Uncategorized Archives

Fortinet Authentication Bypass:A Critical Exploit You Can’t Ignore

Posted on March 28, 2025March 28, 2025 by Srishti Chaubey

Imagine waking up to your organization’s security perimeter being compromised because of a critical authentication vulnerability exploited in the wild. That is exactly the threat that organizations face today, with recently found vulnerabilities in Fortinet FortiOS and FortiProxy, now highlighted by CISA as being actively exploited.

The Newest CISA Alert: What’s at Stake?

On March 18, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) included two Fortinet vulnerabilities in its Known Exploited Vulnerabilities Catalog with an urgent action recommendation. The vulnerabilities are a high-risk threat as they enable remote attackers to obtain super-admin privileges and completely bypass authentication controls.

Fortinet FortiOS and FortiProxy Authentication Bypass: CVE-2025-24472

Affected Versions:

FortiOS: 7.0.0 to 7.0.16

FortiProxy: 7.0.0 to 7.0.19, 7.2.0 to 7.2.12

Attack Method: CSF proxy requests with crafted requests

Severity: Critical (CVSS 9.8)

Risk: Permits unauthorized access, which allows complete takeover of impacted systems.

Malicious Code in tj-actions/changed-files GitHub Action: CVE-2025-30066

Problem: Attackers inserted malicious code into a commonly used GitHub Action.

Consequence: Possibility of supply chain attacks on CI/CD pipelines.

These are not theoretical threats; they are being exploited, so remediation is required urgently.

Why This Matters

Authentication bypass vulnerabilities are one of the most critical security vulnerabilities. They disable the first line of defense, enabling attackers to function as privileged users without credentials. The consequences are:

Unauthorized Access: Attackers can penetrate networks undetected.
Data Breach Risks: Sensitive data can be exfiltrated or tampered with.
Ransomware & Lateral Movement: Compromised systems can be used as entry points for further organizational attacks.

How to Protect Your Organization

CISA strongly urges all organizations to take the following action:

Apply Vendor Patches Immediately

Patches for these vulnerabilities have been issued by Fortinet. Organizations need to update their FortiOS and FortiProxy installations as soon as possible.

Implement Zero-Trust Principles

Treat each access request as possibly malicious.
Enforce robust authentication and access control practices.

Monitor for Indicators of Compromise (IoCs)

Audit logs regularly for suspicious activity.
Configure automated alerts for suspicious authentication attempts.

Secure Your CI/CD Pipelines

If utilizing GitHub Actions, inspect dependencies and limit untrusted third-party code.
Enforce strict repository access controls.

The Bigger Picture: Convenience vs. Security

This attack highlights a growing problem – security gaps created by prioritizing convenience over robust authentication. Organizations value ease of use, but frequently at the expense of strong authentication measures. Password-based security, even with MFA, remains susceptible to bypasses. A passwordless, zero-trust solution, such as PureAuth, provides a more resilient option by removing traditional authentication vulnerabilities.

Final Takeaway: Act Now, Stay Secure

This is not another security notice: It’s a wake-up call. Fortinet’s authentication bypass vulnerabilities are being exploited today, and the delay compounds the threat. Organizations have no choice but to patch ASAP, harden their authentication efforts, and revamp how they approach identity security.

In cybersecurity, delay is not an option. Proactive defense is the only way to go. Be ahead of the attackers, because they’re already ahead of you. #gopasswordless

The Cyber Battleground: Major Attacks Shaping 2025

Posted on March 6, 2025March 6, 2025 by Srishti Chaubey

The year is 2025, and the cyber war front is more active than ever. Threat actors are refining their tactics, launching sophisticated attacks across industries. From media and infrastructure to encrypted messaging platforms and AI-driven workplaces. Below is a breakdown of the latest high-impact cyber incidents, what they mean for security, and how organizations can stay ahead.

1. The Newsroom Blackout: Cyberattack on Lee Enterprises

On February 3, 2025, a major cyberattack disrupted Lee Enterprises, a leading American media conglomerate, causing print delays and operational chaos. Newspapers like the Post-Dispatch and Casper Star-Tribune struggled to publish content, with parts of the IT infrastructure forcibly taken offline. While the exact attack vector remains undisclosed, the event underscores the vulnerability of media organizations to digital disruptions.

Key Takeaway: Ransomware and IT disruptions in media outlets can impact information dissemination. Cyber resilience planning is crucial for organizations handling sensitive data and tight production schedules.

2. Microsoft KMS Exploited: Sandworm’s Silent Weapon

The infamous Sandworm APT (APT44/UAC-0145) has weaponized Microsoft Key Management Service (KMS) activators, targeting Windows users in Ukraine. The attack leverages pirated KMS tools and fake Windows updates to inject malware, including DarkCrystal RAT (DcRAT), compromising critical systems.

Key Takeaway: Secure software sourcing is critical. Enterprises must enforce strict software policies and monitor for unauthorized activations.

2025 Cyber Attacks: Microsoft: Russia's Sandworm APT Exploits Edge Bugs Globally — Credit: Dark Reading

3. PAN-OS Under Siege: Critical Vulnerability in Palo Alto Networks

Security teams are on high alert as Palo Alto Networks confirmed active exploitation of CVE-2025-0108, an access control flaw rated at 8.8 severity. Attackers with network access can bypass authentication and execute PHP scripts remotely. Combined with CVE-2024-9474, this vulnerability grants root-level access.

Key Takeaway: Immediate patching is essential. Delaying updates could be catastrophic.

4. Phishing Strikes Signal: A New Era of Social Engineering

Russian hacking groups (UNC5792 & UNC4221) are targeting Signal users by exploiting QR codes in phishing campaigns. Victims scanning these malicious codes unknowingly grant attackers access to their encrypted conversations. In response, Signal has rolled out new verification mechanisms to counter unauthorized device linking.

Key Takeaway: Users should verify QR codes before scanning and enable multi-factor authentication (MFA) for sensitive accounts.

5. The Fake IT Support Scam on Microsoft Teams

Russian hacking collectives Fin7 and Storm-1811 have been masquerading as IT support personnel on Microsoft Teams, tricking employees into granting access. Once inside, attackers deploy ransomware, encrypting data and demanding hefty ransoms.

Key Takeaway: Organizations must enforce strict identity verification for remote IT support and educate employees to recognize impersonation attempts.

6. Chinese Hackers Escalate from Espionage to Infrastructure Attacks

Volt Typhoon and Salt Typhoon, the two alleged Chinese state-sponsored groups, have shifted focus from corporate espionage to U.S. critical infrastructure. Their primary targets include utilities, ports, and telecom networks, exploiting outdated telecom equipment to infiltrate systems.

Key Takeaway: The attacks highlight the urgent need for infrastructure modernization and proactive cybersecurity measures.

7. Astaroth Phishing Attack: Bypassing 2FA Like Never Before

A new phishing campaign “Astaroth” targets Gmail and Outlook users, bypassing two-factor authentication (2FA) through real-time credential interception. Attackers trick users into entering login credentials and 2FA codes on counterfeit pages, hijacking accounts instantly.

Key Takeaway: Phishing-resistant authentication, such as PureAUTH, and continuous monitoring are essential for protection.

Final Thoughts: The Road Ahead

As cyber threats evolve, businesses and individuals must adopt a proactive security stance. The key takeaways:

Patch vulnerabilities immediately: Delayed updates remain a hacker’s best friend.
Implement Zero-Trust security: Don’t trust, always verify.
Educate employees on phishing threats: Human error remains a top attack vector.

Cybersecurity in 2025 is a battleground. Staying ahead requires vigilance, smart investments, and a commitment to continuous security improvements. The question isn’t if you’ll be targeted, it’s when. Are you ready?

Passwords Leaked : Microsoft in Trouble

LDAP Nightmare: A Critical Flaw Shakes Enterprise Networks

Posted on January 3, 2025February 5, 2025 by Srishti Chaubey

Introduction: The Storm of 2025 Begins

The year has barely begun and cybersecurity is under attack. Behold LDAP Nightmare, a zero-click vulnerability with a high Criticality CVSS score of 9.8. This vulnerability, officially termed as CVE-2024-49113, affects Windows Servers, including the critical Active Directory Domain Controllers (DCs). No authentication required, and an emphasis on crashing unknown servers, this exploit has the potential to cripple businesses that haven’t taken a proactive approach.

And for whom Active Directory infrastructure is not the ultimate point, this is a wake-up call. Let’s unpack the details of this critical vulnerability and how to defend against it.

What Is LDAP Nightmare?

LDAP Nightmare originates from a bug in Microsoft’s Lightweight Directory Access Protocol (LDAP). Found on December’s Patch Tuesday, this vulnerability allows attackers to crash unpatched Windows servers—or worse, open a door to remote code execution (RCE).

Key Facts:

Type: Denial of Service (DoS), with potential for RCE.
Impact: Crashes unpatched servers, including DCs.
Authentication: None required—just DNS connectivity.
Affected Systems: All unpatched versions of Windows Server (2019–2022).

How LDAP Nightmare Works (Without the Tech Jargon)

Imagine this: an attacker sends some cleverly disguised requests to your server. Your server, trusting as it is, starts chatting back. That’s when the attacker sends a sneaky, malformed response that your server doesn’t know how to handle. What happens next? Boom- your LSASS process crashes, and your server reboots.

This isn’t just a one-off prank. If hackers link this security hole to other weaknesses, it could give them complete control of your system. For organizations using Active Directory, that’s a terrifying prospect.

Attack Flow (For the tech savvy)

The attacker sends a DCE/RPC request to the Victim Server Machine
The Victim is triggered to send a DNS SRV query about SafeBreachLabs.pro
The Attacker’s DNS server responds with the Attacker’s hostname machine and LDAP port
The Victim sends a broadcast NBNS request to find the IP address of the received hostname (of the Attacker’s)
The Attacker sends an NBNS response with its IP Address
The Victim becomes an LDAP client and sends a CLDAP request to the Attacker’s machine
The Attacker sends a CLDAP referral response packet with a specific value resulting in LSASS to crash and force a reboot of the Victim server

LDAP Nightmare: Microsoft Critical Flaw. — Credit: SafeBreach

Why This Matters: Compromised Business and Operational Integrity

An organization’s IT network can be seen as Active Directory Domain Controllers. They are responsible for authentication, management of security policies, and making the entire network functional. If one of the DCs stops working, it’s not only irritating- it’s an apocalypse. This is why:

Lost Productivity: Resources cannot be accessed, nor can anyone log in, meaning everyone is stuck, ever since a DC crash took place.
Data Theft: Such a vulnerability may allow attackers to siphon off very important information contained therein.
Ransomware Risks: As soon as they can get in, hackers are able to lock your data and ask for money.

How much risk are we talking? A lot.

How soon must action be taken? Right now.

The PoC That Ignited the Internet

In the writings of SafeBreach Labs’ cybersecurity researchers, it was stated that the first exploit demonstration of the LDAP Nightmare vulnerability was released in January 2025. This tool showed not only how easily an unpatched server can be taken down but also its use for penetration testing within corporate networks.

If you did not apply Microsoft’s patch from December 2024, then your servers are nearly a target. As the exploit’s ease of use might suggest, targeting systems that are not covered is going to be an easy task for attackers.

Protecting Your Organization from LDAP Nightmare

Here’s how you can guard against this exploit:

Patch Immediately:
Microsoft’s December patch closes the door on this vulnerability. Running unpatched servers means exposing the whole company at large.
Tighten DNS Security:
Configure your DNS servers to block suspicious external queries. LDAP Nightmare gets through to the network over DNS, so blocking its entry point is crucial.
Monitor Anomalous Traffic:
Keep an eye on:
- Odd LDAP referral requests.
- Suspicious DNS SRV queries.
- Unusual CLDAP response patterns.
Use SafeBreach’s PoC Tool:
Test your systems with the Ldap Nightmare tool to see if there is a risk. This proactive step can make all the difference.

Conclusion: A New Year’s Resolution You Can’t Ignore

LDAP Nightmare serves as a stark reminder of how swiftly cybersecurity threats evolve. As the first major exploit of 2025, it underscores the importance of patching, monitoring, and adopting long-term protection solutions like PureAuth for preventing unauthorized access and zero-trust security.

Although the full details of CVE-2024-49113 remain unpublished, organizations must act swiftly to prevent cascading failures that could compromise dependent systems and services. Stay vigilant, secure your infrastructure, and strengthen your cybersecurity posture – before it’s too late.

Zello Faces Another Potential Data Breach, Urges Precautionary Measures

Posted on November 30, 2024November 30, 2024 by Srishti Chaubey

Introduction

Zello, the widely-used push-to-talk app, is once again under scrutiny for its handling of user security. Recently, the company required users to reset their passwords, citing concerns that point to either a credential-stuffing attack or a potential data breach. With 175 million users spanning sectors like emergency response and hospitality, this incident has raised significant questions about the platform’s security measures.

What Happened?

On November 15, 2024, Zello warned users whose account creation date was before November 2nd to change their password. While the exact incident is not known, evidence suggests that:

Possible Breach: Customer credentials may have been accessed by unauthorized users.
Credential-Stuffing Attack: Threat actors might be using passwords compromised earlier to gain access.

This measure aims to mitigate risks to affected accounts.

Zello Potential Data Theft — Credit: CyberIL

Breaches History at Zello

In 2020, Zello faced a similar challenge:

Data Breach in 2020:

Unauthorized activity on a server led to the exposure of email addresses and hashed passwords.
Zello required password resets and asked users not to reuse passwords across platforms.

While the company achieved ISO 27001 certification in September 2024—a certification enforcing strict information security procedures—the recurrence of such incidents questions the strength of Zello’s defenses.

The Implications

If confirmed, such a breach or an attack might empower cybercriminals to:

Steal Credentials: Access account data for unauthorized use.
Expand Attacks: Use cracked passwords for credential-stuffing attacks on other platforms.
Expose Sensitive Operations: With Zello used by first responders and other critical sectors, data misuse could disrupt essential services.

What Users Should Do

Zello users should take the following steps to safeguard their accounts immediately:

Reset Passwords: Change passwords immediately for accounts created before November 2, 2024.
Use Unique Passwords: Avoid reusing passwords across different services.
Enable Security Tools: Consider using password managers to generate strong, unique passwords.

With passwordless solutions like PureAuth, organizations can eliminate vulnerabilities altogether, ensuring security by design and default.

Conclusion

The latest security incident at Zello serves as a grim reminder of the changing cyber threats that organizations face. Though breaches may not always be avoidable, proactive measures like enforcing password resets and adopting robust access management solutions can go a long way in mitigating risks.

By going passwordless, facilitated by solutions like PureAuth, businesses can ensure user credentials and data are secure by default and design, protecting against future incidents.

Read Also

Your 1st Step to #GoPasswordless

Making World Password Free

3 ways passwords are Failing the Enterprises

RockYou2024: Nearly 10 Billion Passwords Leaked Online

Posted on July 18, 2024July 18, 2024 by Srishti Chaubey

Introduction

On July 4, 2024, the cybersecurity community was rocked by the discovery of RockYou2024, the largest password compilation leak in history. This staggering breach, revealed by a Cybernews research team, includes nearly 10 billion unique plaintext passwords. The massive dataset, posted on a popular hacking forum, presents severe security risks, especially for users prone to reusing passwords.

The RockYou2024 Password Leak

The RockYou2024 password leak, tracked as the largest of its kind, was unveiled by Cybernews researchers. The file, named rockyou2024.txt, contains an astounding 9,948,575,739 unique plaintext passwords. The dataset was posted by a user named “ObamaCare,” who has a history of leaking sensitive information. This compilation is believed to be a mix of old and new data breaches, significantly increasing the risk of credential stuffing attacks.

A Brief History of RockYou

The RockYou series of password leaks dates back to 2009, when the original RockYou breach exposed over 32 million user account details. In 2021, the RockYou2021 compilation, containing 8.4 billion passwords, set a new record at the time. RockYou2024 expands on this legacy, adding another 1.5 billion new passwords, making it the largest password dump to date.

Impact and Exploitation Risks

The RockYou2024 leak poses significant dangers due to the vast number of real-world passwords it contains. Cyber-criminals can leverage this data to execute brute-force attacks, attempting to gain unauthorised access to various online accounts. Combined with other leaked databases containing usernames and email addresses, RockYou2024 could lead to widespread data breaches, financial fraud, and identity theft.

How to Protect Against RockYou2024

Reset Compromised Passwords

Immediately reset passwords for any accounts associated with the leaked data. Ensure new passwords are strong, unique, and not reused across multiple platforms.

Enable Multi-Factor Authentication (MFA)

Enable MFA wherever possible. This adds an extra layer of security by requiring additional verification beyond just a password.

Implement Passwordless Solutions

Adopting passwordless solutions can further enhance security. SAML-based passwordless solutions, such as Single Sign-On (SSO) systems, eliminate the need for passwords by using secure tokens for authentication. These solutions reduce the risk of password-related attacks and improve user convenience.

Monitor Accounts and Stay Informed

Regularly monitor accounts for suspicious activity and stay informed about the latest cybersecurity threats and best practices.

Conclusion

This recent breach highlights how fragile and unsafe passwords are, underscoring the need for more secure authentication methods. The RockYou2024 leak demonstrates that even with strong, unique passwords, the risks remain significant. Multi-factor authentication (MFA), while an added layer of security, is not foolproof. For example, MFA breaches such as the 2022 Uber hack and the attack on Microsoft’s Office 365 users in 2021 show its vulnerabilities.

Additionally, password managers are not entirely reliable. The Okta breach in 2022 and the OneLogin breach in 2017 exposed millions of user accounts, demonstrating that even these tools can be compromised.

In light of these risks, passwordless systems are emerging as the next hot trend in cybersecurity. SAML-based passwordless solutions, like PureAuth, provide enhanced security by eliminating the need for passwords and reducing the attack surface for cybercriminals.

Embracing passwordless systems, combined with continuous monitoring and updated security practices, is essential for protecting against the evolving threat landscape. Stay ahead of cyber threats by adopting innovative authentication methods and ensuring your digital assets are well-protected.

Dell Data Breach: 49M Customer Records Exposed

Posted on May 15, 2024May 15, 2024 by Srishti Chaubey

In a data breach that has caused anxiety about security and privacy, Dell, a technology hardware giant, has admitted to its occurrence having affected 49 million customer records. The unsecured API linked to a partner portal allowed hackers to swipe a huge amount of information about customers from Dell’s database.

Dell Data Breach Customer Records: Source Daily Dark Web — **Dell customer data on Breach Forums**
*Source: Daily Dark Web*

Methodology of the Breach

The hacker, known as Menelik, shared his methodology with TechCrunch .

“Believe me or not, I kept doing this for nearly 3 weeks and Dell did not notice anything. Nearly 50 Million requests…After I thought I got enough data, I sent multiple emails to Dell and notified the vulnerability. It took them nearly a week to patch it all up,” Menelik said.

Dell on the other hand, responded with “Let’s keep in mind, this threat actor is a criminal and we have notified law enforcement.”

Exploiting Partner Accounts: The threat actor created multiple “partner” firms known by different names for multiple accounts thereby leading in access to sensitive customer records.
Scraping Customer Data: They stole huge amounts of client data directly from Dell’s servers including personal particulars and purchase information.
Persistence and Volume: For nearly three weeks, the perpetrator launched an unyielding onslaught of appeals that led to almost 50 million records.
Reporting: They emailed Dell on April 12th and 14th to report the bug to Dell security team

Dell Data Breach Customer Records: Email to Dell from Menelik — **Email sent to Dell about partner portal flaw**
*Source: Menelik*

“Prior to receiving the threat actor’s email, Dell was already aware of and investigating the incident, implementing our response procedures and taking containment steps. We have also engaged a third-party forensics firm to investigate.”

Stolen Data Details

The exposed data has customer order data, including warranty information, service tags, names, locations, customer numbers, and order numbers.

The hacker, Menelik says the stolen customer records include the following hardware breakdown:

Monitors: 22,406,133
Alienware Notebooks: 447,315
Chromebooks: 198,713
Inspiron Notebooks: 11,257,567
Inspiron Desktops: 1,731,767
Latitude Laptops: 4,130,510
Optiplex: 5,177,626
Poweredge: 783,575
Precision Desktops: 798,018
Precision Notebooks: 486,244
Vostro Notebooks: 148,087
Vostro Desktops: 37,427
Xps Notebooks: 1,045,302
XPS/Alienware desktops: 399,695

Mitigation Efforts

Incident response protocols were deployed by Dell, containment strategies were employed, and external forensic experts were contracted to investigate and fix vulnerabilities.

Conclusion

Dell has advised customers to remain vigilant at all times by reporting any suspicious activities associated with their accounts or purchases as soon as possible.

The 49 million customer purchase data between 2017-2024 looks like the perfect phishing bait. Anyone posing as dell representative can trick users into clicking links and being set up for credential theft.

We need to prevent a phishing incident like those that rocked Okta, Dropbox and Lastpass. It becomes imperative to fortify your organization with robust authentication methods. Embracing passwordless authentication could be precisely the solution needed. After all, if you don’t possess traditional credentials, they can’t be stolen, can they?

CASPR – The Ultimate Code Defender

Posted on April 2, 2024April 3, 2024 by Srishti Chaubey

Amidst the fear of breaches and mishaps, a beacon of hope emerges : PureAUTH CASPR. This innovative solution redefines code security by tackling the inherent vulnerabilities in source control systems, paving the way for a new era of trust and integrity in software development.

Overview

Source control, pivotal in any project, demands vigilance against malicious code. Yet, traditional commit signing places the onus on developers, leaving organizations vulnerable to rogue actors. Enter PureAUTH CASPR, a security revolution for a paradigm shift in securing code repositories.

Security Challenges

For IT security teams, configuring repositories and user access control is paramount. Meanwhile, developers grapple with integrating security practices without impeding release cycles, especially in large teams where enforcing consistency proves daunting.

Developer Challenges

Security is a luxury, not a necessity between the junior developers. Deadlines, Lack of Awareness, and human error at developer’s side is very much possible. Such occurrences can compromise the CI/CD pipeline, and allow un-trusted commits and data to seep in.

GitGuardian saw a massive 1,212x increase in the number of OpenAI API keys leaked on GitHub compared to 2022, leaking an average of 46,441 API keys per month, achieving the highest growing data point in the report.

Our Solution

PureAUTH CASPR empowers organizations to uphold a trusted codebase through seamless integration with user-authenticated profiles. By leveraging trusted signing keys tied to corporate machines, developers ensure commit integrity while thwarting insider threats upon employee separation.

Key Benefits

Trust Your Keys, Zero Trust: Generate GPG key-pairs recognised and trusted by PureAUTH using AuthVR5. Reject commits signed with unauthorised keys.
Revocation On Departure: Revoke signing keys instantly when employees leave, directly from Active Directory, eliminating the risk of delayed access removal.
Passwordless Authentication, Security Made Easy: Utilise passwordless authentication for DevOps platform login, eliminating password leaks and phishing threats.
Effortless Key Management: Developers can easily generate GPG keys and configure repositories, streamlining the authentication process.
Trust But Verify: Verify each commit in the CI/CD pipeline, ensuring it’s signed with AuthVR5-generated keys by current organization-affiliated developers.

How it Works

Administrator onboards users onto PureAUTH platform.
User creates AuthVR5 profile.
User generates trusted GPG key-pair.
Repository configured for AuthVR5 commit signing.
User signs commits using AuthVR5.
Code pushed to DevOps platform.
Code Defender CI/CD module verifies signatures.
Deployment halted if checks fail; admin notified.

With PureAUTH CASPR, the era of compromised code and breached repositories draws to a close. Embrace the future of code security, safeguarding your digital assets with confidence and resilience.

Read Also

GitHub: Millions of Secrets Exposed

Massive Data Breach: 125 Million Records Exposed Due to Firebase Misconfiguration

Posted on March 21, 2024March 23, 2024 by Srishti Chaubey

Introduction

Logykk, xyzeva, and MrBruh have unveiled a troubling truth: 900+ sites suffered a Firebase misconfiguration, exposing 125M user records. The records contain plaintext passwords and sensitive billing information.

Scanning for Vulnerabilities

Initially, researchers employed a Python scanner, but it proved impractical due to memory consumption issues. Subsequently, they turned to Go-based scanning, which, though expected to conclude in 11 days, actually took nearly 2 to 3 weeks, producing valuable insights.

Identifying Misconfigurations

To expedite the process, researchers compiled a shortlist of potentially affected websites and developed the “Catalyst” scanner. This tool identifies read access to Firebase collections and calculates the impact of exposed data, facilitating efficient analysis.

Uncovering Disturbing Findings

The resulting database revealed alarming statistics: 84 million names, 106 million email addresses, 33 million phone numbers, 20 million passwords, and 27 million pieces of billing information were compromised. What’s more interesting, is that 98% of passwords, or 19,867,627 to be exact, are in plain text. The researchers added that these numbers should be taken with a grain of salt. Real numbers of impact can be much larger. Among the impacted sites were Silid LMS, Lead Carrot, and MyChefTool, with millions of user records exposed, underscoring the severity of the breach.

Numbers of Firebase Misconfiguration Data Breach — **Private Database of exposed user records**
*source: xyzeva*

Aftermath and Response

Despite efforts to notify affected organizations, the response was modest, with only 200 misconfigurations rectified. Notably, some gambling websites attempted to downplay the issue, even offering flirtatious responses.

842 Emails sent over 13 days
85% Emails delivered
9% Emails bounced
24% of Site owners fixed the misconfiguration
1% of Site owners emailed us back
0.2% (2) Sites owners offered a bug bounty

Conclusion: Strengthening Security Posture

While data breaches may appear unavoidable, proactive measures can significantly mitigate risks. Adopting a zero-trust approach, coupled with just-in-time access architecture, offers essential protection against unauthorised access. PureID provides cutting-edge solutions, including passwordless technology and advanced authentication frameworks like ZITA. By prioritising robust cybersecurity measures and leveraging innovative solutions, organizations can bolster their defences and safeguard sensitive data in today’s increasingly vulnerable digital landscape.

Protect Your Privacy on X: Understanding the IP Address Sharing Issue

Posted on March 15, 2024March 15, 2024 by Srishti Chaubey

Introduction

X, formerly Twitter, launches voice and video calls, sparking privacy concerns among users about IP address sharing. Protecting personal information becomes paramount, prompting users to explore disabling options within X’s settings for enhanced privacy awareness and protection.

The Issue

X’s calling feature shares users’ IP addresses with callers by default, potentially exposing sensitive location details. This means that when you make or receive a call on X, the other party can see your town, city, or postcode without your explicit consent.

The Risk

Exposing your IP address on X can lead to privacy risks, including location tracking and potential harassment. This information can be used by malicious actors to identify your physical location and possibly target you with unwanted communication or even physical harm.

Twitter DMs should have end to end encryption like Signal, so no one can spy on or hack your messages - Elon Musk (28 Apr 2022) X Sharing IP Address

In his April 2022 tweet, Musk explicitly advocates for end-to-end encryption in Twitter DMs to prevent spying or hacking of messages. This reflects his strong belief in the need for robust security measures to protect users’ privacy and sensitive information. However, the recent implementation of X’s calling feature, which shares users’ IP addresses by default, appears to contradict Musk’s commitment to data security.

Safeguarding Yourself

Here’s how you can protect your IP Address from being exposed:-

1: Access Your Settings: Open the X app and go to your profile picture icon to access your account settings.

2: Navigate to Privacy Settings: Select “Settings and Privacy,” then choose “Privacy and Safety” to find the relevant options.

3: Disable IP Address Sharing: Find the option related to audio and video calling settings in the “Direct Messages” section. Toggle off the default setting that shares your IP address with callers. This will prevent others from seeing your location when you make or receive calls on X.

4: Verification: After disabling the default setting, verify that the feature is indeed turned off to ensure your IP address won’t be shared during calls.

User Awareness:

It’s important to raise awareness among X users about the default setting that shares IP addresses during calls and how to disable it. By informing others about this issue, you can help protect their privacy as well.

Conclusion:

By understanding the issue and taking proactive steps to disable IP address sharing, you can enjoy the benefits of X’s calling feature while minimising potential risks to your privacy and security. Stay informed and vigilant to safeguard your personal information online.

Read Also:

Investigating Fidelity Investments Life Insurance Data Breach: A Closer Look