The Federal Bureau of Investigation (FBI) has raised an alarm about Distributed-Denial-of-Service (DDoS) attacks. The threat actors have added three new network protocols and a web application to amplify such attacks. The three new attack vectors are CoAP (Constrained Application Protocol), WS-DD (Web Services Dynamic Discovery), ARMS (Apple Remote Management Service), and the Jenkins web-based automation software.
A major source code leak incident that arose due to misconfigured repositories has also come to the light in the last 24 hours. The affected companies include Microsoft, Adobe, Lenovo, AMD, Qualcomm, Motorola, Hisilicon, Mediatek, GE Appliances, Nintendo, Roblox, Disney, and Johnson Controls.
Top Breaches Reported in the Last 24 Hours
Dave security breach
The digital banking app, Dave, disclosed a security breach after a hacker published the details of over 7 million users on a public forum. The incident originated on the network of a former business partner, Waydev. As a preventive measure, the company has plugged the hacker’s point of entry and is in the process of notifying its customers. It has also reset passwords of all the accounts.
Source code leaked
Source code from exposed repositories of dozen of companies is publicly available as a result of a misconfiguration issue. The affected companies include big names such as Microsoft, Adobe, Lenovo, AMD, Qualcomm, Motorola, Hisilicon, Mediatek, GE Appliances, Nintendo, Roblox, Disney, and Johnson Controls
Top Vulnerabilities Reported in the Last 24 Hours
Kubernetes flaw fixed
A security issue found in the Kube-proxy, a networking component running on Kubernetes nodes, has been fixed recently. The flaw assigned CVE-2020-8558 exposed internal services of Kubernetes nodes, often run without authentication. This can allow an unauthorized attacker to gain complete control over the cluster and later deploy crypto miners.
New DDoS attack vectors
The FBI has sent an alert warning about the discovery of new network protocols that have been used to launch large scale DDoS attacks. The three new attack vectors are CoAP (Constrained Application Protocol), WS-DD (Web Services Dynamic Discovery), ARMS (Apple Remote Management Service), and the Jenkins web-based automation software as well.
Top Scams Reported in the Last 24 Hours
Scammers are using COVID-19 as a lure in yet another phishing scam that promises the recipient a government-funded tax cut. The email appears to come from the ‘Government Digital Service Team’ and claims to offer a rebate of nearly £400. Users should be wary of such emails and double check the source address of the sender to stay safe. They should also carefully examine the body of the email in order to find typos and errors.