Despite attempts by Cybernews to contact the company, no additional comments were received at the time of article publication. Upon the researchers' discovery on October 6th, Vietnam Post Corporation promptly revoked public access. The exposed data had been accessible for at least 87 days, as internet-scanning IoT search engines first indexed it on July 8th, 2023. The Cybernews researchers emphasized the potential value of event logs to attackers, providing insights into network, user, and service details. Employee names and emails were among the leaked information, with the logs primarily associated with cybersecurity software like Extended Detection and Response (XDR) and a variant of the open-source Security Information and Event Management (SIEM) platform, Wazuh. The compromised data included 226 million logged events, totaling 1.2 terabytes, with real-time updates. The breach, discovered on October 3rd, revealed an open Kibana instance belonging to the corporation a tool for data search and analytics. Vietnam Post Corporation, a government-owned postal service in Vietnam, has inadvertently exposed its security logs and employee email addresses to external cyber threats, according to researchers from Cybernews.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |