CloudSEK’s BeVigil identified critical security vulnerabilities in a fintech company’s digital infrastructure, including application errors and misconfigured email settings, posing risks to data integrity and customer trust. Immediate actions are recommended to enhance security measures.
Affected: fintech sector
Affected: fintech sector
Keypoints :
- CloudSEK’s BeVigil conducted a security scan on a fintech company’s assets.
- Multiple vulnerabilities were found that could compromise data integrity and customer trust.
- Critical issues included application error disclosures, exposed APIs, and insecure SPF records.
- Attackers could exploit these vulnerabilities for phishing and impersonation.
- Recommendations include hiding error messages, limiting unused features, and protecting email settings.
MITRE Techniques :
- Application Error Disclosure (T1321): Internal application details are revealed via Tomcat stack traces, aiding attackers in targeting vulnerabilities.
- Remote Method Enumeration (T1594): Exposed WordPress XML-RPC allows attackers to enumerate functions for brute-force attacks.
- Account Manipulation (T1536): Misconfigured SPF records facilitate email spoofing, enabling phishing attacks.
Indicator of Compromise :
- [Domain] fintechcompany[. ]com
- [Domain] example[. ]com
- [Email Address] attacker@example[. ]com
- [IoC Type] SPF record misconfiguration (not explicitly given, based on context)
- [IoC Type] Tomcat stack traces (not explicitly provided as hashes or URLs)
Full Story: https://www.cloudsek.com/blog/how-a-leading-fintech-firm-was-exposed-by-simple-security-oversights
Views: 31