Appthority has discovered a significant data exposure vulnerability we’ve named Eavesdropper that affects almost 700 apps in enterprise environments. The vulnerability is caused by including hard coded credentials in mobile applications that are using the Twilio Rest API or SDK. By hard coding their credentials, the developers have effectively given global access to all metadata stored in their Twilio accounts, including text/SMS messages, call metadata, and voice recordings.
TIPS #11: How can companies detect and respond to Living Off the Land (LOL) incidents?
Blog Post
Issue: Attackers are Living Off the Land by using native tools within business systems- and many companies can’t detect them. Attackers are increasingly Living Off the Land (LOL) by manipulating legitimate credentials, tools, data, and…
Read More