Question

Find a 2018 or 2019 newspaper website article (no academic research articles) on a recent software vulnerability that led to a security breach. You need to find article that talks about how a specific software vulnerability was involved, so not just any security story will do! Write a 300 word summary (no graphics or tables) of the incident in your own words, describing what software was involved, what the vulnerability was, and what the consequences were. Be as specific as you.

Answer 1

Hackers used single sign on In phishing pages used to steal the credentials:-

• Malicious pages have been reported to leverage Single Sign-On (SSO) to steal users’ credentials.
• This form of phishing attack has grown with the popularity and ease of SSO among widely used websites.

What is Single Sign-On?

Single Sign-On (SSO ) allows users to use a set of credentials to log into multiple applications.

• It does not require the user to remember multiple sets of credentials for different accounts.
• Eliminating password prompts for each application during a session improves user experience.
• SSO is often accomplished by authenticating the user against a repository such as Lightweight Directory Access Protocol (LDAP).
• Google, Facebook, and Twitter are among the popular applications that offer SSO to users.
• SSO can also be extended to third-party services. For example, many applications allow users to access their account using Google’s or Facebook’s authentication.

Consequences-

The availability of SSO is steadily increasing across applications, which has lead to many hackers attempting to misuse it.

They use your data for their personal use and even blackmailing you for your data and might cause harm to others with your personal data

• Malicious pages have been reported to pretend to be the sign-in pages of applications such as Dropbox.
• When users enter their credentials, the data is harvested instead of logging them into the intended application.
• Before the popularity of SSO, hackers would create a separate page for each service to steal credentials. But now, they’re able to create a single phishing page.

Precautions to be taken -

Probably the best way to protect yourself from SSO phishing attacks is to enable two-factor authentication.

This is because having a secondary authentication makes it difficult for hackers to access your account. It is also recommended not to use SMS as the secondary authentication, because it is not as secure as other methods.