New Revelations from the Snowden Documents

Jake Appelbaum’s PhD thesis contains several new revelations from the classified NSA documents provided to journalists by Edward Snowden. Nothing major, but a few more tidbits.

Kind of amazing that that all happened ten years ago. At this point, those documents are more historical than anything else.

And it’s unclear who has those archives anymore. According to Appelbaum, The Intercept destroyed their copy.

I recently published an essay about my experiences ten years ago.


Latwell Nyangu

A CHINESE medical team provided free medical diagnosis and treatment to hundreds of villagers in Shamva on Tuesday.

The initiative was organised by gold miner, Ming Chang Sino Africa, which provided a mobile clinic through which the villagers could access the 11-member medical team.

Brief lectures on malaria, HIV/AIDS and first aid were also conducted.

The Ming Chang initiative is part of a growing social responsibility portfolio for the company that includes road and school construction.

“We have been in Zimbabwe since March and we are the 20th mission on this long-standing government-to-government programme which has been running for 38 years now.

“We are working and moving around hospitals, sometimes supporting clinics as ordinary outpatients’ department (OPD) support.

“Sometimes, we share ideas around traditional Chinese medicine while looking at opportunities to expand departments in Zimbabwe’s health system,” said head of the medical unit, Zhang Yao.

Ming Chang general manager, Liang Guo Du, said the mine also donated drugs and traditional medicine.

“Villages from nearby are being assisted to reach referral centres by Ming Chang and the plan is to bring the medical team back or send it to a different area so that people get free medical care,” he said.


Pro-Russia hacker group NoName launched a DDoS attack on Canadian airports causing severe disruptions

Pro-Russia hacker group NoName is suspected to have launched a cyberattack that caused border checkpoint outages at several Canadian airports.

A massive DDoS cyber attack, likely carried out by Pro-Russia hacker group NoName, severely impacted operations at several Canadian airports last week, reported Recorded Future News.

Canada Border Services Agency (CBSA) was able to mitigate the attack after a few hours.

The Canada Border Services Agency (CBSA) confirmed that the attack impacted check-in kiosks and electronic gates at airports.

The cyber attack caused delays in the processing of arrivals for more than an hour at border checkpoints across the country.

“The Canada Border Services Agency (CBSA) finally confirmed on Tuesday that “connectivity issues that affected kiosks and electronic gates at airports” are the result of a distributed denial of service (DDoS) attack.” reported the Canadian media outlet La Presse.

“However, the Russian-speaking gang specializing in this type of hacking NoName057 precisely targeted the federal agency, according to its Telegram page. “We are working closely with our partners to assess the situation and investigate. The safety of Canadians and travelers is the CBSA’s top priority and no personal information has been disclosed following these attacks,” said a spokesperson for the organization, Maria Ladouceur.”

The Canadian authorities are investigating the security incident with the help of its partners. At this time there is no evidence of a data breach.

“The safety and security of Canadians and travelers is the CBSA’s top priority,” said CBSA. “No personal information has been disclosed following these attacks.”

A few days ago, the Pro-Russia group NoName057(16) announced to have launched DDoS attacks on several Canadian organizations, including CBSA, the Canadian Air Transport Security Authority, and the Senate. However CBSA has not attributed the DDoS attack to the Pro-Russia group.

NoName DDoS Canada

NoName claims that the DDoS campaign is the response of the group to support offered by Canada to Ukraine.

The Canadian Centre for Cyber Security published an alert warning of a Distributed Denial of Service campaign targeting multiple Canadian sectors.

“Since 13 September 2023, the Cyber Centre has been aware and responding to reports of several distributed denial of service (DDoS ) campaigns targeting multiple levels within the Government of Canada, as well as the financial and transportation sectors.” reads the alert. “This Alert is being published to raise awareness of these campaigns, to highlight the potential impact to government services and to provide guidance for organizations who may be targeted by malicious activity.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Noname)

The post Pro-Russia hacker group NoName launched a DDoS attack on Canadian airports causing severe disruptions appeared first on Security Affairs.

NEIGHBOURGATE. . . married man accused of impregnating neighbour’s wife

Arron Nyamayaro

A MARRIED man is being accused of impregnating his neighbour’s wife.

Kudakwashe Nherera was confronted by Noel Macheredze (36), who is accusing him of impregnating his wife, Patient Chipo Ncube.

Noel made Patient pack her bags and leave after finding love messages between her and Kudakwashe.

The messages exposed Patient for engaging in sexual intercourse with Kudakwashe several times.

Noel confiscated Patient’s mobile phone and went through the love messages between her and Kudakwashe, and other men she had been hooking up, while her husband was in South Africa.

Among the messages, Patient indicated that she wanted to continue enjoying sex with Kudakwashe, saying he was better in bed than Noel.

Zuva riya wakapotsa wandimitisa. Nhasi huya zvakare nekuti ndakusuwa. Uye ndikaita mimba bho nekuti baba vekwangu mmmm,” reads one of the messages.

Patient Chipo Ncube

Kudakwashe confirmed bedding Patient and referred to her as a ‘whore.’

“I was not aware that Patient was married to my brother’s friend Noel,” said Kudakwashe.

Ndakasangana naye mubhawa ini. 

“I do not know why Noel accused me only when his wife had several lovers in the hood.

“He must not bother me over Patient, after all they have one child together,” said Kudakwashe.

Patient accused Noel’s sister, only identified as Mai Fungai, of ruining her marriage.

“I am the one who decided to pack my belongings and leave Noel because he believed everything he was told by Mai Fungai,” said Patient.

“When Noel returned from South Africa, he was fed falsehoods. 

“They accused me of dating Kudakwashe.

Ini handina nhumbu ini, ndezvekwake izvo. I have since moved out and staying with my parents in Hwange.

Akatondigonera ndakufurwa nemhepo ndaishaya kuti ndobvasei kumba kwake,” said Patient.

Noel told H-Metro that he regretted taking his family to Chivhu.

“We had been living together peacefully and I decided to rent a house for my family in Chivhu. She does not have a birth certificate and so this made it difficult to continue living with her in South Africa.

“I had been returning home after every two months and my wife started cheating on me by inviting several lovers into our matrimonial bedroom.

“She would go to her parents in Hwange every time fearing that neighbours would inform me about her shenanigans.

Varume vose varipedo vaipinzwa mumba mangu,” said Noel.

Source: NEIGHBOURGATE. . . married man accused of impregnating neighbour’s wife


Zvikomborero Parafini 

TWO people lost thousands of dollars to a fraudster who masqueraded as an agent who could facilitate their movement to China as English teachers.

Tonderai Nyamhuno appeared before magistrate Dennis Mangosi on fraud charges.

The court heard that in June,  — Tendai Victoria Sithole and Tanyaradzwa Sithole — looked for job vacancies online and came across an article on Facebook advertising English teaching vacancies in China.

The article had a WeChat ID.

Tendai logged into the WeChat ID and started chatting with Nyamhuno, who pretended to be Luxian Xing Zhou.

Nyamhuno referred them to another impostor, Takudzwa Mapfumo, who he said was in Zimbabwe and had applied for a teaching vacancy in China.

They started chatting with the said Mapfumo, who confirmed having been assisted by Xing Zhou to travel to China.

Tendai and Tanyaradzwa paid                 US$4 835, but found out that they had been duped after Nyamhuno became evasive and sent a Shona message by mistake.


Experts found critical flaws in Nagios XI network monitoring software

Researchers discovered multiple vulnerabilities in the Nagios XI network and IT infrastructure monitoring and management solution.

Researchers discovered four vulnerabilities (CVE-2023-40931, CVE-2023-40932, CVE-2023-40933, CVE-2023-40934) in the Nagios XI network and IT infrastructure monitoring solution that could lead to information disclosure and privilege escalation.

Nagios XI provides monitoring of all mission-critical infrastructure components including applications, services, operating systems, network protocols, systems metrics, and network infrastructure. It is used by thousands of organizations worldwide. 

Outpost24 researcher Astrid Tedenbrant discovered the issues during some standard research.

The flaws impact Nagios XI version 5.11.1 and lower. The CVE-2023-40931, CVE-2023-40933 and CVE-2023-40934 vulnerabilities are SQL Injection issues. An attacker can trigger the flaws to escalate privileges in the product and obtain sensitive user data, including password hashes and API tokens.

The vulnerability CVE-2023-40932 is a cross-site scripting flaw via the Custom Logo component. An attacker can trigger the flaw to read and modify page data, including plain-text passwords from login forms.

“Three of these vulnerabilities (CVE-2023-40931, CVE-2023-40933 and CVE-2023-40934) allow users, with various levels of privileges, to access database fields via SQL Injections. The data obtained from these vulnerabilities may be used to further escalate privileges in the product and obtain sensitive user data such as password hashes and API tokens.” reads the post published by Outpost24. “The fourth vulnerability (CVE-2023-40932) allows Cross-Site Scripting via the Custom Logo component, which will render on every page, including the login page. This may be used to read and modify page data, such as plain-text passwords from login forms.”

The company addressed the vulnerabilities on September 11, 2023, with the release of version 5.11.2.

In September 2021, researchers from industrial cybersecurity firm Claroty discovered eleven vulnerabilities in Nagios.

The vulnerabilities could lead to server-side request forgery (SSRF), spoofing, local privilege escalation, remote code execution and information disclosure.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Nagios XI)

The post Experts found critical flaws in Nagios XI network monitoring software appeared first on Security Affairs.

The dark web drug marketplace PIILOPUOTI was dismantled by Finnish Customs

Finnish police announced the takedown of the dark web marketplace PIILOPUOTI which focuses on the sale of illegal narcotics.

Finnish Customs announced the seizure of the dark web marketplace Piilopuoti as part of an international law enforcement operation. The dark web marketplace PIILOPUOTI has been active since May 18, 2022.

“The site operated as a hidden service in the encrypted Tor network. The site has been used in anonymous criminal activities such as narcotics trade. As a rule, the narcotics sold on the site were smuggled to Finland from abroad.” reads the press release published by Finnish Customs. “During the preliminary investigation into the case, Finnish Customs has conducted extensive cooperation with German and Lithuanian authorities, as well as Europol, the European Union Agency for Criminal Justice Cooperation (Eurojust), authorities of other countries, and various police units in Finland.”

PIILOPUOTI dark web marketplace

The investigation was conducted by authorities from Germany and Lithuania (German Federal Criminal Office (Bundeskriminalamt) and the Lithuanian Criminal Police Bureau (Lietuvos kriminalinės policijos biuras)) and was coordinated by Europol and Eurojust. The cybersecurity firm Bitdefender also supported the investigation.

According to the EUROPOL, the investigation is still ongoing, and law enforcement bodies are working to identify the sellers and users on the platform.

“This successful takedown happened just days ahead of the annual Dark Web Conference which will take place at Europol’s headquarters between 4-5 October. This event, restricted to law enforcement, will bring together over 180 investigators from across the world to discuss the latest criminal trends and developments on the dark web.” reads the press release published by Europol. 

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, PIILOPUOTI)

The post The dark web drug marketplace PIILOPUOTI was dismantled by Finnish Customs appeared first on Security Affairs.

International Criminal Court hit with a cyber attack

A cyberattack hit the International Criminal Court (ICC) disclosed a cyberattack this week, its systems were compromised last week.

The International Criminal Court (ICC) announced that threat actors have breached its systems last week. The experts at the International Criminal Court discovered the intrusion after having detected anomalous activity affecting its information systems.

The International Criminal Court (ICC) is an intergovernmental organization and a permanent international tribunal established to prosecute individuals for the most serious international crimes, including genocide, crimes against humanity, war crimes, and the crime of aggression. It was established by the Rome Statute, which entered into force on July 1, 2002. The ICC is headquartered in The Hague, Netherlands.

The organization immediately activated the incident response plan to mitigate the incident.

“At the end of last week, the International Criminal Court’s services detected anomalous activity affecting its information systems. Immediate measures were adopted to respond to this cyber security incident and to mitigate its impact. Additional response and security measures are now ongoing, with the assistance of the Host Country authorities. As the Court continues to analyse and mitigate the impact of this incident, priority is also being given to ensuring that the core work of the Court continues. The Court is thankful to the Host Country for the excellent cooperation and the immediate response and support provided in relation to this incident. Looking forward, the Court will be building on existing work presently underway to strengthen its cyber security framework, including accelerating its use of cloud technology. In this context, support from States Parties and stakeholders remains critical to further enhance institutional resilience under challenging circumstances. The Court will not be providing further information in relation to this incident at present.” reads the statement published by ICC.

The Court immediately reported the incident to the Dutch authorities and announced additional measures to strengthen its cybersecurity posture.

The ICC has not shared details about the cyber attack, it is unclear if the attackers have stolen information from the organization.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, International Criminal Court)

The post International Criminal Court hit with a cyber attack appeared first on Security Affairs.

On the Cybersecurity Jobs Shortage

In April, Cybersecurity Ventures reported on extreme cybersecurity job shortage:

Global cybersecurity job vacancies grew by 350 percent, from one million openings in 2013 to 3.5 million in 2021, according to Cybersecurity Ventures. The number of unfilled jobs leveled off in 2022, and remains at 3.5 million in 2023, with more than 750,000 of those positions in the U.S. Industry efforts to source new talent and tackle burnout continues, but we predict that the disparity between demand and supply will remain through at least 2025.

The numbers never made sense to me, and Ben Rothke has dug in and explained the reality:

…there is not a shortage of security generalists, middle managers, and people who claim to be competent CISOs. Nor is there a shortage of thought leaders, advisors, or self-proclaimed cyber subject matter experts. What there is a shortage of are computer scientists, developers, engineers, and information security professionals who can code, understand technical security architecture, product security and application security specialists, analysts with threat hunting and incident response skills. And this is nothing that can be fixed by a newbie taking a six-month information security boot camp.


Most entry-level roles tend to be quite specific, focused on one part of the profession, and are not generalist roles. For example, hiring managers will want a network security engineer with knowledge of networks or an identity management analyst with experience in identity systems. They are not looking for someone interested in security.

In fact, security roles are often not considered entry-level at all. Hiring managers assume you have some other background, usually technical before you are ready for an entry-level security job. Without those specific skills, it is difficult for a candidate to break into the profession. Job seekers learn that entry-level often means at least two to three years of work experience in a related field.

That makes a lot more sense, and matches what I experience.

GitLab addressed critical vulnerability CVE-2023-5009

GitLab rolled out security patches to address a critical vulnerability, tracked as CVE-2023-5009, that can be exploited to run pipelines as another user.

GitLab has released security patches to address a critical vulnerability, tracked as CVE-2023-5009 (CVSS score: 9.6), that allows an attacker to run pipelines as another user.

The issue resides in GitLab EE and affects all versions starting from 13.12 and prior to 16.2.7, all versions starting from 16.3 before 16.3.4.

“An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2.7, all versions starting from 16.3 before 16.3.4. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies. This was a bypass of [CVE-2023-3932] showing additional impact.” reads the advisory.

An attacker can exploit this vulnerability to access sensitive information or use the elevated permissions of the impersonated user to access or modify source code, or run arbitrary code on the system.

The company addressed the vulnerability with the release of 16.3.4 for Community Edition and 16.2.7 for Enterprise Edition.

The vulnerability was reported by the security researcher Johan Carlsson (aka joaxcar) through the GitLab HackerOne bug bounty program.

Carlsson explained that it took about two years and more than 100 written reports before its submission was accepted.

To reduce the risk of exploiting the vulnerability, researchers advise users who operate a GitLab instance with a version earlier than 16.2 to refrain from enabling both the ‘Direct Transfers’ and ‘Security Policies’ features concurrently.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, GitLab)

The post GitLab addressed critical vulnerability CVE-2023-5009 appeared first on Security Affairs.