Search This Blog

Showing posts with label Unprotected database. Show all posts

Critical Vulnerability Discovered in Microsoft Vancouver Site


Security researchers at CyberNews have unearthed a Desktop Service Store (DS_STORE) file which was openly available on a web server belonging to Microsoft from Vancouver, Canada. 

The dumped database included usernames and e-mail addresses of administrators, as well as passwords in the hash format used in the WordPress systems operated by the firm on its official pages. Folder lists, including content management platform databases, were also available.

The passwords discovered were in an insecure format, MD5, which could be easily cracked by a skilled malicious actor. With full credentials, the malicious hackers would have secured access to the firm’s website systems, which could be used to perform phishing attacks or deploy the malicious files on Microsoft’s own servers, researchers explained.

The DS_STORE file is responsible for storing folder attributes on MacOS and was discovered in September 2021, during routine scans carried out by the researchers for unprotected Internet of Things servers and devices. 

Unfortunately, it took weeks for CyberNews to get a response from Microsoft, and after taking notice, the firm took almost a month to patch the vulnerability. The researchers said they made multiple attempts at contacting Microsoft over official contact emails, phone numbers, as well as customer support emails, just to be noticed.

According to security researchers, exploits from DS_STORE files can often go unnoticed by users. On macOS, this is a hidden file, but it ends up showing up when data is transferred to a Windows or Linux server or device; as it carries with it the information from the original folder, it would be possible, from the metadata, to obtain the location of the files or information about their content, as well as other folders that may also be public for access. 

These types of files should be heavily guarded, as they display their folder structure, which could result in leaks of sensitive or confidential data, researchers added. 

William Mendez, managing director of operations at CyZen, believes that organizations should put more effort to ensure that proper access controls are in order. “At a minimum, any website that contains sensitive information should require a username and password, or some type of security token to access the content,” he told CyberNews.

Thailand's Data on 106 Million Visitors has been Breached


After uncovering an unsecured database collecting the personal information of millions of tourists to Thailand, a British cybersecurity researcher unexpectedly stumbled upon his own personal data online. An unencrypted Elasticsearch server was discovered by Bob Diachenko, a cybersecurity researcher and security leader at Camparitech, exposing the personal data of approximately 106 million international passengers to Thailand. The data was accessible online in an unsecured database, allowing anyone to access it. 

Threat actors are constantly on the lookout for unprotected servers. There is no proof of how long the database was exposed before Diachenko's disclosure in this case. A honeypot, on the other hand, was set up to monitor hacker intrusions.

 “Notably, the IP address of the database is still public, but the database itself has been replaced with a honeypot. Anyone who attempts access at that address now receives the message: This is honeypot, all access were logged,” Diachenko added. 

A honeypot is a security tool that detects or prevents unauthorized network and information system breaches. The organization set up a honeypot to see how quickly hackers would attack an Elasticsearch server using a dummy database and fake data. From May 11 until May 22, 2020, Comparitech left the data exposed. It discovered 175 attacks in just eight hours after the service went live, with a total of 22 attacks in a single day. 

After he reported the problem to Thai authorities, the database was safeguarded. According to Diachenko, every visitor who visited Thailand in the last ten years may have had their personal information exposed as a result of the event. Over 200GB of user data was stored in the database. Date of arrival in Thailand, full name, sex, passport number, residency status, visa type, and Thai arrival card number were among the data disclosed. 

“Any foreigner who traveled to Thailand in the last decade or so probably has a record in the database. There are many people who would prefer their travel history and residency status not be publicized, so for them there are obvious privacy issues. None of the information exposed poses a direct financial threat to the majority of data subjects,” Diachenko stated. 

“No financial or contact information was included. Although passport numbers are unique to individuals, they are assigned sequentially and are not particularly sensitive,” Diachenko added.

Research Shows 19 Petabytes of Data Exposed Across 29,000+ Unprotected Databases


Researchers from CyberNews discovered that over 29,000 databases across the world are now totally inaccessible and publicly available, exposing over 19,000 terabytes of data to everyone, including threat actors. 

The majority of businesses keep confidential data in databases. Passwords, usernames, document scans, health records, bank account, and credit card information, and other vital information are all easily searchable and stored in one location. 

To steal all that valuable data, attackers don't always need to hack them: one of the most common causes of a breach is databases that have been left unsecured, allowing anyone to access the data without a username or password. Hundreds of millions of people's personal information can (and often does) become exposed on the internet as a result of database security flaws, allowing threat actors to exploit that data for a variety of malicious purposes, including phishing and other forms of social engineering attacks, as well as identity theft. 

According to CyberNews, hundreds of thousands of database servers are still open to everyone, with more than 29,000 insecure databases exposing nearly 19 petabytes of data to hacking, tampering, deletion, and other threats. The fact that tens of thousands of open databases have data exposed is nothing new. Indeed, cybercriminals are so aware of this that a vulnerable database can be identified and targeted by threat actors in only a few hours. 

After years of huge data breaches, ransom requests, and even crippling data wipeouts by feline hackers (meow), one would think database owners would be aware of the issue and, at the very least, ask for a username and password before letting someone in. 

To conduct the investigation, CyberNews used a specialized search engine to look for open databases for Hadoop, MongoDB, and Elasticsearch, three of the most common database types. As a result, the true number of unprotected databases and the volume of data exposed is undoubtedly much higher than they discovered. 

According to the results found, there are at least 29,219 vulnerable Elasticsearch, Hadoop, and MongoDB databases are let out in the open. Hadoop clusters outnumber the competition in terms of exposed data, with nearly 19 petabytes available to threat actors who could put millions, if not billions, of users at risk with a single click. 

Elasticsearch leads the pack in terms of exposed databases, with 19,814 instances without any kind of authentication, placing more than 14 terabytes of data at risk of being hacked or held hostage by ransomware gangs. MongoDB appears to do much better than others in terms of terabytes, but the 8,946 unprotected instances demonstrate that thousands of organizations and individuals who use MongoDB to store and handle their data still have a long way to go in terms of basic database security. 

Unknown cyber criminals conducted a series of so-called "Meow" attacks in 2020, wiping all data from thousands of unsecured databases without explanation or even a ransom demand, leaving shocked owners with nothing but an empty folder and files labeled "meow" as the attacker's signature. It was found that 59 databases hit by the ‘Meow’ attacks a year ago are still unprotected and collectively leaving 12.5GB of data exposed. 

According to CyberNews security researcher Mantas Sasnauskas, this only goes to show that raising awareness about exposed and publicly accessible databases is as important as ever. “Anyone can look for these unprotected clusters by using IoT search engines to effortlessly identify those that don’t have authentication enabled and exploit them by stealing the data, holding them ransom, or, as was the case with the ‘Meow’ attack, simply destroy valuable information for fun, wiping billions of records and crippling both business and personal projects in the process.”

Databases are used by businesses of all sizes to store customer and employee records, financial details, and other confidential information. Databases are often operated by administrators who lack security training, making them an easy target for malicious actors. 

The owner of a database can take certain steps to protect the database from unwanted visitors like:
1.Authentication should be activated so that no one can access your database without the correct credentials or ssh key. 
2.One must not use the default password – threat actors scour the internet for publicly available databases with default passwords allowed and target them on the spot.
3.Maintain the latest version of your database program.

Unprotected Database reveals 'BreedReady' Status for 1.8 Million Women

An unprotected database revealed personal information of more than 1.8 million women in China. The data set includes a ""BreedReady" status of the, apart from the regular information like name, age, and date of birth.

The database includes phone numbers, ID numbers,  addresses,   marital status, URLs to photos, GPS coordinates, information about the political affiliation and education related details, and a 'HasVideo' field.

A well-known security researcher Victor Gevers, working with the non-profit GDI Foundation, was the one who got a hold on the unprotected the data trove while he was searching for open databases in China, and he found tens of thousands of them.

He tweeted the screenshot of the database saying, "In China, they have a shortage of women. So an organization started to build a database to start registering over 1,8 million women with all kinds of details like phone numbers, addresses, education,  location, ID number, marital status, and a ”BreedReady" status?"

The researcher stated that in the database the youngest woman with the status 'BreedReady:1' is 18 years old and the oldest is 39. The BreedReady field meant to specify whether the person has children or not.

Most of the women in the database are single (89%) and are based in Beijing. The youngest girl is 15 years old.

Gevers found a total of 18 unprotected databases all are from China, and it has data from six social platforms that are operational in the country. The personal data includes names, ID numbers,  photos, GPS locations, network info, public and private conversations, and file exchanges.