Report for Mayfair Hotels and Resorts Fake Phishing sites (Typosquatting) ww.mayfairhotels.in w www.mayfa.irhotels.com www.mayfairhotel.com www.myfairhotels.com http://careers.mayfairhotels.com/ https://www.mayfairhotelsandresorts.com/ Social media Impersonation/ Scams Instagram : https://www.instagram.com/mayfair_lagoon/ https://www.instagram.com/mayfair_dwarka/ https://www.instagram.com/mayfairraipur/ https://www.instagram.com/mayfair.guwahati/ https://www.instagram.com/mayfairmorjim/ https://www.instagram.com/mayfairsiliguri/ https://www.instagram.com/mayfairpurnea/ https://www.instagram.com/mayfair_gopalpur/ https://www.instagram.com/mayfair_darjeeling/ https://www.instagram.com/mayfairgangtok/ https://www.instagram.com/mayfair_kalimpong/ Facebook: https://www.facebook.com/mayfairpurnea https://www.facebook.com/MayfairSiliguri https://www.facebook.com/MayfairRaipur https://www.facebook.com/mayfairrourkela https://www.facebook.com/MayfairHeritagePuri https://www.facebook.com/MayfairGangtok https://www.facebook.com/MayfairDarjeeling https://www.facebook.com/MayfairPuriDarjeelingKalimpongGangtokBengalTourism https://www.facebook.com/MayfairGoa https://www.facebook.com/MayfairHotelsResortsLtd https://www.facebook.com/profile.php?id=100063841215864 https://www.facebook.com/profile.php?id=100095042196331 https://www.facebook.com/profile.php?id=100068380800898 https://www.facebook.com/MayfairGopalpur https://www.facebook.com/MayfairConventionBBSR https://www.facebook.com/MayfairKalimpong https://www.facebook.com/Mayfair.SpringValley.Guwahati https://www.facebook.com/MayfairVillas https://www.facebook.com/mayfairmanorjungpana Twitter : https://twitter.com/MayfairRBX https://twitter.com/LodgingStuff https://twitter.com/RobertsMayfair https://twitter.com/MayfairHotel https://twitter.com/MayfairHotel2 https://twitter.com/HotelsMayfi Attack surface (Identify Vulnerabilities, Weaknesses, and Risks to their digital infrastructure) Older version of Web ServerNginx 1.18.0found During Nmap Scan. Vulnerabilities ● C VE-2021-23017:This vulnerability allows an attackerto smuggle requests into an Nginx server, which can be used to bypass security restrictions and execute arbitrary code on the server. ● CVE-2021-22952:This vulnerability allows an attackerto execute arbitrary code on an Nginx server by exploiting a buffer overflow in the ngx_http_dav_module. ● CVE-2021-22951:This vulnerability allows an attackerto bypass security restrictions on an Nginx server by exploiting a race condition in the ngx_http_ssi_module. ● CVE-2021-22950:This vulnerability allows an attackerto bypass security restrictions on an Nginx server by exploiting a race condition in the ngx_http_sub_module. ● CVE-2021-22949:This vulnerability allows an attackerto bypass security restrictions on an Nginx server by exploiting a NULL pointer dereference in the ngx_http_mp4_module. Weaknesses In addition to the known vulnerabilities listed above, Nginx 1.18.0 is also vulnerable to a number of general security weaknesses, such as: ● M isconfigurations:Nginx can be misconfigured in a number of ways that can introduce security vulnerabilities. For example, an administrator may accidentally expose sensitive files or directories to the public, or they may enable features that are not necessary and can be exploited by attackers. ● Outdated software:Nginx 1.18.0 is an outdated versionof the software. Outdated software is often more vulnerable to attack, as security researchers have had more time to discover and exploit vulnerabilities in it. Risks The following risks are associated with running Nginx 1.18.0: ● A ttackers may be able to exploit the known vulnerabilities in Nginx 1.18.0 to gain access to your system or execute arbitrary code. ● Attackers may be able to exploit the general security weaknesses in Nginx 1.18.0 to misconfigure your server or exploit outdated software. ● If your Nginx server is compromised, attackers may be able to steal sensitive data, disrupt your operations, or even launch attacks against other systems in your network. Recommendations To mitigate the risks associated with running Nginx 1.18.0, I recommend the following: ● U pgrade to the latest version of Nginx as soon as possible. The latest version of Nginx includes patches for all of the known vulnerabilities in Nginx 1.18.0. ● Keep your Nginx configuration up to date and secure. Review your Nginx configuration regularly to ensure that it is secure and that you are not exposing any sensitive data or enabling any unnecessary features. ● Use a web application firewall (WAF) to protect your Nginx server from common attacks. A WAF can help to block common web application attacks, such as SQL injection, cross-site scripting (XSS), and command injection. ● Regularly scan your Nginx server for vulnerabilities. There are a number of tools available that can help you to scan your Nginx server for vulnerabilities.
