Per the article, Stormshield is a major provider of network security products, some of which are used on sensitive projects, for the French government. Apparently, somebody got in through its customer support portal and stole data on clients. 😦They also took source code, for the very secure firewall. 😬 C. I. A triad. Confidentially got dinged. Integrity – if they took the source code I would be concerned because modifications can happen. Availability- well, things appear to be up and running but we don’t know what the endgame is.
Raise your hand if your business uses or has customer support portals – and every hand is up. Something else to consider as we still process the SolarWinds supply chain attack and where adversaries will seek out the weakest link for access.
Beware: New Matryosh DDoS botnet targeting Android-based Devices from The Hacker News
I’ve done some talks about weaponizing botnets, fun times with Mirai source code, and how Android’s debugging bridge feature, ADB, has been targeted. As reported by Qihoo 360 Netlab, this latest botnet reuses the Mirai botnet framework, propagates it via exposed instances of the ADB to infect a bunch of Android devices and -Voilà – botnet! Matryosh cleverly uses TOR for C2 communications to hide its activities, and nests commands in proxied layers.
ADB is a concern because while it should be off by default sometimes it gets left on for convenience. What could go wrong, right? Well, this allows for an unwanted, uninvited and unauthenticated user to remotely connect via the 5555 TCP port and exploits can happen. Do you know how many Android devices are in use right now? 🤭