Blast Radius: Mapping, Controlling, and Exploiting Dynamic Self-Registration Services
Vendors such as Datto, GeoVision, Synology and others leverage and depend on self-registered services for their products. These devices frequently leak critical data or have insecure design, unintentional or even intentional design decisions and application flaws. Through insecure network design and installation practices, they can be easily mapped, discovered and attacked by cyber criminals via insecure vendor, software and integrator practices.
Blast Radius: Misconfigured Kubernetes
Recognized as a leader in the container market, Kubernetes is an open source microservices cluster manager used by millions of companies worldwide. Bolstering its popularity is its considerable ability in managing container workloads, as it allows for the easy deployment of numerous servers with appropriate scaling as they grow.
Blast Radius: DNS Takeovers
Subdomain takeover remains a common vulnerability, and a destructive one at that. On one hand, there are types that practically don’t exist anymore, such as CNAME takeovers—while there are still plenty of hanging DNS records, PoC creation is nearly impossible due to restrictions put in place by major cloud providers (mainly AWS).
Blast Radius: Apache Airflow Vulnerabilities
Apache Airflow is an open-source workflow management platform that started at Airbnb in 2014 as a solution to manage complex workflows. It allows organizations to programmatically author, schedule and monitor their workflows over their web-based interfaces that are connected to internet databases and many other systems.
Recon Safari #4: Domains Riding the Robinhood Wave
During the past couple of weeks, the popular free financial trading app Robinhood made headlines for halting purchases of certain stocks. This has resulted in a lot of bad publicity for the company. And because threat actors enjoy exploiting trending news topics to their advantage, we decided to look at newly registered Robinhood domains to see how they’re being used.
Iran, the IRGC and Fake News Websites
Recently, the Department of Justice made two public announcements about shutting down fake news websites created by Iran’s Islamic Revolutionary Guard Corps (IRGC). In the first instance, 92 domains were seized in August 2020. And according to the second announcement, 27 more domains were seized as part of the same effort to spread global disinformation.
Recon Safari #2: Looking at the OSINT Behind Fake US Census Bureau Domains
Just recently, we came across a flash alert released by the FBI concerning 63 domains that were impersonating the US Census Bureau. We were intrigued and wanted to investigate further, so for our second Recon Safari we’re going to look at what OSINT data we can uncover from these spoofed domains.
Recon Safari #1: A Closer Look at Friendemic’s Data Breach
We’ve been having some Friday fun running SecurityTrails Recon Safari on Twitter. Over the past few months, we’ve conducted over 30 successful investigations that were easy to research thanks to SecurityTrails API™ and SurfaceBrowser™. And as a result, Recon Safari began in the form of long Twitter threads, eventually evolving into fun and digestible infographics, ultimately followed by a writeup on our blog.
Finding Coronavirus Malicious Domain Names
The coronavirus outbreak (COVID-19) is arguably one of the most widely publicized events of the century. Information surrounding this pandemic has been incredibly spare, provoking a true “infodemic” through the spread of unhelpful related content like jokes, doubtful home prevention treatments and viral fake videos, along with useful and accurate information as well.
Cloudflare shutting down 8chan: the Internet shelter for hatred
This morning we were surprised by the recent news announcing that Cloudflare is going to shut down the popular website 8chan (8chan.net) from their infrastructure.