Checkpoint Uncovers Another Privacy Bug On TikTok App

Checkpoint Uncovers Another Privacy Bug On TikTok App

Researchers have found a vulnerability in TikTok which ought to have allowed attackers to harvest users’ smartphone numbers and private profile details.

Check Point revealed today that the flaw, which has now been fixed by the famous social network, was found in the app’s “Find Friends” feature.

The problem stems from the fact that TikTok lets in customers to sync their telephone contacts with the app, for that reason connecting user profiles with telephone numbers.

If exploited, the flaw could have allowed attackers to bypass the app’s HTTP message signing to login, and then sync contacts to find out the profiles of all the TikTok customers in the victim’s cellphone book.

Worse still, the SMS log-in system from a mobile device involved TikTok servers generating a token and session cookies, however these did not expire for 60 days, meaning an attacker could use the same cookies to login for weeks.

Among the profile details uncovered by using the vulnerability are TikTok nickname, profile and avatar pictures, unique user IDs and settings including whether a user is a follower or if a user’s profile is hidden.

Checkpoint head of products vulnerabilities research, Oded Vanunu, stated his group was curious to see if the TikTok platform should be used to attain access to personal user data.

“We were able to bypass multiple protection mechanisms of TikTok, that led to privacy violation. The vulnerability should have allowed an attacker to build a database of user details and their respective telephone numbers,” he explained.

“An attacker with that degree of touchy information could operate a vary of malicious activities, such as spear phishing or other crooked actions. Our message to TikTok customers is to share the bare minimum, when it comes to your private data, and to upgrade your phone’s operating system and applications to the latest versions.”

A TikTok statement acknowledged the work of “trusted partners” like CheckPoint in making the platform safer for users. “We proceed to strengthen our defenses, both by continuously upgrading our internal capabilities such as investing in automation defenses, and also by working with third parties,” it added.

SonicWall Investigates Zero-Day Attack Own Its Products

SonicWall Investigates Zero-Day Attack Own Its Products

SonicWall has warned its customers that threat actors may have found zero-day vulnerabilities in some of its remote access products. An initial post on the company’s knowledgebase pages on Friday claimed that the NetExtender VPN client model 10.x and the SMB-focused SMA 100 series were at risk.

However, an update over the weekend clarified that impacted models were confined to its Secure Mobile Access (SMA) version 10.x offering running on SMA 200, SMA 210, SMA 400, SMA 410 physical appliances and the SMA 500v virtual appliance.

These provide client employees with secure remote access to internal resources — capabilities in high demand during the pandemic. As such, there is an apparent advantage to attackers in finding bugs to exploit in such tools.

“We believe it is extraordinarily important to be transparent with our customers, our partners and the broader cybersecurity community about the ongoing attacks on global business and government,” SonicWall said in the alert.

“Recently, SonicWall identified a coordinated attack on its internal systems by highly state-of-the-art threat actors exploiting probable zero-day vulnerabilities on certain SonicWall secure remote access products.”

There is no more information for now on what the attackers were after and how they carried out the intrusion. However, SonicWall also clarified that its firewall products, SonicWave APs and SMA 1000 Series product line are unaffected.

“Current SMA 100 Series customers may continue to use NetExtender for remote access with the SMA 100 series. We have decided that this use case is not susceptible to exploitation,” it added. “We advise SMA 100 collection administrators to create specific access rules or disable Virtual Office and HTTPS administrative get entry to from the internet while we continue to investigate the vulnerability.”

Since the begin of the COVID-19 crisis, security and infrastructure providers have come under increasing scrutiny as attackers look for holes in products which could provide them with large-scale access to customer environments.

Back in April last year, it emerged that sophisticated ransomware groups were exploiting flaws in VPN products to assault hospitals, while in October, the US warned that APT groups were chaining VPN exploits with the Zero logon flaw to target public and private sector organizations.

Products from Fortinet (CVE-2018-13379), MobileIron (CVE-2020-15505), Juniper (CVE-2020-1631), Pulse Secure (CVE-2019-11510), Citrix NetScaler (CVE-2019-19781) and Palo Alto Networks (CVE-2020-2021) were all highlighted as at risk.

X-Rated College Pictures Leaked Due to Amazon Leaking Buckets

X-Rated College Pictures Leaked Due to Amazon Leaking Buckets

A cloud misconfiguration at a now-defunct social media app Fleek, has uncovered hundreds of thousands of explicit images of customers that they thought had been deleted. Fleek was once seen as an unfiltered and uncensored choice to Snapchat “Campus Stories.” A hit with US college students, it promised to automatically delete pictures after a short period, encouraging customers to publish salacious photographs of themselves engaged in sexually explicit and unlawful activities.

A group led by Noam Rotem found AWS S3 misconfigured buckets October last year belonging to the now defunct Fleek and owner Squid Inc. The researchers found that not was this not true but many images were still available on the amazon bucket for download months after the service ceased to exist.

Fleek customers were mostly university students naive of the implications of importing snap shots that exhibit them attractive in embarrassing and crook activities, such as drug use. If cyber-criminals acquired these pictures and knew how to locate the people exposed, they ought to effortlessly target them and blackmail them for giant sums of money.”

In total, the research crew located around 377,000 archives in the 32GB bucket. This additionally included pictures and bot scripts.

Having contacted both Squid Inc’s founder and AWS to notify about the privacy ISSUE vpnMentor discovered the bucket had been secured about a week after it was discovered. However, it is uncertain whether the information has been deleted or not.

It is important to understand from service provider what happens to your data if the service ceased to exist in the case of Fleek. Often, with smaller companies, the companies keeps possession of the data, and there’s very little accountability stopping them from misusing it or sharing with others in the future.”

US Govt Withdraws From The Extradition Of Irish Hacker Who Duped People of Millions of Dollars In Bitcoin.

US Govt Withdraws From The Extradition Of Irish Hacker Who Duped People of Millions of Dollars In Bitcoin.

The United States has withdrawn an extradition request for an Irish hacker convicted of breaking into digital wallets to steal millions of dollars in cryptocurrency.

Conor Freeman was once recognized through US Homeland Security as one of at least 5 co-conspirators involved in a string of digital thefts that robbed multiple victims of their life savings in 2018.

Freeman was arrested at his Dublin home in May 2019 on a warrant issued through US authorities. Following his arrest, the hacker handed over stolen Bitcoin worth $2,187,977 to Gardaí the Irish police.

Freeman, of Dun Laoghaire, pleaded responsible to stealing cryptocurrency, dishonestly running a PC to make a gain, and knowingly engaging in the possession of the proceeds of crime. In November 2020, the 21-year-old was sentenced to three months in jail minus one month served in custody by Judge Martin Nolan in Dublin Circuit Criminal Court.

The US had requested Freeman to be surrendered and extradited to the United States to face charges of one count of conspiracy to commit wire fraud, 4 counts of aiding and abetting wire fraud, and 4 counts of aiding and abetting aggravated identification theft.

US authorities alleged that Freeman used to be a member of an equipped online crook gang known as The Community that conspired to steal from targets they picked out on social media. The gang used SIM-swapping to gain control of a victim’s smartphone number, leveraging it to gain access into their digital wallets.

A member of The Community, arrested in Michigan in May 2018, gave US authorities access to his computers. The member’s online chat data revealed an individual calling himself Conor was involved in the thefts.

IP addresses used by this Conor have been linked to an Irish cellular smartphone and residential net provider carriers used by Conor Freeman.

The High Court heard this morning that following his conviction in Ireland, the United States was no longer seeking to prosecute Freeman, who had no prior convictions.

Had Freeman been convicted in the US on all counts, the Dubliner should have been sentenced to a most of 108 years at the back of bars.

Timeline of SolarWinds Hack

Timeline of SolarWinds Hack

The SolarWinds Hack Timeline

A couple of weeks ago SolarWinds it was discovered that SolarWinds had suffered a significant security breach which was allegedly orchestrated by Russian operatives. This chart is a graphical timeline of what we know so far.

 

 

 

 

 

 

 

 

 

 

 

 

 

The five fuctions of the NICE framework

The five fuctions of the NICE framework

Overview

This learning module takes a deeper look at the Cybersecurity Framework’s five Functions: Identify, Protect, Detect, Respond, and Recover. The information presented here builds upon the material introduced in the Components of the Framework module. This module explores the value of the Functions within the Framework, and what is included in each Function.

An Introduction to the Functions

The five Functions included in the Framework Core are:

  • Identify
  • Protect
  • Detect
  • Respond
  • Recover

The Functions are the highest level of abstraction included in the Framework. They act as the backbone of the Framework Core that all other elements are organized around.These five Functions were selected because they represent the five primary pillars for a successful and holistic cybersecurity program. They aid organizations in easily expressing their management of cybersecurity risk at a high level and enabling risk management decisions.

Identify

The Identify Function assists in developing an organizational understanding to managing cybersecurity risk to systems, people, assets, data, and capabilities. Understanding the business context, the resources that support critical functions, and the related cybersecurity risks enables an organization to focus and prioritize its efforts, consistent with its risk management strategy and business needs.Examples of outcome Categories within this Function include:

  • Identifying physical and software assets within the organization to establish the basis of an Asset Management program
  • Identifying the Business Environment the organization supports including the organization’s role in the supply chain, and the organizations place in the critical infrastructure sector
  • Identifying cybersecurity policies established within the organization to define the Governance program as well as identifying legal and regulatory requirements regarding the cybersecurity capabilities of the organization
  • Identifying asset vulnerabilities, threats to internal and external organizational resources, and risk response activities as a basis for the organizations Risk Assessment
  • Identifying a Risk Management Strategy for the organization including establishing risk tolerances
  • Identifying a Supply Chain Risk Management strategy including priorities, constraints, risk tolerances, and assumptions used to support risk decisions associated with managing supply chain risks

Protect

The Protect Function outlines appropriate safeguards to ensure delivery of critical infrastructure services. The Protect Function supports the ability to limit or contain the impact of a potential cybersecurity event.Examples of outcome Categories within this Function include:

  • Protections for Identity Management and Access Control within the organization including physical and remote access
  • Empowering staff within the organization through Awareness and Training including role based and privileged user training
  • Establishing Data Security protection consistent with the organization’s risk strategy to protect the confidentiality, integrity, and availability of information
  • Implementing Information Protection Processes and Procedures to maintain and manage the protections of information systems and assets
  • Protecting organizational resources through Maintenance, including remote maintenance, activities
  • Managing Protective Technology to ensure the security and resilience of systems and assists are consistent with organizational policies, procedures, and agreements

Detect

The Detect Function defines the appropriate activities to identify the occurrence of a cybersecurity event. The Detect Function enables timely discovery of cybersecurity events.Examples of outcome Categories within this Function include:

  • Ensuring Anomalies and Events are detected, and their potential impact is understood
  • Implementing Security Continuous Monitoring capabilities to monitor cybersecurity events and verify the effectiveness of protective measures including network and physical activities
  • Maintaining Detection Processes to provide awareness of anomalous events

Respond

The Respond Function includes appropriate activities to take action regarding a detected cybersecurity incident. The Respond Function supports the ability to contain the impact of a potential cybersecurity incident.Examples of outcome Categories within this Function include:

  • Ensuring Response Planning process are executed during and after an incident
  • Managing Communications during and after an event with stakeholders, law enforcement, external stakeholders as appropriate
  • Analysis is conducted to ensure effective response and support recovery activities including forensic analysis, and determining the impact of incidents
  • Mitigation activities are performed to prevent expansion of an event and to resolve the incident
  • The organization implements Improvements by incorporating lessons learned from current and previous detection / response activities

Recover

 The Recover Function identifies appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident. The Recover Function supports timely recovery to normal operations to reduce the impact from a cybersecurity incident.Examples of outcome Categories within this Function include:

  • Ensuring the organization implements Recovery Planning processes and procedures to restore systems and/or assets affected by cybersecurity incidents
  • Implementing Improvements based on lessons learned and reviews of existing strategies
  • Internal and external Communications are coordinated during and following the recovery from a cybersecurity incident