Tag Archive for: leaking

Autodiscover flaw in Microsoft Exchange leaking credentials

/in


A flaw in Autodiscover, a protocol utilized in Microsoft Exchange, is responsible for a massive data leak of various Windows and Microsoft credentials, according to new Guardicore research.

Autodiscover is used by Exchange to automatically configure client applications like Microsoft Outlook. In research published Wednesday, Amit Serper, area vice president of security research for enterprise security vendor Guardicore, wrote in the company’s post dedicated to the vulnerability that Autodiscover “has a design flaw that causes the protocol to ‘leak’ web requests to Autodiscover domains outside of the user’s domain,” but in the same top-level domain (TLD) — for example, Autodiscover.com.

Guardicore researchers then tested the flaw.

“Guardicore Labs acquired multiple Autodiscover domains with a TLD suffix and set them up to reach a web server that we control,” Serper wrote in the blog post. “Soon thereafter, we detected a massive leak of Windows domain credentials that reached our server.”

Examples of domains that the vendor purchased included Autodiscover.com.br, Autodiscover.com.cn and Autodiscover.com.co; the post included substantial technical detail regarding how the domains were abused.

From April 16 to Aug. 25, Guardicore was able to exploit the flaw to capture 372,072 Windows domain credentials and 96,671 unique credentials “that leaked from various applications such as Microsoft Outlook, mobile email clients and other applications interfacing with Microsoft’s Exchange server,” Serper wrote.

The Autodiscover flaw is not a new issue; Serper wrote that Shape Security first revealed the core vulnerabilities in 2017 and presented the findings at Black Hat Asia that year. At the time, the vulnerabilities — CVE-2016-9940 and CVE-2017-2414 — were found to only affect email clients on mobile devices. “The vulnerabilities disclosed by Shape Security were patched, yet, here we are in 2021 with a significantly larger threat landscape, dealing with the exact same problem only with more third-party applications outside of email clients,” Serper wrote.

The post presented two mitigations: one for the general public and one for software developers and vendors.

For the general…

Source…

Is Your VPN Tracking (and Leaking) User Activity?

/in


The VPN industry touts all sorts of privacy protocols and encryption methods that purport to protect users. While this is, undoubtedly, important information, and is a decent way to compare and contrast different VPN services, it isn’t the full story when it comes to your privacy. An often-overlooked issue is the use of trackers by VPN solutions; users should be wary of trusting any VPN service that uses them.

Essentially, a tracker is, as the name suggests, something that will track user activity across the internet. Many websites and apps use trackers in some form or another, and they follow users almost everywhere they go on the internet. The information harvested by trackers is usually used for things like targeted advertisements. If you’ve ever clicked on an advertisement for a product or a service and then started seeing that same advert everywhere you go, then you’ve been tracked.

Trackers exist so that companies can make money at the expense of your privacy.

However, there is an important distinction to be made between first-party and third-party trackers. First-party trackers are things like cookies that are used to remember information like language or layout preferences, or perhaps even saving your shopping cart on an e-commerce site. Such trackers are deemed necessary for many websites in order to give users a more seamless experience—and for these kinds of trackers, it is often easy to opt out and refuse cookies from being stored.

Third-party trackers, on the other hand, are trackers built to facilitate the harvest of information from websites and apps that can later be used to make money from you and/or your activity. The information gathered by third-party trackers varies, but it is often personally identifiable information (PII). For example, data like your IP address, what browser you use, what you click on, how long you are on a specific web page, etc. All of this information is used to create a profile about you and, in turn, is used to make money from you via targeted advertisements. It isn’t just websites that make use of third-party trackers—many mobile apps do this, as well. And this is where users need to use caution before choosing a VPN that…

Source…

Kumaraswamy ‘not bothered’ about malware leaking personal info

/in


Former Karnataka Chief Minister, HD Kumaraswamy on Tuesday said that he was not bothered by reports stating that the number of his personal secretary was a part of the leaked database that have been potential targets of surveillance by the Pegasus spyware. 

The remark made by the former chief minister came after reports broke out that key political leaders in Karnataka, including the then deputy chief minister G Parameshwara and the personal secretaries of then chief minister H D Kumaraswamy and former chief minister Siddaramaiah, may have been possible targets of surveillance by the Pegasus spyware in the run-up to the collapse of the Congress-JD(S) alliance government in 2019.

‘This is nothing new and it doesn’t bother me’

The leader said that he has never done anything wrong while also alleging that such surveillance mechanisms are nothing new and have been deployed for 15-20 years now. The leader said, “This is nothing new and it doesn’t bother me. I have not done anything wrong which can be detrimental to the security of the country or my state.”

The senior leader added that several governments and also Income Tax departments have tapped phones in the past as well. “This is not restricted to the Modi government — these things have been done for 15-20 years now. We don’t need to take this seriously at all,” he said.

Former Deputy Chief Minister slams BJP

Reacting to the report, former deputy chief minister G Parameshwara alleged that BJP can do ‘anything’, including partnering with foreign powers, to gain power and secular governments. Taking to Twitter, Parameshwara said, “Every time we believe the BJP-led union government cannot go any lower, fresh proof arrives to show they can & will stoop to the lowest. #PegasusSnoopgate shows that BJP will do everything, including partnering with foreign powers, to gain power & topple secular governments.”

Source…