Twitter bug may have exposed API keys, access tokens

 

A bug could have exposed their API keys and access tokens in their browser’s cache. Luckily, the problem was fixed before any leaks. According to the twitter, if the person using a public computer to view developer app keys and token on developer.twitter.com, they may have been store temporarily in the browser’s cache on the computer. That information has the potential of being misused by accessing the keys and tokens. With more and more organizations and businesses relying on the API, this makes API a lucrative target for hackers. Leaked keys and token can make their way to the dark and possess a threat of being used in the automated attacks against API endpoints.  Twitter notified that they changed their caching instructions that the site sends developer’s browsers.  Twitter also stopped storing information about the apps or accounts and fixed the leak.

 

Netcat is a featured networking utility which reads and writes data across network connections, using the TCP/IP protocol.  It is designed to be a back-end tool that can be used directly or easily driven by other programs and scripts.  At the same time, it is packed with other features such as port scanning or copying files over the network without having a FTP or HTTP server.  Netcat is often used by hackers to achieve a shell on a victim’s computer.  If a hacker was able to breach a website, they could upload a shell script to the site.  The script would be modified to connect to the attackers IP, on a given port, say 9999.  Once the shell is uploaded, the attacker would setup a netcat listener on their machine with the commands:

nc –nvlp 9999

This essentially tells netcat (nc) not resolve names (-n), to be verbose printing out when a connection occurs (-v), to listen (-l) on a given local port (-p)

Once the listener is set, the attacker would navigate to the page were they uploaded the shell script, and it would execute and then there would be a shell prompt in the terminal where the netcat listener was set.

Questions for the class:

What else can netcat be used for?

Nebraska Medicine Falls Victim To Cyber Attack

Nebraska Medicine is the most comprehensive health network in the region, with two major hospitals, more than 1000 doctors and 40 clinics in the Omaha area. Earlier this week Nebraska Medicine experienced a significant information technology system downtime event. This downtime is the result of a cyber security attack.  Nebraska Medicine was forced to postpone many appointments and prioritized patients who have appointments or surgeries critical to their health and well-being. According to Nebraska Medicine no patient data has been deleted or destroyed. As of this time there is no report of Patient data being compromised. Law Enforcement have been notified and contingency plans are in place. Nebraska Medicine says normal operations should resume in a few days after the cyber attack. 

The statement did not include any further information about the attack’s nature, extent or origins. According to the distribution and event leading to the discovery of the attack. It seems that Nebraska Medicine has been affected by a denial of service attack. As this investigation continues Nebraska Medicine and other health institutions should seek to improve their Security Awareness. Training employees to watch out for suspicious links and always updating phone and computer software is essential . Nebraska Medicine should also improve defense-in-depth or layered security. Layered Security provides additional protection even after an unauthorized access is achieved. Even if an attacker is able to breach into the network.What they can access is very limited. Which is going to make accessing other data more difficult.

One month after TikTok implemented MFA for its users, it was discovered that the feature was only enabled for the mobile app and not the website.  This lapse in TikTok’s new security feature would allow attackers to bypass MFA by logging into an account with compromised credentials via its website.  Luckily there is not much an attacker can do to a compromised account when logging into TikTok via the website.  The website dashboard does not allow passwords to be reset.  However, an attacker could still deface an account by uploading and posting videos in an attempt to deface the account.  Another flaw found in TikTok’s platform was that the mobile app does not show sessions taking place in real-time from the web dashboard.  This means that TikTok does not warn users when someone used their credentials to access their TikTok account via a web browser.

 

https://www.zdnet.com/article/you-can-bypass-tiktoks-mfa-by-logging-in-via-a-browser/