Boeing Investigates Sensitive Data Theft Claims of LockBit
- Written by Shipra Sanganeria Cybersecurity & Tech Writer
This Friday, aerospace giant Boeing announced an investigation into the ransomware attack claims made by the notorious LockBit cybercrime gang.
According to the post by VX-Underground on X , the ransomware-as-a-service (RaaS) group added Boeing to their victim list, claiming to have stolen a significant amount of sensitive data from the firm.
It also issued a deadline of November 2, post which they threaten to release the data in the public domain. “Sensitive data was exfiltrated and ready to be published if Boeing does not contact within the deadline!” the post read. “For now we will not send lists or samples to protect the company BUT we will not keep it like that until the deadline,” the post continued.
Post the ransomware threat publication, Boeing was forced to issue a statement. “We are assessing this claim,” a Boeing spokeswoman told Reuters .
With a revenue of $66.6 billion, the US-headquartered aircraft and defense manufacturer employs more than 140,000 people worldwide.
First observed in 2020, in the US, the RaaS gang was one of the most active cybercrime groups in 2022, in terms of the number of victims’ names published on its website.
According to the US Cybersecurity and Infrastructure Security Agency ( CISA ), since it was first discovered, the group has conducted around 1,700 attacks in the US and earned an estimated ransom of $91 million from the country alone.
OAuth Vulnerabilities in Popular Online Services Allowed Account Takeovers
- Written by Shipra Sanganeria Cybersecurity & Tech Writer
Salt Security in its third and final segment of identifying issues in the implementation of OAuth framework, revealed flaws in social login mechanisms of popular services like Grammarly, Vidio, and Bukalapak.
The research identified weaknesses in the access token verification process of the social sign-in option part of OAuth protocol. If exploited, these vulnerabilities allow a hacker to not only steal user credentials but also take full control of the victim’s account. Thus, enabling an attacker to hijack sessions and commit identity thefts or financial frauds.
OAuth is a popular user authorization and authentication protocol that allows websites and web service companies to implement a simple one-click sign-in process. Users can sign into websites through their social media accounts (Google and Facebook).
However, for a secure implementation process, it is essential that websites verify the provided access token, something that many online service providers failed to do. Salt Security demonstrated this vulnerability via an experiment, wherein they inserted a token from another site as a verified token. This technique known as ‘’Pass-The-Token Attack’’ allowed its researchers to gain complete control over a user’s account.
Although, this experiment identified the vulnerabilities found in social login-in process of Grammarly, Vidio, and Bukalapak, the company stated ‘’[..] we expect that 1000s of other websites are vulnerable to the attack we detail in this post, putting billions of additional Internet users at risk every day.”
The researchers went on to say that the OAuth framework is well-designed and secure. The problem lies in its implementation. “We hope this series has helped educate the broader industry on the nature of potential OAuth implementation errors and how to close these API-based security gaps to better protect data and use OAuth more securely.”
Post discovery, the above-mentioned platforms were notified of these vulnerabilities. Since then, each one of them have taken steps to mitigate these security gaps.
Salt Security’s current disclosure comes just months after the company revealed flaws in the implementation of OAuth protocol by popular online services like Booking.com and Expo .
