Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

8/1/2019
02:00 PM
50%
50%

Researcher Find Open 'Road Map' to Honda Computers

An unprotected database, now secured, contained information on every computer owned by the automobile giant.

A researcher using Shodan — one of the basic search tools used by those hunting vulnerable systems and servers — found an ElasticSearch database holding more than 134 million rows that had no authentication requirement. The interaction between the researcher, xxdesmus, and the database's owner, Honda Motor Co., highlights the way responsible disclosure is supposed to work and the difficulties that can stand in the way of responsible behavior.

Justin Paine, director of trust and safety at Cloudflare, tweets and blogs under the name "xxdesmus." In his personal blog post on the incident, he writes of finding the open database through a Shodan search on July 4. The database, which appeared to be a catalog of all Honda internal computers, including the laptop computers used by the CEO and other executives, contained information such as machine hostname, MAC address, internal IP, operating system version, which patches had been applied, and the status of Honda's endpoint security software. While the database didn't contain personally identifiable information (PII), Paine says the information could have formed a very complete "road map" for an attacker planning an assault on Honda — an assault that might target PII. 

Paine wanted to alert Honda to the vulnerable database, but it took him two days and a request made through Twitter to finally find someone at Honda who could take action.

Once contact was made, Paine reports the database was secured within about 10 hours. 

Read more here

 

Black Hat USA returns to Las Vegas with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions, and service providers in the Business Hall. Click for information on the conference and to register.

 

 

 

 

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
8/1/2019 | 2:08:25 PM
Another example of outside folks doing good
A few days ago the Capital One breach was resolved by a kind Git-hub user letting Cap1 know something was in their wallet - and now we have another example of an entire IT group of doubtless some size and sophistication not knowing at all that a breach of tech data occurred.  Another example of IT ignorance at work.  
COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/22/2020
How an Industry Consortium Can Reinvent Security Solution Testing
Henry Harrison, Co-founder & Chief Technology Officer, Garrison,  5/21/2020
Is Zero Trust the Best Answer to the COVID-19 Lockdown?
Dan Blum, Cybersecurity & Risk Management Strategist,  5/20/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13458
PUBLISHED: 2020-05-25
An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There are CSRF issues with the log-clear controller action.
CVE-2020-13459
PUBLISHED: 2020-05-25
An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There is stored XSS in the Bulk Resize action.
CVE-2020-13442
PUBLISHED: 2020-05-25
A Remote code execution vulnerability exists in DEXT5Upload in DEXT5 through 2.7.1402870. An attacker can upload a PHP file via dext5handler.jsp handler because the uploaded file is stored under dext5uploadeddata/.
CVE-2020-5537
PUBLISHED: 2020-05-25
Cybozu Desktop for Windows 2.0.23 to 2.2.40 allows remote code execution via unspecified vectors.
CVE-2020-13438
PUBLISHED: 2020-05-24
ffjpeg through 2020-02-24 has an invalid read in jfif_encode in jfif.c.