Archive for the ‘Uncategorized’ Category

The Cybersecurity Automation Paradox

Recent studies show that before automation can reduce the burden on understaffed cybersecurity teams, they need to bring in enough automation skills to run the tools.
Source: DarkReading
The Cybersecurity Automation Paradox

Better protection against Man in the Middle phishing attacks

We’re constantly working to improve our phishing protections to keep your information secure. Last year, we announced that we would require JavaScript to be enabled in your browser when you sign in so that we can run a risk assessment whenever credentials are entered on a sign-in page and block the sign-in if we suspect an attack. This is yet another layer of protection on top of existing safeguards like Safe Browsing warnings, Gmail spam filters, and account sign-in challenges.

However, one form of phishing, known as “man in the middle” (MITM), is hard to detect when an embedded browser framework (e.g., Chromium Embedded Framework – CEF) or another automation platform is being used for authentication. MITM intercepts the communications between a user and Google in real-time to gather the user’s credentials (including the second factor in some cases) and sign in. Because we can’t differentiate between a legitimate sign in and a MITM attack on these platforms, we will be blocking sign-ins from embedded browser frameworks starting in June. This is similar to the restriction on webview sign-ins announced in April 2016.

What developers need to know

The solution for developers currently using CEF for authentication is the same: browser-based OAuth authentication. Aside from being secure, it also enables users to see the full URL of the page where they are entering their credentials, reinforcing good anti-phishing practices. If you are a developer with an app that requires access to Google Account data, switch to using browser-based OAuth authentication today.


Source: Google
Better protection against Man in the Middle phishing attacks

How to Raise the Level of AppSec Competency in Your Organization

Improving processes won’t happen overnight, but it’s not complicated either.
Source: DarkReading
How to Raise the Level of AppSec Competency in Your Organization

LinkedIn Data Found in Unsecured Databases

LinkedIn Data Found in Unsecured Databases

A security researcher identified eight unsecured databases that held “approximately 60 million records of LinkedIn user information.”


GDI Foundation, where the security researcher is from, is a nonprofit organization with a mission to “defend the free and open Internet by trying to make it safer.” The researcher, Sanyam Jain, contacted Bleeding Computer when he noticed “something strange.” He was seeing unsecured databases containing the LinkedIn data “appearing and disappearing from the Internet under different IP addresses.”


While the majority of the LinkedIn data was reportedly public, some of the data contained email addresses.


“According to my analysis the data has been removed every day and loaded on another IP. After some time the database becomes either inaccessible or I can no longer connect to the particular IP, which makes me think it was secured. It is very strange,” Jain told Bleeding Computer. The total size of all of the databases was 229 GB, with each database ranging between 25 GB to 32 GB. 


As an experiment, Bleeding Computer editor Lawrence Abrams asked Jain pull his record from one of the databases and review it. According to the article, Abrams found the data contained in the record included “his LinkedIn profile information, including IDs, profile URLs, work history, education history, location, listed skills, other social profiles, and the last time the profile was updated.” 


The email address Abrams used when he registered his LinkedIn account was also included. The editor doesn’t know how the information got onto this database as he “always had the LinkedIn privacy setting configured to not publicly display his email address.”


Each profile also contains what appears to be internal values that describe the type of LinkedIn subscription the user has and whether they utilize a particular email provider, according to Bleeding Computer. These values were labeled “isProfessional,” “isPersonal,” “isGmail,” “isHotmail” and “isOutlook.”


Bleeding Computer contacted Amazon, who was hosting the databases, and as of April 15, 2019, the databases were secured and were no longer accessible via the internet.


LinkedIn’s Paul Rockwell, head of trust and safety, told the website: “We are aware of claims of a scraped LinkedIn database. Our investigation indicates that a third-party company exposed a set of data aggregated from LinkedIn public profiles, as well as other, non-LinkedIn sources. We have no indication that LinkedIn has been breached.”


LinkedIn also told the outlet that in some cases an email address could be public and provided a link to a privacy page that allows users to configure who can see a profile’s email address.


Source: Infosecurity
LinkedIn Data Found in Unsecured Databases

CVE-2019-11322

An issue was discovered in Motorola CX2 1.01 and M2 1.01. There is a command injection in the function startRmtAssist in hnap, which leads to remote code execution via shell metacharacters in a JSON value.
Source: NIST
CVE-2019-11322

CVE-2019-11321

An issue was discovered in Motorola CX2 1.01 and M2 1.01. The router opens TCP port 8010. Users can send hnap requests to this port without authentication to obtain information such as the MAC addresses of connected client devices.
Source: NIST
CVE-2019-11321

CVE-2019-8999

An XML External Entity vulnerability in the UEM Core of BlackBerry UEM version(s) earlier than 12.10.1a could allow an attacker to potentially gain read access to files on any system reachable by the UEM service account.
Source: NIST
CVE-2019-8999

CVE-2019-11320

In Motorola CX2 1.01 and M2 1.01, users can access the router’s /priv_mgt.html web page to launch telnetd, as demonstrated by the 192.168.51.1 address.
Source: NIST
CVE-2019-11320

CVE-2019-11034

When processing certain files, PHP EXIF extension in versions 7.1.x below 7.2.8, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.
Source: NIST
CVE-2019-11034

CVE-2019-11035

When processing certain files, PHP EXIF extension in versions 7.1.x below 7.2.8, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. This may lead to information disclosure or crash.
Source: NIST
CVE-2019-11035