Tag: Risk Awareness

Database with 11 Million Email Records Exposed

A huge customer database containing 11 million records that include personal details, has been discovered sitting online, unprotected. The data was available from a MongoDB instance set up on the hosting infrastructure from Grupo-SMS USA, LLC, and could be accessed by anyone able to find the path to it.

Independent security researcher Bob Diachenko found the information by scanning the internet using publicly available tools. His research revealed that the dataset had been last indexed by Shodan search engine on September 13, but it is unclear how long it was open for access before that date.

Read more about the major data leak on BleepingComputer.

GovPayNow Leak of 14M+ Records Dates Back to 2012

Government Payment Service (GovPayNet) has been alerted to a leak of more than 14 million customer records dating back to 2012, KrebsOnSecurity reported this week.

GovPayNet is used by nearly 2,300 government agencies in 35 states to process online payments for traffic tickets, bail payments, court-imposed fines, and other fees. The service operates under the Web domain GovPayNow.com, which was found leaking customer data including names, addresses, phone numbers, and the last four digits of credit card numbers.

Read more about the GovPayNow data leak on DarkReading.

Zero-Day Bug Allows Hackers to Access CCTV Surveillance Cameras

Between 180,000 and 800,000 IP-based closed-circuit television cameras are vulnerable to a zero-day vulnerability that allows hackers to access surveillance cameras, spy on and manipulate video feeds or plant malware.

According to a new Tenable Research Advisory, the bugs are rated critical and tied to firmware possibly used in one of 100 different cameras that run the affected software. NUUO, the company that makes the firmware, is expected to issue a patch for the bug today. The company lists over a 100 different partners including Sony, Cisco Systems, D-Link and Panasonic. It’s unclear how many OEM partners may use the vulnerable firmware.

Read more about the zero-day bug affecting CCTV cameras on Threatpost.

CSS-Based Attack Causes iOS, macOS Devices to Crash

A newly-revealed proof-of-concept attack can cause iOS devices to crash or restart with a mere 15 lines of code, a researcher revealed over the weekend. Sabri Haddouche, a security researcher at Wire, has tweeted the source code of the proof-of-concept (PoC) attack that restarts iOS devices – such as the iPhone or iPad – with just a few lines of specially crafted Cascading Style Sheets (CSS) and HTML code.

Haddouche, who came across the attack after looking at DoS attacks on browsers last week, said that users who open a specially formatted link from any iOS-based browser, or using Safari on macOS, are privy to the attack. He has notified Apple and the tech giant is investigating the issue.

Read more about the newly discovered CSS-based attack on Threatpost.

EternalBlue Infections Persist

The infamous EternalBlue exploit used in the game-changing WannaCry and NotPetya cyberattacks just won’t die: new research shows 300,000 machines around the globe suffering repeat infections of the attack code.

EternalBlue, pilfered from the NSA and leaked by the mysterious Shadow Brokers group, abuses a flaw in Microsoft’s Server Message Block, SMB1, protocol. Researchers at Avira found a large number of machines – mainly running versions of Windows that don’t get updates and the older SMB2 protocol getting infected over and over with EternalBlue.

Read more about the findings of the new research on DarkReading.

New cold boot attack affects “nearly all modern computers”

Security researchers have uncovered a new variation of a cold boot attack that can meddle with a computer’s firmware to disable security measures and allow an attacker to recover sensitive data stored on that computer.

The attack is a variation of old cold boot attacks, known for nearly a decade. Cold boot attacks are when an attacker forces a computer reset/reboot and then steals any data left over in the RAM. Over the years, OS makers and hardware vendors have shipped various security measures to reduce the impact of cold boot attacks, even if they happen. But security researchers discovered that they could circumvent one of these protections.

Read more about how current cold boot attack firmware security measures can be disabled to steal sensitive data from high-value computers on ZDNet.

2 Billion Bluetooth Devices Remain Exposed to Attack Vulnerabilities

One year after security vendor Armis disclosed a set of nine exploitable vulnerabilities in Bluetooth, some 2 billion devices — including hundreds of millions of Android and iOS smartphones — remain exposed to the threat. Armis disclosed the vulnerabilities — collectively dubbed “BlueBorne” — last September, describing them as an attack vector for adversaries to take complete control of Bluetooth devices.

At the time, some 5 billion Bluetooth-enabled products, including laptops, phones, smartwatches, and TVs, were impacted. Since then, the vendors of many of these products have issued patches and software updates addressing the flaws. Despite this, about 2 billion devices remain at risk.

Read more about the BlueBorne vulnerabilities and learn why 2 billion devices remain at risk, on DarkReading.

These are the warning signs of a fraudulent ICO

An Initial Coin Offering (ICO), in simple terms, is a way for blockchain-related startups to raise funds. Akin to crowdfunding, the projects generally offer their own brand of ‘tokens’ in exchange for popular cryptocurrencies such as Bitcoin (BTC) or Ethereum (ETH).

Like many angel investments in startups, ICOs are a risk which may later offer good returns, leading many to invest in the blockchain space. Many legitimate blockchain projects will launch an ICO due to real dedication to their goals and a true need to raise funds. However, ICOs are also something of a “Wild West” teeming with the theft of funds and exit scams. Before even considering participation in a token sale, you should know not only the risks — but also how to spot a fake ICO.

Learn how you can distinguish a fake ICO from a legitimate one, on ZDNet.

8 Attack Vectors Puncturing Cloud Environments

As companies work to protect their cloud environments, they need to know which types of attacks are most likely to hit. “Cloud has been around for years, but cloud security has only within the past year or so become a formal discipline,” says Matthew Chiodi, vice president of cloud security at RedLock. And as the cloud evolves, attackers are finding new, advanced ways to break into enterprise environments.

Public cloud security incidents often stem from a poor understanding of the shared responsibility model, which governs how cloud users and providers both shoulder the burden of security, Chiodi says.

Read about different types of cyberattacks that are affecting cloud environments on DarkReading.

What is cyberwar? Everything you need to know about the frightening future of digital conflict

At its core, cyberwarfare refers the use of digital attacks by one country or nation to disrupt the computer systems of another with the aim of create significant damage, death or destruction. Perhaps unsurprisingly – considering that cyberwarfare involves spies, hackers and top secret digital weapons projects – it’s a still a shadowy and ill-defined area of conflict, but one that is increasingly important and dangerous.

Like traditional conflicts, cyberwarfare comes in many shapes and sizes, but it is increasingly clear that cyberwarfare is going to be a significant component of pretty much every present and future conflict.

Read everything you need to know about cyberwar on ZDNet.