Millions of Dow Jones Customer Records Exposed

This week, the Alert Logic team highlights the Dow Jones Data Leak and the Devil’s Ivy Bug. Read the full report to learn more and get access to the week’s Top Malicious IP addresses.

Breach

Millions of Dow Jones Customer Records Exposed Due to an Internal Error

A security researcher found yet another unsecured Amazon S3 bucket leading to more cloud data leakage due to user error.

The cloud data leakage of Dow Jones & Company customer data marked the latest in a line of Amazon Web Services (AWS) cloud data leakage incidents.

Dow Jones confirmed the AWS data leak included customer names, email addresses and some partial credit card numbers, but said no full credit cards or account credentials were part of the cloud data leakage. Dow Jones claimed issue affected 2.2 million customers, but security researchers estimated the number to be "closer to 4 million."

References: Dow Jones Data Leak: Over 2 Million Customers' Personal Details Exposed in Cloud Storage Error | Dow Jones Data Leak Results from Amazon AWS Configuration Error | Dow Jones Index – of Customers, Not Prices – Leaks from AWS Repo

Mitigation Strategies:

  • Intrusion detection system (IDS) signatures would detect intrusion and network anomalies.
  • Security Operations Center team provides 24x7 security monitoring, daily log review, web application firewall management and advanced anomaly detection. 
  • Web application firewall management and advanced anomaly detection. 
  • FIM solution would detect any type of file modification or addition
  • Log management could detect any suspicious user account activity.
  • Cloud Trail in AWS

Malware

Millions of IoT devices hit by Devil’s Ivy Bug

A new vulnerability was discovered while researching an internet of things (IoT) security camera, but the research shows that a wide range of IoT devices has similar problems.

The vulnerability, dubbed Devil’s Ivy, is an open-source re-use problem. The flaw itself lies in gSOAP, which is maintained by Genivia. Genivia claims to have more than 1 million downloads, with IBM, Microsoft, Adobe and Xerox as customers.

The exploit allows an attacker to remotely access a video feed or deny the owner access to the feed. Since these cameras are meant to secure something, like a bank lobby, this could lead to a collection of sensitive information or prevent a crime from being observed or recorded.

References: Bad Code Library Triggers Devil’s Ivy Vulnerability in Millions of IoT Devices | Devil's Ivy: Flaw in Widely Used Third-party Code Impacts Millions | Devil's Ivy Bug Patched After Found in Toolkit Potentially Used by Millions of IoT Devices

Mitigation Strategies:

  • Web application firewall management and advanced anomaly detection. 
  • Intrusion detection system (IDS) signatures would detect intrusion and network anomalies.
  • Security Operations Center team provides 24x7 security monitoring, daily log review, web application firewall management and advanced anomaly detection.
  • Log management could detect any suspicious user account activity and collect system log of USB activity.
  • Patch your devices

This Week's Suspicious IP Addresses

104.193.252.231 104.236.186.202
31.207.47.62 139.162.77.6
218.65.30.251 116.31.116.47

*IP addresses provided by Recorded Future.