Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label API. Show all posts
Technology
AI AI vulnerabilities API Artificial Intelligence CERT-In CyberCrime Cyberhackers CyberThreat Technology

AI as a Key Solution for Mitigating API Cybersecurity Threats

 


Artificial Intelligence (AI) is continuously evolving, and it is fundamentally changing the cybersecurity landscape, enabling organizations to mitigate vulnerabilities more effectively as a result. As artificial intelligence has improved the speed and scale with which threats can be detected and responded, it has also introduced a range of complexities that necessitate a hybrid approach to security management. 

An approach that combines traditional security frameworks with human-digital interventions is necessary. There is one of the biggest challenges AI presents to us, and that is the expansion of the attack surface for Application Programming Interfaces (APIs). The proliferation of AI-powered systems raises questions regarding API resilience as sophisticated threats become increasingly sophisticated. As AI-driven functionality is integrated into APIs, security concerns have increased, which has led to the need for robust defensive strategies. 

In the context of AI security, the implications of the technology extend beyond APIs to the very foundation of Machine Learning (ML) applications as well as large language models. Many of these models are trained on highly sensitive datasets, raising concerns about their privacy, integrity, and potential exploitation. When training data is handled improperly, unauthorized access can occur, data poisoning can occur, and model manipulation may occur, which can further increase the security vulnerability. 

It is important to note, however, that artificial intelligence is also leading security teams to refine their threat modeling strategies while simultaneously posing security challenges. Using AI's analytical capabilities, organizations can enhance their predictive capabilities, automate risk assessments, and implement smarter security frameworks that can be adapted to the changing environment. By adapting to this evolution, security professionals are forced to adopt a proactive and adaptive approach to reducing potential threats. 

Using artificial intelligence effectively while safeguarding digital assets requires an integrated approach that combines traditional security mechanisms with AI-driven security solutions. This is necessary to ensure an effective synergy between automation and human oversight. Enterprises must foster a comprehensive security posture that integrates both legacy and emerging technologies to be more resilient in the face of a changing threat landscape. However, the deployment of AI in cybersecurity requires a well-organized, strategic approach. While AI is an excellent tool for cybersecurity, it does need to be embraced in a strategic and well-organized manner. 

Building a robust and adaptive cybersecurity ecosystem requires addressing API vulnerabilities, strengthening training data security, and refining threat modeling practices. A major part of modern digital applications is APIs, allowing seamless data exchange between various systems, enabling seamless data exchange. However, the widespread adoption of APIs has also led to them becoming prime targets for cyber threats, which have put organizations at risk of significant risks, such as data breaches, financial losses, and disruptions in services.

AI platforms and tools, such as OpenAI, Google's DeepMind, and IBM's Watson, have significantly contributed to advancements in several technological fields over the years. These innovations have revolutionized natural language processing, machine learning, and autonomous systems, leading to a wide range of applications in critical areas such as healthcare, finance, and business. Consequently, organizations worldwide are turning to artificial intelligence to maximize operational efficiency, simplify processes, and unlock new growth opportunities. 

While artificial intelligence is catalyzing progress, it also introduces potential security risks. In addition to manipulating the very technologies that enable industries to orchestrate sophisticated cyber threats, cybercriminals can also use those very technologies. As a result, AI is viewed as having two characteristics: while it is possible for AI-driven security systems to proactively identify, predict, and mitigate threats with extraordinary accuracy, adversaries can weaponize such technologies to create highly advanced cyberattacks, such as phishing schemes and ransomware. 

It is important to keep in mind that, as AI continues to grow, its role in cybersecurity is becoming more complex and dynamic. Organizations need to take proactive measures to protect their organizations from AI attacks by implementing robust frameworks that harness its defensive capabilities and mitigate its vulnerabilities. For a secure digital ecosystem that fosters innovation without compromising cybersecurity, it will be crucial for AI technologies to be developed ethically and responsibly. 

The Application Programming Interface (API) is the fundamental component of digital ecosystems in the 21st century, enabling seamless interactions across industries such as mobile banking, e-commerce, and enterprise solutions. They are also a prime target for cyber-attackers due to their widespread adoption. The consequences of successful breaches can include data compromises, financial losses, and operational disruptions that can pose significant challenges to businesses as well as consumers alike. 

Pratik Shah, F5 Networks' Managing Director for India and SAARC, highlighted that APIs are an integral part of today's digital landscape. AIM reports that APIs account for nearly 90% of worldwide web traffic and that the number of public APIs has grown 460% over the past decade. Despite this rapid proliferation, the company has been exposed to a wide array of cyber risks, including broken authentication, injection attacks, and server-side request forgery. According to him, the robustness of Indian API infrastructure significantly influences India's ambitions to become a global leader in the digital industry. 

“APIs are the backbone of our digital economy, interconnecting key sectors such as finance, healthcare, e-commerce, and government services,” Shah remarked. Shah claims that during the first half of 2024, the Indian Computer Emergency Response Team (CERT-In) reported a 62% increase in API-targeted attacks. The extent of these incidents goes beyond technical breaches, and they represent substantial economic risks that threaten data integrity, business continuity, and consumer trust in addition to technological breaches.

Aside from compromising sensitive information, these incidents have also undermined business continuity and undermined consumer confidence, in addition to compromising business continuity. APIs will continue to be at the heart of digital transformation, and for that reason, ensuring robust security measures will be critical to mitigating potential threats and protecting organisational integrity. 


Indusface recently published an article on API security that underscores the seriousness of API-related threats for the next 20 years. There has been an increase of 68% in attacks on APIs compared to traditional websites in the report. Furthermore, there has been a 94% increase in Distributed Denial-of-Service (DDoS) attacks on APIs compared with the previous quarter. This represents an astounding 1,600% increase when compared with website-based DDoS attacks. 

Additionally, bot-driven attacks on APIs increased by 39%, emphasizing the need to adopt robust security measures that protect these vital digital assets from threats. As a result of Artificial Intelligence, cloud security is being transformed by enhancing threat detection, automating responses, and providing predictive insights to mitigate cyber risks. 

Several cloud providers, including Google Cloud, Microsoft, and Amazon Web Services, employ artificial intelligence-driven solutions for monitoring security events, detecting anomalies, and preventing cyberattacks.

The solutions include Chronicle, Microsoft Defender for Cloud, and Amazon GuardDuty. Although there are challenges like false positives, adversarial AI attacks, high implementation costs, and concerns about data privacy, they are still important to consider. 

Although there are still some limitations, advances in self-learning AI models, security automation, and quantum computing are expected to raise AI's profile in the cybersecurity space to a higher level. The cloud environment should be safeguarded against evolving threats by using AI-powered security solutions that can be deployed by businesses.
Read more »
Privacy
API AT&T Credentials Google Cloud Privacy

Weak Cloud Credentials Behind Most Cyber Attacks: Google Cloud Report

 



A recent Google Cloud report has found a very troubling trend: nearly half of all cloud-related attacks in late 2024 were caused by weak or missing account credentials. This is seriously endangering businesses and giving attackers easy access to sensitive systems.


What the Report Found

The Threat Horizons Report, which was produced by Google's security experts, looked into cyberattacks on cloud accounts. The study found that the primary method of access was poor credential management, such as weak passwords or lack of multi-factor authentication (MFA). These weak spots comprised nearly 50% of all incidents Google Cloud analyzed.

Another factor was screwed up cloud services, which constituted more than a third of all attacks. The report further noted a frightening trend of attacks on the application programming interfaces (APIs) and even user interfaces, which were around 20% of the incidents. There is a need to point out several areas where cloud security seems to be left wanting.


How Weak Credentials Cause Big Problems

Weak credentials do not just unlock the doors for the attackers; it lets them bring widespread destruction. For instance, in April 2024, over 160 Snowflake accounts were breached due to the poor practices regarding passwords. Some of the high-profile companies impacted included AT&T, Advance Auto Parts, and Pure Storage and involved some massive data leakages.

Attackers are also finding accounts with lots of permissions — overprivileged service accounts. These simply make it even easier for hackers to step further into a network, bringing harm to often multiple systems within an organization's network. Google concluded that more than 60 percent of all later attacker actions, once inside, involve attempts to step laterally within systems.

The report warns that a single stolen password can trigger a chain reaction. Hackers can use it to take control of apps, access critical data, and even bypass security systems like MFA. This allows them to establish trust and carry out more sophisticated attacks, such as tricking employees with fake messages.


How Businesses Can Stay Safe

To prevent such attacks, organizations should focus on proper security practices. Google Cloud suggests using multi-factor authentication, limiting excessive permissions, and fixing misconfigurations in cloud systems. These steps will limit the damage caused by stolen credentials and prevent attackers from digging deeper.

This report is a reminder that weak passwords and poor security habits are not just small mistakes; they can lead to serious consequences for businesses everywhere.


Read more »
PayPal
API Cyber Crime DocuSign phishing scams Norton PayPal

Fake Invoices Spread Through DocuSign’s API in New Scam

 



Cyber thieves are making use of DocuSign's Envelopes API to send fake invoices in good faith, complete with names that are giveaways of well-known brands such as Norton and PayPal. Because these messages are sent from a verified domain - namely DocuSign's - they go past traditional email security methods and therefore sneak through undetected as malicious messages.

How It Works

DocuSign is an electronic signing service that the user often provides for sending, signing, and managing documents in a digital manner. Using the envelopes API within its eSignature system, document requests can be sent out, signed, and tracked entirely automatically. Conversely, attackers discovered how to take advantage of this API, where accounts set up for free by paying customers on DocuSign are available to them, giving them access to the templates and the branding feature. They now can create fake-looking invoices that are almost indistinguishable from official ones coming from established companies.

These scammers use the "Envelopes: create" function to send an enormous number of fake bills to a huge list of recipients. In most cases, the charges in the bill are very realistic and therefore appear more legitimate. In order to get a proper signature, attackers command the user to "sign" the documents. The attackers then use the signed document to ask for payment. In some other instances, attackers will forward the "signed" documents directly to the finance department to complete the scam.


Mass Abuse of the DocuSign Platform

According to the security research firm Wallarm, this type of abuse has been ongoing for some time. The company noted that this mass exploitation is exposed by DocuSign customers on online forums as users have marked complaints about constant spamming and phishing emails from the DocuSign domain. "I'm suddenly receiving multiple phishing emails per week from docusign.net, and there doesn't seem to be an obvious way to report it," complained one user.

All of these complaints imply that such abuse occurs on a really huge scale, which makes the attacker's spread of false invoices very probably done with some kind of automation tools and not done by hand.

Wallarm already has raised the attention of the abuse at DocuSign, but it is not clear what actions or steps, if any, are being taken by DocuSign in order to resolve this issue.


Challenges in Safeguarding APIs Against Abuse

Such widespread abuse of the DocuSign Envelopes API depicts how openness in access can really compromise the security of API endpoints. Although the DocuSign service is provided for verified businesses to utilise it, the attack teams will buy valid accounts and utilize these functions offered by the API for malicious purposes. It does not even resemble the case of the DocuSign company because several other companies have had the same abuses of their APIs as well. For instance, hackers used APIs to search millions of phone numbers associated with Authy accounts to validate them, scraping information about millions of Dell customers, matching millions of Trello accounts with emails, and much more.

The case of DocuSign does show how abuses of a platform justify stronger protections for digital services that enable access to sensitive tools. Because these API-based attacks have become so widespread, firms like DocuSign may be forced to consider further steps they are taking in being more watchful and tightening the locks on the misuses of their products with regards to paid accounts in which users have full access to the tools at their disposal.


Read more »
Opera Browser
API Browser Security Browser Vulnerability Cyber Attacks data security DNS Opera Browser

CrossBarking Exploit in Opera Browser Exposes Users to Extensive Risks

 

A new browser vulnerability called CrossBarking has been identified, affecting Opera users through “private” APIs that were meant only for select trusted sites. Browser APIs bridge websites with functionalities like storage, performance, and geolocation to enhance user experience. Most APIs are widely accessible and reviewed, but private ones are reserved for preferred applications. Researchers at Guardio found that these Opera-specific APIs were vulnerable to exploitation, especially if a malicious Chrome extension gained access. Guardio’s demonstration showed that once a hacker gained access to these private APIs through a Chrome extension — easily installable by Opera users — they could run powerful scripts in a user’s browser context. 
The malicious extension was initially disguised as a harmless tool, adding pictures of puppies to web pages. 

However, it also contained scripts capable of extensive interference with Opera settings. Guardio used this approach to hijack the settingsPrivate API, which allowed them to reroute a victim’s DNS settings through a malicious server, providing the attacker with extensive visibility into the user’s browsing activities. With control over the DNS settings, they could manipulate browser content and even redirect users to phishing pages, making the potential for misuse significant. Guardio emphasized that getting malicious extensions through Chrome’s review process is relatively easier than with Opera’s, which undergoes a more intensive manual review. 

The researchers, therefore, leveraged Chrome’s automated, less stringent review process to create a proof-of-concept attack on Opera users. CrossBarking’s implications go beyond Opera, underscoring the complex relationship between browser functionality and security. Opera took steps to mitigate this vulnerability by blocking scripts from running on private domains, a strategy that Chrome itself uses. However, they have retained the private APIs, acknowledging that managing security with third-party apps and maintaining functionality is a delicate balance. 

Opera’s decision to address the CrossBarking vulnerability by restricting script access to domains with private API access offers a practical, though partial, solution. This approach minimizes the risk of malicious code running within these domains, but it does not fully eliminate potential exposure. Guardio’s research emphasizes the need for Opera, and similar browsers, to reevaluate their approach to third-party extension compatibility and the risks associated with cross-browser API permissions.


This vulnerability also underscores a broader industry challenge: balancing user functionality with security. While private APIs are integral to offering customized features, they open potential entry points for attackers when not adequately protected. Opera’s reliance on responsible disclosure practices with cybersecurity firms is a step forward. However, ongoing vigilance and a proactive stance toward enhancing browser security are essential as threats continue to evolve, particularly in a landscape where third-party extensions can easily be overlooked as potential risks.


In response, Opera has collaborated closely with researchers and relies on responsible vulnerability disclosures from third-party security firms like Guardio to address any potential risks preemptively. Security professionals highlight that browser developers should consider the full ecosystem, assessing how interactions across apps and extensions might introduce vulnerabilities.
Read more »
Google Updates
Ad Blockers API Chrome Extensions Cyber Security Google Google Chrome Google Chrome security Google Updates

The Impact of Google’s Manifest V3 on Chrome Extensions

 

Google’s Manifest V3 rules have generated a lot of discussion, primarily because users fear it will make ad blockers, such as Ublock Origin, obsolete. This concern stems from the fact that Ublock Origin is heavily used and has been affected by these changes. However, it’s crucial to understand that these new rules don’t outright disable ad blockers, though they may impact some functionality. The purpose of Manifest V3 is to enhance the security and privacy of Chrome extensions. A significant part of this is limiting remote code execution within extensions, a measure meant to prevent malicious activities that could lead to data breaches. 

This stems from incidents like DataSpii, where extensions harvested sensitive user data including tax returns and financial information. Google’s Manifest V3 aims to prevent such vulnerabilities by introducing stricter regulations on the code that can be used within extensions. For developers, this means adapting to new APIs, notably the WebRequest API, which has been altered to restrict certain network activities that extensions used to perform. While these changes are designed to increase user security, they require extension developers to modify how their tools work. Ad blockers like Ublock Origin can still function, but some users may need to manually enable or adjust settings to get them working effectively under Manifest V3. 

Although many users believe that the update is intended to undermine ad blockers—especially since Google’s main revenue comes from ads—the truth is more nuanced. Google maintains that the changes are intended to bolster security, though skepticism remains high. Users are still able to use ad blockers such as Ublock Origin or switch to alternatives like Ublock Lite, which complies with the new regulations. Additionally, users can choose other browsers like Firefox that do not have the same restrictions and can still run extensions under their older, more flexible frameworks. While Manifest V3 introduces hurdles, it doesn’t spell the end for ad blockers. The changes force developers to ensure that their tools follow stricter security protocols, but this could ultimately lead to safer browsing experiences. 

If some extensions stop working, alternatives or updates are available to address the gaps. For now, users can continue to enjoy ad-free browsing with the right tools and settings, though they should remain vigilant in managing and updating their extensions. To further protect themselves, users are advised to explore additional options such as using privacy-focused extensions like Privacy Badger or Ghostery. For more tech-savvy individuals, setting up hardware-based ad-blocking solutions like Pi-Hole can offer more comprehensive protection. A virtual private network (VPN) with built-in ad-blocking capabilities is another effective solution. Ultimately, while Manifest V3 may introduce limitations, it’s far from the end of ad-blocking extensions. 

Developers are adapting, and users still have a variety of tools to block intrusive ads and enhance their browsing experience. Keeping ad blockers up to date and understanding how to manage extensions is key to ensuring a smooth transition into Google’s new extension framework.
Read more »
Sensitive data
API Cyber Security Finance Healthcare NHIs Sensitive data

Why Non-Human Identities Are the New Cybersecurity Nightmare







In April, business intelligence company Sisense fell victim to a critical security breach that exposed all vulnerability in managing non-human identities (NHIs). The hackers accessed the company's GitLab repository that contained hardcoded SSH keys, API credentials, and access tokens. Indeed, this really opened the book on why NHIs are a must and how indispensable they have become in modern digital ecosystems.

Unlike human users, NHIs such as service accounts, cloud instances, APIs, and IoT manage data flow and automate processes. Therefore, in the majority of enterprise networks, with NHIs now far outscaling human users, their security is crucial to prevent cyberattacks and ensure business continuity.

The Threat of Non-Human Identities

With thousands or even millions of NHIs in use within an organisation, no wonder cybercrooks are turning their attention to these. Typically, digital identities are less comprehensively understood and protected, so that easily becomes an easy target for them. In fact, data breaches involving NHIs have already become more widespread, especially as companies increase their usage of cloud infrastructures and automation.

Healthcare and finance are basically soft targets because these industries have strict regulations on compliance. Getting found in violation of standards such as the Health Insurance Portability and Accountability Act (HIPAA) or the Payment Card Industry Data Security Standard (PCI DSS) could come in the form of a fine, reputational damage, and a loss of customer trust.

Why Secure NHIs?

With the complexity of digital ecosystems constantly growing, the security of NHIs becomes all the more important. Companies are drifting toward a "zero-trust" security model, where no user--neither human nor non-human-is trusted by default. Every access request needs to be verified. And especially, this concept has been very effective in decentralised networks that come with large numbers of NHIs.

Locking down NHIs lets the organisations control sensitive data, reduce unauthorised access, and comply with regulation. In the case of Sisense, when management of NHIs is poor, they very soon become a gateway for the cybercriminals.

Best Practices in Managing NHI

To ensure the security of non-human identity, these best practices have to be adopted by an organisation:


 1. Continuous Discovery and Inventory
Automated processes should be in place so that there is always a live inventory of all the NHI across the network. This inventory captures proper details of the owner, permissions, usage patterns, and related risks associated with that NHI. Control and monitoring over these digital identities is enhanced through this live catalog.


 2. Risk-Based Approach
Not all NHIs are the same, however. Some have access to highly sensitive information, while others simply get to perform routine tasks. Companies should have a risk-scoring system that analyses what the NHI has access to, what it accesses in terms of sensitivity, and the effect if broken into.

3. Incident Response Action Plan
A percentage of security will then be allocated based on those with the highest scores. Organisations should have a structured incident response plan aligned with NHIs. They  should also have pre-defined playbooks on the breach related to non-human identities. These playbooks should outline the phases involved in the incident containment, mitigation, and resolution process, as well as the communication protocols with all stakeholders.

4. NHI Education Program
A good education program limits security risks associated with NHI. Developers should be trained on coding secure practices, including the dangers of hardcoded credentials, and operations teams on proper rotation and monitoring NHIs. Regular training ensures that all employees are aware of best practices.


 5. Automated Lifecycle Management
The NHIs will also get instantiated, updated, and retired automatically. Thus, security policies will be enforced for all the identity lifecycle stages. This will eradicate human errors in the form of unused or misconfigured NHIs with possible exploits by attackers.


 6. Non-Human Identity Detection and Response (NHIDR)
The NHIDR tools set baseline behaviour patterns for NHIs and detect the anomaly that could indicate a breach. Organisations can monitor the activities of NHIs with these tools and respond quickly to suspicious behaviour, thereby preventing more breaches.


 7. Change Approval Workflow
In most cases, change approval workflow should be embedded before changes to NHIs like the change of permissions or transfers between systems are affected. The security and IT teams must assess and approve the process so that there are no unnecessary risks developed.

8. Exposure Monitoring and Rapid Response
Organisations must expose NHIs, which means they must identify and resolve the vulnerabilities quickly. Automated monitoring solutions can find exposed credentials or compromised APIs, set off alerts, and initiate incident response procedures before a potentially malicious actor could act.

The Business Case for NHI Management

Investments in the proper management of NHI can produce large, long-term benefits. Companies can prevent data breaches that cost on average $4.45 million per incident and keep money at the bottom line. Simplified NHI process also helps save precious IT resources, thereby redirecting security teams' efforts toward strategic initiatives.

For industries that require high levels of compliance, such as health and finance, much of the NHI management investment often pays for itself through better regulatory compliance. Organisations can innovate more safely, knowing their digital identities are safe, through a good NHI management system.

As businesses start relying more and more on automation and the cloud, it will be based on the solid and well-rounded management of NHI. A good approach toward NHI management would largely prevent security breaches and ensure industry compliance. Such a posture will not only save the data but help the organisation position itself as a long-term winner in the fast-changing digital world.


Read more »
Data Leak
API Confluence Data Breach Data Leak

Club Penguin Fans Target Disney Server, Exposing 2.5 GB of Internal Data

 

Club Penguin fans reportedly hacked a Disney Confluence server to collect information about their favourite game but ended up with 2.5 GB of internal corporate data instead. 

From 2005 until 2018, Club Penguin was a multiplayer online game (MMO) that included a virtual world where users could engage in games, activities, and talk with one another. The game was produced by New Horizon Interactive, which Disney later purchased. 

While Club Penguin was officially closed in 2017 and replaced by Club Penguin Island in 2018, the game is still available on private servers hosted by fans and independent developers. Despite Disney's opposition to a more prominent 'Club Penguin Rewritten' replica, which resulted in the arrest of its owners, private servers with thousands of players continue to exist today. 

Earlier this week, an anonymous user posted a link to "Internal Club Penguin PDFs" on the 4Chan message board, with the simple statement, "I no longer need these:).” 

The link takes you to a 415 MB collection with 137 PDFs including old Club Penguin internal information such as correspondence, design schematics, documentation, and character sheets. All of this data is at least seven years old, making it solely interesting to game fans. 

BleepingComputer has recently discovered that the Club Penguin data is simply a small part of a much bigger data set stolen from Disney's Confluence server, which houses documentation for different business, software, and IT initiatives used internally by Disney. 

The source says Disney's Confluence servers were compromised using previously leaked passwords. According to the insider, the threat actors were initially looking for Club Penguin data but ended up collecting 2.5 GB of data regarding Disney's corporate strategies, advertising plans, Disney+, internal developer tools, commercial projects, and infrastructure. 

The data includes documentation on a wide range of initiatives and projects, as well as information on internal developer tools Helios and Communicore, which were not previously made public.
Read more »
Dell
API Data Breach Data Leak data security Dell

Dell API Abused to Steal 49 Million Customer Records in Data Breach


The threat actor responsible for the recent Dell data breach stated that he scraped information from 49 million customer records via a partner portal API that he accessed as a phony organization.

Dell had begun sending alerts to customers informing them that their personal information had been stolen in a data breach.

The Breach

This data breach compromised customer order data, which included warranty information, service tags, customer names, installed locations, customer numbers, and order numbers.

On April 28th, a threat actor, Menelik, posted the data for sale on the Breached hacking forum, but the administrators quickly removed the post. 

Menelik said that they were able to obtain the data after discovering a portal where partners, distributors, and merchants could look up order information.

Menelik claims that by opening many identities under bogus firm names, he could gain access to the portal within two days without verification.

Registering as a Partner is quite simple. You simply fill out an application form, Menelik explained.

APIs are being exploited in data breaches

Easy-to-access APIs have become a major business liability in recent years, with threat actors exploiting them to scrape sensitive data and sell it to other threat actors.

Threat actors linked phone numbers to approximately 500 million accounts in 2021 by exploiting a Facebook API issue. This data was leaked nearly for free on a hacking site, requiring only an account and a $2 fee to get it.

Later that year, in December, threat actors used a Twitter API flaw to connect millions of phone numbers and email addresses to Twitter accounts, which were then sold on hacking forums.

Lessons Learned

This breach serves as a stark reminder of several critical lessons:

API Security Matters: APIs are essential for seamless communication between systems, but their security must not be overlooked. Regular audits and robust access controls are crucial.

Third-Party Risks: Partner portals and third-party integrations can introduce vulnerabilities. Companies must assess and monitor these connections rigorously.

Data Minimization: Collect only the data necessary for business operations. The less data stored, the less there is to lose.

Incident Response: Dell’s swift response demonstrates the importance of having an effective incident response plan. Preparedness matters.

The Scale

The sheer volume of compromised records—49 million—underscores the severity of the breach. Such a massive data leak can have far-reaching consequences for affected individuals. From identity theft to targeted phishing attacks, the fallout can be extensive.

Dell’s Response

Dell promptly detected the breach and took action. They notify affected customers about the incident, urging them to be cautious and vigilant. Additionally, Dell is enhancing security protocols to prevent similar incidents in the future.

Read more »
Telegram
API Cyberattacks CyberCrime Cyberhackers Cybersecurity CyberThreat Data Breach Information Compromised Real American Voice SiegedSec Telegram

Data Breach at Real America’s Voice: User Information Compromised

 


In the past few weeks, a group of homosexual, furry hackers called SiegedSec has hacked the far-right media outlet Real America’s Voice, and they have taken it down. As well as hosting far-right commentators such as Steve Bannon and Charlie Kirk, the right-wing media outlet owned by Robert Sigg also plays host to conspiracy theories, such as COVID-19 misinformation, 2020 election conspiracy theories, QAnon, and transphobic content, as well as far-right commentators such as Steve Bannon and Charlie Kirk. 

This group announced on Monday that it had hacked the app of Real America's Voice, a right-wing media outlet, founded in 2020 and regularly featuring far-right activists such as Steve Bannon and Charlie Kirk, in an announcement posted to its Telegram channel. As well as spreading conspiracy theories and transphobic rhetoric, Real America's Voice is often attacked by SiegedSec, a hacker furry collective that has wreaked havoc on the outlet. 

As part of their release, they provided data on over 1,000 users of their app, along with information on hosts Charlie Kirk, Steve Bannon, and Ted Nugent, the latter who wrote a song about wanting to fuck a 13-year-old girl. This hacker was known for destroying Minnesota River Valley Church, which used $6,000 of money to buy inflatable sea lions. 

They were also known for destroying nuclear research facilities and demanding that they focus on cat girls to accomplish their goal. It has been reported that SiegedSec has released personal information about more than 1,200 users using the app, including their full names, telephone numbers, and email addresses, as part of its ongoing hacktivism campaign OpTransRights. Additionally, the group said that they removed the user's data from the app's API as well as its cloud storage system, as well as going poof on the files. 

SiegedSec wrote in their Telegram message about the optics of their actions in regards to the Real America's Voice leak as the company shared it with their followers. We have received concerns throughout the attacks that actions had been conducted against transphobic entities and that our attacks would be construed to label the LGBTQ+ community as ‘terrorists’ and ‘criminals,’ as the group stated. 

It’s important to realize that these types of people are always going to blame the LGBTQ+ community, no matter what we do. They’re going to look for ways to hate, they will not listen to reason, and they’re going to spread lies to discredit people who are different. Data reportedly deleted from the Amazon server included information about the network’s top shows, including those hosted by prominent right-wing figures like Charlie Kirk, Steve Bannon, and Ted Nugent, as well as the top shows on the network. 

There is no information available as to whether SiegedSec's actions resulted in any permanent damage to the organization. Initially launched last year after SiegedSec attacked government websites in five states over the policies regarding transgender healthcare, the #OpTransRights campaign has just been relaunched as a part of the group's recently relaunched #OpTransRights campaign. 

As a result of anti-transgender remarks made by the pastor of River Valley Church in Burnsville, Minnesota, SiegedSec hacked the church on April 1 and launched it again on April 1. SiegedSec also used the church's Amazon account to buy inflatable sea lions worth several thousand dollars worth of money using the church's Amazon account after the hack. 

This hack exposed private prayer requests from 15,000 users of the church's website. After doing that, SiegedSec went on to dox River Valley Church's pastor Rob Ketterling less than a week later. They also noted that in their statement on Monday, they expressed concern that such attacks would negatively impact the LGBTQ+ community.
Read more »
Vulnerabilities Expose
Akamai Research API Cyber Security Cyberattacks CyberCrime Shadow Attacks SOTI Technology Vulnerabilities Expose

Akamai Research Exposes Vulnerability: APIs Now Prime Targets for 29% of Web Attacks

 


As part of the State of the Internet (SOTI) reports, a series of threats and data insights from Akamai, this year marks the 10th year in which Akamai has been publishing these reports. Since then, the focus of these reports has changed, mainly due to the evolution of the threat and operational ecosystems. During this year's conference, people split the web application and API attacks into separate groups to better understand their situation. 

As a result of that, API security has become more visible. The rapid deployment of APIs has resulted in several blind spots like zombies, shadows, and rogue APIs, which are a sign that business transformation is taking place. To find and manage all APIs, users must use cyber controls. It has been observed that APIs are of critical importance to the success of most companies because they improve both the employee and customer experience. 

This rapid expansion of the API economy has allowed cybercriminals to exploit these new opportunities, but they have also used digital innovation to their advantage. It has been highlighted in the most recent SOTI report, Lurking in the Shadows: Attack Trends Shine Light on API Threats, that a wide range of attacks are taking place across both websites and APIs. In addition to traditional web attacks, API-specific attacks are also being discussed, as well as posture and runtime challenges that can be abused or allow direct attack through API. 

As the demand for APIs increases, it is predicted that these attacks will continue to spike, and organizations are encouraged to properly account for and secure the APIs they use. It also discusses how to mitigate threats and comply with compliance regulations. This research also explores some of the most common problems that arise when it comes to postures and runtimes. 

There are several case studies included in the report that demonstrate the real-world implications of API security on an organization and there are breakout reports containing data from the regions of Europe, the Middle East, and Africa (EMEA) as well as Asia-Pacific and Japan (APJ). Throughout history, APIs have played a key role in facilitating the exchange of critical and valuable information between customers and partner organizations, but they are also presenting a challenge to many security organizations due to the lack of API infrastructure and programming skills. 

The lack of comprehensive and accurate accounting of APIs in several organizations makes it difficult to determine just how large their attack surface is because the number of APIs in these organizations is not comprehensive and accurate. The Akamai research found that APIs are being tasked with both traditional attacks and API-specific attacks, requiring a combination of protections to keep them safe. 

Akamai powers and protects life online. Countless people live, work, and play every day because Akamai powers and protects their digital experiences. With Akamai Connected Cloud, a massively distributed cloud and edge platform that enables users to access apps and experiences closer to them and keeps threats to a minimum, it brings them closer to users while keeping them safe from attacks.
Read more »
Software Protection
API API Integration Secure cyber attack Data Theft Hackers Software Protection

5 Simple Steps to Bulletproof Your API Integrations and Keep Hackers at Bay


In today's tech-driven world, APIs (Application Programming Interfaces) are like the connective tissue that allows different software to talk to each other, making our digital experiences seamless. But because they are so crucial, they are also prime targets for hackers. 

They could break in to steal our sensitive data, mess with our systems, or even shut down services. That is why it is super important for companies to beef up their API security, protecting our info and keeping everything running smoothly and this is where API Integration Secure name comes up. 

Let’s Understand What is API Integration Secure and Why Is It Important 

API integrations are made secure through a combination of measures designed to protect the data and systems involved. This includes using encryption to safeguard information as it travels between systems, implementing authentication and authorization protocols to ensure that only authorized users and applications can access the API, and regularly monitoring for any suspicious activity or attempted breaches. 

Additionally, following best practices in API design and development, such as limiting the data exposed through the API and regularly updating and patching any security vulnerabilities, helps to further enhance security. Overall, a multi-layered approach that addresses both technical and procedural aspects is key to ensuring the security of API integrations. 

Here Are Five Ways to Keep API Integrations Secure: 


Use an API Gateway: Think of it as the guardian of your APIs. It keeps an eye on who is trying to access your data and blocks anyone suspicious. Plus, it logs all the requests, so you can check who has been knocking on your digital door. 

Set Scopes for Access: Just because someone was allowed in does not mean they can see everything. Scopes make sure they only get access to the stuff they really need, like a limited view of a database. It is like giving someone a key to one room instead of the whole house. 

Keep Software Updated: You know those annoying software updates that pop up? They are actually super important for security. They fix any holes that hackers might try to sneak through. So, always hit that update button. 

Enforce Rate Limits: Imagine a crowded street during rush hour. Rate limits make sure not too many cars (or requests) clog up the road at once. It helps prevent crashes and slowdowns, making sure everyone can get where they need to go smoothly. 

Monitor Logs with SIEM: It is like having a security guard watching CCTV cameras for any suspicious activity. SIEM collects all the logs from API calls and flags anything fishy. So, if someone is trying to break in, you will know right away and stop them in their tracks.
Read more »
Tech Industry
AI technology AI-powered tool API Artifical Intelligence Cyber Security Dell generative AI tools Software Tech Industry

Dell Launches Innovative Generative AI Tool for Model Customization

Dell has introduced a groundbreaking Generative AI tool poised to reshape the landscape of model customization. This remarkable development signifies a significant stride forward in artificial intelligence, with the potential to revolutionize a wide array of industries. 

Dell, a trailblazer in technology solutions, has harnessed the power of Generative AI to create a tool that empowers businesses to customize models with unprecedented precision and efficiency. This tool comes at a pivotal moment when the demand for tailored AI solutions is higher than ever before. 

The tool's capabilities have been met with widespread excitement and acclaim from experts in the field. Steve McDowell, a prominent technology analyst, emphasizes the significance of Dell's venture into Generative AI. He notes, "Dell's deep dive into Generative AI showcases their commitment to staying at the forefront of technological innovation."

One of the key features that sets Dell's Generative AI tool apart is its versatility. It caters to a diverse range of industries, from healthcare to finance, manufacturing to entertainment. This adaptability ensures that businesses of all sizes and sectors can harness the power of AI to meet their specific needs.

Furthermore, Dell's tool comes equipped with a user-friendly interface, making it accessible to both seasoned AI experts and those new to the field. This democratization of AI customization is a pivotal step towards creating a more inclusive and innovative technological landscape.

The enhanced hardware and software portfolio accompanying this release further cements Dell's commitment to providing comprehensive solutions. By covering an extensive range of use cases, Dell ensures that businesses can integrate AI seamlessly into their operations, regardless of their industry or specific requirements.

Technology innovator Dell has used the potential of generative AI to develop a platform that enables companies to customize models with previously unheard-of accuracy and effectiveness. This technology is released at a critical time when there is a greater-than-ever need for customized AI solutions.

A significant development in the development of artificial intelligence is the release of Dell's Generative AI tool. Its ability to fundamentally alter model customization in a variety of industries is evidence of Dell's unwavering commitment to technical advancement. With this tool, Dell is laying the groundwork for a time when everyone may access and customize AI, in addition to offering a strong solution. 
Read more »
User ID
API Cyberattacks CyberCrime Cybersecurity Data Breach Discord Discord Users Technology User ID

Rising Concerns as Discord.io Data Breach Compromises 760,000 Users

 

Although digital companies have multiple data protections in place to safeguard their customers' information, hackers continue to find ways to circumvent them and gain access to sensitive data even though they have multiple data protections in place to safeguard customer data. 

Data breaches have become more common in recent years, despite an increased focus being placed on cybersecurity in recent years. There has been another data breach at Discord.io this time, unfortunately, as the company is now one of the victims of such attacks. Learn about the types of data that hackers have access to as well as what steps are being taken by the company to protect this data. 

There has been a massive data breach at a popular service used to create custom links for Discord channels which allows people to create custom links for their channels. The service has now announced that it will be shutting down operations for the time being. 

A major breach of Discord.io's database occurred on the night of August 14, and large swaths of user data were stolen as a result. Discord announced the breach on Tuesday. As TechRadar reported in its article about the breach, more than 760,000 members of the company had their information compromised by the breach, though the company did not reveal this number in its update.

Discord.io is a third-party service that allows users to create custom invitations to their Discord channels, which can then be shared by the channel owner with their friends and viewers. It is estimated that over 14,000 users have registered on the service's Discord server, which is where most of the community exists. 

As of yesterday, a person named 'Akhirah' has started offering the Discord.io database for sale on the newly launched Breached hacking forums. A threat actor shared four records from the database as proof that he had stolen data. The new Breached forums are being hailed as the rise of a popular cybercrime forum that used to be a place where people would sell and leak data stolen from compromised databases. 

A member's username, email address, billing address (which only a small number of people) and a salted and hashed password (which only a small number of people) were among the most sensitive data that were compromised in the breach. 

Discord.io has officially confirmed that they were breached via a notice posted to their Discord server and website, and has initiated the process of temporarily shutting down its services as a result. As first reported by StackDiary, Discord.io has confirmed the authenticity of the breach. According to a timeline listed on the website for Discord.io, it was only after seeing the post on the hacking forum that they encountered the information about the data breach. 

Immediately after the leaked data was confirmed to be authentic, they shut down their services and cancelled all memberships that had been paid for. A spokesperson for Discord.io says that the person responsible for the breach has not contacted them and has not provided them with any information regarding how the breach occurred. A spokesperson for Akhirah, the seller of the Discord.io database, told BleepingComputer that he had not been in touch with the Discord.io operators before speaking with them.

It is clear from the revealed information about the users that the attacker was able to gather all types of sensitive information from Discord.io. There was data leaked by the company that included sensitive user information, including usernames, Discord IDs, email addresses, billing addresses, salted and hashed passwords, and much other sensitive information. Because Discord.io does not store any information about its users, it cannot confirm whether or not any credit card information was compromised in the attack. 

As part of the data breach, the platform acknowledges that certain information about users, including internal user IDs, avatar details, the status of users, coin balances, API keys, registration dates, last payment dates, and membership expiration dates may have been exposed.  

Currently, Discord.io has announced that it is suspending operations indefinitely due to this attack. There will be a temporary period when Discord.io will not be available during the next few months after the website is launched since it will cease to operate while it is being built. There will be a complete rewrite of the website code, in which it will be implementing a completely new security system, and the code will be completely rewritten, according to the platform. 


Read more »
User Data Goldmine
API ChatGPT Cyberattacks Google IT Experts Technology Twitter User Data Goldmine

User Data Goldmine: Google's Ambitious Mission to Scrape Everything for AI Advancement

 


It was announced over the weekend that Google had made a change to its privacy policies. This change explicitly states that the company reserves the right to scrape everything you post online to build its artificial intelligence tools. Considering how far Google can read what you have to say, you can assume that you can expect your words to end up nestled somewhere within the bowels of a chatbot now that Google can read them. 

Google and Facebook privacy policies were quietly updated over the weekend and, likely, you didn't notice. There has been a slight change in the policy wording, but the change is significant, particularly because it is a revision.

In a recent report by Gizmodo, Google revised its privacy policy. Even though most of the policy is not particularly noteworthy, there is one section that stands out - one related to research and development - that could make a significant difference. 

The Gizmodo team has learned that Google's new privacy statement has been revised. While most of the policy is relatively unremarkable, one section in particular, the one dealing with research and development, stands out, particularly from the rest.  

For those who love history, Google has compiled a history of changes to its terms of service over the years that can be found here. According to the new language, the tech giant has written new ways in which your online musings might be used in the company's AI tools, which would not contradict the existing language in its policies. 

Google said in the past that the data would be used "for language models," rather than making "AI models," and places like Bard, Cloud AI, and Google Translate are now being mentioned, as well as the older policy that only mentioned Google Translate. 

Generally, a privacy policy does not include a clause such as this one. This type of policy describes how companies use your information when you post it on a company's service such as their website or their social media. It appears that Google has a right to harvest and harness any data posted to any part of the public web. This is as if the entire internet is the firm's playground for artificial intelligence experiments. Several requests for comment were sent to Google, but the company did not respond immediately. 

The practice raises interesting questions regarding the privacy of patients and raises new privacy concerns. Public posts are understood by the majority of people as being public. It is important to remember that what it means to write something online has changed over the years. 

The question is no longer whether a person has access to the information, but how can they use it based on that information. Your long-forgotten blog posts or even restaurant reviews from 15 years ago are very likely to have been ingested by Bard and ChatGPT. In the course of reading this, the chatbots may regurgitate some funny, humonculoid version of the words you have just spoken. This is in ways that are difficult to predict and comprehend. 

It seems odd for a company to add such a clause to its contract, as pointed out by this outlet. There is something peculiar about this because the way it has been worded gives the impression that the tech giant does reserve the right to harvest and use any data available on any part of the public internet at any time. There are times when a company's data usage policy only addresses how that company plans to make use of the personal information it has collected. 

The vast majority of people probably realize that whatever information they post online will be visible to the world at large, but this development opens up a whole new world of opportunities. The issue of privacy does not just extend to those who see your online posts, but to everything that is done with those posts as well. 

There used to be a reference here to "AI models" rather than "language models" before the update, and that statement has been changed. Furthermore, it mentioned the addition of Bard and Cloud AI to Google Translate, a service that has been included with Bard since then. 

In the outlet's opinion, this is an unusual clause that a business would enshrine in its policies. The writing of this statement seems odd since the way it's written implies that Apple owns the right to collect and use data from any section of the Internet that is open to the public. The purpose of a policy such as this is normally to tell the customer how its services will use the data it posts.

It is well known that anything you post online will be seen by almost everyone, but with the new developments that have come about, there is an unexpected twist: the possibility of using it. The thing you need to keep in mind is not just who can read what you write online, but also how that information will be used by the people who can read it. 

It is also possible to use real-time data-looking technology such as Bard, ChatGPT, Bing Chat, and other AI models that scrape data from the internet in real-time. Often, sources of information can be found in other people's intellectual property and come from their sources. AI tools currently being used for such activities are accused of theft, and more lawsuits are likely. 

The question of where data-hungry chatbots acquire their information in the post-ChatGPT world is one of the lesser-known complications of the post-ChatGPT world. Google and OpenAI scrape the Internet to fuel their robot habits. 

There is no clear legal guidance on whether it is legal. There is no doubt that the courts will have to deal with copyright questions that seemed like science fiction a few years ago when they first came up. At the same time, there have been some surprising effects on consumers that have been caused by the phenomenon so far.    

There is some aggrievement among Twitter and Reddit overlords related to the AI issue. Both have made controversial changes to lock down their platforms going forward. There has been a change in both companies' API which prevented third parties from downloading large quantities of posts for free. This was something they allowed anyone to download. There is no doubt that this statement is intended to protect social media sites from being harvested by other companies looking to steal their intellectual property. However, the consequences of this decision are far more significant. 

Third-party tools that people used to access Twitter and Reddit have been broken by the API changes that Twitter and Reddit implemented. At one point, Twitter even appeared to be considering requiring public entities such as weather forecasts, transit lines, and emergency services to pay a monthly fee to use their Twitter services, but Twitter backed down after receiving a hailstorm of criticism for this plan. 

Elon Musk has historically made web scraping his favorite boogieman in recent years. Musk explained a number of the recent Twitter disasters as a result of the company's need to guard against the theft of data from the site by others, even when the issues do not seem to be related. There was a problem with Twitter over the weekend when the number of tweets a user was permitted to view per day was limited, making the service almost unusable for many users. 

Musk believed rate-limiting was a necessary response to "data scraping" and "system manipulation." However, most IT experts agree that it was more likely a crisis response resulting from mismanagement or incompetence rather than an attempt to solve a problem. Despite Gizmodo's repeated requests for information on the matter, Twitter did not respond.
Read more »
Russia
API Artificial Intelligence BlackCat CNN cyber theft Cyberattacks CyberCrime Cybersecurity Data Breach Reddit Russia

Hackers Threatened to Leak 80GB of Data Allegedly Stolen From Reddit in February

 


An independent cybersecurity expert and CNN reviewed a post from the BlackCat ransomware gang, also known as ALPHV. The post said the group had stolen 80 gigabytes of confidential data from Reddit during a February breach and claimed to have accessed it. A cyber-security expert and CNN examined the dark web post, and the group claimed it had stolen 80 gigabytes. 

A hacker group in Russia is threatening to release Reddit data if it doesn't pay a ransom demand - as well as reverse the controversial API pricing increases. 

According to the hackers, they demand a ransom of $4.5 million and an API price hike from the company. This is if they hope to prevent data release, which was hacked. 

It appears that phishing attacks allow threat actors to gain access to the company's systems to steal internal documents, source code, employee data, and a limited amount of information about Reddit's advertising partners. 

Reddit spokesperson confirmed that "BlackCat's claims refer to a cyber incident that Reddit confirmed on February 9 as related to BlackCat's claims". During a high-targeted phishing attack carried out at the incident, hackers accessed information about employees and internal documents. 

Information about employees and internal documents was accessed through a targeted phishing attack. It is believed that the company was unaware that the passwords or accounts of customers had been stolen. 

Reddit provided no further information regarding the attack or the culprits. Nevertheless, over the weekend, BlackCat raised the stakes in the February cyber intrusion, claiming responsibility for it. It threatened to leak the "confidential" information obtained during the attack. BlackCat has not shared any evidence of data theft by the hackers, and it's unclear exactly what type of information the hackers have stolen.  

BlackCat has threatened to leak the "confidential" data but there is no sign of what it is supposed to be. They have neither provided evidence of data theft nor evidence to back up their claim. 

CTO of Reddit Chris Slowe recently talked about a security incident that happened in February, and he posted about the incident here. Throughout the post, Slowe said that, as a result of a highly targeted and sophisticated phishing attack, the company's "systems were hacked," with hackers gaining access to "some internal documents, code, and some internal business systems." The hackers only obtained employee information, according to Slowe.

In a statement to CNN on Monday, a Reddit spokesperson confirmed that BlackCat's post refers to the incident in February. No user data was accessed, according to the spokesperson, but he refused to elaborate further on the matter. 

Several Reddit forums remained dark last Monday during the planned two-day protest. This was intended to highlight the company's plan to charge steep fees for third-party apps to access the company's platform in the future. 

There are still more than 3,500 Reddit forums unresponsive a week after the attack happened. Some experts argue that BlackCat's actual motives are questionable while some are sympathetic to the protestors' cause based on the ransom note. 

This is the second Reddit data breach in six years. This time, the attackers could access Reddit data dating back to 2007. A user's username, hashed password, email address, and the content of public posts and private messages were included in that report. 

In February, hackers reportedly stole 80GB of data from Reddit and threatened to leak it in three days as part of their threat. In response to the breach, Reddit acknowledged the incident and is actively investigating the matter. A ransom demand has been made by the hackers, who have warned that if they are not paid, the thieves will release sensitive information about their victims.

As of right now, it is impossible to verify the authenticity of stolen data. There are persistent cyber threats that online platforms face daily. This incident reminds us of the importance of robust security measures against such threats. Reddit is striving to improve its privacy and security protocols, and users are advised to remain vigilant at all times.
Read more »
Technology
API Cyber Attacks CyberCrime Cybersecurity Education Microsoft 365 Phishing Attacks Technology

Microsoft 365 Phishing Attacks Made Easier With 'Greatness'

 


It is a method of stealing money, or your identity, by attempting to get you to reveal personal information through websites that pretend to be legitimate websites, such as credit cards, bank details, or passwords, that aim to get you to reveal your personal information. Cybercriminals often pose as reputable companies, friends, or acquaintances and send fake messages with a link to a phishing website.  

By enticing people to reveal personal information like passwords and credit card numbers, phishing attacks are intended to steal sensitive data or damage it by damaging users' computers. 

Even script kiddies have constructed convincing, effective phishing attacks against businesses using a service never heard of before, called phishing-as-a-service (PaaS). 

As many organizations around the world use the Microsoft 365 cloud-based productivity platform, it has become one of the most valuable targets for cybercriminals. These criminals use it to steal data and credentials to compromise their networks. 

During a Cisco Talos research update, researchers explained how phishing activity on the Greatness platform exploded between December 2022 and March 2023. This was when the platform was launched in mid-2022. 

Since the tool was introduced in mid-2022, it has been used in attacks on several companies across a variety of industries. These industries include manufacturing, healthcare, technology, and banking. 

At this point, approximately half of those targeted are in the United States. Attacks have also been carried out around Western Europe, Australia, Brazil, Canada, and South Africa, but the majority are concentrated in the US. 

As a result of these attacks, a wide range of industries, including manufacturing, healthcare, technology, education, real estate, construction, finance, and business services, are being targeted. 

It contains everything you will ever need to conduct a successful phishing campaign if you intend to play at being a phishing actor in the future. 

Using the API key that they have acquired for their service, the users will have access to the 'Greatness' admin panel and provided a list of email addresses that they wish to attack. 

It is the PhaaS platform, or as it is often called, that allocates the infrastructure needed to host the phishing pages and also to build the HTML attachments. This is like the server hosting the phishing pages. 

Afterward, the affiliate builds the content for the email and provides any other material needed, and changes any default settings if necessary. 

The process of taking on an organization is simple. A hacker simply logs into the enterprise using their API key; provides a list of target email addresses; creates the content of the email (and changes any other default details as they see fit). 

Greatness will authenticate on the real Microsoft platform based on the MFA code supplied by the victim once the MFA code is provided. This allows the affiliate to receive an authenticated session cookie through the Telegram channel provided by the service or through access to their web panel. 

As a result, many companies find that stolen credentials can also be used to breach their network security. This results in more dangerous attacks, like ransomware, being launched.
Read more »
Vulnerabilities and Exploits
API Imperva Red message evet handler PostMessage API TikTok Vulnerabilities and Exploits

Imperva Red Team Patches a Privacy Vulnerability in TikTok


The Imperva Red Team has recently identified a vulnerability in TikTok, apparently allowing threat actors to look into users’ activities over both mobile and desktop devices.

The vulnerability, which has now been patched, was the result of a window message event handler's failure to accurately verify the message's origin, providing attackers access to users’ sensitive data.

PostMessage API 

The PostMessage API (also known as the HTML5 Web Messaging API) is a communication mechanism that permits safe cross-origin communication between several windows or iframes inside a web application. The API enables scripts from different origins to exchange messages, overcoming the restrictions the Same-Origin Policy imposes, that normally restricts data sharing between distinct sources on the web.

The API includes methods named window.postMessage() and an event message. The postMessage() method is used to send a message from the source window to the target window or iframe, while the message event is triggered on the receiving end when a new message is received. The team discovered a script in TikTok's web application during the code analysis that seemed to be involved in user tracking. 

The Imperva report states that “the first step in discovering the vulnerability was to identify all the message event handlers in TikTok's web application. This involved a comprehensive analysis of the source code in locating instances where the PostMessage API was being used[…]Once all the message event handlers were identified, we proceeded to carefully read and understand the code for each handler. This allowed us to determine the purpose of each handler and evaluate the security implications of processing untrusted messages.” 

Exploiting the Vulnerability 

Attackers could send harmful messages to the TikTok web application through the PostMessage API by taking advantage of this vulnerability and getting around the security precautions. The malicious message would then be processed by the message event handler as if it were from a reliable source, giving the attacker access to private user data.

The vulnerability was promptly addressed after being reported to TikTok by the Imperva Red Team, and Imperva appreciated TikTok for its swift action and cooperation. This disclosure should serve as a reminder of the value of adequate message origin validation and the risks of enabling interdomain communication without the necessary security precautions.  

Read more »
Subscribe to: Posts (Atom)