According to the results of the first quarter of 2025, the number of security vulnerabilities in the security of Russian retail representatives increased by 28%compared to the same period of the previous year. The company’s general manager “Neuroinform” was told by Alexander Dmitriev about this newspaper.
According to Neuroınform, three types are ahead of the most common security deficits determined in the first quarter of 2025. The violation of access control to precision data and resources reached 34% of the total number of problems identified. The second most common frequency was the lack of locking when exploding passwords and users in web applications (26%). The top three leaders close the lack of authentication in the APIs, which make up 21% of security deficits.
Experts see the most critical problem as a violation of access control. This vulnerability pose a direct threat to the company’s entire infrastructure. Neurinform experts have discovered the announcement of internal information (for example, IP addresses used by protective equipment) in public materials such as advertising booklets or instructions. Meta data images, JS scripts or the Internet from the Internet usually have the storage of user accounting data and access to databases (SQL) and API. Open daily files are particularly dangerous, which is in real time, the data entered by users, including inputs and passwords, are saved. According to analysts, access to such resources and data occurs for attackers, the first step of endangering systems and more purposes.
The vulnerability associated with the lack of locking when transmitting passwords and users from web applications continues to be one of the most dangerous ones. It allows cyber criminals to use automatic tools to select accounting data, and use weak or easy estimated user passwords. The problem has been aggravated by two compulsory factors authentication (2FA) and the lack of use of protection systems that can identify and prevent suspicious activity. According to the neurinform experience, the successful operation of this security vulnerability usually leads to the administrative panels of websites, and then to access to the server and the company’s internal network compromise.
Lack of authentication in APIs is distinguished as a relatively new but serious problem in retail. Analysts draw attention to a tendency to be built on the API, which is completely deprived of the authentication mechanisms of many companies. For interaction with such an API, you need only information about the structure of the request and access sign that allows you to get data without an input and password input and perform actions. Such a configuration error may have extremely serious consequences based on a complete reconciliation of the web server and database, leakage of personal customer data, creating conditions for collective fingers, and regulatory fines.
Google before Reported About the fraudulent threat of all Gmail users.
What are you thinking?
Source: Gazeta
Jackson Ruhl is a tech and sci-fi expert, who writes for “Social Bites”. He brings his readers the latest news and developments from the world of technology and science fiction.