AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 11/10/2021

Hackers are going after poorly configured Docker instances

Threat actors are continuing to exploit poorly configured Docker instances to conduct various malicious activities such as the installation of Monero cryptominers, warn cybersecurity researchers. The ongoing campaign that began last month is being conducted by the TeamTNT hacking group, and was discovered by security experts at TrendMicro. “Exposed Docker APIs have become prevalent targets for attackers as these allow them to execute their own malicious code with root privileges on a targeted host if security considerations are not accounted for,” note the researchers. According to the researchers, the compromised container fetches various post-exploitation and lateral movement tools, including container escaping scripts, credential stealers, and cryptocurrency miners.


Hackers claim they have cracked the PS5 and obtained all symmetric root keys

Jailbreaking, modding, pwning, whatever you want to call it—hackers delight in making a device do something that the manufacturer did not intend. Over the years, the process has grown more complicated, but the hackers always seem to find a way. It seems that as we near the first anniversary of the PlayStation 5, someone has already cracked the system. Over the weekend, hackers from Fail0verflow claimed to have rooted the PS5. A Sunday tweet states the group has obtained all symmetric PlayStation 5 root keys. It allegedly got the key by decrypting the PS5’s firmware. The tweet included an image of the cracked software highlighting the system’s supposedly exposed secure loader (secldr). More often than not, jailbreaking a PlayStation console requires modification of the hardware. Although Fail0verflow did not reveal its exploit, it did say that the keys were “obtained from software,” suggesting that no hardware modifications were necessary.


Drone demo shows it’s possible to protect 5G-managed devices from DDoS, exfiltration attacks

A demonstration earlier this year at Stanford School of Engineering proved that a small fleet of computer-controlled drones can maintain their flight integrity in the face of continual cyberattacks on the 5G network used to manage the devices through the deployment of software-defined networking (SDN). For enterprise IT pros charged with securing devices wirelessly across a 5G network, the drone test results are promising evidence that SDN can help networks under cyberattack to recover almost instantaneously. Dubbed Project Pronto, the ongoing research is designed to show how devices such as autonomous motor vehicles, planes and trains can be operated securely and reliably across wireless 5G networks. Given the potentially disastrous consequences of large wireless devices being hacked while traveling at high speeds or elevations, vulnerabilities that could endanger lives must be addressed before such devices are widely deployed.


Medical software firm urges password resets after ransomware attack

Medatixx, a German medical software vendor whose products are used in over 21,000 health institutions, urges customers to change their application passwords following a ransomware attack that has severely impaired its entire operations. The firm clarified that the impact has not reached clients and is limited to their internal IT systems and shouldn’t affect any of their PVS (practice management systems). However, as it is unknown what data was stolen during the attack, threat actors may have acquired Medatixx customers’ passwords. Therefore, Medatixx is recommending that customers perform the following steps to make sure their practice management software remains secure.


Legal woes mount for NSO after court rules WhatsApp lawsuit can proceed

NSO Group’s legal problems have deepened after a US appeals court thoroughly rejected the Israeli spyware company’s claim that it ought to be protected under sovereign immunity laws, in a high-profile case involving WhatsApp. The decision on Monday by the US court of appeals for the ninth circuit means that WhatsApp can proceed with its lawsuit against NSO over allegations that its spyware was used to hack 1,400 users of the app. It also means that the Israeli company will probably have to respond to discovery requirements as the case moves forward. That could lead to new disclosures about who NSO’s government clients are, how its technology works, and the process that is used to deploy its signature spyware, called Pegasus, attacks against mobile phone users.


US Treasury sanctions crypto-exchange Chatex for links to ransomware payments

The US Treasury Department has imposed sanctions today on cryptocurrency exchange Chatex for “facilitating financial transactions for ransomware actors.” “Analysis of Chatex’s known transactions indicate that over half are directly traced to illicit or high-risk activities such as darknet markets, high-risk exchanges, and ransomware,” Treasury officials said today. Officials said the exchange had “direct ties” to Suex, a Russian cryptocurrency exchange portal Suex, which the Treasury sanctioned in September for the exact same reason. In addition, the Treasury Department also sanctioned three Chatex suppliers: IZIBITS OU, Chatextech SIA, and Hightrade Finance Ltd. “These three companies set up infrastructure for Chatex, enabling Chatex operations,” Treasury officials said. Operations for Chatextech and IZIBITS have been suspended by officials from Latvia and Estonia, respectively. Latvian officials are currently working to identify Chatex board owners, all non-Latvian nationals.

Related Posts