At a glance.
- Survey finds almost ten-thousand exposed databases in twenty countries.
- NSA offers security advice that's also privacy advice.
- VPN enterprise server credentials dumped into Russian-language hackers' forum.
Exposed databases remain a problem.
It's well-known and unsurprising that careless practices and cloud misconfigurations have become an enduring threat to privacy. Nonetheless, a periodic scare story can be a helpful reminder to enterprises of the importance of keeping their digital noses clean and their virtual hands to themselves. NordPass engaged a white hat to scan for exposed Elasticsearch and MongoDB libraries. They found 9,517 unsecured databases holding 10,463,315,645 consumer data elements. Those included obvious privacy risks, like emails, passwords, and phone numbers. Open databases were found in twenty countries. China led, with 3794 exposed databases. The US was a close second, clocking in at 2703.
Privacy advice from NSA.
The US National Security Agency has released an advisory on the risks associated with the geolocation data many systems and apps routinely collect. “Location data can be extremely valuable and must be protected. It can reveal details about the number of users in a location, user and supply movements, daily routines (user and organizational), and can expose otherwise unknown associations between users and locations,” NSA’s warning said.
The agency’s recommendations are addressed in the first instance to Government personnel, but they’re presented as applicable to anyone concerned about privacy: turn off location-sharing services, give apps minimal privileges, set browser options to prevent use of location data, turn off advertising permissions, and even disenabling features that track lost devices.
VPN enterprise server credentials compromised, dumped in a hackers' forum.
Plaintext usernames, passwords, and IP addresses for more than nine-hundred Pulse Secure VPN enterprise servers are being shared on a Russian language hacker forum, a ZDNet investigation has found. All the compromised servers were running firmware vulnerable to CVE-2019-11510, which MITRE describes as an "arbitrary file reading vulnerability." The forum to which the data were posted is frequented by ransomware gangs, including REvil (also known as Sodinokibi), NetWalker, Lockbit, Avaddon, Makop, and Exorcist. All maintain a presence on the (unnamed) forum, and they use it to recruit both developers (effectively, gang members) and affiliates (that is, customers).
The data were dumped without any fees attached. Organizations using Pulse Secure VPNs should update their systems. Since VPNs are especially useful in remote work, they should also look to the security of their sheltering-at-home remote workforce. We heard from Javvad Malik, Security Awareness Advocate at KnowBe4, who offered the following observations on the incident:
"Attackers will try to leverage any way they can into organisations. In recent times, we've seen criminals try to compromise security software as part of their attack strategy. Because security tools are usually the first point of contact, they run higher privilege and have access to lots of data, they become a very rewarding target. It's why organisations should take care of their security tools, ensure they are patched, and follow the vendors recommended guidance for any known issues, or settings that could be leveraged by criminals to gain access."