31 million users of Ai.type entrusted their personal data to the app provider. It turned out to be a bad idea. A huge security leak handed user data – i.e. names, email addresses, IMEI and phone numbers, as well as contacts directories – to hackers, spammers and cyber criminals on a silver platter.
You can only shake your head when you read news like the data leak from the app Ai.type. The developer simply forgot to secure a MongoDB database that was 577 GB in size and thus threw the gates wide open for information thieves. Admittedly, everybody knows that mistakes can happen. The more serious element is the second failure: It seems the app provider had not implemented any security measures or test mechanisms to detect vulnerabilities like that – before they can be exploited by attackers.
However, preventive security tools have long been part of standard security strategies to secure the IT network. This also includes a comprehensive vulnerability management tool that continuously checks the IT infrastructure, detects and reports vulnerabilities to those who are in charge of. This way, an open database like the one in Ai.type would have been noticed very fast. Let’s hope that other providers deal with sensitive customer data in a much more responsible way. From next May onwards at the latest, there will be even more reasons to do so as the GDPR will come into force and costly penalties can be imposed.
https://www.greenbone.net/wp-content/uploads/01_Logo-mit-Schriftzug_500px_on_white_horiz1.jpg00Lukas Grunwaldhttps://www.greenbone.net/wp-content/uploads/01_Logo-mit-Schriftzug_500px_on_white_horiz1.jpgLukas Grunwald2017-12-18 11:31:212017-12-18 11:31:21Please help yourself: When app providers leave the door open for attackers
The Adobe Patch Day in August must have caused quite a stir in IT departments: 80 vulnerabilities were detected in Adobe flashplayer, Adobe acrobat and reader, as well as in the experience manager, 46 of which were deemed critical. This very clearly shows that the sporadic closure of vulnerabilities does not meet the standards of current strict data protection laws.
Not being able to trace whether the update was installed on all network devices poses yet another risk. The only guaranteed way to know is to continuously run automated and complete scans throughout your network with vulnerability management software. Daily updates contain vulnerability tests to find running threats and security gaps. Take a look at the current situation here.
Beware of legacy technology
Many believe Flash is dead. That is true and false at the same time. Contrary to all predictions, Flash and other technologies are still being used. And that is why it is important to know where in your own network they can cause harm and create a risk. An automated scan helps you find out and ultimately gives you more security.
Large-scale cyber attacts like WannaCry can bring on a real panic. The Greenbone Community Edition is just what you need to ease the situation: The tool is free of charge, checks the network and detects weaknesses – before malware exploits them.
The worldwide ransomware attacks have affected tens of thousands of computers in almost 100 countries: The attackers block data access with the help of the trojan WannaCry. Then demand a ransom for decoding the now encrypted data. Networks with a vulnerability in the network protocol Server Message Block Version 1 (SMBv1) are the prime target of these cyber criminals. This was known for quite some time. Which is why our Greenbone security research team already issued a network vulnerability test at the beginning of February, pointing out this weakness for customers and users. This early warning raised user awareness for the problem and prevented worse from happening.
The feedback came mainly from the users of our free Greenbone Community Edition. It can do a lot more than just look for WannaCry in the network. The free platform detects other Microsoft vulnerabilities, too. At the same time, users can check the complete IT infrastructure including other software packages, routers, switches, access points, printers and further equipment for vulnerabilities. There is no time limit on the use of the Community Edition. For professional-grade support, users can always switch to the Greenbone Security Manager. Please look here for a detailed comparison.
By the way, the crypto mining malware Adylkuzz, which has been around since April, exploits the same weak point. So a quick check is definitely worth your time. A free download is available here.