scam where the victim makes a small payment inebriated by the promise of getting a much larger sum in return. Despite posing as a site associated with the FTC, this money-making scheme accepts victims from any country and offers to sell “temporary social security numbers (SSNs)” to those that don’t have one.


4 – Scotland Solves the Password-Protected iPhone Issue in the Easiest Possible Way

While the United States is pushing for Apple to unlock password-protected iPhones and wants the industry to put backdoors into all electronics, Scotland has come up with an idea that’s very likely to work much smoother going forward. Police Scotland will use so-called cyber kiosks to break into locked devices as part of criminal investigations, technically being able to extract the data without the need for any help from the company that manufactured the device.


5 – Turkish Hackers Conduct Multiple Cyber-Attacks on Greek State Websites

Several Greek government websites fell prey to cyber-attacks on Friday evening, forcing some of them to shut down entirely for security reasons, after access to them became problematic. Among those attacked by hackers were the websites of the Greek Parliament, the Foreign Affairs Ministry, the Athens Stock Exchange, the National Intelligence Service (EYP) and the Finance Ministry. A Turkish group named ”Phoenix’s Helmets” (Anka Neferler Tim) posted a post on Facebook claiming responsibility for the attacks, in order to respond, as they said, to Athens’ threats against Turkey.


6 – FBI Says State Actors Hacked US Govt Network With Pulse VPN Flaw

FBI said in a flash security alert that nation-state actors have breached the networks of a US municipal government and a US financial entity by exploiting a critical vulnerability affecting Pulse Secure VPN servers. The US Cybersecurity and Infrastructure Security Agency (CISA) previously alerted organizations on January 10 to patch their Pulse Secure VPN servers against ongoing attacks trying to exploit the flaw tracked as CVE-2019-11510. This bug enables unauthenticated remote attackers to send a specially crafted URIs to connect to vulnerable servers and read sensitive files containing user credentials. These can later be used to take control of an organizations’ systems and more.


7 – Oracle launches internet routing 3D visualization tool

Every year, there are multiple reports of internet routing outages or attacks that significantly disrupt internet traffic. Typically, these incidents are measured by the number of IP address prefixes impacted. Last year, for instance, when a Verizon error triggered widespread internet outages, one estimate said that 20,000 IP addresses were affected. However, this single data point doesn’t give the most accurate picture of a routing outage’s impact, according to Oracle’s Internet Intelligence group. It doesn’t account for the percentage of networks that have accepted the misrouted traffic (the propagation of the leak), and it doesn’t account for the duration of the leak. To address this problem, the Internet Intelligence group is launching a new, free 3D visualization tool that assesses routing leaks using all three variables — IP address prefixes, as well as propagation and duration.


8 – LastPass is in the midst of a major outage

Password management service LastPass is currently going through a major outage as users are reporting being unable to log into their accounts and autofill passwords, with some users reporting issues going back for days. User reports about login issues have been flooding Twitter, but also the company’s forum, Reddit, and DownDetector. Users are reporting receiving the following error when trying to log in: “An error has occurred while contacting the LastPass server. Please try again later.” Both home and enterprise users are impacted. According to reports, LastPass’ support staff has been either non-responsive, or denying reports of any technical issue happening at all.


9 – Mitsubishi Electric discloses security breach, China is main suspect

In a short statement published today on its website, Mitsubishi Electric, one of the world’s largest electronics and electrical equipment manufacturing firms, disclosed a major security breach. Although the breach occurred last year, on June 28, and an official internal investigation began in September, the Tokyo-based corporation disclosed the security incident today, only after two local newspapers, the Asahi Shimbun and Nikkei, published stories about the hack. Both publications blamed the intrusion on a Chinese-linked cyber-espionage group named Tick (or Bronze Butler), known to the cyber-security industry for targeting Japan over the past few years.


10 – Yet another show-stopping software bug found in ill-fated 737 Max airplanes

Boeing today said another software flaw has been spotted in its star-crossed 737 Max. The bug was found during an audit of the passenger jet’s on-board technology, held last weekend with America’s aviation regulator. These technical reviews are expected to turn up glitches and gremlins for Boeing engineers to fix, so this is kinda to be expected. The Seattle-based manufacturer told The Register on Friday it was working with the Federal Aviation Administration (FAA) to straighten out the bug. The 737 Max is unlikely to return to the skies until the flaw is addressed.

Related Posts