Security news May 6, 2020

[German]A few more security messages, for each of which I do not want to create a separate blog post. The German Federal Prosecutor's Office has obtained a warrant for the arrest of a hacker who broke into the IT systems of the Bundestag 5 years ago. Hoster Go Daddy was probably hacked with some servers, and the gaming platform "Roblox" was also hacked. And so on.


Arrest warrant against hacker of the German Bundestag

In 2015 the internal network of the Bundestag had to be shut down due to malware (Trojans). I had reported about this within my German blog post Hackerangriff auf Bundestag nicht zu stoppen–mustert man endlich alte Rechner aus? – and in 2016 I added the German post Bundestags-Hack: War was? Inkompetenz und Schlamperei …

The German Federal Prosecutor's Office has obtained an international arrest warrant against a hacker who broke into the IT systems of the Bundestag 5 years ago. The suspect is a 29-year-old Russian citizen by the name of Dmitriy Badin, who works for the Russian military secret service GRU. Detailed reports on the case can be found on German media. For my English readers, I like to point to the tweet below, where Catalin Cimpanu covered it in English.

Saltstack vulnerabilities are attacked in the wild

In the blog post LineageOS Server Infrastructure hacked (May 2, 2020) I mentioned two vulnerabilities in the Salt framework. Last week F-Secure made public the two vulnerabilities CVE-2020-11651 (Authentication Bypass) and CVE-2020-11652 (Directory Traversal).

These vulnerabilities are now under attacks in the wild. Beside the LineageOS servers also the ghost blogging platform was also hacked via the vulnerabilities, as ZDNet reports here. And DigiCert has also been hacked, as you can read on The Hacker News. Bleeping Computer has also an articles to this topic.


Kaiji malware targets IoT devices

There appears to be a new malware that is believed to be from Chinese developers. The malware attempts to hack IoT devices via SSH using brute force attacks to gain root access. Then the device is used for DDoS attacks.

Details can be read in the article linked in the above tweet.

Hack at GoDaddy

GoDaddy is the world's largest domain registrar and a web hosting company with approximately 19 million customers worldwide (including HostEurope). GoDaddy was the victim of a hack in 2019, which apparently only affected a few servers. Now GoDaddy has informed some of its customers that unauthorized third parties have used customers' web hosting account credentials to connect to that account via SSH.

The security incident occurred on October 19, 2019, after the company's security team discovered suspicious activity on some GoDaddy servers. Details can be found at Bleeping Computer.

Game Server Roblox hacked

A hacker has succeeded with simple means to view the e-mail addresses of users of the "Roblox" gaming platform popular with children. For details see the tweet below and the linked article.

Mobilink's Database leaked

A thread actor has hacked Mobilink, Pakistan's leading telecom service, and obtained the customers database. The database has been leaked, as the tweet below indicates. has additional details.

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *