Blog Welcome to PureID Research Blog

In 2018, a vulnerability (CVE-2018-13379) allowed attackers to read FortiOS files without authentication by sending a carefully crafted HTTP request. This vulnerability only existed in the SSL VPN. It affected FortiOS version 5.6.3 to FortiOS version 6.0.4. According to CloudSEK this vulnerability has come back to haunt networks that use FortiOS and missed the memo […]
Read More...

Atharva Chincholkar November 27, 2020 Uncategorized

As reported by Zscaler in April 2020, a significant increase (about 85%) in phishing attacks were seen, targeting remote workers. Attackers had registered domains featuring Covid-19 related keywords such as “virus”, “vaccine” etc. in order to steal credentials, disseminate malware, most notably ransomware for conducting financial frauds. With ever-growing advanced spear-phishing attacks, vulnerabilities like Address […]
Read More...

Khush Bhatt October 22, 2020 Spoofing

Introduction: We all know how crucial our credentials are to us, these shared secrets are basically the access to our resources present on various platforms. The whole process of authentication and authorization is pretty much always dependent on these shared secrets which can be in the format of passwords, access tokens, keys, tickets etc. Today […]
Read More...

Satyam Dubey September 13, 2020 Uncategorized

Virtual Private Networks (VPNs) systems are widely used by enterprises to provide secure remote access to their employees. VPN allows for easy access to the infrastructure, but it also opens up the corporate network to the internet. All VPNs use password-based authentication which is susceptible to various types of attacks. Many enterprises use 2FA to […]
Read More...

Atharva Chincholkar September 4, 2020 Credential Stealing

In the advent of widespread electronic communication we relied on a password for verifying the identity of a person. As it turns out, passwords are not secure enough to trust most information with. Two Factor Authentication to the rescue! right? Well, it’s not so easy. As systems have become secure, the attackers have shifted their […]
Read More...

Atharva Chincholkar August 26, 2020 Credential Stealing

Writing after a long gap. We were engaged with Black Hat, DEFCON 28 & Blockchain Village 2020 remotely in #SAFEMODE. This was a great experience. In my previous blog I had mentioned that in-mobile phishing apps stealing credentials are getting mainstream. Two weeks ago the media around the world was raked with the news of […]
Read More...

Khush Bhatt August 12, 2020 2FA

In the recent news by TechSpot.com we have learnt that Google was ‘forced’ again, this time by Evina Research group, to remove 25 credential stealing apps from its Android play store with 2.34 Million combined installations. Out of the 25 listed applications, PureID Security Team analysed few, to learn modus-operandi of these apps. Abstract of […]
Read More...

Khush Bhatt July 6, 2020 Credential Stealing

In this blog, we are going to discuss one of the many (and we mean MANY) use cases of our passwordless authentication platform – PureAuth.  We are working with a number of organisations that use AWS services. For contingency and serviceability reasons, the organisations share the access to AWS console with multiple admins. However, this […]
Read More...

Ajit Hatti June 25, 2020 Passwordless

Passwords are at the foundation of security and access control ever since humans felt the need of securing resources and access to it. Passwords have been used and abused since millennium and the best documented example of this is “Open Sesame”.  The surprising fact is even after millennium passwords are ubiquitous, and mean anything but […]
Read More...

Ajit Hatti May 31, 2020 Uncategorized