Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label database. Show all posts
PC
Antivirus Antivirus System Cyber Security database malware protection Malwares Microsoft PC

Strengthening PC Security with Windows Whitelisting

 

Windows Defender, the built-in antivirus tool in Windows, provides real-time protection against malware by scanning for suspicious activity and blocking known threats using an extensive virus definition database. However, no antivirus software can completely prevent users from unknowingly installing harmful programs. 

Just like the famous Trojan horse deception, malicious software often enters systems disguised as legitimate applications. To counter this risk, Windows offers a security feature called whitelisting, which restricts access to only approved programs. Whitelisting allows administrators to create a list of trusted applications. Any new program attempting to run is automatically blocked unless explicitly authorized. 

This feature is especially useful in environments where multiple users access the same device, such as workplaces, schools, or shared family computers. By implementing a whitelist, users cannot accidentally install or run malware-infected software, significantly reducing security risks. Additionally, whitelisting provides an extra layer of protection against emerging threats that may not yet be recognized by antivirus databases. 

To configure a whitelist in Windows, users can utilize the Local Security Policy tool, available in Windows 10 and 11 Pro and Enterprise editions. While this tool is not included by default in Windows Home versions, it can be manually integrated. Local Security Policy enables users to manage Applocker, a built-in Windows feature designed to enforce application control. 

Applocker functions by setting up rules, similar to how a firewall manages network access. Applocker supports both whitelisting and blacklisting. A blacklist allows all applications to run except those explicitly blocked. However, since thousands of new malware variants emerge daily, it is far more effective to configure a whitelist—permitting only pre-approved applications and blocking everything else. This approach ensures that unknown or unauthorized programs do not compromise system security. 

Microsoft previously provided Software Restriction Policies (SRP) to enforce similar controls, but this feature was disabled starting with Windows 11 22H2. For users seeking a simpler security solution, Windows also provides an option to limit installations to only Microsoft Store apps. This setting, found under Apps > Advanced settings for apps, ensures that users can only download and install verified applications. 

However, advanced users can bypass this restriction using winget, a command-line tool pre-installed in newer Windows versions that allows software installation outside the Microsoft Store. Implementing whitelisting is a proactive security measure that helps safeguard PCs against unauthorized software installations. 

While Windows Defender effectively protects against known threats, adding a whitelist further reduces the risk of malware infections, accidental downloads, and security breaches caused by human error. By taking control of which programs can run on a system, users can enhance security and prevent potential cyber threats from gaining access.
Read more »
WordPress
CMS Cyber incidents Cyber Security Cyberattacks CyberCrime CyberThreat database Magento WordPress

Sophisticated Credit Card Skimmer Malware Targets WordPress Checkout Pages

 


Recent cybersecurity reports have highlighted a new, highly sophisticated credit card skimmer malware targeting WordPress checkout pages. This stealthy malware embeds malicious JavaScript into database records, leveraging database injection techniques to effectively steal sensitive payment information. Its advanced design poses significant risks to e-commerce platforms and their users. 
  
Widespread Impact on E-Commerce Platforms 
 
Multiple content management systems (CMS), including WordPress, Magento, and OpenCart, have been targeted by the Caesar Cipher Skimmer. This web skimmer enables the theft of payment data, threatening the financial security of businesses and consumers alike. 

Web skimmers are malicious scripts injected into e-commerce websites to collect financial and payment transaction details. According to cybersecurity firm Sucuri, a recent attack involved modifying the "form-checkout.php" file in the WooCommerce plugin to steal credit card information.
  • Consequences: Financial losses, reputational damage, and legal expenses.
  • Detection Difficulty: Often remains unnoticed until after the damage has occurred.

Signs of a compromised WooCommerce site include customer reports of stolen credit card details. This typically suggests malware capable of skimming customer credentials, warranting immediate investigation and remediation. 

On May 11, 2024, Sucuri identified a campaign misusing the "Dessky Snippets" WordPress plugin, which allows users to add custom PHP code. With over 200 active installations, the plugin was exploited by threat actors to inject malicious PHP code for credit card theft.
  • Attack Vectors: Exploiting plugin vulnerabilities and weak admin credentials.
  • Further Exploitation: Installing additional plugins to escalate malicious activities.
Database-Level Malware Infiltration 

Using the Dessky Snippets plugin, attackers deployed server-side PHP malware that embedded obfuscated JavaScript in the WordPress database.
  • Location: Stored in the wp_options table under widget_block.
  • Activation Trigger: Executes on pages containing "checkout" in the URL, avoiding pages with "cart."
Stealth and Strategic Execution The malware activates only during the final transaction stage, intercepting sensitive financial data without disrupting the user experience.
  • Integration: Utilizes existing payment fields to avoid detection.
  • Stealth Tactics: Remains hidden from standard file-scanning tools.

To conceal its activities, the malware encrypts stolen data using Base64 encoding and AES-CBC encryption. The encrypted data is discreetly sent to attacker-controlled servers via the navigator.sendBeacon function, ensuring stealthy exfiltration without alerting users or administrators. Severe Security Implications This malware poses a critical threat by covertly harvesting sensitive payment information, including credit card numbers and CVV codes.
  • Potential Risks: Fraudulent transactions, identity theft, and illegal data sales.
  • Impact on Businesses: Financial losses, legal liabilities, reputational damage, and erosion of customer trust.
Mitigation and Security Best Practices 
 
To counter such threats, e-commerce platforms must implement robust cybersecurity measures:
  • Regular monitoring of website activity for unusual behavior.
  • Timely updates of all plugins and platform software.
  • Proactive vulnerability management and penetration testing.
  • Strong admin credentials and limited plugin installations.
Staying vigilant and proactive in cybersecurity practices is essential to safeguarding sensitive customer data and maintaining the integrity of e-commerce operations.
Read more »
Sensitive data
Builder.ai Data Breach database Identity Theft Sensitive data

Builder.ai Data Breach Exposes Sensitive Information of Over 3 Million Users

 

A huge data security breach has come to light, with the data platform Builder.ai. It's a service that lets organizations build their own proprietary, custom software applications, which don't need heavy programming. According to a blog post by a security researcher, sensitive information from more than three million users' accounts was inadvertently leaked to the internet, leaving an open question of what now?

Jeremiah Fowler, a cybersecurity expert known for discovering unsecured online databases, found a Builder.ai archive with over 3 million records. This archive reportedly contained 1.29 terabytes of data, including very sensitive materials such as invoices, NDAs, email screenshots, and tax documents.

Worryingly, files contained access keys and configurations of two cloud storage systems. These keys, in the wrong hands, could grant hackers access to even more sensitive data.  


What Was Exposed

The exposed database included the following:  

337,434 invoices: The documents comprised transactions between Builder.ai and its clients.

32,810 master service agreements: Most agreements included user names, e-mail addresses, IP details and project estimations of the cost associated with a particular project giving a holistic overview of their sensitive information.  


Such data left unprotected poses grave risks. This information could be used for phishing scams, identity theft, or even financial fraud by criminals. Phishing is the art of making people give up their personal information by claiming to be a trusted person. The presence of cloud storage keys in the database further increases the worry, as this may also open access to more sensitive files elsewhere.

Fowler quickly notified the company, Builder.ai. However, the company, in its defense, showed that it could not tighten the database security due to "complexities with dependent systems." It is already a month, and nobody knows if the problem persists.  

Misconfigured databases are one of the constant problems of the digital era. Companies don't realize they have a shared responsibility to secure the data when it comes to cloud services, leaving large repositories of information exposed unintentionally. 

For businesses, this is an important wake-up call regarding comprehensive cybersecurity practices- periodic checks and ensuring the databases are properly secured for users' data protection.

For users, vigilance is key. Anyone who's interacted with Builder.ai should keep an eye out on their accounts for anything weird and be on their toes for phishing scams.

And in this hyperconnected world, security breaches such as this remind us that vigilance is key, too, for companies as much as it is for their users.



Read more »
Protecting online travel accounts
Biometric data Data Privacy data security database EU Personal Data Privacy Privacy Invasion Protecting online travel accounts

The Intersection of Travel and Data Privacy: A Growing Concern

 

The evolving relationship between travel and data privacy is sparking significant debate among travellers and experts. A recent Spanish regulation requiring hotels and Airbnb hosts to collect personal guest data has particularly drawn criticism, with some privacy-conscious tourists likening it to invasive surveillance. This backlash highlights broader concerns about the expanding use of personal data in travel.

Privacy Concerns Across Europe

This trend is not confined to Spain. Across the European Union, regulations now mandate biometric data collection, such as fingerprints, for non-citizens entering the Schengen zone. Airports and border control points increasingly rely on these measures to streamline security and enhance surveillance. Advocates argue that such systems improve safety and efficiency, with Chris Jones of Statewatch noting their roots in international efforts to combat terrorism, driven by UN resolutions and supported by major global powers like the US, China, and Russia.

Challenges with Biometric and Algorithmic Systems

Despite their intended benefits, systems leveraging Passenger Name Record (PNR) data and biometrics often fall short of expectations. Algorithmic misidentifications can lead to unjust travel delays or outright denials. Biometric systems also face significant logistical and security challenges. While they are designed to reduce processing times at borders, system failures frequently result in delays. Additionally, storing such sensitive data introduces serious risks. For instance, the 2019 Marriott data breach exposed unencrypted passport details of millions of guests, underscoring the vulnerabilities in large-scale data storage.

The EU’s Ambitious Biometric Database

The European Union’s effort to create the world’s largest biometric database has sparked concern among privacy advocates. Such a trove of data is an attractive target for both hackers and intelligence agencies. The increasing use of facial recognition technology at airports—from Abu Dhabi’s Zayed International to London Heathrow—further complicates the privacy landscape. While some travelers appreciate the convenience, others fear the long-term implications of this data being stored and potentially misused.

Global Perspectives on Facial Recognition

Prominent figures like Elon Musk openly support these technologies, envisioning their adoption in American airports. However, critics argue that such measures often prioritize efficiency over individual privacy. In the UK, stricter regulations have limited the use of facial recognition systems at airports. Yet, alternative tracking technologies are gaining momentum, with trials at train stations exploring non-facial data to monitor passengers. This reflects ongoing innovation by technology firms seeking to navigate legal restrictions.

Privacy vs. Security: A Complex Trade-Off

According to Gus Hosein of Privacy International, borders serve as fertile ground for experiments in data-driven travel technologies, often at the expense of individual rights. These developments point to the inevitability of data-centric travel but also emphasize the need for transparent policies and safeguards. Balancing security demands with privacy concerns remains a critical challenge as these technologies evolve.

The Choice for Travelers

For travelers, the trade-off between convenience and the protection of personal information grows increasingly complex with every technological advance. As governments and companies push forward with data-driven solutions, the debate over privacy and transparency will only intensify, shaping the future of travel for years to come.

Read more »
Personal Information
Data Breach Data Services database Internet Personal Information

Database Service Provider Leak Results in Exposing Over 600,000 Records on Web

Database Service Provider Leak Results in Exposing Over 600,000 Records on Web


SL Data Services, a U.S.-based data broker, experienced a massive data breach, exposing 644,869 personal PDF files on the web. The leaked records included sensitive information such as personal details, vehicle records, property ownership documents, background checks, and court records. Alarmingly, the exposed files were not encrypted or password-protected.

Cybersecurity expert Jeremiah Fowler discovered the breach, identifying sample records in the 713.1 GB database. Remarkably, 95% of the documents were labeled as “background checks.”

"This information provides a full profile of these individuals and raises potentially concerning privacy considerations," Fowler stated.

Details of the Leaked Data

The breached documents contained the following sensitive information:

  • Residential addresses
  • Contact details and emails
  • Employment data
  • Full names
  • Social media accounts
  • Family members
  • Criminal record history

Fowler confirmed the accuracy of the residential addresses associated with named individuals in the leaked files.

How the Leak Happened

According to Fowler, property reports ordered from SL Data Services were stored in a database accessible via a web portal for customers. The vulnerability arose when a threat actor, knowing the file path, could locate and access these documents.

SL Data Services used a single database for multiple domains without proper segmentation. The only separation was through folders named after the respective websites. After Fowler reported the breach, database access was blocked for a week, but during that time, over 150,000 additional records were exposed. It remains unclear how long the data was publicly accessible or what information was accessed by unauthorized parties.

When Fowler contacted SL Data Services, he was only able to reach call center agents who denied the breach, claiming their systems used SSL and 128-bit encryption. Despite these assurances, the exposed records suggest serious lapses in data security practices.

The Risks of Exposed Data

Fowler warned about the dangers posed by the leaked information:

"The criminals could potentially leverage information about family members, employment, or criminal cases to obtain additional sensitive personal information, financial data, or other privacy threats."

Publicly exposed data allows threat actors to:

  • Launch phishing campaigns or social engineering attacks
  • Fake identities using stolen information
  • Target victims whose data appeared in background check documents

Staying Safe

To protect personal data when working with data brokers, Fowler recommends the following:

  1. Research Data Storage Practices
    Understand how the company stores and secures sensitive data.
  2. Conduct Vulnerability Scans
    Ensure the broker performs regular scans to detect potential security issues.
  3. Request Penetration Testing
    Verify whether the company tests its systems to prevent unauthorized access.

Conclusion

This breach underscores the importance of robust data security practices for companies handling sensitive information. By adopting proactive measures and holding data brokers accountable, both organizations and consumers can mitigate the risks of future breaches.

Read more »
Open Source System
Cyber Security Data Encryption data security database enterprise cybersecurity Enterprise security Open Source Open Source System

Why Enterprise Editions of Open Source Databases Are Essential for Large Organizations


With the digital age ushering in massive data flows into organizational systems daily, the real value of this data lies in its ability to generate critical insights and predictions, enhancing productivity and ROI. To harness these benefits, data must be efficiently stored and managed in databases that allow easy access, modification, and organization. 

Open-source databases present an attractive option due to their flexibility, cost savings, and strong community support. They allow users to modify the source code, enabling custom solutions tailored to specific needs. Moreover, their lack of licensing fees makes them accessible to organizations of all sizes. Popular community versions like MySQL, PostgreSQL, and MongoDB offer zero-cost entry and extensive support. 

However, enterprise editions often provide more comprehensive solutions for businesses with critical needs.  Enterprise editions are generally preferred over community versions for several reasons in an enterprise setting. A significant advantage of enterprise editions is the professional support they offer. Unlike community versions, which rely on forums and public documentation, enterprise editions provide dedicated, around-the-clock technical support. This immediate support is vital for enterprises that need quick resolutions to minimize downtime and ensure business continuity and compliance. 

Security is another critical aspect for enterprises. Enterprise editions of open-source databases typically include advanced security features not available in community versions. These features may encompass advanced authentication methods, data encryption, auditing capabilities, and more granular access controls. As cyber threats evolve, these robust security measures are crucial for protecting sensitive data and ensuring compliance with industry standards and regulations. Performance optimization and scalability are also key advantages of enterprise editions. They often come with tools and features designed to handle large-scale operations efficiently, significantly improving database performance through faster query processing and better resource management. 

For businesses experiencing rapid growth or high transaction volumes, seamless scalability is essential. Features such as automated backups, performance monitoring dashboards, and user-friendly management interfaces ensure smooth database operations and prompt issue resolution. Long-term stability and support are crucial for enterprises needing reliable database systems. Community versions often have rapid release cycles, leading to stability issues and outdated versions. 

In contrast, enterprise editions offer long-term support (LTS) versions, ensuring ongoing updates and stability without frequent major upgrades. Vendors offering enterprise editions frequently provide tailored solutions to meet specific client needs. This customization can include optimizing databases for particular workloads, integrating with existing systems, and developing new features on request. Such tailored solutions ensure databases align perfectly with business operations. 

While community versions of open-source databases are great for small to medium-sized businesses or non-critical applications, enterprise editions provide enhanced features and services essential for larger organizations. With superior support, advanced security, performance optimizations, comprehensive management tools, and tailored solutions, enterprise editions ensure that businesses can rely on their databases to support their operations effectively and securely. For enterprises where data integrity, performance, and security are paramount, opting for enterprise editions is a wise decision.
Read more »
phishing
Data Breach database Dell Hacking Personal Information phishing

Dell Data Breach Exposes Personal Information Of 49 Million

 




Dell, the renowned computer manufacturer, has issued a cautionary notice to its customers regarding a disconcerting data breach. The breach, which affects an estimated 49 million customers, involves unauthorised access to an online portal containing sensitive customer information. Dell has disclosed that the breached data includes customers' names, physical addresses, and detailed information regarding Dell hardware purchases such as service tags, item descriptions, order dates, and related warranty details. Notably, the compromised information excludes financial details, email addresses, and telephone numbers. Dell accentuated its collaboration with law enforcement and a third-party forensics firm to thoroughly investigate the breach. While Dell declined to specify the number of affected individuals, it assures ongoing efforts to address the incident.

Data for Sale on the Dark Web

Disturbingly, reports have surfaced indicating that a threat actor, operating under the pseudonym Menelik, endeavoured to sell a database containing Dell customer information on a prominent hacking forum. The compromised data encompasses purchases spanning from 2017 to 2024, affecting a staggering 49 million customers. While Dell's initial notification primarily encompasses personal purchases, the breadth of the breach extends its tendrils to affect consumers, enterprises, partners, and educational institutions alike.

In the wake of such an imminent breach, customers are vehemently advised to exercise utmost caution against potential phishing attacks. Armed with comprehensive customer information, malicious actors may orchestrate targeted scams through various mediums, ranging from deceptive emails to physical mail. The criticality of vigilance cannot be overstated, as hackers may employ sophisticated tactics, such as tech support or invoice scams, to extract sensitive information from unsuspecting victims. Furthermore, there exists a palpable risk of malware dissemination through malicious flash drives, underscoring the imperative for users to exercise discretion when interacting with external storage devices.

In response to the breach, Dell has initiated a rigorous investigation, leveraging the expertise of law enforcement agencies and third-party forensic specialists. While the company reassures customers that no financial or payment data, email addresses, or telephone numbers were compromised, it acknowledges the severity of the breach and the pressing need for proactive measures to secure customer data security.

As investigations progress, affected customers are implored to remain informed and enact robust security measures to mitigate the inherent risks associated with potential phishing and malware attacks, thereby safeguarding their sensitive personal information from malicious exploitation.





Read more »
NVD
CVE CVE vulnerability Cyber Security data security data vulnerability database NIST NVD

NIST to establish consortium that can collaborate on research to improve the NVD

 

The US National Institute of Standards and Technology (NIST) is to establish  a consortium to partner with NIST in responding to challenges presented by the current and expected growth in CVEs, such as through development of a way to automate some analysis activities.

The official announcement came during VulnCon, a cybersecurity conference hosted by the Forum of Incident Response and Security Teams (FIRST), held from March 25 to 27, 2024. Tanya Brewer, the NVD program manager, disclosed the news, addressing the longstanding speculation surrounding the fate of the NVD. 

In February 2024, NIST halted the enrichment of Common Vulnerabilities and Exposures (CVEs) data on the NVD website, leading to a backlog of unanalyzed vulnerabilities. This development raised alarms among security researchers and industry professionals, as the NVD plays a critical role in identifying and addressing software vulnerabilities. 

The implications of the NVD backlog are profound, potentially impacting the security posture of organisations worldwide. Without timely analysis and remediation of vulnerabilities, companies face increased risks of cyberattacks and data breaches. The situation prompted some security companies to explore alternative solutions to supplement the NVD's functions temporarily. Amidst the challenges, speculation swirled regarding the underlying causes of the NVD's issues. 

Budget constraints, contractual changes, and discussions around updating vulnerability standards were among the factors cited. The uncertainty underscored the need for transparency and clarity from NIST regarding the future of the NVD. In response to the concerns, Brewer acknowledged the challenges faced by the NVD program, attributing them to a "perfect storm" of circumstances. Despite the setbacks, NIST remains committed to addressing the issues and revitalizing the NVD. 

Plans for the establishment of an NVD Consortium, aimed at fostering collaboration and innovation, signal a proactive approach to future management. Looking ahead, NIST aims to enhance the NVD's capabilities and processes within the next one to five years. Proposed initiatives include expanding partnerships, improving software identification methods, and leveraging automation to streamline CVE analysis. 

These efforts reflect a concerted push to modernize the NVD and ensure its relevance in an ever-evolving cybersecurity landscape. The announcement at VulnCon provided much-needed clarity and reassurance to the cybersecurity community. While challenges persist, the collaborative efforts of industry stakeholders and government agencies offer hope for a resilient and robust NVD ecosystem.
Read more »
Vulnerabilities
Crypto Currency cryptocurrency Cyberattacks Cybersecurity Data Breach database Gokumarket Vulnerabilities

Massive Data Breach at Gokumarket: Over a Million Users' Information Exposed

 


Several days before the leak, the GokuMarket team found an unprotected MongoDB instance, which was storing information about its users, namely those who bought and sold crypto on the exchange. In GokuMarket's case, it is the details of more than a million customers and admin users of the company that are stored in MongoDB in the form of large chunks of document-oriented information. 

Several users of GokuMarket, the centralized crypto exchange owned by ByteX and operated by its staff, have had their records revealed thanks to an open instance, according to a Cybernews investigation. 

With offices in Canada, the European Economic Area, and India, ByteX is a licensed and regulated CeDeFi platform that offers its services in those countries. It is ByteX's goal to bridge the best of both worlds by providing a KYC-verified platform with a compliant DeFi architecture, thus enabling a smooth transition from traditional to crypto credit infrastructure by reinventing it with transparency. 

The Gokumarket cryptocurrency exchange, one of the world's leading crypto exchanges, recently suffered a massive data breach, resulting in the disclosure of sensitive information belonging to over a million users. This is quite a significant and alarming development. 

In light of this breach, significant concerns are raised regarding the security infrastructure of the platform and the potential implications of the breach on the affected users. As a result of GokuMarket's decision, which had around a million users, denying users the option to withdraw their funds in mid-2022, which was a disastrous year for the crypto markets at the time, the company almost went bankrupt. 

GokuMarket faced the harsh reality of insolvency and financial bankruptcy as a result of the crypto market crash that occurred in early 2018. To assist users in safeguarding and protecting their interests, ByteX provided alternative solutions that were in comparison to what ByteX had originally offered. 

There has been considerable turbulence in the market in the aftermath of the recent collapse of several giants, which has also affected the stability of GokuMarket. In acquiring the platform's custodial users, we are making a conscious decision to safeguard and protect both its assets and its users from further challenges. 

It has been discovered that GokuMarket has a database that has been exposed on the web for a considerable period, which is why it was only detected in October 2023 and secured the next day after researchers sent a responsible disclosure note. However, the database could have been accessed by anyone for a considerable amount of time. 

An extensive user base, encompassing an estimated one million people, has been able to access a substantial repository of sensitive data, previously kept in a secure environment. In addition to IP addresses and geographical locations, the information compiled includes information about the users' dates of birth, their first and last names, as well as their mobile phone numbers. 

The encrypted passwords, the crypto wallet addresses, as well as their cryptocurrency wallet addresses, are all compiled in this study. Concern over the security and privacy of the affected individuals is significant in light of this breach of data. 

A persistent attacker could easily use this information to develop a spear-phishing campaign, which would likely involve draining the user's crypto funds, as the researchers believe that there is more than enough information to do so. There was also a revelation that the database, which had full-admin access, held 35 accounts that contained all sorts of sensitive information, including private Telegram channel IDs, secret exchange tokens, passwords and other highly sensitive information. 

A far more dangerous can of worms arises when attackers exploit admin access details to scam users of other platforms, with the ability to steal en-masse and transfer money to their accounts that would otherwise not be there. This is all possible through credential stuffing attacks, which can take advantage of individual user data to target exposed users. 

Using official Telegram channels for malicious purposes, attackers can manipulate the market if a leak of this nature arises. Although the official GokuMarket Telegram channel has not been active since September 2022, scammers are still attempting to impersonate brands within the crypto community to gain their attention.
Read more »
Software
AI-Healthcare system Artificial Intelligence Cyber Security database Google Healthcare Data Software

AI Surpasses Humans in Odor Identification

Artificial intelligence (AI) has reached another milestone in its quest to mimic human sensory perception. Recent breakthroughs in AI technology have demonstrated its ability to identify odors with remarkable precision, surpassing the capabilities of human noses. This development promises to revolutionize various industries, from healthcare to environmental monitoring.

Researchers from a Google startup have unveiled an AI system that can describe smells more accurately than humans. This innovative technology relies on machine learning algorithms and a database of molecular structures to discern and articulate complex scent profiles. The system's proficiency is not limited to simple odors; it can distinguish between subtle nuances, making it a potential game-changer in fragrance and flavor industries.

One of the key advantages of AI in odor identification is its ability to process vast amounts of data quickly. Human olfaction relies on a limited number of odor receptors, while AI systems can analyze a multitude of factors simultaneously, leading to more accurate and consistent results. This makes AI particularly valuable in fields such as healthcare, where it can be used to detect diseases through breath analysis. AI's unmatched sensitivity to odor compounds could potentially aid in the early diagnosis of conditions like diabetes and cancer.

Moreover, AI's odor identification capabilities extend beyond the human sensory range. It can detect odors that are imperceptible to us, such as certain gases or chemical compounds. This attribute has significant implications for environmental monitoring, as AI systems can be employed to detect pollutants and dangerous substances in the air more effectively than traditional methods.

In addition to its practical applications, AI's prowess in odor identification has opened up new avenues for creative exploration. Perfumers and chefs are excited about the possibilities of collaborating with AI to design unique fragrances and flavors that were previously unimaginable. This fusion of human creativity with AI precision could lead to groundbreaking innovations in the world of scents and tastes.

However, there are ethical considerations to be addressed as AI continues to advance in this field. Questions about privacy and consent arise when AI can detect personal health information from an individual's scent. Striking the right balance between the benefits and potential risks of AI-powered odor identification will be crucial.

Read more »
US Cyber Security
Cyber Security Data Privacy Laws Data server database E-Commerce Phishing Attacks UK US Cyber Security

Tech Giants Threaten UK Exit Over Privacy Bill Concerns

As US tech giants threaten to sever their links with the UK, a significant fear has emerged among the technology sector in recent days. This upheaval is a result of the UK's proposed privacy bill, which has shocked the IT industry. The bill, which aims to strengthen user privacy and data protection rights, has unintentionally sparked a wave of uncertainty that has US IT companies considering leaving.

The UK's plans to enact strict privacy laws, which according to business executives, could obstruct the free movement of information across borders, are at the core of the issue. Users would be able to request that their personal data be removed from company databases thanks to the unprecedented power over their data that the new privacy regulation would give them. Although the objective is noble, major figures in the tech industry contend that such actions may limit their capacity to offer effective services and innovate on a worldwide scale.

US tech giants were quick to express their worries, citing potential issues with resource allocation, regulatory compliance, and data sharing. The terms of the bill might call for a redesign of current systems, which would be costly and logistically challenging. Some businesses have openly addressed the prospect of moving their operations to more tech-friendly locations due to growing concerns about innovation and growth being hampered.

Additionally, some contend that the proposed measure would unintentionally result in fragmented online services, where users in the UK might have limited access to the platforms and functionalities enjoyed by their counterparts elsewhere. This could hurt everything from e-commerce to communication technologies, harming both consumers and businesses.

The topic has received a lot of attention, and tech titans are urging lawmakers to revisit the bill's provisions to strike a balance that protects user privacy without jeopardizing the viability of their services. An exodus of technology could have far-reaching effects. The consequences might be severe, ranging from employment losses to a decrease in the UK's status as a tech center.

There is hope that as conversations proceed, a solution will be found that takes into account both user privacy concerns and the practical requirements of the tech sector. The preservation of individual rights while promoting an atmosphere where innovation can flourish depends on finding this balance. Collaboration between policymakers, tech corporations, and consumer advocacy organizations will be necessary to find common ground.


Read more »
Telegram
Cyberattacks CyberCrime Data Breach database Kodi MyBB Telegram

Forum Database Sold Online After Kodi Data Breach

 


Hackers have breached the Kodi Foundation's MyBB forum database, stealing user information such as email addresses and private messages which were tried to be sold online. 

In other words, it is an open-source, cross-platform media player, organizer, and streaming suite that includes several third-party options that allow users to access and stream content from a variety of sources as well as customize their experience as they see fit based upon their personal preferences. 

Several months ago, the Kodi Foundation published a statement revealing that it had been breached by hackers. This was after the organization's MyBB forum database, containing user information and private messages, was stolen and sold online. 

To create backups of the databases, the threat actors abused the account by downloading and deleting backups of the databases. The database's nightly full backups were also downloaded, in addition to the existing data backups. A disablement request has now been sent to the account in question. 

The non-profit organization developed Kodi media center, a free and open-source software entertainment hub, and media player. According to a breach notice published on April 8, the Kodi Team learned of unauthorized access after a data dump of its forum user base (MyBB) was offered for sale online. 

The now-defunct Kodi forum had about 401,000 users who posted 3 million messages covering various topics, including video streaming, suggestions, support, sharing upcoming add-ons, and more. Hackers took over the forum database by accessing the admin interface with inactive staff credentials, according to a site statement on Saturday. 

In the aftermath of the breach, the developer has shut down. The forum, which was home to over 3 million posts, is working to perform a global password reset, as it is assumed that “all passwords are compromised” despite being stored in an encrypted format. 

In an update published earlier today, Kodi's administrators informed the community that they are commissioning an updated forum server. As a result, the existing systems do not appear to have been compromised. 

The forum will be redeployed using the latest MyBB version. This comes with a heavy workload required to incorporate custom functional changes and backport security fixes, so a delay of "several days" is to be expected. 

Kodi shares a list of exposed email addresses associated with forum accounts with the Have I Been PWNed data breach notification service. 

Even though these passwords were hashed and salted, Kodi warns that all passwords should be viewed as compromised for the time being. It may be possible that service availability will be affected if the admin team plans a global password reset. 

According to Kodi's release, any sensitive information transmitted to other users through the user-to-user messaging system may have been compromised, along with any sensitive data sent between users. If you previously used the same login and password for a website, you should follow the instructions on that website for resetting your password or changing it. 

On February 15th, 2023, Amius claimed to have sold a database dump on a website under its brand. According to the database, there are 400,314 Kodi forum members, including "several IPTV resellers," listed in the database. 

There is no information regarding the database price as the seller accepted a private offer over Telegram. The Breached forum is one of the largest hacking and data leak forums. It has developed its reputation over the past few years for hosting, leaking, and selling breaches of companies, governments, and various other organizations. 
Read more »
User Security
Cyber Data Data Breach database Safety Security User Data User Security

FBI Obtained Detailed Database Exposing 59K+ Users of the Cybercrime Genesis Market

 

In its takedown of Genesis Market, a site famous in the cybercriminal realm for selling access to user accounts, the FBI gathered information on possibly tens of thousands of hackers. Senior FBI and Justice Department officials stated in a Wednesday briefing that law enforcement found and duplicated the backend servers for Genesis Market's main site. These servers store stolen victim passwords and session cookies, as well as information on customers of the infamous hacking site. 

According to a US official, the server copies contain information about around 59,000 individual user accounts, including usernames, passwords, email addresses, and secure messenger accounts, as well as a history of user activity.

In connection with the site's closure, the FBI and its partners have already made 119 arrests, including 24 in the United Kingdom. However, the information obtained from the server seizures could assist law enforcement in apprehending even more criminals. 

The Justice Department admits that some of the apprehended suspects are US citizens, but it is unable to provide a precise figure. US officials are also reluctant to clarify whether any Genesis Market leaders had been arrested. The Treasury Department, on the other hand, stated that the hacker site "is believed to be located in Russia," a country that has traditionally refused to extradite criminal suspects to the United States. 

As a result, the primary operators of Genesis Market are likely to have escaped arrest and will attempt to resume their operations. The FBI has taken down the marketplace's primary domain. The dark web onion site for Genesis, on the other hand, is still active.

For the time being, US officials have only stated that they are focusing on capturing the site's leaders and putting pressure on the cybercriminal globe. The takedown comes just weeks after authorities shut down another prominent hacker forum, BreachForums. In doing so, the FBI said that it had gotten a backend database for BreachForums, which is likely to contain information on several hackers.  

“Each takedown is yet another blow to the cybercrime ecosystem,” US Deputy Attorney General Lisa Monaco said in today’s announcement.
Read more »
User Privacy
Cyber Podcast Cyber Security database Election Security Breach Shas User Data User Privacy

A Security Breach in the Shas Database Could Expose Millions of Records


According to top experts in the cybersecurity field, there has been a major security breach in the Shas Party's computerized election management system. This leaves it vulnerable to easy exploitation even for those with only a basic understanding of cybersecurity. 

Following an anonymous leak received on the Cyber podcast hosted by Ido Kinan and Noam Rotem, it has been revealed that the system has been breached. This has not only compromised the data of Shas activists and supporters but has also compromised the information of all Israeli citizens who are eligible to vote. Following that, Ran Bar-Zik, a software architect at the company, verified the findings.

According to a report by Calcalist, the anonymous leaker discovered the vulnerability with an automated scanning tool that detects such weaknesses. This tool was used by the anonymous leaker to detect the vulnerability. 

The information held in the system is just as disturbing as the breach itself: detailed personal details, such as family ties, phone numbers, and bank account numbers, not included in the voter register, of millions of Israeli citizens. 

An online PHP-powered system debugging tool that has been available for nearly four years has been breached as a result of a known vulnerability, and a common browser is all that is needed to exploit this vulnerability, so sophisticated tools are not required to expose this weakness. 

As soon as it is available for widespread use, the debugger should be disabled. It should only be enabled during the testing phase. Adding a few characters to a website address indicating the location of the debugger and performing a few other simple actions without requiring much computer knowledge is all it takes to penetrate the debugger when it remains active after the system is put into operation. 

Even though the breach in question was blocked, it is impossible to determine whether the information in the system had been compromised before it had been patched. There is a concern regarding who might have all the personal information that is stored in the system. This is because it is easy to exploit, and it was found without much effort. 

In response to the leak of data, Shas responds 

Every time there is a round of elections, the Shas party receives a voter registration copy from the Ministry of Interior. This is the same for all the other parties in the country. During every election, it is required that the transmitted information, including all the details that have been added to it, is destroyed. All data included in it will be destroyed as well. Although this is the case, it seems that Shas has managed to retain the personal data of voters from the previous year's elections. 

A professional and reliable electoral software operated by the Shas party for many years maintains a legally registered database as do all of Israel’s other parties. All of the information the Shas party holds has been legally collected, maintained, and complied with according to the law, backed up by cybersecurity experts that are the most knowledgeable in the field, the party spokesperson said in response to an inquiry by Haaretz. 

The party explained that their attention was drawn to concerns that the database had been illegally accessed. Following the receipt of this information, they acted immediately by implementing several immediate changes to ensure the security of the entire database as soon as possible. Shas has conducted a thorough examination of the database systems to ensure that all information remains secure. As part of its ongoing inspection of the database systems, the party stated that "If any party is found to have violated the law, Shas will take appropriate action." 

Elector, a platform used by Likud, leaks the personal information of its users 

A similar incident occurred last year when a list of the names and phone numbers of 5,000 Likud activists was released online from the "Elector" platform, where they could be found on the Ghost in leak website, according to Israeli news agency Ynet. 

There was a list uploaded by an anonymous source along with an email that circulated throughout many groups that stated that "The Likud's and Right's electoral system has been compromised." The list was sent by a source who identified himself as "an activist." The data will slowly leak out as the system is taken offline until the hackers are removed. Here are the first clusters of activists.

In a ruling issued by the Authority for the Protection of Privacy of the Ministry of Justice, it was determined that the Elector company, along with the Likud and Jewish Home parties which received technological services from the Elector company, had violated the Privacy Protection Law and the regulations governing its operation. 

As a result of an enforcement procedure conducted by the Authority, it has been revealed that the election holder has violated the law in many ways, including in the security of its information systems, and in how they conduct itself as a holder of sensitive personal information, among other things.

Read more »
SQL Database
CriminLA database Hackers malware Ransomware Security SQL Database

BlackCat Ransomware’s Data Exfiltration Tool Gets an Upgrade

 

A new version of the BlackCat ransomware's data exfiltration tool for double-extortion attacks has been released. Exmatter, the stealer tool, has been in use since BlackCat's initial release in November 2021.
Exmatter Evolution Symantec researchers (who track the group as Noberus) claim in a report that the ransomware group's focus appears to be on data exfiltration capabilities, which is a critical component of double-extortion attacks. 

The exfiltration tool was substantially updated in August, with various changes including the ability to exfiltrate data from a wide range of file types, including FTP and WebDav, to SFTP, and the option to create a report listing all processed files. It has also added a 'Eraser' feature to corrupt processed files, as well as a 'Self-destruct' configuration option to delete and quit if it runs in a non-valid environment.

New information  stealer

The deployment of new malware known as Eamfo, which is specifically designed to target credentials saved in Veeam backups, has increased BlackCat's ability to steal information even further.

Eamfo connects to the Veeam SQL database and uses a SQL query to steal backup credentials. It decrypts and displays credentials to an attacker once they have been extracted.

Along with expanding Exmatter's capabilities, the latest version includes extensive code refactoring to make existing features more stealthy and resistant to detection. In any case, the BlackCat operation terminates antivirus processes with an older anti-rootkit utility.

BlackCat isn't slowing down and appears to be focused on constantly evolving itself with new tools, improvements, and extortion strategies. As a result, organisations are advised to secure access points and train their employees on cybercriminal penetration techniques. Businesses should also invest more in cross-layer detection and response solutions.
Read more »
User Security
Data Breach database Personal Data Unsecured User Data User Privacy User Security

Personal Data of 30,000+ Students Disclosed in Unsecured Database

 

The security experts at SafetyDetectives reported that the private details of over 30,000 students were discovered on an inadequately secured Elasticsearch server. 

According to the researchers, the server was left linked to the Internet and did not require a password to retrieve the data contained therein. It disclosed more than one million records including personally identifiable information (PII) of 30,000 to 40,000 students. 

As per the report, the exposed data included complete names, email addresses, and phone numbers, as well as credit card information, transaction and purchased meal specifics, and login information saved in plain text. According to SafetyDetectives, the badly protected server was being upgraded at the time it was discovered, and server logs revealing student data were also discovered. 

The 5GB database looked to contain information about students who have Transact Campus accounts, according to the researchers. Because Transact Campus partners with higher education institutions in the United States, the most of affected students are citizens of the United States. 

Transact Campus offers an application that students may use to make payments and purchases using a unique personal account (called Campus ID), as well as for activities such as event access, class attendance tracking, and more. The researchers were unable to identify whether malicious actors had access to the unsecured database before it was protected. They do, however, warn that if criminal actors did get the data, the afflicted students may be subjected to a variety of assaults, including phishing, spam marketing, and malware. 

As per SafetyDetectives, they alerted Transact Campus about the unsecured server in December 2021 but did not obtain a response until January 2022, despite also contacting US-CERT. Although the information had previously been safeguarded at the time, Transact Campus refuted responsibility for the breach.

“Apparently, this was set up by a third party for a demo and was never taken down. We did confirm that the dataset was filled with a fake data set and not using any production data,” Transact Campus told SafetyDetectives. 

The researchers, on the other hand, informed SecurityWeek that they examined a sample of the data discovered on the site and believe it belongs to real individuals. 

“We use publicly available tools to perform random searches for the people exposed and see if they actually exist. We, of course, performed this process when we discovered this server and found out that the data seemed to belong to real people,” SafetyDetectives stated. 

When contacted by SecurityWeek, Transact Campus stated that they promptly initiated an investigation into the breach after learning of the exposure. The exposed information was discovered to belong to a third party, according to Chief Information Security Officer Brian Blakley, and none of Transact's systems was accessed without authorization. 

When asked if the possibly impacted students had been notified in any manner about the data breach, Blakley advised SecurityWeek to contact Sodexo, which appears to be accountable for the hack. 

“Sodexo in conjunction with its payment provider for dining services, Foundry, provided a Notice of Data Breach to impacted clients and users explaining the incident,” he said. 

Sodexo is a global provider of food, facilities management, and home and personal services. SecurityWeek reached out to the organisation for further information on the incident but has yet to get a reply.
Read more »
Ransomware attack
Customer Data Cyber Attacks Cyber Data data security database Employee Data McMenamins Ransomware attack

McMenamins Struck by Ransomware Attack, Employee Data at Risk

 

McMenamins, a Portland hotel and brewpub chain, was struck by a ransomware attack on Wednesday that may have stolen employees' personal information, but no customer payment information seems to have been compromised. 

The ransomware attack was discovered and stopped on December 12, according to McMenamins. The company stated it alerted the FBI and contacted a cybersecurity firm to figure out where the attack came from and how extensive it was. 

Employee data such as names, residences, dates of birth, Social Security numbers, direct deposit bank account information, and benefits records may have been acquired, according to the firm in a news release, but "it is not currently known whether that is the case." 

"To provide employees with peace of mind, McMenamins will be offering employees identity and credit protection services, as well as a dedicated helpline through Experian," the company stated. "A payment processing service manages the collection of such information. Further, this information is not stored on company computer systems impacted by the attack."  

Many operational systems have been taken offline, including credit card scanners, necessitating temporary alterations in payment procedures at some McMenamins sites. There is "no indication" that consumer payment data has been hacked, according to the firm. 

The co-owner, Brian McMenamin stated, “What makes this breach especially disheartening is that it further adds to the strain and hardship our employees have been through in the past two years.” 

“We ask that our customers give our employees extra grace as we make temporary adjustments in the way we process transactions and reservations, given the impacts to our systems by this breach.” 

The company stated that it is unclear when the problem would be rectified and systems restored. There are a few things firms can do to assist mitigate these attacks, according to Kerry Tomlinson, a cyber news reporter with Ampere News. 

"As a business, you need to have backups," Tomlinson said. "If ransomware hits and they're demanding ransom for you to get your files back, you can say thanks a lot but I already have backups." 

"It will happen more and more and it's only going to get bigger. If you're not paying attention now, you need to pay attention." 

Employees should be especially cautious to help prevent cyber assaults, according to Tomlinson, by avoiding questionable emails, setting unique passwords for each website visited, and adding a multi-factor authentication process to offer an extra layer of security. It is worth noting that despite the breach, all McMenamins locations are open.
Read more »
User Security
Cyber Crime database Facebook leaked data Sensitive data User Security

3.8 Billion Clubhouse and Facebook User Records are Being Sold Online

 

According to CyberNews, a database holding the records of about 3.8 billion Clubhouse and Facebook users is being auctioned at a major hacker forum. The person selling them is reportedly asking for $100,000 for the complete database but is ready to split it up into smaller caches for lower costs. 

These records contain sensitive information such as phone numbers, addresses, and names, among other things. All of this information appears to have been obtained through a breach of Clubhouse's systems on July 24th, during which numerous members' phone numbers were exposed online. However, the damage isn't limited to Clubhouse's users. 

According to the September 4 post, the database also contains profiles of users who do not have Clubhouse accounts, whose phone numbers may have been obtained by threat actors as a result of Clubhouse's previous requirement that users share their entire contact lists with the social media platform in order to use it. 

Because the platform requires users to sync their contacts with the app, contact numbers from a user's phone can also be revealed if the company's servers are hacked. And it appears that this is exactly what occurred. As a result, those who do not have a Clubhouse ID and password have their data exposed to the hacker site and may be at risk. While it is still unclear how Facebook user IDs ended up in the mix, it is plausible that the cybercriminal compared the revealed numbers to those found in prior Facebook hacks, which have been many.

Prior to this compilation, threat actors had little use for the purportedly scraped Clubhouse phone numbers, which were posted without any additional information about the participants. As a result, the prior Clubhouse scrape was labeled a "bad sample" on the forum and failed to pique scammers' interest. 

However, according to CyberNews senior information security expert Mantas Sasnauskas, the expanded compilation “could serve as a goldmine for scammers.” They would obtain access to a lot more contextual information about the owners of the hacked phone numbers, according to Sasnauskas, such as usernames, locations based on phone number suffixes, Clubhouse network sizes, and Facebook profiles. 

This means that scammers would be able to launch localized mass campaigns and create customized scams based on information acquired from potential victims' Facebook accounts much more easily. “People tend to overshare information on social media. This could give insights for scammers on what vector to employ to run their scams successfully by, for example, calling people with the information they learned from their Facebook account,” says Sasnauskas.
Read more »
Unprotected database
Cyber Security database Security research Unprotected database

Research Shows 19 Petabytes of Data Exposed Across 29,000+ Unprotected Databases

 

Researchers from CyberNews discovered that over 29,000 databases across the world are now totally inaccessible and publicly available, exposing over 19,000 terabytes of data to everyone, including threat actors. 

The majority of businesses keep confidential data in databases. Passwords, usernames, document scans, health records, bank account, and credit card information, and other vital information are all easily searchable and stored in one location. 

To steal all that valuable data, attackers don't always need to hack them: one of the most common causes of a breach is databases that have been left unsecured, allowing anyone to access the data without a username or password. Hundreds of millions of people's personal information can (and often does) become exposed on the internet as a result of database security flaws, allowing threat actors to exploit that data for a variety of malicious purposes, including phishing and other forms of social engineering attacks, as well as identity theft. 

According to CyberNews, hundreds of thousands of database servers are still open to everyone, with more than 29,000 insecure databases exposing nearly 19 petabytes of data to hacking, tampering, deletion, and other threats. The fact that tens of thousands of open databases have data exposed is nothing new. Indeed, cybercriminals are so aware of this that a vulnerable database can be identified and targeted by threat actors in only a few hours. 

After years of huge data breaches, ransom requests, and even crippling data wipeouts by feline hackers (meow), one would think database owners would be aware of the issue and, at the very least, ask for a username and password before letting someone in. 

To conduct the investigation, CyberNews used a specialized search engine to look for open databases for Hadoop, MongoDB, and Elasticsearch, three of the most common database types. As a result, the true number of unprotected databases and the volume of data exposed is undoubtedly much higher than they discovered. 

According to the results found, there are at least 29,219 vulnerable Elasticsearch, Hadoop, and MongoDB databases are let out in the open. Hadoop clusters outnumber the competition in terms of exposed data, with nearly 19 petabytes available to threat actors who could put millions, if not billions, of users at risk with a single click. 

Elasticsearch leads the pack in terms of exposed databases, with 19,814 instances without any kind of authentication, placing more than 14 terabytes of data at risk of being hacked or held hostage by ransomware gangs. MongoDB appears to do much better than others in terms of terabytes, but the 8,946 unprotected instances demonstrate that thousands of organizations and individuals who use MongoDB to store and handle their data still have a long way to go in terms of basic database security. 

Unknown cyber criminals conducted a series of so-called "Meow" attacks in 2020, wiping all data from thousands of unsecured databases without explanation or even a ransom demand, leaving shocked owners with nothing but an empty folder and files labeled "meow" as the attacker's signature. It was found that 59 databases hit by the ‘Meow’ attacks a year ago are still unprotected and collectively leaving 12.5GB of data exposed. 

According to CyberNews security researcher Mantas Sasnauskas, this only goes to show that raising awareness about exposed and publicly accessible databases is as important as ever. “Anyone can look for these unprotected clusters by using IoT search engines to effortlessly identify those that don’t have authentication enabled and exploit them by stealing the data, holding them ransom, or, as was the case with the ‘Meow’ attack, simply destroy valuable information for fun, wiping billions of records and crippling both business and personal projects in the process.”

Databases are used by businesses of all sizes to store customer and employee records, financial details, and other confidential information. Databases are often operated by administrators who lack security training, making them an easy target for malicious actors. 

The owner of a database can take certain steps to protect the database from unwanted visitors like:
1.Authentication should be activated so that no one can access your database without the correct credentials or ssh key. 
2.One must not use the default password – threat actors scour the internet for publicly available databases with default passwords allowed and target them on the spot.
3.Maintain the latest version of your database program.
Read more »
Misconfiguration
Censys Cloud Cloud data violation Cyber Security Data Exposure database Misconfiguration

Cloud Misconfiguration is Still the Leading Source of Cloud Data Violations

 

Almost everybody by now is workings from home and 84 percent are worried that new security vulnerabilities have been generated with the quick move towards 100 percent remote working. 

Cloud service providers built their administration panels' user interface purposefully to mislead consumers and charge for more services than originally intended. 

Although it was never demonstrated as a systematic business strategy, reports and alerts of a data breach have overwhelmed the internet in recent years since a cloud-based database has indeed been misconfigured and confidential information ultimately leaked. 

Throughout the past month, Censys, a security company that specializes in census-like inspections on the internet, looked closely at the cloud-based services, hoping to uncover what the best potential origin of misconfiguration might be for cloud-based businesses. As per the study, Censys has found over 1.93 million cloud server databases that have been displayed publicly without even any firewall or other authentication measures. The security company arguments that threat actors will discover and target these databases utilizing older vulnerability exploits. In addition, if the database was unintentionally leaked, it could also use a weak or even no password at all, disclosing it to all those who have detected its IP address. 

Censys reported having been used to scan MySQL, Postgres, Redis, MSSQL, MongoDB, Elasticsearch, Memcached, and Oracle and that nearly 60 percent of all disclosed servers were MySQL databases which represent 1.15 million of the 1.93 million overall exposed DBs. 

The security agency also searched to find ports that could also be exposed by clouds service as they are normally used for remote management applications like SSH, RDP, VNC, SMB, Telnet, Team Viewer, and PC Anywhere. Censys retained that access to all these remote managing port must not be easily discovered but rather secured by Access Control Lists, VPN tunnel, or other traffic filtering solutions, although the underlying cause of these applications is that the systems can be remotely logged into. 

Another very significant discovery was indeed the virtual exposure of the RDP login screens by more than 1.93 million servers. 

Microsoft and several others have also indicated that many violations of security have also been caused by attackers obtaining access to an enterprise through compromised RDP credentials. Which included attacks on a broad range of actors, including DDoS botnets, crypto mining activities, ransomware gangs, and government-funded actors. 

Most organizations do not operate internally with just one cloud services provider infrastructure, but instead use several solutions, many of which might not have the same access or default settings, allowing several systems to become accessible even though IT personnel are not supposed to do so. While some cloud providers have taken measures to improve their dashboards and to clarify how those controls operate, the wording of each cloud provider is still substantially different, and some system administrators are still often confused. 

Censys said, “it expects the issue of misconfigured services to remain a big problem for companies going forward.”
Read more »
Subscribe to: Posts (Atom)