This is sad to see, these tools are forced down so many companies in name of "compliance" while totally not worth the maintenance and cost overhead. Apparently they haven't got any better in the last decade.
I have been advised not to disclose specific vulnerabilities since the parties involved are not most friendly and transparent in handling security reports. While most of these got reported and some even got fixed, I can only disclose high-level details of the compromise path. Some just ghosted me after conveniently fixing the flaws, and one even gave me a phone call, which was somewhat scary and perhaps not worth the adrenaline.
What an unprofessional sysadmin move, borderline infuriating.
On both Ticketmaster and Facebook, and many other sites, when you perform a search on their support site it spits back your query in big letters at the top of the page. If you craft the correct search and then buy Google Ads pretending to be Ticketmaster, then you can redirect users to your call center and scam them. And because they link for your ad actually links to Ticketmaster the ad passes validation and appears to be a legit link in the eyes of Google.
Example of a crafted search term: https://help.ticketmaster.com/hc/en-us/search?utf8=%E2%9C%93...
Yuck all round. I mean ticketmaster is just a sin eater for greedy popstars but yuck ..
gta 5 site:europa.eu https://www.google.com/search?q=gta+5+site%3Aeuropa.eu&hl=en
Watch full site:europa.eu https://www.google.com/search?q=Watch+full+site%3Aeuropa.eu&...
Technically it might not be a "data leak", but it very well could result in one if arbitrary content (including js?) can be uploaded to these webpages?
After some people started publicly naming and shaming on LinkedIn and tagging ENISA, the issue got some exposure, but still was not fixed. It only made it more evident that several people independently reported these issues, and they became aware of peers stumbling over the issue. Still nothing happened.
ENISA is supposed to act as a CNA and expects to be notified of data breaches from EU based orgs for PSIRT / CSIRT as part of the Cybersec Resiliance Act and other laws.
Would I trust that vulnerability data that gets reported as a CVE, or a breach notification is safe with ENSIA ?
... feck no!
Would I trust that documents that europa.eu hosts on its infra are authentic? (such as security-compliance documents telling orgs how to properly implement security, but literally any public communication under one of the domains)
... hecking heck no!
... At this stage I think everyone else except ENISA has control over their infrastructure.
SoftTalker•2h ago
> Outdated Wordpress plugins and CMS systems
No surprise, having worked in edu the following scenario was very common:
1) Researcher gets a grant for a project
2) Grad student sets up a Drupal site for the project
3) Things are maintained and updated for a couple of years
4) Grant runs out, project wraps up, student graduates, everyone forgets about the server which sits unattended and unmaintained.
Still happens, but most universites have really clamped down on the ability to just stand up a web server on the network. Many are requiring everything to be on a centrally managed enterprise CMS which is a PITA but that's the fallout for too much sloppy administration.
notyourwork•1h ago
We could also get external ips and connectivity without much supervision. Core security needs to be prioritized to avoid this from happening.
semi-extrinsic•1h ago
yjftsjthsd-h•41m ago
Well that's fine; my school did the same thing and other than feeling wasteful there was no-
> All normal ports were open - ssh, http(s), you name it. It was the OG zero trust architecture.
Oh. Yeah, open ports by default is... and interesting life choice.
fecal_henge•39m ago
foobarian•21m ago