Malware analysis allows the analyst to see what actions are taken and allows us to use those actions to build a profile that can be used to detect and block further infections and find related infections.
In the Godfather Part II, Michael Corleone says, “There are many things my father taught me here in this room. He taught me: keep your friends close, but your enemies closer.” This lesson Vito Corleone taught his son Michael is just as applicable to IT security configuration management (SCM).
TL;DR Some hosting providers implemented http-01 having one part of the challenge key reflected in the response. This resulted in a huge amount of websites being vulnerable to XSS just because of their implementation of the http-01 ACME-challenge.
Even as public awareness of data breaches grows, the popular conception of what information is sensitive, and how sensitive it is, lags behind the threats that individuals, businesses, and governments face today. The classic model for a data breach is individuals’ login credentials for banking or private identity information like their social security numbers, but there is equal– and in many cases far greater– value in information with less obvious potential for abuse.
When we think about cyber attacks, we usually think about the malicious actors behind the attacks, the people who profit or gain from exploiting digital vulnerabilities and trafficking sensitive data. In doing so, we can make the mistake of ascribing the same humanity to their methods, thinking of people sitting in front of laptops, typing code into a terminal window.
There are many different kinds of sensitive data that can be exposed, each with its own particular exploits and consequences. This article will focus on what we have categorized as “systems information,” data that describes digital operations, such as systems inventory, configuration details, data center and cloud design, performance metrics and analyses, application code, and IT business data, such as equipment spend, vendor discount, and budgeting.
During the course of UpGuard’s cyber risk research, we uncover many assets that are publicly readable: cloud storage, file synchronization services, code repositories, and more. Most data exposures occur because of publicly readable assets, where sensitive and confidential data is leaked to the internet at large by way of a permissions misconfiguration.