A massive unsecured database exposed 149 million logins, raising concerns over infostealer malware and credential theft.
The post Data Leak Exposes 149M Logins, Including Gmail, Facebook appeared first on TechRepublic.
A massive unsecured database exposed 149 million logins, raising concerns over infostealer malware and credential theft.
The post Data Leak Exposes 149M Logins, Including Gmail, Facebook appeared first on TechRepublic.
Nicholas Moore, a 24-year-old Tennessee man, pleaded guilty to using stolen credentials of authorized users to hack into computer systems of the Supreme Court, VA, and AmeriCorps, obtaining sensitive information and then posting it online to his Instagram account.
The post Hacker Pleads Guilty to Access Supreme Court, AmeriCorps, VA Systems appeared first on Security Boulevard.
Popeax is a member of the Synack Red Team.
Often people think security research requires deep knowledge of systems and exploits, and sometimes it does, but in this case all it took was some curiosity and a Google search to find an alarmingly simple exploit using default credentials.
On a recent host engagement, I discovered an unusual login page running on port 8080, a standard but less often used HTTP port. The login page did not resemble anything I had encountered in the thousands of login pages across hundreds of client engagements.
Nothing new. Even for a seasoned member of the Synack Red Team (SRT), it isnβt unusual to discover commercial products that one hasnβt seen before.
The login page clearly showed the product as some type of IBM server. In the URL, I noticed the string βprofoundui.β A quick Internet search identified an IBM resource that stated:
βProfound UI is a graphical, browser-based framework that makes it easy to transform existing RPG applications into Web applications, or develop new rich Web and mobile applications that run on the IBM i (previously known as the AS/400, iSeries, System i) platform using RPG, PHP, or Node.js.β
Given these facts, I Googled for βIBM AS/400 default passwordβ and found IBM documentation that listed default AS/400 credentials.
As any elite hacker would do, I copied and pasted all six default usernames and passwords into the login form.
Sure enough the last set of credentials worked with user QSRVBAS and password QSRVBAS.
It was beyond the scope of the engagement to proceed any further to see how much access was possible. The vulnerability was documented in the report that was given to the client to be remediated.
After a few days, the client requested a patch verification of the vulnerability using Synackβs patch verification workflow. This workflow allows a client to request the SRT to verify an implemented patch within the Synack Platform. After receiving the patch verification request, I quickly verified the vulnerability was no longer exploitable.
It is hard to believe, but even today commercial products still ship and are installed with default credentials. Often the onus is on the end user to be aware they must change the credentials and lock the default accounts.
The ingenuity and curiosity of the SRT cannot be replicated by scanners or automated technology. The SRT members are adept at finding this type of vulnerability in custom and commercial applications, even while running in obscure locations, which leads to exploitable vulnerabilities being surfaced to the customer.
The post Exploits Explained: Default Credentials Still a Problem Today appeared first on Synack.
The dark side of the Internet, also known as the βdark web,β is an unregulated part of the Internet. In this way, the dark web can open doors to illegal activity. From credential theft to credit card fraud, there are no limits to whatβs possible on the dark web. Luckily, there are steps you can [β¦]EXECUTIVE SUMMARY:
The 3D printing enterprise suffered a mass data breach, losing custody of 228,000 subscribersβ data. Although the breach occurred in October of 2020, breach notification provider βHave I Been Pwnedβ states that present circulation of this data in underground dark web communities could be problematic. The 3D printing group, known as Thingiverse, states that it is βtaking this matter very seriously.β
Thingiverse, whose parent company is MakerBot, was developed for the maker community, which sees enthusiastic participation in Silicon Valley and beyond. Thingiverse serves as a repository where βmakersβ can post 3D print model designs. As of two years ago, the platform reported more than two million registered users and facilitated more than 340 million object downloads. Since then, Thingiverse has expanded to new user populations and grown exponentially.
In addition to offering over 1.5 million design files, the site provides options for design customization via a Customizer tool, or via OpenSCAD. The platform also permits the uploading of models under the GNU General Public or Creative Commons licenses. In turn, the platform has transformed into a forum for certain kinds of creative types who wish to share and discuss work.
Nonetheless, the open nature of the platform renders it vulnerable to cyber breaches. In December of 2017, a bug within the comments section of the site enabled bad actors to quietly mine cryptocurrencies. The perpetrators leveraged the CPU power of visitorsβ devices to solve certain mathematical problems required for mining Bitcoin and other forms of crypto.
This crypto mining episode in MakerBotβs history was eventually resolved. Security issues enabling the crypto mining were righted. User data was never compromised and those responsible for the hijacking were banned from the platform.
In contrast, the data breach at-hand involves 255 million lines of data and includes usernames, physical addresses and personsβ legal names.Β As noted earlier, 228,000 pieces of data are involved. And, according to Troy Hunt, who runs Have I Been Pwned, β228k is also just the unique *real email addresses*; on top of that are well over 2M addresses in the form of webdev+[username] @makerbot.com, alongside password hashes. The highest ID in the users table 2,857,418 so the scope is much bigger.β
Cyber security expert Troy Hunt first received information about this data breach by another cyber aficionado. After investigating the information cache on October 1st of 2021, the pair verified its validity and identified the source of the issue. Shortly thereafter, MakerBot, the parent company for Thingiverse, was contacted directly.
The company did not provide a swift response to the security incident report, prompting the white hat cyber investigators to Tweet about the breach. A spokesperson for MakerBot stated that teams attribute the leak to an internal human error. Members of the Thingiverse community are encouraged to update passwords as a precautionary measure. MakerBot also apologized for the incident and regrets any user inconveniences.
Cyber security breaches are growing increasingly common. In the past decade, more than 4 billion records have been stolen or leaked. A data breach can happen within any organization. Get breach prevention insights here. Also, be sure to read our article titled How to Improve Security After a Data Breach. Lastly, for more cyber security and business insights, analysis and resources, sign up for theΒ Cyber Talk newsletter.
Β
The post This data breach dumped thousands of files on the dark web appeared first on CyberTalk.
Login