Microsoft Warns Customers of Azure Flaw That Could Give Malicious Actors Access to Data

Team TNT turns devices into miners, 500K Fortinet VPN logins and passwords leaked, Yandex hit by largest DDoS attack in Russian internet history, DOJ extradites alleged Ukrainian botnet maker, more

Microsoft warned some of its Azure cloud computing customers that a flaw discovered by researchers at Palo Alto networks could have allowed hackers to access their data. However, it had no evidence malicious hackers had abused the technique.

The Palo Alto researchers were able to get full control of Azure containers clusters that had not been patched for a known vulnerability. Those clusters included containers from other users. This is the second major flaw revealed in Microsoft’s core Azure system in as many weeks. In late August, security experts at Wiz described a database flaw that also would have allowed one customer to alter another’s data. (Joseph Menn / Reuters

Related: TechNet BlogsThe Register - SecurityMSSP AlertMicrosoft Security Response CenteriTnews - SecurityBusinessLine - HomeETTelecom.comNDTV, WebProNews

Researchers at AT&T's Alien Labs security division say a malware campaign from threat group TeamTNT that turns targeted devices into cryptocurrency miners is almost entirely undetected by antivirus systems.

Team TNT has a software repository called Chimaera that has been in active use since July and is responsible for thousands of infections globally across Windows, Linux, AWS, Docker, and Kubernetes targets. The researchers advise admins to implement the latest security updates, keep minimal exposure to the Internet on Linux servers and IoT devices and use a properly configured firewall. (Gareth Halfacree / The Register)

Related: ThreatpostZDNetAlien Labs

A threat actor known as Orange leaked a list of almost 500,000 Fortinet VPN login names and passwords that were allegedly scraped from exploitable devices last summer.

Orange, who is the administrator of the newly launched RAMP hacking forum and a previous operator of the Babuk Ransomware operation, leaked the credentials for free after exploiting a Fortinet CVE-2018-13379 vulnerability. The motive for leaking the credentials is unclear, although some experts believe Orange leaked them to promote the RAMP hacking forum and the Groove ransomware-as-a-service operation. At the same time the credentials were leaked, a post appeared on Groove ransomware's data leak site also promoting the Fortinet VPN leak. (Lawrence Abrams / Bleeping Computer)

Related: GizmodoReddit - cybersecuritySlashgear

Give a gift subscription

In what Russian media characterizes as the largest DDoS attack in the short history of the Russian internet, known as RuNet, Russian internet giant Yandex has been targeted in a massive distributed denial-of-service (DDoS) attack that started last week and reportedly continues this week.

Although details are sketchy, press reports suggest the incident represents “a threat to infrastructure on a national scale.” (Ionut Ilascu / Bleeping Computer)

Related: Security

Researchers at Mandiant say that pro-China operatives are behind an effort to cast a negative light on the United States during the COVID-19 pandemic. That campaign tried using social media to promote a street demonstration earlier this year.

In a sign that China is getting bolder in its social media political efforts, the Mandiant investigators discovered a network of fake accounts spamming Twitter and other platforms in April with posts calling for Asian Americans to protest racial discrimination in New York City. (Tonya Riley / Cyberscoop)

Related: EngadgetCybersecurity| Reuters.comMandiant

The US Department of Justice announced the extradition of Ukrainian national Glib Oleksandr Ivanov-Tolpintsev from Poland on charges of selling access to compromised computer systems via a specialized marketplace on the dark web.

The suspect is accused of creating a botnet of compromised computers worldwide to execute brute-force attacks that decrypted and guessed login credentials for computers across the world, believed to be RDP accounts. He faces up to 17 years in prison if found guilty on all charges, which include conspiracy, trafficking in unauthorized access devices, and trafficking in computer passwords. (Catalin Cimpanu / The Record)

Related: STL.NewsDataBreaches.netDigital Journal, The Hill: CybersecurityHITBSecNews

Experts say that current data privacy laws are a cluttered mess of disparate federal and state rules that go by acronyms like HIPAA, FCRA, FERPA, GLBA, ECPA, COPPA, and VPPA. At the same time, these laws don’t protect data collected by the vast majority of products people use.

Currently, only three states, California, Virginia, and Colorado, have comprehensive consumer privacy laws. (Thorin Klosowski / Wirecutter)

Related: CPO MagazineWSJ Pro - Cybersecurity - HomeMondaq.Com

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are exploiting a critical vulnerability in Zoho's ManageEngine ADSelfService Plus password management solution. This flaw allows a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

In a notification, Zoho says that it is “noticing indications of this vulnerability being exploited” in the wild. Organizations with ADSelfService Plus builds lower than 6114 are urged to apply the latest update from the developer. (Ionut Ilascu / Bleeping Computer)

Related: The Record by Recorded Future, Manage Engine, CISA

According to records obtained by the Brennan Center for Justice, the Los Angeles police department (LAPD) has directed its officers to collect the social media information of every civilian they interview, including individuals who are not arrested or accused of a crime.

LAPD officers are instructed to record a civilian’s Facebook, Instagram, Twitter, and other social media accounts, alongside basic biographical information. The LAPD said that the field interview card policy was “being updated” but declined to provide further details. (Sam Levin / The Guardian)

Related: DataBreachToday.comThe Register - SecurityNew York Daily NewsCourthouse News ServiceInputSlashdot

Follow Us on Twitter

Bipartisan lawmakers introduced the CISA Cybersecurity Leadership Act to put in place a term limit for the director of the Cybersecurity and Infrastructure Security Agency (CISA) in the wake of escalating cybersecurity incidents and turmoil in agency leadership last year.

After former CISA Director Christopher Krebs was unceremoniously fired by Donald Trump for defending election integrity last year, and after several other high-level departures from the agency, CISA was left leaderless until Jen Easterly was confirmed as the new leader in July. One of the bill’s sponsors, Rep. Andrew Garbarino (R-NY), said that the bill “will remove any uncertainty from the CISA Director role so that the Director can focus squarely on strengthening our cyber posture.” (Maggie Miller / The Hill)

Related: Infosecurity Magazine, Homeland Security Today, ExecutiveGov

World Wide Web inventor Tim Berners-Lee has joined the advisory board of hosted email service provider ProtonMail just as the privacy-focused company has come under fire for collecting users’ IP addresses.

Since running into hot water earlier this week for sharing an activist’s IP address with French authorities, ProtonMail has changed its privacy policy to state that the company can be "legally compelled to log IP addresses as part of a Swiss criminal investigation.” (Campbell Kwan / ZDNet)

Related: The Register

Private equity giant Thoma Bravo has taken a stake in cyberthreat intelligence company Intel 471.

Thoma Bravo says the investment, the amount of which was not disclosed, should help Intel 471 “evolve its product suite, broaden its go-to-market strategy and continue to “aggressively pursue innovation.” (Carly Page / TechCrunch)

Related: VC Deals – PE HubGlobeNewswireBusiness

Boston-Based cyber security software startup Snyk said it raised $300 million in a Series F funding round that values the company at $8.5 billion.

Snyk’s latest funding round was co-led by Tiger Global and Sands Capital, with participation from a slew of high-profile investors, including BlackRock, Accel, Salesforce Ventures, Atlassian Ventures, and Coatue. (Paul Sawers / Venture Beat)

Related: iTnews - SecurityReuters, The Jerusalem Post

Zero trust solutions startup TrueFort has raised $30 million in a Series B venture funding round.

Shasta Ventures led the round with participation from new firms Canaan and Ericsson Ventures along with existing investors Evolution Equity Partners, Lytical Ventures, and Emerald Development Managers. (Ron Miller / TechCrunch)

Related: Business Wire

Singapore-based real-time data security and privacy observability company Borneo raised $18M in Series A funding.

Vulcan Capital and Prosus Ventures led the round. (FinSMEs)

Related: Deal Street Asia

Photo by Matthew Manuel on Unsplash