BRANDEFENSE BRANDEFENSE
  • Platform
    How It Works?
    Platform Overview
    Cyber Intelligence
    Brand & Reputation Protection
    Exposure Management
    By Use Case
    Preventing Data Leakage
    Phishing Monitoring
    Account Takeover Detection
    Stolen Credit Cards
    Dark Web Monitoring
    Remediation and Takedown
    Q1 | 2023
    Explore the Ransomware Attacks
  • Solutions
    Threat Intelligence Service
    Brand Protection
    Vulnerability Management
    Attack Surface Management
    Fraud Protection
    VIP Security
    Vulnerability Intelligence
  • Resources
    Blog
    Infographics
    Datasheets
    Customer Stories
    Security News
    Threat Intelligence Researches
    Digital Risk Protection – FAQ
    Cybersecurity Glossary
    Events
  • Partners
    About the Partner Program
    Become a Partner
    Partner Portal
  • Company
    About Us
    Join Us!
    We in the Press
    Privacy Policy
    Cookie Policy
    Terms of Use
    Contact Us
Request a Demo
Login

BRANDEFENSE

  • Platform
    How It Works?
    Platform Overview
    Cyber Intelligence
    Brand & Reputation Protection
    Exposure Management
    By Use Case
    Preventing Data Leakage
    Phishing Monitoring
    Account Takeover Detection
    Stolen Credit Cards
    Dark Web Monitoring
    Remediation and Takedown
    Q1 | 2023
    Explore the Ransomware Attacks
  • Solutions
    Threat Intelligence Service
    Brand Protection
    Vulnerability Management
    Attack Surface Management
    Fraud Protection
    VIP Security
    Vulnerability Intelligence
  • Resources
    Blog
    Infographics
    Datasheets
    Customer Stories
    Security News
    Threat Intelligence Researches
    Digital Risk Protection – FAQ
    Cybersecurity Glossary
    Events
  • Partners
    About the Partner Program
    Become a Partner
    Partner Portal
  • Company
    About Us
    Join Us!
    We in the Press
    Privacy Policy
    Cookie Policy
    Terms of Use
    Contact Us
Security News – Week 48

Security News – Week 48

BRANDEFENSE
Weekly Newsletter
30/11/2022
whatsapp data breach approximately 500 millions

Table of Contents

  • WhatsApp Suffered from a Data Breach – 487 Million Users’ Data in Danger
  • Amazon Fixes a Security Vulnerability Affecting AWS AppSync
  • Multiple Vulnerabilities Detected in IT Management Solution GLPI

WhatsApp Suffered from a Data Breach – 487 Million Users’ Data in Danger

In a well-known hacking forum, it was detected that on November 16, 2022, a threat actor claimed that a database of 487 million WhatsApp users’ mobile phone numbers was compromised.
database whatsapp data breach
Figure 1: The Countries in the Breached Database

It is claimed that the database seized in the post contains the personal data of WhatsApp users from 84 countries. The distribution of the compromised data by country is given below;

  • 45 Million User Data of Egyptian Citizens
  • 32 Million User Data of US citizens
  • 35 Million User Data of Italian citizens
  • 29 Million User Data of Saudi Arabian Citizens
  • 20 Million User Data of French Citizens
  • 20 Million User Data of Turkish Citizens
  • 10 Million User Data of Russian Citizens
  • Over 11 Million User Data of UK Citizens

Cybernews researchers contacted the threat actor who shared the post and requested a data set sample as evidence to confirm the relevant leak. In the shared example, there are phone numbers of 1097 UK and 817 US users. However, the threat actor did not provide details on how the database was obtained, suggesting that they used their strategies to collect the data. Upon this, the analysis of the sample data set by Cybernews researchers confirmed that all numbers belong to active WhatsApp users.

whatsapp data leaked
Figure 2: An example of leaked accounts
The intercepted data is mostly used in phishing, smashing, and vishing attacks by threat actors. So, WhatsApp users are advised to be wary of incoming calls and message contents from unknown numbers. Meta, the parent company of WhatsApp, was contacted regarding the related data leak, but a response has yet to be received. WhatsApp users and parties will be informed in case of development on the subject.
critical rce alarm in fortios sslvpnd
Security News
Critical RCE Alarm in FortiOS sslvpnd
13/12/2022

Read more
aws appsync vulnerability

Amazon Fixes a Security Vulnerability Affecting AWS AppSync

A security vulnerability called “cross-tenant” has been detected by Datadog researchers in AppSync, a popular Amazon Web Services (AWS) tool. AppSync is a popular AWS service that allows developers to quickly create GraphQL and Pub/Sub APIs.

The vulnerability is due to a case-sensitivity parsing issue of the AppSync service that could potentially be used to bypass cross-account role usage validations and act as a service on customer accounts. Successful vulnerability exploitation allows threat actors to assume Identity and Access Management (IAM) roles in other AWS accounts.

appsec aws
Figure: Vulnerability flow diagram
The vulnerability detected on September 1, 2022, was immediately reported to AWS. AWS, which rescheduled the attack, verified the impact of the vulnerability and released a fix that fixed it. In addition, Amazon released a statement on Monday, November 21, confirming the details of the vulnerability and stating that no customers were affected by the vulnerability. There is no action for Amazon customers to take due to the vulnerability.
glpi vulnerabilities xss ssrf

Multiple Vulnerabilities Detected in IT Management Solution GLPI

Multiple security vulnerabilities have been identified in GLPI, an open-source web application that helps institutions/organizations and companies manage their IT infrastructure and inventories. These vulnerabilities allow threat actors to execute SQL queries against the application database and to perform Cross-Site Scripting (XSS) and Server-Side Request Forgery (SSRF) attacks.

The details of the detected security vulnerabilities are as follows;

  • The security vulnerability tracked as CVE-2022-39375 is due to insufficient cleaning of user-supplied entries in the RSS Feed function. A remote threat actor can execute arbitrary HTML code and script in the user’s browser in the context of the vulnerable website via a malicious link. Successful exploitation of this vulnerability allows remote threat actors to obtain sensitive information, alter the web page’s appearance, and carry out phishing attacks.
  • The security vulnerability tracked as CVE-2022-39234 is due to insufficient session expiry time. This vulnerability allows threat actors to access users’ accounts by reusing users’ old session credentials (Cookies) and thus may lead to the capture of users’ sensitive information.
  • The security vulnerability tracked as CVE-2022-39323 is due to insufficient sanitization of user-supplied data in the API REST user_token component. A remote threat actor can execute arbitrary SQL commands in the application database by sending a specially crafted request to the affected application.
  • The security vulnerability, tracked as CVE-2022-39276, is due to insufficient validation of user-supplied inputs in RSS feeds. A remote threat actor can direct the application to initiate requests to arbitrary systems (SSRF) via a specially crafted HTTP request.
  • The vulnerability security, tracked as CVE-2022-39277, is due to insufficient sanitization of user-supplied data on external connections. A remote threat actor can run arbitrary HTML code and script in the user’s browser in the context of the vulnerable website via a specially crafted link.

These vulnerabilities affect specific versions of GLPI, and security updates have been released that fix the vulnerabilities. In this context, it is recommended to immediately upgrade vulnerable installations to the current versions published in order not to be the target of attacks that can be carried out using vulnerabilities.

european focused threat actors – who actively continue their strategies
APT Groups
European Focused Threat Actors – Who Actively Continue Their Strategies
03/10/2022

Read more
Share on Facebook Share on X
Search
Categories
APT GroupsBlogDark WebDRPSFraudRansomwareSector AnalysisSecurity NewsVIP SecurityWe in the PressWeekly Newsletter
Recent Posts
  • Brandefense’s Perspective on Understanding APT: Decoding the Tactics of APT Groups
    Brandefense’s Perspective on Understanding APT: Decoding the Tactics of APT Groups
  • Blended Attacks: When Cybercriminals Use Multiple Techniques
    Blended Attacks: When Cybercriminals Use Multiple Techniques
  • Insider Threats: Identifying and Mitigating Risks from Within
    Insider Threats: Identifying and Mitigating Risks from Within
  • Threat Actors Exploit Docker Engine API
    Threat Actors Exploit Docker Engine API
Ransomware Trends Report | Q2 2023
Ransomware Attack Trends in the Second Quarter of 2023
Report

Ransomware Attack Trends in the Second Quarter of 2023

Download Report
Follow us!

Continue Reading

Previous post

WhatsApp Suffered from a Data Breach – 487 Million Users Data in Danger

whatsapp data breach
lastpass data breach
Next post

LastPass Suffers A Data Breach

We know what hackers know about you

Our cyber threat intelligence and security research team is ready to help you.
image link

Brandefense is solving SOC’s complex challenges. We are here to help Brandefense customers to protect their brands and reputations against cyber threats.

United States:

300 Delaware Ave. Ste 210 #328 Wilmington, DE 19801 / USA

Republic of Turkey:

Üniversiteler, 1605 Cd. Cyberpark Vakıf Binası Kat: -1 No: B25, 06800 Çankaya/Ankara

© 2022 Brandefense. All rights reserved.

Solutions
Threat IntelligenceBrand ProtectionVulnerability ManagementFraud ProtectionVIP SecurityAttack Surface ManagementVulnerability Intelligence
Use Case
Data LeakagePhishing MonitoringAccount Takeover DetectionStolen Credit CardsDark Web MonitoringRemediation / Takedown
Partners
About the Partner ProgramBecome a Partner
Company
AboutCareerPrivacy PolicyCookie PolicyTerms Of UseContact
Close
Search

Hit enter to search or ESC to close

cookie By using this website, you agree to our cookie policy. Close