AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 12/16/2022

NSA, CISA Warn Against Threats to 5G Network Slicing

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have unveiled new guidelines regarding the security risks associated with 5G network slicing and how to mitigate them. According to the document, a network slice is “an end-to-end logical network that provides specific network capabilities and characteristics to fit a user’s needs.” While multiple network slices run on a single physical network, the guidelines explain network slice users are authenticated for only a single network area, enabling data and security isolation. “This type of architecture heavily relies on a Network-as-a-Service (NaaS) model, combining Infrastructure-as-a-Service with network and security services, which enhances the operational efficiency and resiliency of the 5G infrastructure,” reads the guide.

To protect its cloud, Microsoft bans crypto mining from its online services

Microsoft has quietly banned cryptocurrency mining from its online services, and says it did so to protect all customers of its clouds. The Windows and Azure titan slipped the prohibition into an update of its Universal License Terms for Online Services that came into effect on December 1. That document covers any “Microsoft-hosted service to which Customer subscribes under a Microsoft volume licensing agreement,” and on The Register’s reading, mostly concerns itself with Azure. Microsoft’s Summary of Changes to the license states: “Updated Acceptable Use Policy to clarify that mining cryptocurrency is prohibited without prior Microsoft approval.” Within the license itself there’s hardly any more info.

With SASE Definition Still Cloudy, Forum Proposes Standard

During the coronavirus pandemic, organizations had to quickly adjust to the disappearance of central offices, employees working from home, and applications moving to the cloud. The solution usually involved a combination of technologies — such as flexible networking infrastructure, identity and device-base security, and cloud-native applications and capabilities — continuing a trend identified by business analyst firm Gartner in 2019. Dubbed the Secure Access Service Edge, or SASE, the collection of cloud-centric technologies focuses on the identity of users and devices, granular access controls, functionality pushed to the network edge, and a de-emphasis on data centers.

FuboTV says World Cup streaming outage caused by a cyberattack

FuboTV has confirmed that a streaming outage preventing subscribers from watching the World Cup Qatar 2022 semifinal match between France and Morocco was caused by a cyberattack. At approximately 2 PM ET, as users were getting ready to watch the World Cup semifinal, FuboTV subscribers found that they could not log in to the streaming service.

Instead, they were greeted with a CB_ERR_OPEN error, stating “ff: downstream not available,” when attempting to log in. Subscribers could not contact support to report the problem, as it requires a user to first log in to the FuboTV site, which could no longer be done.

NIST says you better dump weak SHA-1 … by 2030

The US National Institute of Standards and Technology (NIST) says it’s time to retire Secure Hash Algorithm-1 (SHA-1), a 27-year-old weak algorithm used in security applications. “We recommend that anyone relying on SHA-1 for security migrate to SHA-2 or SHA-3 as soon as possible,” said NIST computer scientist Chris Celi, in a canned statement on Thursday. As soon as possible isn’t necessarily all that soon: NIST says you should be rid of SHA-1 from your software and systems by December 31, 2030. Meanwhile, the tech industry has largely moved on already.

Minecraft Servers Under Attack: Microsoft Warns About Cross-Platform DDoS Botnet

Microsoft on Thursday flagged a cross-platform botnet that’s primarily designed to launch distributed denial-of-service (DDoS) attacks against private Minecraft servers. Called MCCrash, the botnet is characterized by a unique spreading mechanism that allows it to propagate to Linux-based devices despite originating from malicious software downloads on Windows hosts. “The botnet spreads by enumerating default credentials on internet-exposed Secure Shell (SSH)-enabled devices,” the company said in a report. “Because IoT devices are commonly enabled for remote configuration with potentially insecure settings, these devices could be at risk to attacks like this botnet.”

Related Posts