Cyber Security News (9th April 2018)

  1. Authentication Bypass Vulnerability Found in Auth0 Identity Platform

OAuth0 is an open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords. , Auth0 is one of the biggest identity platforms over 2000 enterprise customers and managing 42 million logins every day and billions of login per month. According to the news published by Hacker News, A critical authentication bypass vulnerability has been discovered that could have allowed a malicious attacker to access any portal or application, which are using Auth0 service for authentication. While pentesting an application back in September 2017, researchers from security firm Cinta Infinita discovered a flaw (CVE-2018-6873) in Auth0’s Legacy Lock API, which resides due to improper validation of the JSON Web Tokens (JWT) audience parameter. The flaw can be bypass using cross site request forgery attack against the applications running over Auth0 authentication. The company has mitigated the vulnerabilities by extensively rewriting the affected libraries and releasing new versions of its SDKs (auth0.js 9 and Lock 11).

Cyber Security Tips:  Users and administrators are strongly recommended that update their current platform with latest one.

  1. New macOS malware aims at infecting devices with malicious macros

New day new malware but this time the target is macOS. The IT security researchers at Trend Micro have discovered a new malware which they believe is associated with OceanLotus also known as SeaLotus, Cobalt Kitty, APT 32, and APT-C-00. The infamous OceanLotus group is well known for targeting maritime construction firms, research institutes, media and human rights organizations. The malware aims at Mac devices that have Perl programming language installed on the system and is being delivered through phishing emails attached with a Microsoft Word document. The document contains malicious macros. The email recommends victims to enable macros to read the email and once that’s done the obfuscated macros extract a .XML file from the Word document which is actually an executable file and works as the dropper of the backdoor. Once backdoor install on your system it start doing malicious activities.

Cyber Security Tips:  Users are strongly recommended that check before downloading any files, check for hidden files and folders, avoid opening spam emails and if any document ask to enable macro do not enable.

  1. Mainstream Live Chat widgets leaking personal details of employees

LiveChat is an online customer service software with live support, help desk software, and web analytics capabilities. According to the findings of Project Insecurity researchers Cody Zacharias and Kane Gamble, live chat software from various, commonly used programs are plagued with information leaking vulnerabilities. The live chat software identified to be vulnerable includes, LiveChat Software by LiveChatInc, Nuance’s TouchCommerce and LivePerson. These live chat widgets are responsible for leaking personal details of company employees of probably hundreds of popular websites. Leaked data includes employee’s name, email address and ID, supervisor and managers’ names and IDs, the location of the employee, center name and indication of the other software used by the employee. According to the researcher the company has notified the issue and working on it.

Cyber Security Tips: Users and administrators are strongly recommended that contact with company to patch the issue and avoid transferring any sensitive information using chat application until the issue solve.

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at

Up ↑

%d bloggers like this: