Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Exposed Data. Show all posts

Unsecure Amazon S3 bucket Exposes IDs of Airport Security Employees

 

Securitas AB, a Sweden-based multinational security and investigation service provider has been discovered exposing sensitive data belonging to airport employees across Colombia and Peru. Earlier this week, researchers at SafetyDetectives uncovered a whopping 3 terabytes of data containing over 1.5 million files, thanks to one of its misconfigured Amazon S3 servers. 

According to researchers, Securitas's AWS S3 buckets were not appropriately secured and contained approximately 3TB of data dating back to 2018, including airport employee records. While the researchers were was not able to examine every record in the database, four airports were named in leaked files: El Dorado International Airport (COL), Alfonso Bonilla Aragón International Airport (COL), José María Córdova International Airport (COL), and Aeropuerto Internacional Jorge Chávez (PE). 

The misconfigured AWS bucket, which did not require any authentication to access, contained two main datasets related to Securitas and airport employees. These included photos of ID cards and unmarked photos. The ID card photo displayed PII information of employees such as: 

• Full names 
• Occupations 
• National ID Number 
• Employee photos on the ID card. 

The second set of unmarked photos contained the most sensitive data belonging to airports, employees, and associated companies including photos of planes, photos of employees, photos of employees loading and unloading luggage. Unstripped.EXIF data in these photographs was exfiltrated, providing the time and date the photographs were taken as well as some GPS locations. 

"Considering Securitas' strong presence throughout Colombia and the rest of Latin America, companies in other industries could have been exposed," the researchers say. "It's also probable that various other places that use Securitas' security services are affected. Criminals could even use leaked data to create counterfeit ID cards and badges. A criminal could further strengthen their appearance as a legitimate employee by downloading leaked mobile apps.”

Additionally, application IDs listed within mobile apps were stored in the sever. The IDs were used for airport activities, including incident reports, pointing the researchers to the likely owner in the first place. The SafetyDetectives team reported the data leak to Securitas on October 28, 2021, and followed up on November 2 after receiving no response. Securitas engaged in a conversation with the team and secured the server on the same day.

Kafdrop Flaw Exposes Data from Kafka Clusters to the Whole Internet

 

Spectral researchers uncovered a security flaw in Kafdrop, a popular open-source UI and administrative interface for Apache Kafka clusters that has been downloaded over 20 million times. Companies affected include significant worldwide companies as well as smaller organisations in healthcare, insurance, media, and IoT — in short, everyone who uses Kafdrop with Apache Kafka. 

Apache Kafka is an open-source distributed event streaming platform used by thousands of companies for high-performance data pipelines, streaming analytics, data integration, and mission-critical applications, including eight of the world's ten largest banks, the 10 largest global insurance companies, and eight of the world's ten key telecom providers. Kafka is commonly used to process and store logs, financial transactions, and private user data. It also powers consumer-centric data pipelines that process real-time actions, events, and behaviour. Kafka is cloud-native, with the ability to scale from small to massive cloud-based clusters. It is also highly scalable and tolerant. 

“We can’t name any of the companies whose clusters we discovered, as we don’t want to give threat actors the edge, but these flaws are exceptionally widespread,” said Dotan Nahum, CEO at Spectral. “Furthermore, since Kafka serves as a central data hub, threat actors with assistance from a flawed Kafdrop, can infiltrate and exfiltrate data and manage the cluster as they see fit. They can connect as a Kafka subscriber to cause further havoc across the entire network.” 

The Kafdrop security flaw not only exposes secrets in real-time traffic, but it also discloses authentication tokens and other access details that allow hackers to contact enterprises' cloud providers, like as AWS, IBM, Oracle, and others, where Kafka clusters are frequently placed. Kafdrop also provides insights into the layout and topology of a cluster, disclosing hosts, topics, partitions, and consumers, as well as the sampling and downloading of live data and the creation and removal of topics. 

“Misusing Kafdrop allows threat actors to access the nervous system of an entire company, revealing customer data, transactions, medical records, internal system traffic, etc. Immediate mitigation is critical,” said Nahum. 

When the flaw was discovered, Spectral promptly provided an authentication code addition back into Kafdrop. Spectral proposes that enterprises scan not only code, but also configuration, infrastructure, and data horizontally across the whole SDLC to defend themselves from such security blunders that lead to breaches.

Kids Fairy Tale App Farfaria Exposed Data of 2.9 Million Users

 

Cybersecurity researcher at Comparitech has identified a misconfigured MongoDB database containing a treasure trove of data left uncovered to the public without any password or security authentication. The exposed data belongs to FarFaria, a San Francisco, CA-based company that offers fairytales for kid’s service through Android and iOS apps. 

According to Bob Diachenko, the head of security research at Comparitech, the exposed database contained 38 GB worth of data with contact information and login credentials of 2.9 million users such as email addresses, authentication tokens, encrypted passwords, number and timeline of logins, and social media tokens (if logged in from social media accounts).

After spotting the data leak on August 9th, 2021, the researcher immediately reported the incident to FarFaria. However, the firm did not respond to the researcher but secured the database the very next day.

The main concern for FarFaria users is 'targeted phishing attacks.' Cybercriminals can target users via email, text, or phone calls. Additionally, scammers can trick users to divulge additional information such as account details by posing as FarFaria employees. The leaked data contains the number of authentication tokens that could prove particularly useful to criminals looking to carry out complex phishing attacks on the users, Diachenko warned. 

“There is an unimaginable measure of digital danger implied with the present more youthful age, as youngsters are progressively utilizing the web for their schooling and exercises. With 2.9 million FarFaria client records uncovered, it’s logical the data has as of now been spilled on the dim web, putting kids in more serious peril of being exploited online from a lot more youthful age than past ages,” Robert Prigge, CEO of financed personality confirmation organization Jumio Corp. told SiliconANGLE.

Earlier this year in August, Risk-Based Security published their 2021 Mid Year Data Breach QuickView Report, revealing the decline in reported data breaches by 24%. There were 1,767 publicly reported breaches in the first six months of 2021, which exposed a total of 18.8 billion records. However, the decline in data breach incidents does not mean organizations have enhanced their security system.

“Analyzing breach activity has become especially interesting and important over the past two years. While some trends remain largely untouched, new trends are emerging. The method of how attackers monetize their efforts has diversified, and at the same time, preventable errors are outpacing hackers when it comes to the amount of data exposed. The amount of data compromised remains stubbornly high and with another sizable Q2 breach yet to be confirmed, it is possible that the number will climb over 19 billion in the near future,” stated Inga Goddijn, Executive Vice President at Risk Based Security.