Search This Blog

Showing posts with label database. Show all posts

Research Shows 19 Petabytes of Data Exposed Across 29,000+ Unprotected Databases

 

Researchers from CyberNews discovered that over 29,000 databases across the world are now totally inaccessible and publicly available, exposing over 19,000 terabytes of data to everyone, including threat actors. 

The majority of businesses keep confidential data in databases. Passwords, usernames, document scans, health records, bank account, and credit card information, and other vital information are all easily searchable and stored in one location. 

To steal all that valuable data, attackers don't always need to hack them: one of the most common causes of a breach is databases that have been left unsecured, allowing anyone to access the data without a username or password. Hundreds of millions of people's personal information can (and often does) become exposed on the internet as a result of database security flaws, allowing threat actors to exploit that data for a variety of malicious purposes, including phishing and other forms of social engineering attacks, as well as identity theft. 

According to CyberNews, hundreds of thousands of database servers are still open to everyone, with more than 29,000 insecure databases exposing nearly 19 petabytes of data to hacking, tampering, deletion, and other threats. The fact that tens of thousands of open databases have data exposed is nothing new. Indeed, cybercriminals are so aware of this that a vulnerable database can be identified and targeted by threat actors in only a few hours. 

After years of huge data breaches, ransom requests, and even crippling data wipeouts by feline hackers (meow), one would think database owners would be aware of the issue and, at the very least, ask for a username and password before letting someone in. 

To conduct the investigation, CyberNews used a specialized search engine to look for open databases for Hadoop, MongoDB, and Elasticsearch, three of the most common database types. As a result, the true number of unprotected databases and the volume of data exposed is undoubtedly much higher than they discovered. 

According to the results found, there are at least 29,219 vulnerable Elasticsearch, Hadoop, and MongoDB databases are let out in the open. Hadoop clusters outnumber the competition in terms of exposed data, with nearly 19 petabytes available to threat actors who could put millions, if not billions, of users at risk with a single click. 

Elasticsearch leads the pack in terms of exposed databases, with 19,814 instances without any kind of authentication, placing more than 14 terabytes of data at risk of being hacked or held hostage by ransomware gangs. MongoDB appears to do much better than others in terms of terabytes, but the 8,946 unprotected instances demonstrate that thousands of organizations and individuals who use MongoDB to store and handle their data still have a long way to go in terms of basic database security. 

Unknown cyber criminals conducted a series of so-called "Meow" attacks in 2020, wiping all data from thousands of unsecured databases without explanation or even a ransom demand, leaving shocked owners with nothing but an empty folder and files labeled "meow" as the attacker's signature. It was found that 59 databases hit by the ‘Meow’ attacks a year ago are still unprotected and collectively leaving 12.5GB of data exposed. 

According to CyberNews security researcher Mantas Sasnauskas, this only goes to show that raising awareness about exposed and publicly accessible databases is as important as ever. “Anyone can look for these unprotected clusters by using IoT search engines to effortlessly identify those that don’t have authentication enabled and exploit them by stealing the data, holding them ransom, or, as was the case with the ‘Meow’ attack, simply destroy valuable information for fun, wiping billions of records and crippling both business and personal projects in the process.”

Databases are used by businesses of all sizes to store customer and employee records, financial details, and other confidential information. Databases are often operated by administrators who lack security training, making them an easy target for malicious actors. 

The owner of a database can take certain steps to protect the database from unwanted visitors like:
1.Authentication should be activated so that no one can access your database without the correct credentials or ssh key. 
2.One must not use the default password – threat actors scour the internet for publicly available databases with default passwords allowed and target them on the spot.
3.Maintain the latest version of your database program.

Cloud Misconfiguration is Still the Leading Source of Cloud Data Violations

 

Almost everybody by now is workings from home and 84 percent are worried that new security vulnerabilities have been generated with the quick move towards 100 percent remote working. 

Cloud service providers built their administration panels' user interface purposefully to mislead consumers and charge for more services than originally intended. 

Although it was never demonstrated as a systematic business strategy, reports and alerts of a data breach have overwhelmed the internet in recent years since a cloud-based database has indeed been misconfigured and confidential information ultimately leaked. 

Throughout the past month, Censys, a security company that specializes in census-like inspections on the internet, looked closely at the cloud-based services, hoping to uncover what the best potential origin of misconfiguration might be for cloud-based businesses. As per the study, Censys has found over 1.93 million cloud server databases that have been displayed publicly without even any firewall or other authentication measures. The security company arguments that threat actors will discover and target these databases utilizing older vulnerability exploits. In addition, if the database was unintentionally leaked, it could also use a weak or even no password at all, disclosing it to all those who have detected its IP address. 

Censys reported having been used to scan MySQL, Postgres, Redis, MSSQL, MongoDB, Elasticsearch, Memcached, and Oracle and that nearly 60 percent of all disclosed servers were MySQL databases which represent 1.15 million of the 1.93 million overall exposed DBs. 

The security agency also searched to find ports that could also be exposed by clouds service as they are normally used for remote management applications like SSH, RDP, VNC, SMB, Telnet, Team Viewer, and PC Anywhere. Censys retained that access to all these remote managing port must not be easily discovered but rather secured by Access Control Lists, VPN tunnel, or other traffic filtering solutions, although the underlying cause of these applications is that the systems can be remotely logged into. 

Another very significant discovery was indeed the virtual exposure of the RDP login screens by more than 1.93 million servers. 

Microsoft and several others have also indicated that many violations of security have also been caused by attackers obtaining access to an enterprise through compromised RDP credentials. Which included attacks on a broad range of actors, including DDoS botnets, crypto mining activities, ransomware gangs, and government-funded actors. 

Most organizations do not operate internally with just one cloud services provider infrastructure, but instead use several solutions, many of which might not have the same access or default settings, allowing several systems to become accessible even though IT personnel are not supposed to do so. While some cloud providers have taken measures to improve their dashboards and to clarify how those controls operate, the wording of each cloud provider is still substantially different, and some system administrators are still often confused. 

Censys said, “it expects the issue of misconfigured services to remain a big problem for companies going forward.”

SQL Triggers Used by Hackers to Compromise User Database

 

Over the past year, a broader pattern of WordPress malware with SQL triggers has occurred within infected databases to mask intrusive SQL queries. Whenever the trigger condition is fulfilled, these queries insert an admin-level user into a contaminated database. Users can use a MySQL database to store essential data, including CMS settings and a common CMS is used on their website (such as WordPress). Something that might change the MySQL database is whether injecting harmful code or removing the content of your Website, could also do severe harm to the website. 

Potential for protection is one factor why the MySQL database has its own unique username and password, which will deter someone from checking the MySQL database manually without the required login details. Unfortunately, if attackers have unauthenticated access, they can also read a wp-config.php file to understand the website's database authentication credentials — which can then be used to connect to the database using code from the attacker and malicious adjustments. 

An intruder with unwanted access to a website, who would like to create a permanent loophole if the files of the Website are washed, is indeed an example from real life.

An intruder's approach is to set an admin user in the CMS database of the website. Usually, these can be conveniently found in the administrative dashboard or SQL client. The unauthorized admin account is a loophole outside of the website and in the directory of the webserver. This knowledge is critical since owners of a compromised website will also forget the index. However, the exclusion of suspected users from the database of the website does not entail the removal of any potential backdoors. 

A SQL trigger is an automatically stored process that runs when certain database modifications are introduced. While there have been several useful implementations, that bad actors use SQL triggers to retain unwanted access after a compromise. To achieve this, attackers are placing a SQL trigger in a compromised website database and malicious activity is performed if specific conditions have been reached or an incident happens.

If attackers breach a site, they will bet on any database passwords that are stored in wp-config or other CMS configuration files — and once the hacker has obtained the data at any post-infection period, it can be extremely hard to identify if the hacker has harvested any valuable information. Users must change passwords, including the databases if a breach occurs. Failure to pursue this post-hack phase will allow an attacker to enter and change the website even after the user has assumed the infection was removed.

Comcast Data Breach Compromised with 1.5 Billion Data Records

 

American cable and Internet giant Comcast was struck by a data breach few days back. An unprotected developer database with 1.5 billion data records and other internal information was available via the Internet to third parties during this data breach. 

Comcast Corporation is the largest cable operator network and, after the AT&T it is the second largest internet service provider as well as the third largest telephonic company in the US after the AT&T and Verizon Communications. 

Recently the research team of WebsitePlanet in collaboration with the security researcher, Jeremiah Fowler, identified a non-password-protected database with a total size of 478 GB of 1.5 billion records. The database of Comcast featured dashboard permissions, logging, client IPs, @comcast e-mail addresses and hashed passwords in publicly accessible domain. By this breach, a description of the internal functionality, logging and general network structure is established with the IP addresses contained in the database. The server also revealed the Comcast Development Team's email addresses and hashed passwords. Further the database also provided the error reports, warning and the task or job scheduling information, cluster names, device names, and internal rules marked by the tag “Privileged=True.” Middleware also was detected in error logs and can often be used for ransomware or other bugs as a secondary way. 

However the measures to control the access to the data were taken around in an hour, as the malicious actors could have easily accessed and retrieved the confidential information until the data was secured. The researchers relying on Comcast's data immediately submitted a notice of disclosure and affirmed their observations to their Security Defect Reporting team. 

Fowler also said that, this was among the fastest response times I have ever had. Comcast acted fast and professionally to restrict the data set that was accessible to anyone with an internet connection. 

A representative for Comcast stated that, “The database in question contained only simulated data, with no real employee, customer or company data, outside of four publicly available Comcast email addresses. The database was used for software development purposes and was inadvertently exposed to the Internet. It was quickly closed when the researcher alerted us of the issue. We value the work of independent security researchers in helping us to make our products and services safer and thank the researcher for his responsible disclosure in this matter.” 

Naturally, it is unavoidable to deal with errors which reveal data as long as people are engaged in configurations. However, Comcast's size does cause these mistakes to be very disruptive and can affect many subscribers and business customers. That's the reason why these firms would follow those security lists, double-check additional teams, and do whatever they can to reduce chance of publicity. Though in this incident the action was taken in time.

Bitcoin surges past $ 11,000

Bitcoin soared 9% on Monday, performing like a safe haven asset as it edged past $11,000 for the first time since around mid-July.

The price of the world’s largest cryptocurrency climbed as high as $11,860, according to CoinDesk data, hitting a more than 3-week high. Bitcoin’s value now accounts for nearly 70% of the global crypto market, according to CoinMarketCap.

Global stock markets on the other hand have been sliding lower on the back of renewed trade uncertainty, after President Donald Trump said last week that Washington would impose 10% tariffs on another $300 billion worth of Chinese goods.

The pan-European Stoxx 600 index slipped 1.6% on Monday while the MSCI’s broadest index of Asia-Pacific shares outside Japan plummeted 2.5%. Dow futures meanwhile were off by about 100 points.

Analysts have previously argued the case that bitcoin could be a safe haven asset, with investors having flocked to the digital asset in the past on the back of an escalation in U.S.-Sino tensions.

“Bitcoin has many use cases and one of the most important is as a form of digital gold,” Charles Hayter, CEO of digital currency comparison platform CryptoCompare, told CNBC by email on Monday. “We have seen bitcoin jump before on macro uncertainty as it becomes a conduit and flight-to-safety asset.”

Yuan depreciation

Bitcoin’s jump in value also comes as China allowed the yuan to break the seven-per-dollar level for the first time in 11 years, triggering fears of a potential currency war.

The yuan fell after China’s central bank, the People’s Bank of China, set the currency’s daily midpoint at 6.9225 per dollar, its weakest level since December last year.

Simon Peters, an analyst at trading platform eToro, said Chinese investors could be seeking to diversify as the yuan depreciates.

“Given that Chinese investors make up a large proportion of crypto investors, there’s a strong possibility some are backing bitcoin’s chances against the yuan,” Peters said in a note on Monday.

US Navy to create database of 350 billion social media posts







The United States navy is planning to create a repository of more than 350 billion social media posts from around the world, to research on how people behave online. 

The project team has not specified from which social media platform they are intend to collect the data. 

However, they will only collect the public posts in between 2014 and 2016, from more than 100 countries and in at least 60 different languages. 

The details of the project were revealed in a  tender document from the Naval Postgraduate School for a firm to provide the data.

The deadline of the applications have now closed.

Additional requirements included:
  • the posts must come from at least 200 million unique users
  • no more than 30% can come from a particular country
  • at least 50% must be in a language other than English
  • location information must be included in at least 20% of the records

The collected database must not include private messages and users personal information. 


"Social media data allows us for the first time, to measure how colloquial expressions and slang evolve over time, across a diverse array of human societies, so that we can begin to understand how and why communities come to be formed around certain forms of discourse rather than others," T Camber Warren, the project's lead researcher, told Bloomberg.