company logo

Product

Our Product

We are Reshaping the way Developers find and fix vulnerabilities before they get exploited.

Bulk IP/Domain Lookup

Threatspy

Solutions

By Industry

BFSI

Healthcare

Education

IT & Telecom

Government

By Role

CISO/CTO

DevOps Engineer

Resources

Resource Library

Get actionable insight straight from our threat Intel lab to keep you informed about the ever-changing Threat landscape.

Subscribe to Our Weekly Threat Digest

Company

Contact Us

Have queries, feedback or prospects? Get in touch and we shall be with you shortly.

loading..
loading..
loading..
Loading...

Spyware

loading..
loading..
loading..

Apple Alerts iPhone Users Worldwide of Targeted Spyware Attacks

Apple issues urgent spyware warning, saying attacks target individuals based on who they are. Could you be next? Learn how to protect yourself.

11-Apr-2024
7 min read

Related Articles

loading..

Authentication

Data Breach

Change your Dropbox Sign password now! Hackers accessed emails, usernames, and m...

In the wake of a recent data breach, Dropbox, the popular online storage service, faces critical scrutiny over compromised customer credentials and authentication data. This breach, infiltrated by a threat actor, targeted the production environment of Dropbox Sign (formerly HelloSign), the platform's service for e-signatures and document storage. #### Breach Overview The unauthorized access occurred within the production environment of Dropbox Sign, facilitated by compromised service account credentials. These credentials enabled the threat actor to infiltrate the system, accessing sensitive customer data and authentication details. #### Customer Data Exposure The breach resulted in the exposure of a significant amount of customer information, including emails, usernames, phone numbers, and hashed passwords. Even individuals who interacted with Dropbox Sign without creating an account had their data compromised. #### Impact on Service Infrastructure Furthermore, the threat actor gained access to critical data within the service infrastructure, including API keys, OAuth tokens, and multifactor authentication (MFA) details. This compromised data poses risks not only to Dropbox Sign users but also to third-party partners integrating with the service. #### Mitigation Measures In response to the breach, Dropbox swiftly implemented mitigation measures to minimize its impact. These measures included password resets, logouts from connected devices, and the rotation of API keys and OAuth tokens. Additionally, users are prompted to reset their passwords upon logging in, and API customers must generate new keys and configure them accordingly. #### Additional Precautions To enhance security further, Dropbox has imposed restrictions on certain API functionalities until key rotation is completed. Users utilizing authenticator apps for MFA are advised to reset their entries. Additionally, users are encouraged to change passwords used across multiple services and to enable MFA wherever possible. #### Investigation and Future Steps Dropbox initiated a thorough investigation into the breach, enlisting forensic experts to uncover the extent of the intrusion. The company remains committed to protecting its customers against similar threats in the future, promising continued efforts to bolster security measures and support affected users.

loading..   04-May-2024
loading..   2 min read
loading..

R Program

Vulnerability

A critical R vulnerability (CVE-2024-27322) opens the door to supply chain attac...

A recently discovered vulnerability in the R programming language (CVE-2024-27322) exposes users to severe supply chain attacks. This critical flaw, with a CVSS score of 8.8, exploits R's deserialization process, enabling attackers to execute malicious code on victim systems, posing significant risks to various sectors, including finance, healthcare, and research. This [Threatfeed](https://www.secureblink.com/cyber-security-news) tries to explore the technical details of the vulnerability, explores its attack vectors, and emphasizes mitigation strategies with the help of [Threatspy](https://www.secureblink.com/threatspy). #### A Popular Target R, a widely used open-source language for statistical computing and graphics, is prevalent in various sectors like finance, healthcare, and research. Its popularity stems from its extensive functionality for data analysis and visualization. R packages, readily available on repositories like CRAN (Comprehensive R Archive Network), further enhance its capabilities. However, this very ecosystem creates a vast attack surface for malicious actors. #### Vulnerability Overview The flaw resides in R's deserialization mechanism, specifically in the process of converting encoded objects (JSON, XML, binary) back to their original form. Attackers exploit this weakness by injecting malicious code into R Data Serialization (RDS) files, commonly shared among developers and data scientists. #### Deserialization Under Microscope Deserialization is the process of converting encoded data back into its original form for use within a program. In R, this process involves RDS (R Data Serialization) files, commonly used to store and share objects between developers. The vulnerability lies in R's handling of _"promise objects"_ during deserialization. #### Exploitation Mechanism Researchers at HiddenLayer discovered that attackers can embed arbitrary R code within RDS files or packages, exploiting R's lazy evaluation and promise objects. Lazy evaluation defers expression evaluation until necessary, while promise objects delay object evaluation. By creating a specially crafted promise object, attackers execute arbitrary code during RDS deserialization. #### Lazy Evaluation & Promise Objects Lazy evaluation, a core concept in R, postpones expression evaluation until it's explicitly needed. Promise objects represent these delayed evaluations. The vulnerability resides in the ability to create a malicious promise object containing arbitrary code that executes when the object is accessed during deserialization. #### Crafting Attack: Malicious RDS Files Attackers exploit this vulnerability by crafting malicious RDS files containing weaponized promise objects. These files, disguised as legitimate R packages, can be uploaded to repositories like CRAN. When an unsuspecting user installs the compromised package, the malicious code embedded within the promise object executes during deserialization. #### Extensive Attack Surface: Repositories as Launchpads The vast number of R package repositories (like R-Forge and Bioconductor) with millions of downloads creates a significant attack surface. An attacker only needs to compromise a single repository or package to launch a widespread supply chain attack, potentially affecting thousands of downstream users. #### How ThreatSpy Mitigates Further Escalation ThreatSpy is a developer-first, AI-powered AppSec management platform designed to effectively identify and address R language deserialization vulnerabilities. Its proactive approach allows it to detect these security issues even before they are officially listed as CVEs. In addition to early detection, ThreatSpy facilitates a streamlined prioritization and remediation process. It offers curated, stack-oriented remediation steps and enables automated actions through customizable playbooks and campaigns. By automating key parts of the security workflow, ThreatSpy helps development teams save valuable time and effort, promoting a 'security by design' philosophy. We are offering 14-days of free trial just in case you are looking forward to getting hands-on experience. Just [sign-up here](https://threatspy.secureblink.com/signup)!

loading..   04-May-2024
loading..   3 min read
loading..

Misconfiguration

Qantas Airways app glitch exposed passenger names, flights, even frequent flyer ...

Qantas Airways, Australia's premier airline, faced a critical cybersecurity incident resulting from a misconfiguration in its mobile app. This [Threatfeed](https://www.secureblink.com/cyber-security-news) delves into the technical intricacies of the breach, dissecting its impact, causes, and remedial measures. #### Incident Overview Qantas acknowledged the exposure of sensitive customer information due to a misconfiguration in its app, leading to unauthorized access to personal data and boarding passes. Despite swift responses, the incident underscores the vulnerability of digital platforms to cyber threats. #### Technical Details The misconfiguration stemmed from internal system changes, not a cyberattack, allowing some users to view others' travel details. Specifically, the flaw compromised names, upcoming flight information, points balance, and status within the app. #### Root Cause Analysis The [incident's root cause](https://www.qantasnewsroom.com.au/qantas-responds/statement-on-qantas-app-issue/) lies in recent system alterations, highlighting the complexity of maintaining secure configurations amid dynamic operational environments. Such changes inadvertently exposed critical data, necessitating comprehensive risk mitigation strategies. #### Impact Assessment While no financial data was compromised, the exposure of personal details poses significant privacy risks to affected customers. Furthermore, the potential for fraudulent activities and social engineering attacks amplifies the severity of the breach. #### Remedial Actions Qantas promptly addressed the issue by advising customers to log out of their accounts and remain vigilant against potential scams. Subsequent updates implemented additional measures to prevent similar incidents, safeguarding customer data integrity. #### Technical Mitigation Strategies To fortify app security, Qantas could implement robust access controls, encryption mechanisms, and regular security audits to detect and mitigate configuration vulnerabilities proactively. Additionally, incorporating threat intelligence feeds and anomaly detection algorithms enhances threat detection capabilities. #### User Awareness and Education Empowering users with cybersecurity best practices, such as recognizing phishing attempts and safeguarding personal information, strengthens the overall security posture. Regular communication and awareness campaigns foster a culture of security consciousness among customers. #### Codebase Integrity Ensuring the integrity of the Qantas app's codebase is paramount to mitigating future security risks. Employing secure coding practices, code reviews, and static code analysis tools can identify and remediate vulnerabilities in the software development lifecycle. #### Additional Considerations Further analysis may explore the scalability of Qantas' cybersecurity infrastructure, incident response effectiveness, and long-term strategies for enhancing resilience against emerging threats in the digital ecosystem.

loading..   02-May-2024
loading..   2 min read
Company Logo
logo

Secure Blink automates the application and API security testing for developers and security teams, helping them to rapidly identify and mitigate vulnerabilities more effectively than they can today.

Find Us Online

Facebook Logo
Twitter Logo
LinkedIn Logo
Telegram Logo
YouTube Logo
contact@secureblink.com

This website uses cookies to ensure you get the best experience on our website. By continuing on our website, you consent to our use of cookies. To find out more about how we use cookies, please see our Cookies Policy.

contact@secureblink.com

@ Copyright 2024 Secure Blink. All rights reserved.

4th Floor, Plot No- 7-10 Sector 126, Noida, UP -201303