Login

Register

Login

Register

#cybersecurity | hacker | Netanyahu’s Likud Party election app leaked personal info on Israel’s 6.4M voters


If
the technology failure at the heart of the Iowa caucus debacle seemed
bad, consider that an app used by Israeli Prime Minister Benjamin Netanyahu’s
Likud Party just exposed personal data on more than 6.4 million Israelis – in
other words, the entirety of the country’s voter database. 

Likely
at fault, according to a report
in Haaertz, is a misconfigured Election Day app, Elector, that the party uses
to manage election day. Political parties are allowed to download the registry
under strict privacy and usage requirements. But an app flaw seemingly allowed
anyone to download it. 

Exposed
was voters’ personal information, including names, addresses and identity card
numbers as well as phone numbers and gender. 

“Security
weaknesses affecting APIs are rapidly becoming one of the most critical aspects
of modern application security,” said Ilia Kolochenko, Founder and CEO of
ImmuniWeb. 

As
was evident with the IowaReporter app that wreaked such havoc last week for the
Democrats, testing is often given short shrift. 

The
apps “complexity and architectural obscurity hinder security testing with traditional
tools and automated scanners,” Kolochenko said, leaving “many dangerous
security flaws remain undetected for years.” As do attacks that exploit those
flaws.

“The
APIs are riddled with a full spectrum of OWASP API Security Top 10 issues, some
of which are intertwined and require chained exploitation,” Kolochenko said. “Moreover,
compared to web applications, virtually no APIs or web services are protected
by a WAF, making them a perfect target for cybercriminals.”

The
Elector app’s developer, Feed-b, called the incident a “one-off” and said it
has already upped security. But security experts like Javvad Malik, security awareness
advocate at KnowBe4, expect that, given the vast amounts of data collected and
stored, leaks will continue to occur until organizations change their mindsets
and develop a culture of security.

“It’s important for organizations to realize that there is no step they can take to fix these issues, and neither is there a seven-step plan that can be followed that applies to all scenarios,” he said.

Rather a culture of security needs to be embedded within organizations so that the right questions are asked at the right time to account for risk and potential exposure, and based on that, ensure that the most effective controls are implemented.”



Original Source link

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


NATIONAL CYBER SECURITY RADIO
[spreaker type=player resource="show_id=4560538" width="100%" height="550px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]
HACKER FOR HIRE MURDERS
 [spreaker type=player resource="show_id=4569966" width="100%" height="350px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW