As per reports, On May 12, 2023, Toyota Motor Corporation discovered that they had been subject to a Potential data leak due to misconfiguration of the Cloud Environment on their Japanese side. Toyota Investigated all of its cloud environments and found that some customer information was accessible externally. Currently, there has been another incident at […]
Microsoft this week confirmed that it inadvertently exposed information related to thousands of customers following a security lapse that left an endpoint publicly accessible over the internet sans any authentication. “This misconfiguration resulted in the potential for unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospective customers, such as the […]
Interactive livestreaming platform Twitch acknowledged a “breach” after an anonymous poster on the 4chan messaging board leaked its source code, an unreleased Steam competitor from Amazon Game Studios, details of creator payouts, proprietary software development kits, and other internal tools. The Amazon-owned service said it’s “working with urgency to understand the extent of this,” adding […]
According to researchers, the incident involved 47 government and private entities across the United States. The IT security researchers at UpGuard published a research report disclosing that organizations using Microsoft Power Apps were susceptible to a default misconfiguration, which made their data sets findable by anyone knowing the web address and search engines. UpGuard researchers […]
Nowadays it becomes quite common and frequent to see how apps and companies are suffering cyber attacks, which resulting massive data breaches. Recently, a team of security researchers at Check Point security company has reported a massive data breach in which data of 100 million users were exposed. This data breach happened due to a […]
A simple CORS misconfiguration scannerBased on the research of James KettleCORStest is a quick & dirty Python 2 tool to find Cross-Origin Resource Sharing (CORS) misconfigurations. It takes a text file as input which may contain a list of domain names or URLs. Currently, the following potential vulnerabilities are detected by sending a certain Origin […]
Corsy is a lightweight program that scans for all known misconfigurations in CORS implementations. UsageUsing Corsy is pretty simplepython corsy.py -u https://example.comA delay between consecutive requests can be specified with -d option. Note: This is a beta version, features such as JSON output and scanning multiple hosts will be added later. Tests implemented Pre-domain bypass […]
Corsy Corsy is a lightweight program that scans for all known misconfigurations in CORS implementations. Tests implemented Pre-domain bypass Post-domain bypass Backtick bypass Null origin bypass Invalid value Wild card value Origin reflection test Third-party allowance test HTTP allowance test Install git clone https://github.com/s0md3v/Corsy.git Use python corsy.py -u https://example.com Copyright (C) 2019 s0md3v Source: https://github.com/s0md3v/ […]
We should never be under the impression that it’s the big blunders committed by users and enterprises that lead to big security incidents. It’s sometimes the little mistakes and very minor misconfigurations, mostly those missteps that could be easily avoided, that lead to big security incidents and data breaches. Companies are devastated, huge reputation damages […]
A set of scripts compromises the security of Docker services According to reports of cybersecurity and digital forensics specialists from the International Institute of Cyber Security, malicious hackers seeking an easy way to mine cryptocurrency without the users’ consent are actively attacking the publicly exposed Docker services. According to specialists, hackers use a malicious script capable of […]
A New Discovered SVR Tracking Company Sever Repository Misconfiguration Leaks the Secret Information of vehicle recovery device and monitoring company SVR Tracking (stolen vehicle records) which Discovered from a misconfigured Amazon AWS S3 bucket. SVR Tracking Providing service enables lot owners to locate and recover their vehicles with live, real-time tracking and provides stop verification. […]