Category Archives: data leak

A flaw in discontinued Iomega/Lenovo NAS devices exposed millions of files

Experts at Vertical Structure and WhiteHat Security discovered a serious flaw that exposed millions of files stored on thousands of exposed Lenovo NAS devices.

An analysis conducted by researchers at Vertical Structure and WhiteHat Security allowed discovering a vulnerability in discontinued Iomega/Lenovo NAS devices, tracked as CVE-2019-6160, that exposed millions of files.

The discovery was made in the fall of 2018 querying the Shodan search engine and revealed 5,114 devices storing over 3 million files. The issue exposed roughly 20,000 documents, 13,000 spreadsheets, 13,000 text files and 405,000 pictures. Some of the documents contained sensitive information, including card numbers and financial records.

IOmega NAS devices flaw 3

The experts believe the actual number of exposed systems could be much greater because they were able to identify only 5,114 devices.

“Vertical Structure was able to find about 13,000 spreadsheet files indexed, with 36 terabytes of data available. The number of files in the index from scanning totaled to 3,030,106.” states a blog post published by WhiteHat Security.

“Within these files, there was a significant amount of files with sensitive financial card numbers and financial records. Vertical Structure was able to track down the source, a legacy Iomega storage product acquired by EMC and co-branded Lenovo-EMC in a joint venture.”

The vulnerability could have been exploited by a remote, unauthenticated attacker to access the files stored on the NAS devices by sending a specially crafted request via an API that was not protected with any authentication mechanism. The experts pointed out that the devices did not leak data through their web interface.

The exploitation of the issue could be automated by developing a script that scans the internet for vulnerable Iomega/Lenovo NAS devices and sends crafted requests to the vulnerable ones.

After the researchers from Vertical Structure and WhiteHat reported their findings to Lenovo, the company pulled three versions of the affected software out of retirement to solve the issue.

“A vulnerability in Iomega and LenovoEMC NAS products could allow an unauthenticated user to access files on NAS shares via the API.” reads the advisory published by Lenovo.

In October 2018, experts at Lenovo discovered nine vulnerabilities affecting discontinued Iomega and LenovoEMC NAS devices that could be exploited by unauthenticated attackers to access protected content.

Pierluigi Paganini

(SecurityAffairs – NAS devices, hacking)



The post A flaw in discontinued Iomega/Lenovo NAS devices exposed millions of files appeared first on Security Affairs.

Mysterious hackers steal data of over 70% of Bulgarians

Hackers stole data of millions of Bulgarians, and sent it to local media, According to the media the source could be the National Revenue Agency.

Hackers have exfiltrated data from a Bulgarian government system, likely the National Revenue Agency (NRA), and have shared it with the local media.

The hackers have stolen the personal details of millions of Bulgarians and sent to the local newspaper download links for the archives containing them.

“The link was sent by anonymous hackers via Russian mail servers on Monday to the Bulgarian media. The array of 57 folders contains thousands of files that they claim to be from the Treasury’s servers, probably.” reads the Monitor website.

The National Revenue Agency is investigating the incident and verifying the authenticity of the data.

“The NRA and the specialized bodies of the Ministry of the Interior and the State Agency for National Security (SANS) check the potential vulnerability of the National Revenue Agency’s computer system.” reads a statement published by the NRA.

“Earlier today, emails of certain media have been sent a link to download files allegedly belonging to the Bulgarian Ministry of Finance. We are currently verifying whether the data is real.”

The hackers claim to have breached Treasury’s servers and have exfiltrated data from more than 110 databases. More than 5 million Bulgarian and foreign citizens are affected, consider that the country has a population composed of 7 million people.

“Your government is slow to develop, your state of cybersecurity is parodyous,” wrote the hackers.

The hacker bragged about stealing 110 databases from NRA’s network, totaling nearly 21 GB. The hacker only shared 57 databases, comprising 11GB of data out of 21 aggregate data with local news outlets but promised to release the rest in the coming days.

“Perhaps the biggest leak of personal data in Bulgaria. That’s how the 57-folder contains more than a thousand files that anonymous hackers sent to Bulgarian media on Monday.” reported the Capital website. “Upon reviewing the information, Capital has opened databases with more than 1 million rows containing PINs, names, addresses, and even earnings.”

Most of the data is very old, in some cases, information is dated back as far as 2007.

Hackers also leaked information from Department Civil Registration and Administrative Services (GRAO), Bulgaria’s customs agency, the National Health Insurance Fund (NZOK), and data from the Bulgarian Employment Agency (AZ).

The email was sent by an email address belonging to the Russian service Yandex.ru. The message sent to local media by hackers ends with a quote by WikiLeaks founder Julian Assange and calls for his release.

“Your government is stupid. Your is a parody.” closes the email.

Immediately after the leak of the data, the Democratic Bulgaria opposition party demanded the resignation of Finance Minister Vladislav Goranov.

It seems that cyber security for Bulgarian government services is very poor, tt the end of June, Bulgarian police arrested the IT expert Petko Petrov after he publicly demonstrated a security vulnerability in the kindergarten software used by local kindergartens.

Pierluigi Paganini

(SecurityAffairs – Bulgarians, hacking)

The post Mysterious hackers steal data of over 70% of Bulgarians appeared first on Security Affairs.