Connect with us

Cyber Security

Twilio Security Incident Shows Danger of Misconfigured S3 Buckets

Avatar

Published

on


Twilio says attackers accessed its misconfigured cloud storage system and altered a copy of the JavaScriptSDK it shares with customers.

Twilio, the cloud communications platform-as-a-service (CPaaS) giant, has confirmed a security incident in which attackers accessed a misconfigured Amazon AWS S3 bucket and modified the TaskRouter JavaScript SDK. The SDK path had been publicly readable and writable since 2015.

More than 5 million developers and 150,000 companies use Twilio, which offers tools to help businesses improve communications over voice, text, and video; its APIs help developers bring voice, video, and text into their applications. Twitter, Spotify, Hulu, Lyft, Yelp, Airbnb, Shopify, Uber, Netflix, and Foursquare are among Twilio’s customers.   

On July 19, Twilio was alerted to a change made to the TaskRouter JS SDK, a library it hosts to help customers interact with TaskRouter, which offers a routing engine to send tasks to agents or processes. The attacker-altered version of the library may have been available on Twilio’s CDN or cached by user browsers for up to 24 hours after the code was replaced on its website, which was about an hour after Twilio learned of the incident.

Attackers were able to change the library’s code due to a misconfiguration in the S3 bucket that hosted the library. They injected code that made the browser load an extra URL that had been linked to Magecart attacks. Twilio doesn’t believe this was targeted at the company. Rather, it seems to be an opportunistic attack related to a campaign to exploit open S3 buckets for financial gain.

“We had not properly configured the access policy for one of our AWS S3 buckets,” officials wrote in a disclosure. One of its S3 buckets is used to serve content from a domain twiliocdn[.]com; here, it hosts client-side JavaScript SDKs for Programmable Chat, Programmable Video, Twilio Client, and Twilio TaskRouter. Only v1.20 of the TaskRouter SDK was affected by this issue, the company says.

These files are served to users via the CloudFlare CDN content delivery network, but they are also directly available in the S3 bucket, where Twilio has configured a set of access policies for each path where files are stored. It had not properly configured the access policy for the path storing the TaskRouter SDK, meaning anybody could read or write to that path. While this path was not initially configured with public write access when it was added in 2015, Twilio says this changed shortly after.

“We implemented a change 5 months later while troubleshooting a problem with one of our build systems and the permissions on that path were not properly reset once the issue had been fixed,” the company said. 

The code attackers injected is a malicious traffic redirector, report RiskIQ researchers who call it “jqueryapi1oad” and say it has been used in other campaigns. In an analysis published in June, its team details attacks that leverage S3 buckets to insert code into websites. Jqueryapi1oad, named for the cookie the team connected with it, seems related to a long-running malvertising campaign. It was first identified in July 2019 and is still in use on 362 unique domains to date.

This campaign, dubbed Hookads by RiskIQ, has previously been linked to exploit kits and other malicious behavior, researchers report. Hookads redirects users to different decoy websites and ultimately sends them to a website where malware is installed using exploit kits.

“The Twilio compromise was another example of misconfigured Amazon S3 buckets used as an attack vector,” says RiskIQ threat researcher Jordan Herman. “Because of how easy they are to find and the level of access it grants attackers, we’re seeing attacks like this happening at an alarming rate.”

After learning of the attack, Twilio locked down the bucket and uploaded a clean version of the library to the bucket path. It conducted an audit of AWS S3 buckets and found others with improper write settings, but say no other hosted SDKs were affected. There is no evidence indicating an attacker accessed customer data or any of its internal systems, code, or data. Twilio Flex customers were not affected.

Attackers Exploit a Common Problem
As indicated in this incident and RiskIQ’s research, attackers are increasingly looking to exposed S3 buckets to bring malware into otherwise legitimate code. By infecting a single massive supplier, such as Twilio, they can indirectly affect many more businesses that rely on it. 

“Modern web applications make extensive use of third-party scripts and open source libraries, such as the TaskRouter library published by Twilio,” says Ameet Naik, security evangelist at PerimeterX. “Often introduced without proper vetting, this shadow code introduces known risks into the application and vastly expands the attack surface.”

Compounding this risk is the all-too-common problem of misconfigured cloud storage buckets, which have proved to be a consistent problem for enterprise security over the past few years. In this year alone, hundreds of thousands of files have been accidentally exposed because S3 buckets weren’t properly configured. Businesses would be wise to learn how to protect them and, like Twilio did in the aftermath of its incident, conduct an audit to see where they may be exposed.

Related Content:

 

 

Register now for this year’s fully virtual Black Hat USA, scheduled to take place August 1–6, and get more information about the event on the Black Hat website. Click for details on conference information and to register.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial … View Full Bio

Recommended Reading:

More Insights

Source: https://www.darkreading.com/cloud/twilio-security-incident-shows-danger-of-misconfigured-s3-buckets/d/d-id/1338447?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Cyber Security

Russian hackers steal Prince Harry and Meghan Markle photos via Cyber Attack

Avatar

Published

on

According to a biography ‘Finding Freedom’, Russian hackers reportedly stole 100s of photos and videos related to the marriage of Duke with Duchess of Sussex that includes some snaps related to the Queen of Britain.

Authored by Omid Scobie and Carolyn Durand, the biography gives us details on why Prince Harry chose to depart the royal life to lead a quiet living in United States along with his newly born son ‘Archie’ Harrison Mountbatten Windsor and wife Meghan Markle.

Coming to the data leak, the breach is a wake up call to the entire world on how hackers could invade into the personal lives of celebrities without their knowledge to create havoc thereafter.

Cybersecurity Insiders has learnt that the stolen photos were related to the wedding photographer Alexi Lubomiriski, hired to digitally capture the wedding of the Duke with Meghan in May’18. Around 200 photos related to the Prince’s wedding were stolen by a computer programmer based in Russia out of which many were ‘outtakes’ meant to be directed to the computer trash can.

The biography specifies that the memorabilia were siphoned from a cloud account owned by the marriage photographer and includes pictures taken by Harry and Meghan along with the Queen at the wedding.

A photo sharing website named Tumblr is seen displaying a few of the stolen pictures possibly leaked by the hacker. 

An inquiry into the data breach and leakage of wedding photos was launched by the law enforcement in Britain after it received an official complaint from the authorities at the Queens palace.

Note- In June 2019, hackers somehow managed to infiltrate the personal computer of the New York based fashion photographer Alexi Lubomirski well- known in the fashion community of London for digitally capturing the lives of Scarlett Johnson, Jennifer Lopez, Britney Spears, Natalie Portman on many ocassions/events.

Source: https://www.cybersecurity-insiders.com/russian-hackers-steal-prince-harry-and-meghan-markle-photos-via-cyber-attack/?utm_source=rss&utm_medium=rss&utm_campaign=russian-hackers-steal-prince-harry-and-meghan-markle-photos-via-cyber-attack

Continue Reading

Cyber Security

Texas School District experiences DDoS Cyber Attack

Avatar

Published

on

On the very first day of virtual learning, a Texas school district has made it official that it became a victim of a cyber attack that disrupted virtual classes for 48 minutes. However, the good news is that the IT staff of the school district was swift enough to thwart the Denial of service cyber attack, neutralizing its repercussions to full extent.

The school district that is in discussion is based on the City of Humble, Texas, United States and is known as ‘The Humble Independent School District (Humble ISD) ’.

Liz Celania- Fagan, the Superintendent of Humble ISD, has confirmed the incident via twitter and informed the world that the virtual classes that were impacted by the cyber incident were back online after a break of nearly an hour.

Liz mentioned in her statement that all those students who were logged into the classes via their student Gmail accounts might not be able to log into their student email accounts until the incident is technically resolved.

Note- A denial of service attack aka distributed denial of service attack is launched through botnets that aim to shut down a computer network by bombarding it with fake web traffic.

Meanwhile, The Federal Bureau of Investigation (FBI) has issued a nationwide alert that all school districts that are planning for virtual classes for this academic year should take adequate Cybersecurity measures as there is a high possibility that their servers might be targeted by ransomware.

“As many of the K-12 schools are planning virtual classes from September, it makes them vulnerable to cyber attacks such as ransomware”, says Corey Harris, a special agent of FBI.

There is a good chance that hacking groups might be after social security numbers and other faculty or staff info added Harris.

Hope, the CIOs or CTOs of school districts have taken a note of the ransomware alert issued by FBI targeting K-12 schools.

Source: https://www.cybersecurity-insiders.com/texas-school-district-experiences-ddos-cyber-attack/?utm_source=rss&utm_medium=rss&utm_campaign=texas-school-district-experiences-ddos-cyber-attack

Continue Reading

Cyber Security

Digital signatures security explained

Avatar

Published

on

[ This article was originally published here ]

This blog was written by an independent guest blogger.
Digital signatures have been around for decades, but recent events have put them back in the spotlight. They were heralded as the future of cybersecurity as far back as 1999, but in the intervening years came to be somewhat taken for granted by security engineers. Not any longer: the massive move to home working precipitated by the Covid-19 pandemic have forced many to take a fresh look at the security value of digital signatures, why they matter, and their relationship to encryption.
We thought we’d do the same. In this article, we’ll give you a refresher course on how digital signatures work, why they are important for security, and what the future holds.
How do digital signatures work?
Digital signatures, at the most fundamental level, are mathematical algorithms used to validate the authenticity and integrity of an electronic message….

Bernard Brode Posted by:

Bernard Brode

      

Avatar

Source: https://www.cybersecurity-insiders.com/digital-signatures-security-explained/?utm_source=rss&utm_medium=rss&utm_campaign=digital-signatures-security-explained

Continue Reading
Nano Technology12 hours ago

SEMI Partners with GLOBALFOUNDRIES to Offer Apprenticeship Program Aimed at Building the Electronics Talent Pipeline

Fisher Yu, University of Arkansas CREDIT University of Arkansas
Nano Technology12 hours ago

Materials science researchers develop first electrically injected laser: The diode laser uses semiconducting material germanium tin and could improve micro-processing speed and efficiency at much lower costs

Nano Technology12 hours ago

Advance in programmable synthetic materials: Reading sequence of metal atoms in MOFs allows encoding of multiple chemical functions

Blockchain12 hours ago

Invest 3% in Bitcoin to Avoid COVID-19 Lockdown Devaluation — BitGo CEO

Blockchain12 hours ago

Cointelegraph Launches Newsletter for Professional Investors

Blockchain13 hours ago

Bitcoin Cash short-term Price Analysis: 12 August

Blockchain13 hours ago

Token Launches From Ethereum to Telegram: Where Do We Go From Here?

AR/VR13 hours ago

Enterprise VR Hardware Specialist Varjo Raises $54 Million in Latest Funding Round

Blockchain13 hours ago

Grayscale Bitcoin Trust Saw Surge in Investor Interest After March

Blockchain13 hours ago

VeChain & Oxford Announce New Framework to Assess Consensus Protocols

Blockchain13 hours ago

Championing Blockchain Education in Africa: Women Leading the Bitcoin Cause

Gaming14 hours ago

Evening Reading – August 11, 2020

Blockchain14 hours ago

Chainlink: Traders under zero loss, but why?

Blockchain15 hours ago

The Babylon Project: A Blockchain Focused Hackathon with a Commitment to Diversity & Inclusion

AR/VR15 hours ago

Varjo Raises $54M Financing to Support Its Retina-Quality VR/AR Headsets for Enterprise

Blockchain15 hours ago

Ethereum, Zcash, Dogecoin Price Analysis: 12 August

Blockchain16 hours ago

Peer-to-Peer Exchange CryptoLocally Now Offers Instant Credit Card Payment

Blockchain16 hours ago

Cardano (ADA) Holds On to Crucial Support By a Thread

Blockchain17 hours ago

Bitcoin Creates Double-Top After Failing Close Above $12,000

Blockchain18 hours ago

DeFi Farmers Rush to Yam and Serum for Explosive Yields

Energy18 hours ago

Copper Foil Market Size Worth $10.3 Billion By 2027 | CAGR: 9.7%: Grand View Research, Inc.

Energy19 hours ago

Corundum Market Size Worth $3.5 Billion By 2027 | CAGR: 4.0%: Grand View Research, Inc.

AR/VR19 hours ago

Mozilla is Shuttering its XR Team Amidst Major Layoff, But ‘Hubs’ Will Continue

Energy20 hours ago

New Energy Challenger, Rebel Energy, Places Blue Prism Digital Workers at the Heart of its Launch Plans

Science20 hours ago

Teknosa grows by 580 percent in e-commerce and pulls its operating profit into positive territory in Q2, despite the pandemic

Science20 hours ago

Novo Ventures Portfolio Company F2G Closes US$60.8 Million Financing

Science20 hours ago

F2G Closes US$60.8 Million Financing to fund late stage development of novel mechanism antifungal agent

Blockchain20 hours ago

LocalCryptos Integrates Inbuilt Crypto-To-Crypto Exchanges, Powered by ChangeNOW

Publications20 hours ago

Putin’s plan for Russia’s coronavirus vaccine is at ‘high risk of backfiring,’ expert says

Publications20 hours ago

UK enters recession after GDP plunged by a record 20.4% in the second quarter

Gaming20 hours ago

Another Steam Game Festival Is Coming In October

Science21 hours ago

Top 25 Nationally Ranked Carr, Riggs & Ingram (CRI) Welcomes Cookeville-Based Firm, Duncan, Wheeler & Wilkerson, P.C.

Science21 hours ago

Avast plc Half Year Results For The Six-Months Ended 30 June 2020

Cyber Security21 hours ago

Russian hackers steal Prince Harry and Meghan Markle photos via Cyber Attack

Gaming21 hours ago

Oddworld: New ‘N Tasty Coming To Switch In October

Gaming21 hours ago

Linkin Park’s Mike Shinoda Is Writing A Song For Gamescom 2020

Cyber Security21 hours ago

Texas School District experiences DDoS Cyber Attack

Gaming21 hours ago

‘EVE: Echoes’ from CCP Games and Netease Is Now Available Early on the App Store, Servers Go Live Tomorrow

Gaming21 hours ago

Hans Zimmer Created An Extended Netflix “Ta Dum” Sound For Theatres

Cannabis21 hours ago

Everything you need to know about the Exxus Snap VV

Trending