Browsing tag
The leaked database was discovered on Shodan on May 14th. A huge online database containing private contact information including phone numbers and email IDs of roughly 50 million Instagram profiles including those of influencers and brands has reportedly been discovered by security researcher Anurag Sen. The affected individuals include famous food bloggers and celebrities too […]
Unprotected Amazon Web Services has a new victim and it’s Facebook users. It’s just been a year since the Cambridge Analytics scandal made headlines the world in which Facebook failed to secure its users’ information. Now the cybersecurity firm UpGuard’s researchers have identified the presence of another unsecure Facebook database that has been publicly posted […]
A database hosted on Amazon Web Services (AWS) and owned by Dow Jones has accidentally been exposed putting approx. 2.4 million corporate entities and individuals at risk of data theft. Reportedly, the exposed database comprises sensitive information about terrorists, criminals, and shady businesses. The culprit in this incident is an incorrectly configured and poorly secured […]
The IT security researchers at Check Point have identified a new malware called SpeakUp targeting Linux and macOS – The new findings prove that there has been a surge in malware attacks against Linux and Apple devices. SpeakUp is a new backdoor Trojan that is being distributed by cybercriminals through a malicious new campaign designed […]
The password manager exposed the data due to a misconfigured S3 bucket. The Blur privacy and password management service developer Abine has issued a security notice this Monday stating that a file containing important customer data was accidentally exposed to the internet. Originally, the data was identified on December 13th after Abine found a file containing data including […]
Another day, another data breach – This time, multinational tech giant Nokia has been caught exposing highly sensitive data of industrial nature that would have put its internal security at risk. The data was discovered by the director of the cyber risk research team at Hacken and Hackenproof Bob Diachenko during routine Shodan security audit on December […]
The Cadastro de Pessoas Físicas (CPFs) is a taxpayer registry identification for Brazilians – In this case, 120 million CPFs were exposed online. The IT security researchers at InfoArmor’s Advanced Threat Intelligence team discovered a treasure trove of personal sensitive data belonging to over 120 million Brazilians exposed on an unprotected AWS (Amazon Web Service) S3 cloud […]
Pacu is an open source AWS exploitation framework, designed for offensive security testing against cloud environments. Created and maintained by Rhino Security Labs, Pacu allows penetration testers to exploit configuration flaws within an AWS account, using modules to easily expand its functionality. Current modules enable a range of attacks, including user privilege escalation, backdooring of […]
“DarkGate” malware uses Akamai, AWS DNS records and multiple payloads for cryptomining, credential theft and endpoint takeover. A sophisticated malware campaign has been identified by an enSilo researcher that hasn’t been detected before and is quite advanced than many of the malware identified before. It has been dubbed as DarkGate by the developer, reports researcher […]
Another day, another trove of medical records leaked online, thanks to a misconfigured AWS S3 bucket. Medical records are considered to be sensitive documents and when a malicious third party has access to them it is a bad news as these records can be used for fraud, blackmailing and marketing purposes against patients’ will. However, […]
The same company was once caught spying on its Keyboard app users. GOMO, which is also known as Sungy Mobile, is a well-known Chinese mobile app and software developer company. It is famous worldwide for GO series applications (Yes, the developers of popular GOKeyboard app that was caught spying on millions of its users last year). […]
All thanks to Unsecure AWS S3 Bucket. GoDaddy is the latest victim of cybercriminals and has joined the league of companies that got confidential data leaked due to unsecure Amazon S3 buckets. The world’s leading domain name registering platform, GoDaddy, boasts of more than 18m customers, which makes cyber-attack on this organization a high-profile feat. […]
Scout2 is a security tool that lets AWS administrators assess their environment’s security posture. Using the AWS API, Scout2 gathers configuration data for manual inspection and highlights high-risk areas automatically. Rather than pouring through dozens of pages on the web, Scout2 supplies a clear view of the attack surface automatically. Note: Scout2 is stable and […]
In computing, load balancing improves the distribution of workloads across multiple computing resources, such as computers, a computer cluster, network links, central processing units, or disk drives. Load balancing differs from channel bonding in that load balancing divides traffic between network interfaces on a network socket (OSI model layer 4) basis, while channel bonding implies […]
Researchers at Kromtech Security Center discovered a trove of data belonging to Honda Connect App which was exposed online. The data was stored in two unsecured Amazon AWS S3 Buckets available for public access without any protection More: 119,000 FedEx users passports, security ID & driving licenses exposed Simply put, anyone with an Internet connection and basic knowledge of AWS buckets […]
A popular teen monitoring app has become a victim of a data breach in which plaintext Apple ID passwords are believed to have been compromised. Dubbed as TeenSafe, the app is very popular among parents with over a million subscribers. It is popular because parents can track the whereabouts of their teens. It is advertised as […]
The IT security researchers at Kromtech Security Center discovered a trove of personal and sensitive data belonging to around 15,000 to 20,000 Indian applicants participating in cricket seasons 2015-2018. The authority responsible for protecting this data was The Board of Control for Cricket in India (BCCI) but it was left exposed to the public in two […]
EE, a British mobile network giant owned by BT Group has been accused of leaving a critical code repository on an open-source tool protected by default username and password. A security researcher going by the Twitter handle of “six” found two million lines of code including access to the company’s private employee and developer APIs and AWS secret […]
Facebook has been at the receiving end of backlash and criticism from security fraternity for being embroiled into one data exposure scandal after another lately. The Cambridge Analytica data scandal is still fresh in our minds, where private data of nearly 87 million Facebook users got compromised. It seems like data breaches season is far […]
The IT security researchers at Trend Mirco have discovered that on March 25th, 2018, malicious hackers compromised AOL’s advertising platform and modified its script to mine Monero cryptocurrency. The researchers also found MSN’s web portal’s Japanese domain was also infected by a similar script to mine Monero coins from the computing power of site’s visitors. More: Hackers Hide Monero Cryptominer […]
Remember Memcached servers? Now, we have another case of servers exposed online and fulfilling evil intentions of the hackers. This time, thousands of etcd servers maintained by corporates and organizations are spitting sensitive passwords and encrypted keys, allowing anyone to get access to important data. Security researcher Giovanni Collazo was able to harvest 8781 passwords, […]