Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

8/1/2019
02:00 PM
50%
50%

Researcher Find Open 'Road Map' to Honda Computers

An unprotected database, now secured, contained information on every computer owned by the automobile giant.

A researcher using Shodan — one of the basic search tools used by those hunting vulnerable systems and servers — found an ElasticSearch database holding more than 134 million rows that had no authentication requirement. The interaction between the researcher, xxdesmus, and the database's owner, Honda Motor Co., highlights the way responsible disclosure is supposed to work and the difficulties that can stand in the way of responsible behavior.

Justin Paine, director of trust and safety at Cloudflare, tweets and blogs under the name "xxdesmus." In his personal blog post on the incident, he writes of finding the open database through a Shodan search on July 4. The database, which appeared to be a catalog of all Honda internal computers, including the laptop computers used by the CEO and other executives, contained information such as machine hostname, MAC address, internal IP, operating system version, which patches had been applied, and the status of Honda's endpoint security software. While the database didn't contain personally identifiable information (PII), Paine says the information could have formed a very complete "road map" for an attacker planning an assault on Honda — an assault that might target PII. 

Paine wanted to alert Honda to the vulnerable database, but it took him two days and a request made through Twitter to finally find someone at Honda who could take action.

Once contact was made, Paine reports the database was secured within about 10 hours. 

Read more here

 

Black Hat USA returns to Las Vegas with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions, and service providers in the Business Hall. Click for information on the conference and to register.

 

 

 

 

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
8/1/2019 | 2:08:25 PM
Another example of outside folks doing good
A few days ago the Capital One breach was resolved by a kind Git-hub user letting Cap1 know something was in their wallet - and now we have another example of an entire IT group of doubtless some size and sophistication not knowing at all that a breach of tech data occurred.  Another example of IT ignorance at work.  
For Cybersecurity to Be Proactive, Terrains Must Be Mapped
Craig Harber, Chief Technology Officer at Fidelis Cybersecurity,  10/8/2019
A Realistic Threat Model for the Masses
Lysa Myers, Security Researcher, ESET,  10/9/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-10759
PUBLISHED: 2019-10-15
safer-eval before 1.3.4 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code.
CVE-2019-10760
PUBLISHED: 2019-10-15
safer-eval before 1.3.2 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code.
CVE-2019-17397
PUBLISHED: 2019-10-15
In the DoorDash application through 11.5.2 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat.
CVE-2019-12944
PUBLISHED: 2019-10-15
Glue Smart Lock 2.7.8 devices do not properly block guest access in certain situations where the network connection is unavailable.
CVE-2019-17195
PUBLISHED: 2019-10-15
Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.