1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Millions of users have personal info stolen due to this simple we

    From TechnologyDaily@1337:1/100 to All on Mon Jul 31 11:15:03 2023
    Millions of users have personal info stolen due to this simple website access error

    Date:
    Mon, 31 Jul 2023 10:59:11 +0000

    Description:
    IDORs are becoming a major problem and CISA is sounding the alarm.

    FULL STORY ======================================================================

    Sensitive information belonging to millions of people is being stolen from various websites and web apps all across the Internet every day, experts have warned.

    The common denominator in all these incidents appears to be the existence of insecure direct object references (IDOR). These are flaws that allow people
    to request sensitive information from a website or web app, without the site checking if the user is allowed to access such information in the first
    place.

    Now, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has sounded the alarm on IDORs, in a joint security bulletin published with the Australian Cyber Security Centre. Common flaws

    In its announcement, CISA notes that hackers are frequently taking advantage of IDOR flaws "because they are common, hard to prevent outside the development process, and can be abused at scale."

    "Typically, these vulnerabilities exist because an object identifier is exposed, passed externally, or easily guessedallowing any user to use or modify the identifier," CISA said. Read more

    This serious Microsoft Teams security flaw could let external accounts
    infect your calls, so beware


    Hackers can crack smart garage doors due to this embarrassing security
    flaw


    These are the best malware removal tools right now

    The consequences of these attacks can be quite painful, as they allow threat actors to steal sensitive data such as financial information, health data, or personal files.

    This includes incidents such as the 2019 First American Financial security breach (800 million personal files stolen), the Microsoft Teams IDOR flaw discovered in late June 2023, and the two IDOR bugs in Nexx smart home
    devices found in April 2023.

    Web developers should step up, CISA then states, and implement secure-by-design principles at each step of the development process. That includes incorporating automated code analysis tools that can spot flaws in the code before the apps ever reach the production stage.

    The two organizations also said developers should set up applications to deny access by default to make sure the apps perform authentication checks every time someone asks to access or modify any type of sensitive data. Check out the best firewalls today

    Via: The Register



    ======================================================================
    Link to news story: https://www.techradar.com/pro/millions-of-users-have-personal-info-stolen-due- to-this-simple-website-access-error


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)