All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of May 30, 2022. I’ve also included some comments on these stories.

Vendor Refuses to Remove Backdoor Account That Can Facilitate Attacks on Industrial Firms

Korenix JetPort industrial serial device servers have a backdoor account that could be abused by malicious hackers, Security Week reports.  Although this backdoor access could be exploited in attacks aimed at industrial organizations, the vendor says the account is needed for customer support.

ANDREW SWOBODA | Senior Security Researcher at Tripwire

Korenix JetPort product contains a backdoor account and was assigned CVE-2020-12501. This backdoor account was found back in 2020, but due to the disclosure process it was only made available recently. Unfortunately, it looks like the backdoor account passwords cannot be changed by a user.
The vendor claims that the account is needed for customer support and that the password “cannot be cracked in a reasonable amount of time.” However, it looks like the password was cracked and was posted to Packet Storm. According to the details posted on Packet Storm, there were three users with the following passwords: admin:admin, root:ilovekor, and kn001277:vup2u04.

Tim Horton’s App Tracked Movement In Violation Of Privacy Laws

Canadian coffee chain Tim Hortons’ mobile app regularly tracked and recorded the locations of its users even when their app was not open, reports Reuters. This is in direct violation of national privacy laws, Canada’s privacy regulator said on Wednesday in a report concluding a two-year-old investigation.

ANDREW SWOBODA | Senior Security Researcher at Tripwire

The privacy regulator conducted an investigation two years ago to determine how Tim Horton’s mobile application tracked users. The (Read more...)