Friday Five 12/16
Learn about the latest international cyber threats, the takedown of dozens of DDoS-for-hire sites, how purchasing Legos could put your security at risk, and more in this week's Friday Five!
SIX CHARGED IN MASS TAKEDOWN OF DDOS-FOR-HIRE SITES BY BRIAN KREBS
Six U.S. men were arrested this past week after the Department of Justice worked to take down 48 domains selling “booter” or “stresser” services, which allow non-technical users to launch powerful Distributed Denial of Service (DDoS) attacks. Following the arrests, the FBI and the Netherlands Police joined authorities in the U.K. in announcing they are now running targeted placement ads that lead to a site detailing the risks of using these malicious services. Learn more about the services that were taken down, along with those who ran them, in the full story from Brian Krebs.
GOOGLE RELEASES DEV TOOL TO LIST VULNERABILITIES IN PROJECT DEPENDENCIES BY BILL TOULAS
Drawing from OSV.dev, a distributed vulnerability database for open source code that Google released last year, Google has now launched OSV Scanner, which allows developers to scan for vulnerabilities in open-source software dependencies used in their projects. Google's latest announcement on the release states that “the OSV-Scanner generates reliable, high-quality vulnerability information that closes the gap between a developer’s list of packages and the information in vulnerability databases.”
NSA CYBER DIRECTOR WARNS OF RUSSIAN DIGITAL ASSAULTS ON GLOBAL ENERGY SECTOR BY SUZANNE SMALLEY
In briefing the press on the NSA's annual year-in-review report, Cyber Director Rob Joyce warned that Russia could lead a digital assault on the global energy sector in the coming months. “I would not encourage anyone to be complacent or be unconcerned about the threats to the energy sector globally... As the [Ukraine] war progresses there’s certainly the opportunities for increasing pressure on Russia at the tactical level, which is going to cause them to reevaluate, try different strategies to extricate themselves,” said Joyce. Read more about this and other main points in the NSA's latest report in the full story from CyberScoop.
IRANIAN HACKING GROUP EXPANDS FOCUS TO US POLITICIANS, CRITICAL INFRASTRUCTURE, RESEARCHERS FIND BY AJ VICENS
A new report has found that Iranian hacking group TA453, which normally focuses its efforts on compromising academics, journalists, and human rights workers, has extended its target list to include U.S. politicians, critical infrastructure, and medical researchers. The report also found that the group is continuing to "[deviate] from its standard phishing techniques and target victimology" and could become an important tool for the Iranian government to carry out digital espionage campaigns, making researchers worry that the group could be far more dangerous than what was once thought.
API FLAWS IN LEGO MARKETPLACE PUT USER ACCOUNTS, DATA AT RISK BY ELIZABETH MONTALBANO
According to a report published this past week, researchers from Salt Labs discovered API vulnerabilities in BrickLink--a marketplace used for buying and selling second-hand Legos--that could have allowed attackers to take over user accounts, leak sensitive data stored on the platform, and even gain access to internal production data to compromise corporate services. According to Shiran Yodev, a Salt Labs security researcher, "[they] readily find these kinds of serious API vulnerabilities in all sorts of online services [they] investigate... Even companies with the most robust application security tooling and advanced security teams frequently have gaps in their API business logic."