Netherlands adopting RPKI, WordPress backdoor, tracing the Pentagon leak
Netherlands to adopt RPKI
The Dutch government plans to transition to Resource Public Key Infrastructure standards by the end of 2024 in an effort to improve the security of its internet routing. This will use digital certificates to secure BGP, protecting against malicious or accidental rerouting of network traffic. The country’s Standardization Forum mandated all communication devices managed by the government must make the transition by the end of next year. 77.9% of Dutch government sites already use RPKI. According to NIST however, global adoption lags behind, with only 41% of verifiable IPv4 prefix-origin pairs complying. For some context, that marks an increase from 33.5% at the start of 2022.??
Widespread backdoor installed on WordPress sites
GoDaddy’s Sucri security team published details on a campaign to install Balada Injector malware on WordPress sites. The campaign dates back to 2017 and surfaces in waves every few weeks. The malware targets theme and plugin vulnerabilities, infecting freshly registered domains to create random subdomains pointing to scam sites. The malware attempts to create faked admin users for the site to harvest data and establish persistence. It’s estimated the malware infected over one million WordPress sites.?
Tracing leaked Pentagon documents
Aric Toler of Bellingcat traced the leak of US Justice Department and Pentagon documents online, some of which the government designated Top Secret, with some involving the invasion of Ukraine. Toler found evidence these documents were first posted as early as January on a Discord server, but may have appeared online before that. Toler spoke with some on the Discord server that the documents were originally posted on a now deleted server earlier, but could not confirm. From there the documents spread to 4Chan. In March they made their way to Telegram channels and Twitter, where the New York Times and other media outlets picked them up.?
Twitter lifts limits on Kremlin accounts
The Telegraph reports Twitter removed its restrictions on Kremlin-linked accounts, including the official account for Russian President Vladimir Putin. These accounts now show up in search results, timelines, and the For You feed. In April 2022 Twitter said it would “not amplify or recommend government accounts belonging to states that limit access to free information and are engaged in armed interstate conflict.” These restrictions were a direct response to Russia’s invasion of Ukraine and implemented against Kremlin-linked accounts the same day.?
领英推荐
And now a word from our sponsor, AppOmni
Microsoft adds registry preview to Power Toys
Microsoft offers its Power Toys as a free set of utilities for Windows. It recently added a few utility called Registry Preview. Like it says on the tin, it lets users preview registry files prior to import. This gives users a graphic view of a registry file and easily allows comparing the new file with the current registry values. Microsoft released Registry Preview as…well… a preview, so you have to toggle it on in the Power Toys setting.?
How LockBit changed ransomware?
In 2022, the LockBit ransomware organization accounted for 44% of all ransomware attacks launched, after launching back in 2019. Security Intelligence looked at how the group rose to such ubiquity in the threat landscape. It notes that while LockBit wasn’t the first Ransomware-as-a-Service operation, it engendered trust with the affiliates its used to help execute attack by putting them in charge of negotiations and payments. Combined with a rapidly improving malware stack, LockBit’s services maintained a high demand among threat actors. The group also embraced a more professional approach, making calls for academic papers on dark web forums, creating easy-to-use dashboards to onboard less technically savvy clients, and launching a bug bounty.?
NPM spam causes DDoS
A new report from Checkmarx documented how threat actors made the NPM repository unstable with what effectively became a DDoS attack. This used malicious websites to publish empty packages, pushing the number of packages version on NPM up 77% in a very short time. These packages carried links to malicious sites. So it doesn’t appear these packages were meant to take NPM down, instability came from the sheer glut of automation. Checkmarx recommends npm integrate anti-bot spotting techniques for account creation.
Private tweets appearing in For You timelines
By design, the Twitter Circle feature allows users to publish tweets only viewable by a select group of followers. In what appears to be a bug, users report seeing Twitter Circle content in their public For You feed. According to TechCrunch’s Amanda Silberling, these posts showed the retweet button disabled, and clicking through made the content disappear. This comes after users reported a bug in Circle last month where content posted didn’t carry a green banner to indicate private publishing.?