Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Open database leaves major Chinese ports exposed to shipping chaos

The freight logs of two major Chinese shipping ports have been leaking data, a problem which if left unresolved could disrupt the supply chain of up to 70,000 tonnes of cargo a day, with potentially serious consequences for international shipping. The cybernews® research team identified an open ElasticSearch database, which contained more than 243GB of […]

Chinese ports

The freight logs of two major Chinese shipping ports have been leaking data, a problem which if left unresolved could disrupt the supply chain of up to 70,000 tonnes of cargo a day, with potentially serious consequences for international shipping.

The cybernews® research team identified an open ElasticSearch database, which contained more than 243GB of data detailing current and historic ship positions that is exposed to the public. Analyzing the data, the team determined that it is highly likely to belong to the Yangtze river ports of Nanjing and Zhangjiagang.

The discovery is especially timely, given the escalation of the geopolitical situation caused by Russia’s recent decision to invade Ukraine. “This could have gone very badly if bad guys had found it before we did,” said a spokesperson for Cybernews.

ElasticSearch lacks a default authentication and authorization system – meaning the data must be put behind a firewall, or else run the risk of being freely accessed, modified or deleted by threat actors. The push access logs of the zjgeport.com found on the database contained user IDs and, most importantly, API keys that could in theory permit universal access, allowing a cybercriminal to write new data about current ship positions.

In layman’s terms, what this means is that if left unplugged, the gap could allow threat actors to read, delete or alter any of the entries in the exposed databases – or even create new ones for cargoes or ships that don’t exist. Moreover, conventional criminals could physically hijack a ship and jam its communications, leaving the port that controls and tracks its movements unaware that the vessel had been boarded.

That in turn could jeopardize up to 3,100 vessels that transport more than 250 million tonnes of cargo annually to and from the two ports – not to mention putting at risk the lives of the estimated 40,000 passengers a year that use Nanjing for sea travel.

The Cybernews team said: “Because of the way ElasticSearch architecture is built, anybody with access to the link has full administrator privileges over the data warehouse, and is thus able to edit or delete all of the contents and, most likely, disrupt the normal workflow of these ports.

“Because both of these ports directly connect factories based in China to international waters, it’s more than likely that they carry international cargo, thus creating a butterfly effect likely to affect the whole supply chain worldwide if the open instance is not closed.”

Zhangjiagang’s main cargoes include steel, timber, coal, cement and chemical fertilizers, while Nanjing typically trades in goods such as metal ore, light industrial goods, petroleum and pharmaceutical products. With Russia having incurred global sanctions as a result of its invasion of Ukraine, the fate of China’s economy will be more important than ever as it seeks to fill the vacuum created by its superpower neighbor’s expulsion from the world stage.

Since being alerted to the problem by Cybernews, the owners of the ElasticSearch database have enforced HTTP Authentication as a requirement for access, effectively cutting it off from the public side of the internet.

Original Post @CyberNews

https://cybernews.com/security/open-database-leaves-major-chinese-ports-exposed-to-shipping-chaos/

About the author Damien Black

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Chinese ports)

[adrotate banner=”5″]

[adrotate banner=”13″]