Security this week, June 9, 2020

Have a look at the major events in security which occured in the past week:

Over 100,000 national IDs of Indians put on dark net for sale 

Over 100,000 Indians’ data vulnerable

Cybersecurity firm Cyble has found over 100,000 national IDs of Indians including the Aadhaar, PAN card, and passport have been put up for sale on the dark web. The leaked data appears to be from a third party rather than a government system. Such data leaks can lead to identity thefts, scams, and corporate espionage. The researchers were able to acquire 1,000 IDs from the seller. It was confirmed that the data belonged to the Indians and indicated that the data may have leaked from some company’s database. Cyble is investigating the case further and recommends people to refrain from sharing personal information over phone or e-mail or SMS. 

Joomla Resources Directory Portal Suffers Data Breach impacting 2700 

Joomla suffers data breach

A new security breach in the open-source content management system, Joomla‘s resource directory was announced which impacted 2700 accounts worldwide. The breach exposed a user’s personal information such as full names, business addresses, phone numbers, etc. This came to light in an audit that a member of Joomla stored a full unencrypted backup of the JRD website on an AWS S3 bucket owned by a third-party company. The breach’s impact is believed to be low given that most of the information is present in the public domain.  Joomla has mandated a password reset for the respective accounts. It further removed users who did not login before 1st January 2019. Joomla said that the investigations are still going on and access to the website has been suspended. 

Researchers Uncover Brazilian Hacktivist’s Identity Who Defaced Over 4800 Sites 

Hacktivist traced by screenshots on social media

A hacktivist who was operating under the name of VandaTheGod had been attributed to a series of attacks on government websites in July 2019. However, security researchers found a digital trail that led them right to his doorsteps. The researchers were able to map VandaTheGod’s activity over the years and eventually zero down the attacker’s real identity. The hacktivist had repeatedly gone after government websites, healthcare providers, and universities. It had breached a healthcare company’s data in October 2019 which affected over 1 million users. The total websites hacked by VandaTheGod stands at 4,820. What eventually gave away his real identity were a couple of screenshots that were uploaded on Twitter. 

VMware Cloud Director vulnerability lets hackers take over corporate servers 

VMware vulnerability lets hackers take over corporate servers

Security researchers have disclosed details of a new vulnerability in VMware’s Cloud Director platform, which is a popular automation, deployment, and management software. This vulnerability could allow an attacker to get access to sensitive data and control private clouds within an entire infrastructure. This came up when a Fortune 500 enterprise carried out a security audit of its cloud infrastructure. Researchers said that using an entry point, they could access arbitrary Java classes and instantiate them bypassing malicious payloads. VMware has released a series of updates to patch the flaws along with a workaround to mitigate the risk of attacks exploiting the issue. 

HDFC Life would now be able to thwart more than 10 million DDoS hits a day 

HDFC set to patch vulnerabilities in its sytem

Insurance company, HDFC life has laid claim to be first insurance firm to make policy buying experience completely online. With an already strong online presence, the company had increasing concerns over security with the landscape being most vulnerable than ever. Its major challenge was that they lacked the expertise to patch open vulnerabilities with constant exposure to DDoS attacks. The company found its solution in Indusface AppTrana which has helped it protect its perimeter against DDoS attacks with 24/7 expert security support. 

Attackers can hack database servers due to flaws in newly patched SAP ASE

Flaws in the patched SAP ASE can be expoited by hackers

A set of new critical vulnerabilities have been found in SAPs Sybase database software which can grant complete control over a target database to unprivileged attackers. The threat can be extended to underlying operating system as well in some cases. The issues were discovered during the testing of a product which has a CVSS rating of 9.1. The most severe vulnerability executes arbitrary code while preparing database backups. This allows the attacker to execute a series of malicious commands. Besides these flaws, SAP has also released security patches for various functions.

Air gapped computers targeted by new espionage tool for stealing data

New tool targets data from Air Gapped Computers

A threat actor from China has managed to create new capabilities that can target air-gapped systems. According to Kaspersky, this can be done to exfiltrate sensitive data for espionage. The APT goes by many names such as Goblin panda, Cycldek, and Conimes. It employs an extensive toolset to steal information in the victim’s network. It was responsible for attacks against government agencies in Vietnam, Laos, and Thailand. First tracked by Crowdstrike in 2013, the APT has previously singled out defense, energy, and government sectors in Southeast Asia using decoy documents. One of its new tools relies on USB media to exfiltrate victim data suggesting that Cycldeck is reaching out to air gapped networks in victim environments.

Your browser doesn’t support HTML5 audio


Digital Transformation

Demystifying DX - Stories, lessons, and applications.