Uncategorized
In the news
Capture of sensitive information by Baidu Apps detected by Palo Alto Networks’ Researchers
Two popular Android apps from Chinese tech giant Baidu were temporarily unavailable on the Google Play Store in October after they were caught collecting sensitive user details.
The two apps in question—Baidu Maps and Baidu Search Box—were found to collect device identifiers, such as the International Mobile Subscriber Identity (IMSI) number or MAC address, without users’ knowledge, thus making them potentially trackable online.
The discovery was made by network security firm Palo Alto Networks, who notified both Baidu and Google of their findings, after which the search company pulled the apps on October 28, citing “unspecified violations.”
According to Palo Alto researchers, the full list of data collected by the apps include:
• Phone model
• Screen resolution
• Phone MAC address
• Carrier (Telecom Provider)
• Network (Wi-Fi, 2G, 3G, 4G, 5G)
• Android ID
• IMSI number
• International Mobile Equipment Identity (IMEI) number
Reference: https://thehackernews.com/2020/11/baidus-android-apps-caught-collecting.html
Nation-State Attackers Actively Target COVID-19 Vaccine-Makers
Three nation-states cyberattack groups are actively attempting to hack companies involved in COVID-19 vaccine and treatment research, as per reports by Microsoft. Russia’s APT28 Fancy Bear, the Lazarus Group from North Korea and another North Korea-linked group dubbed Cerium are believed to be behind these attacks.
The primary attack methods used are password spraying and brute forcing employee accounts. These employees have also been subjected to spear phishing attacks, where attackers have managed to masquerade these emails coming from WHO officials. Microsoft declined to speak about any compromise of data, however at least one breach has been confirmed.
Reference:
Nation-State Attackers Actively Target COVID-19 Vaccine-Makers
In the News Week 11
Millions of Hotel Guests Worldwide Caught Up in Mass Data Leak
Due to a cloud misconfiguration users of a popular reservation platform threaten travelers with identity theft, scams, credit-card fraud and vacation-stealing. The misconfigured Amazon Web Services S3 bucket. Revealed the records include sensitive data and credit-card details. The Prestige Software’s “Cloud Hospitality” is used by hotels to integrate their reservation systems with online booking websites like Expedia and Booking.com.
The company was storing years of credit-card data from hotel guests and travel agents without any protection in place, putting millions of people at risk of fraud and online attacks, “The S3 bucket contained over 180,000 records from August 2020 alone. Many of them related to hotel reservations being made on numerous websites, despite global hotel bookings being at an all-time low for this period.”
Burp Suite (SQL Injection)
SQL Injection Presentation
Week #10: Reading Discussions
Burp Suite Guide:
- Burp proxy: used to intercept traffic between the browser and target application -> similar to a man-in-the-middle attack.
- Burp Sitemap and Site proxy: shows sitemap and site scope -> lets you choose the scope of security testing
- Displays various sections of a particular domain (ex. Google)
- shows how to execute search
- Burp Spider: used to get a complete list of URLs and parameters of each site. Looks through each page manually and finds the links within the testing scope.
- Using spider: Proxy and interceptors should be off. -> Manually visiting more sites will give spider a larger coverage area.
Questions:
- Is Burpsuite similar to anything you have used before?
- What can be potential issues using this software?
Week #10: In the News
Cyber-criminals Target Naked Zoom Users
Cybercriminals used a floating zero-day security vulnerability on the Zoom App to engage in sextortion scams. Many users such as TV Analyst Jeffrey Toobin was caught in a sexual act over the video call and the criminal managed to obtain the video recordings. Zoom’s vulnerability allowed attackers to take over the camera and also accessing metadata from the account.
The criminal sent emails to the victims explaining that he was under duress because he lost his job and had no other choice but to extort for money. The scammer sent emails threatening that a ransom of $2,000 in bitcoin within 3 days or the footage will be made public. There has not been public word from Zoom.
Week #9: In the News
Nando’s Customers Hit by Credential Stuffing Attacks
The popular chicken chain, Nando’s, has been cyber-attacked; attackers hijacked online accounts to place large orders. Due to covid-19, the restaurant industry has been attempting to find a way to optimize service while restrictions are in places such as QR codes and online ordering. Most orders are made online and picked up using a QR code in-store, however, attacks have used a tactic called “credential-snuffing”. By using stolen customer credentials used elsewhere, they can use the same information to access their Nando’s account. Since then, Nando’s has promised to reimburse customers for any fraudulent orders.
Since July 2018- June 2020, there has been 64 billion credential snuffing attempts in the retail, hospitality, and travel sectors. This can be remediated by having MFA on accounts or even just using different passcodes for each account.
*I thought this was interesting because I was also hacked using a fake KFC account*
https://www.infosecurity-magazine.com/news/nandos-customers-hit-credential/
Week #9 Reading Discussions: OWASP Top 10
OWASP Top 10
- Broken authentication: when authentication and session management are implemented incorrectly, attacks can compromise the user’s credentials and exploit their identities. I see this happen frequently and there are industry standards such as lock-out policies, timeout sessions that can help mitigate this security risk. However, many organizations fail to do so because they are unaware of the severity of these flaws.
- Broken access control is when restrictions on authenticated users are not properly reinforced. From a security standpoint, less is more. Users with administrative privileges should only be limited to admins of the system, if a standard user’s credentials were hacked and access controls weren’t in place, the scope of damage would increase significantly.
Questions
- What security risk have you encountered? Or what do you think can lead to the most damage?
- What are some mitigation tactics companies can have to protect themselves against these risks?
Millions of Hotel Guests Worldwide Caught Up in Mass Data Leak
Due to a cloud misconfiguration users of a popular reservation platform threaten travelers with identity theft, scams, credit-card fraud and vacation-stealing. The misconfigured Amazon Web Services S3 bucket. Revealed the records include sensitive data and credit-card details. The Prestige Software’s “Cloud Hospitality” is used by hotels to integrate their reservation systems with online booking websites like Expedia and Booking.com.
The company was storing years of credit-card data from hotel guests and travel agents without any protection in place, putting millions of people at risk of fraud and online attacks, “The S3 bucket contained over 180,000 records from August 2020 alone. Many of them related to hotel reservations being made on numerous websites, despite global hotel bookings being at an all-time low for this period.”