urlscan.io logo urlscan.io
SecurityTrails logo

cybernews.com Open in urlscan Pro
2606:4700:3108::ac42:283b  Public Scan

Back to summary
URL: https://cybernews.com/security/vietnam-post-exposes-data-including-email-addresses/
Submission: On December 01 via api from US — Scanned from DE

Form analysis 2 forms found in the DOM

GET /search/

<form class="header__search-form" action="/search/" method="get" data-js-search-mobile="">
  <input class="header__search-form-input" placeholder="Search..." type="search" data-js-search-input-mobile="">
  <button type="submit" class="header__search-form-button" title="Search">
    <svg class="svg-icon header__search-form-button-icon" width="22" height="22">
      <use xlink:href="#mdi-magnify"></use>
    </svg>
  </button>
</form>

POST /api/add-comment/

<form id="comment-form" class="space space_size_n text text_size_small" action="/api/add-comment/" method="POST">
  <label for="comment-form-text">
    <strong class="form-label form-label_required">Comment</strong>
    <textarea id="comment-form-text" name="comment" required="" cols="45" rows="8" class="form-input space space_size_s" minlength="3"></textarea>
  </label>
  <div class="space space_size_n">
    <div class="cells cells_responsive">
      <label class="cells__item cells__item_width cells__item_width_2" for="comment-form-name">
        <strong class="form-label form-label_required">Name</strong>
        <input id="comment-form-name" type="text" name="name" required="" class="form-input space space_size_s" minlength="3">
      </label>
      <label class="cells__item cells__item_width cells__item_width_2" for="comment-form-email">
        <strong class="form-label form-label_required">Email</strong>
        <input id="comment-form-email" type="email" name="email" required="" class="form-input space space_size_s" minlength="3">
      </label>
    </div>
    <label class="space space_size_n display_block" for="privacy_policy">
      <strong class="form-label form-label_required">Privacy Policy Agreement</strong>
      <span class="space space_size_s content display_block">
        <input id="privacy_policy" name="privacy_policy" required="" type="checkbox"> &nbsp; I agree to the <a class="link" href="https://cybernews.com/terms-conditions/" target="_blank" rel="noreferrer">
Terms &amp; Conditions
</a> and <a href="https://cybernews.com/privacy-policy/" target="_blank" rel="noreferrer">
Privacy Policsy
</a>. </span>
    </label>
  </div>
  <div class="space space_size_l">
    <button class="button" type="submit"> Post comment </button>
  </div>
</form>

Text Content

 * News
   * Cybersecurity news
   * Cyber war news
 * Editorial
 * Security
 * Privacy
 * Crypto
 * Tech
 * Resources
   * What is a VPN?
   * How to use a VPN?
   * What is malware?
   * Are password managers safe?
   * More resources
 * Tools
   * Strong password generator
   * Personal data leak checker
   * Password leak checker
   * Website security checker
   * Ransomlooker
   * VPN speed test
 * Reviews
   * Antivirus software
   * Best VPN services
   * Password managers
   * Best ad blockers
   * Secure email providers
   * Best website builders
   * Best web hosting services

 * Follow
   * 
   * 
   * 
   * 
   * 
   * 
   * 



© 2023 CyberNews- Latest tech news,
product reviews, and analyses.

 1. Home
 2. Security


VIETNAM POST EXPOSES 1.2TB OF DATA, INCLUDING EMAIL ADDRESSES

Updated on: 21 November 2023
 * Ernestas Naprys
   Senior Journalist

--------------------------------------------------------------------------------

Image by Cybernews.


Vietnam Post Corporation, a Vietnamese government-owned postal service, left its
security logs and employee email addresses accessible to outside cyber snoopers,
Cybernews researchers have discovered. The exposed sensitive data could spell
trouble if accessed by malicious actors.

On October 3rd, the Cybernews research team discovered an open Kibana instance
belonging to the Vietnam Post Corporation. Kibana is a visualization dashboard
for data search and analytics, helping enterprises deal with large quantities of
data.

At the time of discovery, the data store contained 226 million logged events,
resulting in 1.2 Terabytes of data, which was being updated in real-time. The
leaked information also had employee names and emails.



Those logs were mainly attributable to cybersecurity software such as Extended
Detection and Response (XDR) and Security Information and Event Management
(SIEM). Some records resembled a modified version of Wazuh, an open-source
security information and event management (SIEM) platform.

“Event logs can be very valuable for potential attackers, as they can help with
network, user, and service enumeration and tracking,” Cybernews researchers
explain.

The data store was left accessible for at least 87 days, as the
internet-scanning IoT search engines indexed the data for the first time on July
8th, 2023.

Soon after the discovery on October 6th, Vietnam Post Corporation revoked public
access before the Cybernews researchers could contact them.

A Vietnam Post representative explained that its IT team detected and
immediately fixed this incident, which “was unexpected negligence from the
partner that we are renting email services and monitoring our email system
from.” The incident did not affect production and business activities, nor
partners and clients, as it contained “only basic monitoring log information.”

Vietnam Post has coordinated with Vietnam’s Department of Information Security
and partners to resolve the issue immediately and “have also prevented
unfortunate errors from occurring and ensured the safety of the information
system.”


STATE-SPONSORED HACKERS ON THE HUNT



While the leak wouldn’t provide attackers with direct access to sensitive
systems or user accounts, it contained device usernames with employee names or
emails. This information enables potential attackers to identify which employees
were working at a given time and which devices they were using.

“XDR tools are essential for cyber security personnel to keep track of what is
happening in the network, allowing them to detect threats and respond
effectively. When such systems fall into the wrong hands, it can give an
attacker visibility into the network and monitor the response to potential
threats they might unleash on the nodes in the network,” Cybernews researchers
explain.

Malicious actors, especially state-sponsored advanced persistent threats,
monitor potential weaknesses to wreak chaos in targeted systems. And security
logs, listing machines, users, and their activity, would be very valuable to
them.

“This leak is significant, as it could have been used to assist in an attack
against a governmental organization, which is often considered critical
infrastructure. It could have been used to collect information about its
employee's activities,” Cybernews researchers believe.

State-owned corporations are often responsible for critical infrastructure,
which is paramount to uninterrupted operations.

One of the most notorious cyberattacks during the last few years happened when
attackers managed to steal a single password to bring the Colonial Pipeline down
and disrupt fuel supplies to the US Southeast.

“Vietnam Postal Corporation leak reveals that the organization was taking
security seriously to the extent of using XDR and SIEM software, and they still
exposed sensitive information about internal network events and nodes by failing
to keep access to the collected information secure. This highlights the
importance of ensuring that access to company-wide security tools remains
private and only available to authorized personnel,” researchers concluded.


MITIGATION 101

Organizations should ensure that software is configured securely and all
relevant access control methods are used to avoid this type of leak.

“Employees should be aware that leaked emails could be used for targeted
phishing attacks. Therefore, they should take incoming communications with more
caution. The Vietnam Post Corporation should ensure that employees have
undergone basic cybersecurity training and can spot phishing attacks,”
researchers suggest.

Regarding software logs, the company should evaluate its current access control
policies to ensure they are appropriate and cannot be easily violated by human
error.



“The security teams should investigate if the leaked information is potentially
being used in attacks against their network. Additionally, they should consider
changing the policy of usernames or authentication tokens to ensure such leaks
do not expose employees' personal information,” the report reads.

Vietnam Postal Corporation is a Vietnamese government-owned postal service. It
also provides financial, life, and non-life insurance services, including bill
collection and payments. Established in 2005, the organization currently employs
over 70 thousand people.

Updated with Vietnam Post's comment.



--------------------------------------------------------------------------------


MORE FROM CYBERNEWS:

Eastern nations more receptive to AI, hints UN tech advisor

Boeing breach: LockBit leaks 50 GB of data

FAA clears Musk's SpaceX for Starship rocket lift off

Henry Schein data breach: banking details exposed

Musk's Starlink to offer free internet in Mexico

Subscribe to our newsletter


Share
Post
Share
Share
Share

--------------------------------------------------------------------------------

Editor's choice
SECURITY
KidSecurity’s user data compromised after app failed to set password
by  Paulina Okunytė
29 November 2023

KidSecurity, a popular parental control app that’s used to track children, has
exposed its activity logs, leaving users' private data in the hands of threat
actors.

Read more about KidSecurity, a popular parental control app that’s used to track
children, has exposed its activity logs, leaving users' private data in the
hands of threat actors.
Exclusive: Hacker breaks silence following a decade behind bars in Cybernews
documentary
27 November 2023
Thousands of secrets lurk in app images on Docker Hub
28 November 2023
China vs US: who’s winning the race for AI supremacy
27 November 2023
Cybernews podcast: Five days of war at OpenAI
23 November 2023

--------------------------------------------------------------------------------



--------------------------------------------------------------------------------

--------------------------------------------------------------------------------

Leave a Reply

Your email address will not be published. Required fields are markedmarked

Comment
Name Email
Privacy Policy Agreement   I agree to the Terms & Conditions and Privacy Policsy
.
Post comment

 * Categories
   * News
   * Editorial
   * Security
   * Privacy
   * Crypto
   * Cloud
   * Tech
 * Reviews
   * Antivirus Software
   * Password Managers
   * Best VPNs
   * Best VPN for iPhone
   * Secure Email Providers
   * Website Builders
   * Best Web Hosting Services
 * Tools
   * Password generator
   * Personal data leak checker
   * Password leak checker
   * Website security checker
   * Ransomlooker
   * VPN speed test
   * Coupon codes
 * ENGAGE
   * About Us
   * Send Us a Tip
   * Careers
   * Academy

 * 
 * 
 * 
 * 
 * 
 * 
 * 

 * About Us
 * Contact
 * Send Us a Tip
 * Privacy Policy
 * Terms & Conditions
 * Vulnerability Disclosure

© 2023 Cybernews – Latest Cybersecurity and Tech News, Research & Analysis.



This website uses cookies. By continuing to use this website you are giving
consent to cookies being used. Visit our Privacy Policy .
I Agree