Honda의 보안 '소프트 스팟'이 보안되지 않은 데이터베이스 노출

ment 8/1 '19 posted 뉴스 IT

• 이 데이터가 공격자의 손에 특히 위험한 이유는 그것이 연약한 지점이 어디에 있는지 정확하게 보여줍니다.

• 잘못 구성된 ElasticSearch 데이터베이스에는 전 세계적으로 약 30 만 명의 혼다 직원에 대해 40GB의 정보가 담긴 1 억 3 천 4 백만 건의 문서가 포함되어 있었습니다.

• 안전하지 않은 ElasticSearch 데이터베이스는 컴퓨터의 엔드 포인트 보안 공급 업체 네트워크 정보, 운영 체제, OS 버전, 호스트 이름 및 패치 상태뿐만 아니라 이름, 이메일, 마지막 로그인과 같은 수십만 명의 Honda 직원의 매우 구체적인 데이터를 노출했습니다.

• "공격자가 Honda의 네트워크에 침입 방법을 찾고 있다면, 어떤 시스템이 공격을 식별하거나 차단할 가능성이 훨씬 낮은지를 알 수있는 중요한 정보가 될 것"이라고 말했습니다.

• "이"통제되지 않은 컴퓨터 "는 매우 쉽게 네트워크 전체에 문을 열 수 있습니다.

• 한 연구원은 40GB의 내부 시스템과 장치 데이터를 보여주는 Honda ElasticSearch 데이터베이스를 발견했다고 전했습니다.

Security lapse exposed weak points on Honda’s internal network [techcrunch.com]

Unsecured Database Exposes Security Risks in Honda's Network [www.bleepingcomputer.com]

Honda leaks database with employee computer data [rainbowtabl.es]

Honda's Security 'Soft Spots' Exposed in Unsecured Database [threatpost.com]

Honda Motor Company leaks database with 134 million rows of employee computer data [www.databreaches.net]

newest replies popular replies

Open Wiki - Feel free to edit it. -

8/1 '19 answered

New: Honda left an internal database exposed detailing all the security weak points for every employee's computer on its network. https://t.co/l5AiHxsi1k
— Zack Whittaker (@zackwhittaker) July 31, 2019

When you think you've seen it all. And then Honda leaves a DB open on the internet with a massive amount of employee systems data from the company’s endpoint security service with details of each device connected to the internal network. https://t.co/ndTfZ2RIYW #Infosec
— John Opdenakker (@j_opdenakker) July 31, 2019

A publicly accessible database exposed a huge trove of information on the global internal network of Honda, showcasing potential security vulnerabilities that could be abused by potential attackers. https://t.co/86ILZebgt7
— Adam Levin (@Adam_K_Levin) July 31, 2019

Unsecured Database Exposes Security Risks in Honda's Network #Honda #Infosec #cybersecurity https://t.co/uRxiRsq1oi
— Yoora Pak (@YooraPak) July 31, 2019

Leaked data included, "the CEO's full email, full name, department, MAC address, which Windows KB/patches had been applied, OS, OS version, endpoint security status, IP, and device type."https://t.co/38xjzImQLT
— Bad Packets Report (@bad_packets) July 31, 2019

ホンダの社内ネットワーク情報や従業員の端末情報（ID、メールアドレス、パッチ適用状況などなど）などが保存されているElasticSearchが外部からアクセスできる状態だったようです??

Honda leaks database with employee computer datahttps://t.co/ro1yxtTsWa
— Autumn Good (@autumn_good_35) July 31, 2019

Honda Motor Company leaks database with 134 million rows of employee computer data https://t.co/IN9IESN0Ae
— Justin (@xxdesmus) July 31, 2019

permanent link

Featured

Important Notice: Discontinuation of Our Wiki Service

Dear Valued Users,

We hope this message finds you well. We are writing to inform you of an important upcoming change to our services. After careful consideration and analysis, we have made the difficult decision to discontinue our wiki site, effective one month from 2024/04/30.

This was not an easy decision to make, as we understand the importance of the resources and community that have been built around our wiki. However, due to evolving market conditions and strategic realignments, we must redirect our resources and efforts towards other ventures that will allow us to serve you better in the future.

What This Means for You:

Access to Content: You will continue to have full access to all content on the wiki until the discontinuation date. We encourage you to save or migrate any content you wish to retain.
Final Date of Service: The wiki will become inaccessible starting 1st June 2024, after which all content will be permanently removed.

We are immensely grateful for the support and contributions of our user community throughout the years. The wiki is being retired, but our team will be back soon with new services and apps.

Thank you for being a part of our journey.

Warm regards,

editoy Inc.

Related

Featured