New cybersecurity research has found that command-line interface (CLI) tools from Amazon Web Services (AWS) and Google Cloud can expose sensitive credentials in build logs, posing significant risks to organizations. The vulnerability has been codenamed LeakyCLI by cloud security firm Orca. “Some commands on Azure CLI, AWS CLI, and Google Cloud CLI can expose sensitive […]
CVE-2023-36052 is a critical security vulnerability in the Azure Command-Line Interface (CLI), a tool for managing Azure resources. This vulnerability, reported by Palo Alto’s Prisma Cloud, allowed unauthenticated attackers to remotely access plaintext contents, including usernames and passwords, from Continuous Integration and Continuous Deployment (CI/CD) logs created using Azure CLI. These logs could be published […]
Sysdig, a company that specializes in cybersecurity intelligence, uncovered a sophisticated hacking operation known as Scarleteel in February. Since then, Scarleteel has refined both its infection and exfiltration techniques and moved into phase two. Recent operations by Scarleteel have targeted settings such as AWS Fargate and Kubernetes, which indicates a clear shift from just crypto […]
Data security specialists at security firm Safety Dectectives & CNET have discovered a massive data breach (almost 900 GB of compromised information) originating from a server established in China; the exposed server has already been shut down. The exposed server is an Elastic implementation and exposes the personal information of millions of Chinese citizens. The […]
Have you ever asked yourself the question: “So what if my VPN keeps logs?” Don’t worry. It’s a good question to ask. It means you’re actually curious about the nuances of data collection, management and how they affect you. In order to answer this question, we first have to delve into the inner workings of […]
A California-based Voice-Over-IP (VoIP) services provider VOIPO has accidentally left tens of gigabytes of its customer data, containing millions of call logs, SMS/MMS messages, and plaintext internal system credentials, publicly accessible to anyone without authentication. VOIPo is one of a leading providers of Voice-Over-IP (VoIP) services in the United States offering reseller VoIP, Cloud VoIP, and […]
After cracking down on apps involving ad-fraud and spread of malware, Google is calling rogue Android apps on Play Store which require permission to access call logs and SMS. Google has warned developers that in upcoming weeks, apps whose core functionality require SMS and call log permission will be removed from the Android app store. Until […]
A few hours ago, the company announced its “not shocking” intention to shut down Google+ social network as a result of a “shocking” data breach. Now, in order to prevent the abuse and potential leakage of confidential data to third-party application developers, Google has made several important changes to help users better control the type […]
Discover sub-domains by searching through Certificate Transparency logs. What is CT? Certificate Transparency (CT) is an experimental IETF standard. The goal of it was to allow the public to audit which certificates were created by Certificate Authorities (CA). TLS has a weakness that comes from the large list of CAs that your browser implicitly trusts. […]
A security researcher from ESET has announced that he has unearthed new Android-based spyware that is capable of accessing the Whatsapp database and features a host of surveillance features. As reported by ZDNet, the spyware has been discovered on Github in a repository named “OwnMe.” It features a MainActivity.class that initiates a new service OwnMe.class, […]
Log-killer clear all your logs in linux and windows servers. Just download the tool and run it on the server. If your server OS is Windows then download the batch file and run it as administrator. But if your server Linux and then you should run the php script. Log-killer ScreenShots Windows : Linux : […]
It is said that a picture is worth a thousand words, so pairing up your articles, blogs, newsletter, ad-campaigns or presentations with the right image is crucial to make them stand out on or off the internet. But many people struggle to find the perfect image for their blog post or design projects that would […]
VPN Logs Lead to Capturing of an Ex-PenAir Employee Who Hacked Into Company’s Internal Networks. A 59-year old US female has been arrested for hacking into her previous employer’s internal networks and creating havoc by sabotaging the day-to-day activities of the company, thanks to the VPN logs – The accused is a former employee of […]
Facebook is in hot waters for the last couple of weeks after it was reported that the company secretly shared 50 million user profiles with a British political consulting and data mining firm Cambridge Analytica. The data was apparently used to influence Brexit campaign and US presidential election since Cambridge Analytica also worked President Trump and Republican Senator […]
If the Cambridge Analytica story wasn’t enough, Facebook is again under fire for collecting people’s call logs and SMS history for years. Per reports, the said data was discovered by many Android users after they obtained the offline copy of their Facebook data. Earlier, it was said that the company did so without asking the […]
Catching phishing by observing certificate transparency logs. This tool is based on regex with effective standards for detecting phishing sites in real time using certstream. Installation $ cd /opt/ $ git clone https://github.com/6IX7ine/certstreamcatcher.git $ cd certstreamcatcher $ npm install npm package To install certstreamcatcher using npm run: npm install –save certstreamcatcher Try on npm […]
Some quick tips if you use S3 buckets: Randomise your bucket names! There is no need to use company-backup.s3.amazonaws.com. Set appropriate permissions and audit regularly. If possible create two buckets – one for your public assets and another for private data. Be mindful about your data. What are suppliers, contractors and third parties doing with […]
Today, 9 November 2017, WikiLeaks publishes the source code and development logs to Hive, a major component of the CIA infrastructure to control its malware. Hive solves a critical problem for the malware operators at the CIA. Even the most sophisticated malware implant on a target computer is useless if there is no way for […]
On Friday a New Town, Massachusetts based man called Ryan Lin was arrested for cyberstalking after his VPN logs were provided by PureVPN. Lin was accused of cyberstalking his ex-roommate 24-year old Jennifer Smith. Initially, the case was handled by the Waltham Police department, but it was then transferred to the FBI [PDF]. According to the […]
New Banking Malware called “Svpeng” -Trojan-Banker.AndroidOS.Svpeng.ae Discovered with New Advance Futures that working as Keylogger and steals sensitive information such as Entering texts, to send SMS, Call logs and Contacts Details from victims Mobile. Taking Advantages of accessibility services and abusing the system futures allow this Trojan not only steal the call logs and Entering texts, […]
SQL CHAR encoding SQL CAST encoding Case encoding of SQL keywords Substring(Experimental – Disabled by default as it will fail with nested queries)