February 22, 2022

From the editor:

Welcome to our first issue. Thanks for reading. This week, we explore several recent data leaks and breaches, provide links to new Magpie rules that help close data security gaps, and provide a helpful tip about using NAT gateways in AWS VPCs. We'll add new sections and topics over time. If you have feedback or suggestions, send a note to hello@openraven.com.

Malicious Kubernetes Helm Charts Can Be Used To Steal Sensitive Information From Argo CD Developments

February 3, 2022

Security Researchers at Apiiro have identified a zero-day vulnerability in Argo CD. Argo CD (Continuous Delivery) is a popular continuous delivery platform. The vulnerability, designated “CVE-2022-24348”, can allow a malicious actor to access API keys, passwords, secrets, tokens, among other sensitive information, which can be utilized in further attacks for privilege escalation and lateral movement. 

Data Security Perspective: Users of Argo CD are urged to immediately apply the patch for this vulnerability that has been released for multiple versions.

British Council Data Breach Leaks 10,000 Student Records

February 3, 2022

Security Researchers from Clario have identified a data breach that has exposed over 10,000 student records held by the British Council. The data, which included study durations, enrollment dates, email addresses, full names, and student IDs was held on an open Microsoft Azure blob repository. The blob container contained more than 144,000 files, according to researchers.

Data Security Perspective: Affected users should be aware of attempts to use the stolen personal information for fraudulent purposes. Organizations should ensure their services follow security policies to avoid unauthenticated access to data, especially sensitive data.

Telco Fined €9 Million For Hiding Cyberattack Impact From Customers

February 1, 2022

Hellenic Telecommunications Organization (OTE) have been fined €9 million related to sensitive customer information leaking from a breach. OTE Group is the largest technology company in Greece providing telecom services. The company was breached in 2020 and a threat actor stole 48GB of data that included age, gender, positional data, and plan information. 

Data Security Perspective: Data breaches are increasingly common and highly costly issues facing organizations. Open Raven identifies where sensitive data is stored and isn’t adequately protected. Products such as Open Raven, or Magpie, can discover and alert to exposed data, along with other security policy violations and prevent expensive data leaks.

Unsecured AWS Server Exposed 3TB In Airport Employee Records

January 31, 2022

An unsecured AWS S3 bucket exposed over one million files containing sensitive data. The data contained information related to employees of airports across Colombia and Peru and was stored in a bucket owned by security company Securitas. The exposed information included occupations, ID photos, names, PII, and airport information regarding planes, GPS, luggage handling, and fueling lines.

Data Security Perspective:  Cloud misconfigurations pose a massive risk to organizations and can have severe consequences. Organizations should ensure security policies are followed in order to prevent data exposure. Solutions such as Open Raven or Magpie can discover and alert about exposed data, along with other security policy violations.

Related Magpie Rules: aws-storage-s3-bucket-default-lock-enabled | aws-storage-s3-bucket-level-public-access-prohibited | aws-iam-and-security-iam-attached-policies | aws-security-best-practices

New Docker Cryptojacking Attempts Detected Over 2021 End-of-Year Holidays

January 27, 2022

Misconfigured Docker APIs have become a popular target with threat actors to mine cryptocurrency. Researchers at CrowdStrike have recently observed a crypto mining operation that targets exposed Docker APIs to deploy a Monero miner. A series of bash scripts are used to stop containers, run xmrig, and scan IP ranges. Many groups have been taking advantage of Docker’s misconfigurations, including Kissing, TeamTNT, and WatchDog.

Data Security Perspective: Docker users should ensure they correctly configure their containers. Additionally, users should only use images from trusted sources.

Did You Know?

....the default NAT gateway timeout in an AWS VPC is 5 minutes and 50 seconds? If you’re running Kubernetes (K8s) infrastructure in an AWS VPC through a NAT gateway check out our blog post to learn more.