Security News

A database containing personal information on 106 million international travelers to Thailand was exposed to the public internet this year, a Brit biz claimed this week. According to data from The World Bank, Thailand racked up almost 40 million international arrivals in 2019, a number that was on the rise every year pre-pandemic except for 2014, the year the country experienced a military coup.

After spending five years poring over port scan results, infosec firm Imperva reckons there's about 12,000 vulnerability-containing databases accessible through the internet. The news might prompt responsible database owners to double-check their updates and patching status, given the increasing attractiveness of databases and their contents to criminals and hostile foreign states alike.

Russian internet giant Yandex has been targeted in a massive distributed denial-of-service attack that started last week and reportedly continues this week. A report in Russian media says that the assault is the largest in the short history of the Russian internet, the RuNet, and that it was confirmed by a U.S.-based company.

Automated traffic takes up 64% of internet traffic - and whilst just 25% of automated traffic was made up by good bots, such as search engine crawlers and social network bots, 39% of all traffic was from bad bots, a Barracuda report reveals. These bad bots include both basic web scrapers and attack scripts, as well as advanced persistent bots.

Parts of New Zealand were cut off from the digital world today after a major local ISP was hit by an aggressive DDoS attack. Vocus - the country's third-largest internet operator which is behind brands including Orcon, Slingshot and Stuff Fibre - confirmed the cyberattack originated at one of its customers.

Threat actors are capitalizing on the growing popularity of proxyware platforms like Honeygain and Nanowire to monetize their own malware campaigns, once again illustrating how attackers are quick to repurpose and weaponize legitimate platforms to their advantage. "Malware is currently leveraging these platforms to monetize the internet bandwidth of victims, similar to how malicious cryptocurrency mining attempts to monetize the CPU cycles of infected systems," researchers from Cisco Talos said in a Tuesday analysis.

CISA's Bad Practices catalog includes practices the federal agency has deemed "Exceptionally risky" and not to be used by organizations in the government and the private sector as it exposes them to an unnecessary risk of having their systems compromised by threat actors. These dangerous practices are "Especially egregious" on Internet-exposed systems that threat actors could target and compromise remotely.

Vice has an article about how data brokers sell access to the Internet backbone. It's useful for cybersecurity forensics, but can also be used for things like tracing VPN activity.

Microsoft's Internet Explorer browser is barely usable after Microsoft officially ends support for the browser in Microsoft 365. For over a year, Microsoft has warned that Internet Explorer is being phased out and that users who continue to use it should switch to other browsers, such as Microsoft Edge.

Tens of thousands of internet-exposed Microsoft Exchange servers appear to be affected by the ProxyShell vulnerabilities, and they could get compromised at any moment considering that threat actors are already scanning the web for vulnerable devices. ProxyShell is the name given to a series of vulnerabilities - CVE-2021-34473, CVE-2021-34523 and CVE-2021-31207 - that can be chained for unauthenticated remote code execution, allowing an attacker to take complete control of an Exchange server.