Kentik Blog

This week’s top story picks from the Kentik team.

Reports this week suggest a Russian teleco started providing internet connectivity to North Korea. Russia also made headlines for its covert efforts to steal secrets from the NSA. Oracle made a bunch of news with its OpenWorld conference this week, including taking aim at AWS. And Google disclosed seven vulnerabilities in DNS’ Dnsmasq software.

Here are those headlines and more:

• Russia Provides New Internet Connection to North Korea (38 North)
  “A major Russian telecommunications company appears to have begun providing an internet connection to North Korea. The new link supplements one from China and will provide back-up to Pyongyang at a time the US government is reportedly attacking its Internet infrastructure and pressuring China to end all business with North Korea,” reports Johns Hopkins blog 38 North.
• Russia Reportedly Stole NSA Secrets with Help of Kaspersky (Ars Technica)
  While not yet confirmed, a story out Thursday suggests, “Hackers working for the Russian government stole confidential material from a National Security Agency contractor’s home computer after identifying files though the contractor’s use of antivirus software from Moscow-based Kaspersky Lab.”
• Oracle Corp.’s Larry Ellison Takes Aim at Amazon (Wall Street Journal)
  Oracle OpenWorld began on Sunday. In his opening keynote, Company Chairman Larry Ellison took aim at Amazon AWs. He “ran through several demonstrations of Oracle Database 18c, saying customers would pay several times more using Amazon’s technology,” reports the WSJ. Oracle’s new database, due out in December, “will autonomously provision only the computing resources as customers need them… [and] Oracle will guarantee its bill will be less than half what Amazon would charge customers for a similar service and less than 30 minutes per year of downtime.”
• NIST, DHS Partner to Establish Internet Routing System Security Standards (ExecutiveGov)
  The U.S. National Institute of Standards and Technology and the Department of Homeland Security have worked together to create new internet security standards. “BGP as currently deployed has no built-in security mechanisms, so it is common to see examples of ‘route hijacks’ and ‘path detours’ by malicious parties meant to capture, eavesdrop upon or deny legitimate internet data exchanges,” Doug Montgomery, an NIST computer scientist, said in regards to the new standards.
• Misconfig in Elasticsearch Leaks NFL Sata (MacKeeper)
  A misconfigured Elasticsearch database was” used to collect data from Orchard Audit module that is tracking/analyzing user activity on a number of NFL related domains (mostly, nflpa.com) and sending back to the Elasticsearch for analysis,” according to the MacKeeper blog.
• Cloudflare Suspends Torrent Website for Cryptocurrency Miner ‘Malware’ (CoinDesk)
  Torrent site ProxyBunker said Cloudflare removed “all its relevant domains due to a miner hiding in the website’s code. A portal to other torrent sites, ProxyBunker had been running the ‘Coinhive’ monero miner for four days prior to the suspension,” reports CoinDesk.
• Yet More DNS and DHCP Vulnerabilities (Google Blog)
  A new blog post from Google talks about Dnsmasq, which “provides functionality for serving DNS, DHCP, router advertisements and network boot and is commonly installed in systems as varied as desktop Linux distributions (like Ubuntu), home routers, and IoT devices.” Google security engineers found “seven vulnerabilities including three potential remote code executions, one information leak, and three denial of service vulnerabilities” in the software.
• Most Companies Are Unprepared for DNS Attacks (HelpNetSecurity)
  On the topic of DNS vulnerabilities, Dimensional Research released results of a survey of more than 1,000 security and IT professionals worldwide this week. On the topic of DNS attacks, the survey found that “86 percent of DNS solutions failed to first alert teams of an occurring DNS attack, and nearly one-third of professionals doubted their company could defend against the next DNS attack.”

Until next week, follow us on Twitter and LinkedIn to see more of these headlines in real time.