July 12, 2022

Millions of Secrets Exposed via Web Application Frontend – An Internet-Wide Study

June 14, 2022

A study by RedHatLabs has shown how many secrets web applications expose. Researchers using a scanner gathered nearly 400,000 secrets out of the top one million sites. The secrets exposed include AWS secret keys, Facebook tokens, GCP API keys, reCAPTCHA keys, and Stripe tokens, the majority of which were exposed via JavaScript files. 

Data Security Perspective: This report highlights the ongoing issue of leaked developer secrets. Once these secrets are exposed, malicious actors can take them and use them for lateral movement. Users should rotate keys in addition to using a product such as Open Raven that can help discover exposed developer secrets.

12K Misconfigured Elasticsearch Buckets Ravaged by Extortionists

June 1, 2022

Researchers from SecureWorks Counter Threat Unit identified public-facing ElasticSearch databases that had been replaced with ransom notes. Over 1,200 databases were found with the ransom note due to having no authentication. The ransom note requests $620 to a BitCoin wallet. The researchers believe an automated script was most likely used to identify the databases.

Data Security Perspective: Users should ensure their cloud assets are secure by enabling authentication and other security measures such as two-factor authentication. Using a DSPM, such as Open Raven, can discover cloud assets and any misconfigurations.

Related Magpie Rules: aws-big-data-and-analytics-elasticsearch-node-to-node-encryption.yaml

Hotel Giant Marriott Confirms Yet Another Data Breach

July 6, 2022

Hotel chain Marriott confirmed that they have again been a data breach victim. The breach apparently occurred in June when threat actors used social engineering to trick an employee into giving them physical access to their computer, allowing them to steal over 20 gigabytes of data. The stolen data included sensitive information - guest credit card and employee details.

Data Security Perspective:  Organizations need to make sure to have a strong security policy in order to protect their own data, as well as customers’ PII. 

Korean Loyalty Platform Exposed Around a Million Customers’ Personal Data

July 6, 2022

Korean loyalty platform Dodo Point exposed over 38 gigabytes of customer PII through an unsecured Amazon S3 bucket. The bucket contained business data, client payment details, and customer personal data, including names, birth dates, phone numbers, and email addresses, covering a 10-year period. The exposed Amazon S3 bucket was not configured with encryption or password protection. 

Data Security Perspective: Misconfigured cloud assets are a continual problem for cloud users. It is vital for organizations to properly secure their data. Amazon S3 buckets should have encryption and authentication measures in place. A DSPM product such as Open Raven can discover data and identify where misconfigurations are occurring. 

Related Magpie Rules: aws-storage-s3-default-encryption-kms.yaml | aws-storage-s3-bucket-default-lock-enabled.yaml | aws-storage-s3-bucket-level-public-access-prohibited.yaml | aws-storage-s3-bucket-public-write-prohibited.yaml | aws-s3-best-practices.yaml

Report: Over 300k Residents in the Philippines Exposed in Covid-19 Relief Portal Leak

July 6, 2022

Researchers from VPNMentor identified a data breach involving Proud Makatizen, the official website of the city of Makati in the Philippines. The website, which originally started as a COVID-19 portal, had a misconfigured Amazon S3 bucket containing over 620,000 files totaling 39 gigabytes. The exposed data included financial information, names, nationally, medical information, and photo IDs.  

Data Security Perspective: Once again, as with the above stories, this further highlights the issue of cloud misconfigurations and the associated risks of not having proper security controls in cloud assets. 

Related Magpie Rules: aws-storage-s3-default-encryption-kms.yaml | aws-storage-s3-bucket-default-lock-enabled.yaml | aws-storage-s3-bucket-level-public-access-prohibited.yaml | aws-storage-s3-bucket-public-write-prohibited.yaml | aws-s3-best-practices.yaml

Other News

OpenSea discloses data breach, warns users of phishing attacks

Aon Hack Exposed Sensitive Information of 146,000 Customers

YTStealer Malware: “YouTube Cookies! Om Nom Nom Nom”

Checkmate Ransomware via SMB Services Exposed to the Internet

OrBit: New Undetected Linux Threat Uses Unique Hijack of Execution Flow

Cloud Security Bulletins

GCP