Security news May 6, 2020

Posted on 2020-05-06 by guenni

[German]A few more security messages, for each of which I do not want to create a separate blog post. The German Federal Prosecutor's Office has obtained a warrant for the arrest of a hacker who broke into the IT systems of the Bundestag 5 years ago. Hoster Go Daddy was probably hacked with some servers, and the gaming platform "Roblox" was also hacked. And so on.

Advertising

Arrest warrant against hacker of the German Bundestag

In 2015 the internal network of the Bundestag had to be shut down due to malware (Trojans). I had reported about this within my German blog post Hackerangriff auf Bundestag nicht zu stoppen–mustert man endlich alte Rechner aus? – and in 2016 I added the German post Bundestags-Hack: War was? Inkompetenz und Schlamperei …

The German Federal Prosecutor's Office has obtained an international arrest warrant against a hacker who broke into the IT systems of the Bundestag 5 years ago. The suspect is a 29-year-old Russian citizen by the name of Dmitriy Badin, who works for the Russian military secret service GRU. Detailed reports on the case can be found on German media. For my English readers, I like to point to the tweet below, where Catalin Cimpanu covered it in English.

Saltstack vulnerabilities are attacked in the wild

In the blog post LineageOS Server Infrastructure hacked (May 2, 2020) I mentioned two vulnerabilities in the Salt framework. Last week F-Secure made public the two vulnerabilities CVE-2020-11651 (Authentication Bypass) and CVE-2020-11652 (Directory Traversal).

These vulnerabilities are now under attacks in the wild. Beside the LineageOS servers also the ghost blogging platform was also hacked via the vulnerabilities, as ZDNet reports here. And DigiCert has also been hacked, as you can read on The Hacker News. Bleeping Computer has also an articles to this topic.

Advertising

Kaiji malware targets IoT devices

There appears to be a new malware that is believed to be from Chinese developers. The malware attempts to hack IoT devices via SSH using brute force attacks to gain root access. Then the device is used for DDoS attacks.

Details can be read in the article linked in the above tweet.

Hack at GoDaddy

GoDaddy is the world's largest domain registrar and a web hosting company with approximately 19 million customers worldwide (including HostEurope). GoDaddy was the victim of a hack in 2019, which apparently only affected a few servers. Now GoDaddy has informed some of its customers that unauthorized third parties have used customers' web hosting account credentials to connect to that account via SSH.

The security incident occurred on October 19, 2019, after the company's security team discovered suspicious activity on some GoDaddy servers. Details can be found at Bleeping Computer.

Game Server Roblox hacked

A hacker has succeeded with simple means to view the e-mail addresses of users of the "Roblox" gaming platform popular with children. For details see the tweet below and the linked article.

Mobilink's Database leaked

A thread actor has hacked Mobilink, Pakistan's leading telecom service, and obtained the customers database. The database has been leaked, as the tweet below indicates.

ZDNet.com has additional details.

Advertising
This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).