Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Data security software. Show all posts

OAuth App Abuse: A Growing Cybersecurity Threat

User data security has grown critical in an era of digital transactions and networked apps. The misuse of OAuth applications is a serious danger that has recently attracted attention in the cybersecurity field.

OAuth (Open Authorization) is a widely used authentication protocol that allows users to grant third-party applications limited access to their resources without exposing their credentials. While this technology streamlines user experiences and enhances efficiency, cybercriminals are finding innovative ways to exploit its vulnerabilities.

Recent reports from security experts shed light on the alarming surge in OAuth application abuse attacks. Money-grubbing cybercriminals increasingly leverage these attacks to compromise user accounts, with potentially devastating consequences. The attackers often weaponize OAuth apps to gain unauthorized access to sensitive information, leading to financial losses and privacy breaches.

One significant event that underscores the severity of this threat is the widespread targeting of Microsoft accounts. Cyber attackers have honed in on the popularity and ubiquity of Microsoft services, using OAuth app abuse as a vector for their malicious activities. This trend poses a serious challenge to both individual users and organizations relying on Microsoft's suite of applications.

According to a report, the attackers exploit vulnerabilities in OAuth applications to manipulate the authorization process. This allows them to masquerade as legitimate users, granting them access to sensitive data and resources. The consequences of such attacks extend beyond financial losses, potentially compromising personal and corporate data integrity.

The financial motivation behind these cybercrimes, emphasizes the lucrative nature of exploiting OAuth vulnerabilities. Criminals are driven by the potential gains from unauthorized access to user accounts, emphasizing the need for heightened vigilance and proactive security measures.

Dark Reading further delves into the evolving tactics of these attackers, emphasizing the need for a comprehensive cybersecurity strategy. Organizations and users must prioritize measures such as multi-factor authentication, continuous monitoring, and regular security updates to mitigate the risks associated with OAuth application abuse.

The increasing misuse of OAuth applications is a turning point in the continuous fight against cyberattacks. The strategies used by cybercriminals also change as technology does. People and institutions must remain knowledgeable, implement strong security procedures, and work together to protect the digital environment from these new dangers. According to the proverb, "An ounce of prevention is worth a pound of cure."

US Telemarketing Company Leaks Data of 114,000 Consumers In a Cloud Storage Error

In a recent cybersecurity incident, a US telemarketing firm leaked sensitive data of tens of thousands of customers after a misconfiguration of a cloud storage bucket happened. VpnMentor team's Noem Rotem identified the malicious AWS S3 bucket last year on 24 December. The finding was traced back to CallX, a Californian business, and its clients use the analytics service to strengthen their inbound marketing and media buying. As per the website, the company lends marketplace Lending tree, security provider Vivint and Liberty Mutual Insurance to its customers. 

Rotem discovered around 1,14,000 files that were dumped openly in the leaky bucket. Most of the files were the audio recordings of call logs between customers and CallX clients, these were traced through the company's software. Besides this, 2000 text transcripts of conversations were also accessible. The files' PII (Personally Identifiable information) include user names, contact no, residential address, and much more. 

"If cybercriminals needed additional information, they could hijack calls logged by CallX and do fake ‘follow up’ phone calls or emails posing as a representative of the relevant CallX client company. Using the transcripts, it would be easy to establish trust and legitimacy with targets in such schemes," reports VpnMentor. As the people exposed have no apparent relationship to one another, by the time the fraud was discovered, it may be too late, it says. VpnMentor alarmed that hackers could launch phishing attacks using the leaked data. CallX can also fall under regulatory scrutiny, being in the purview of the new CCPA (Californian privacy law). Sadly, the bucket is still open to date. 

VpnMentor in its research team reported (https://www.vpnmentor.com/blog/report-callx-breach/) "our team discovered CallX’s S3 bucket and was able to view it due to insufficient security. We found an image of the company’s logo amongst the files stored on the S3 bucket and, upon further investigation, confirmed the company as its owner. We immediately contacted CallX to notify it of the vulnerability and provide guidance on securing an S3 bucket. It’s unclear how many people were aware that somebody recorded their conversations. As a result, the people exposed in this data breach may never know their private data was exposed publicly."

Cisco Vulnerable Again; May Lead To Arbitrary Code Execution!


Earlier this year Cisco was in the headlines for the Zero-day vulnerabilities that were discovered in several of its devices including IP Phones, routers, cameras and switches.

The vulnerabilities that were quite exploitable were found in the Cisco Discovery Protocol (CDP), which is a layer 2 network protocol so that any discrepancies of the devices could be tracked.

Now again, Cisco has been found to be more unreliable than ever. Only this time the researchers learnt about numerous severe security vulnerabilities.

These susceptibilities could let the attackers or hackers execute “arbitrary commands” with the supposed “consent” of the user. Per sources, the affected Cisco parts this time happen to be the software, namely the Cisco UCS Manager Software, Cisco NX-OS Software and Cisco FXOS Software.

Reports reveal that the vulnerability in the Cisco FXOS and NX-OS Software admits unauthorized “adjacent” attackers into the system and lets them execute arbitrary code in order to achieve the “DoS”. (Denial of Service)

The vulnerabilities in Cisco FXOS and UCS Manager Software lets unauthenticated “local attackers” to execute arbitrary commands on the victim’s devices.

The reason for this vulnerability rises from the absence of “input validation”. The misuse of this makes it way easy for attackers to execute the arbitrary code making use of the user’s authority (which they don’t even know about) who’s logged in, per sources.

The other vulnerabilities in the Cisco FXOS and UCS Software include allowing unauthenticated local attackers to execute arbitrary commands.

A hacker could also try to send specially structures “arguments” to certain commands. This exploit if successful could grant admittance to the hacker to not only enter but also execute arbitrary commands.

All the exploitable loopholes of the Cisco software are really dangerous and critical in all the possible terms. Cisco has been in the limelight for more times than that could be overlooked. It is up to the users now to be well stacked with respect to security mechanisms.

However, understanding the seriousness of the vulnerabilities in the software, Cisco has indeed released various security updates that work for all the vulnerable software, in its Software Security Advisory.

The users are advised to get on top of the updates as soon as possible.