All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of March 21, 2022. I’ve also included some comments on these stories.

Misconfigured Firebase Databases Exposing Data In Mobile Apps

It’s a gold mine of exploit opportunity in thousands of mobile apps, researchers say. And it’s no wonder; five percent of the databases are vulnerable to threat actors. Thousands of mobile apps – some of which have been downloaded tens of millions of times – are exposing sensitive data from open cloud-based databases due to misconfigured cloud implementations, new research from Check Point has found.

Samantha Zeigler | Security Researcher at Tripwire

It’s important to remember that cloud database security is just as important as the security of the applications themselves. The security of any given application is only as secure as its most easily exploited vulnerability. It is essential for developers to ensure their databases are secured with the proper settings before adding any sensitive information into them. The availability of the cloud from almost anywhere makes it a valuable tool – one that can be easily exploited when misconfigurations are present.

New Browser-in-the Browser (BITB) Attack Makes Phishing Nearly Undetectable

A novel phishing technique called browser-in-the-browser (BitB) attack can be exploited to simulate a browser window within the browser to spoof a legitimate domain, thereby making it possible to stage convincing phishing attacks, reports The Hacker News. Says one pen tester, “once landed on the attacker-owned website, the user will be at ease as they type their credentials away on what appears to be the legitimate website (because the trustworthy URL says so).”

Dylan D’Silva | Security Researcher at Tripwire

Having (Read more...)