Browsing tag
A few months ago, Bluetooth-enabled fidget spinners were in the news for blowing up and putting lives in danger. This time, these toys are in discussion for posing a threat to users privacy and stealing their data. According to Arun Magesh, an IT security researcher at Payatu Technologies, India; the AiTURE fidget hand spinner app on Play Store […]
In a Dark Web marketplace, one can buy anything from illegal drugs to weapons, fake documents to malicious software and even stolen databases, etc. Although after the shut down of Hansa and AlphaBay marketplace, buying and selling have slowed down. It does not, however, mean it has been fully curbed. Recently, a dark web monitoring firm 4iQ discovered a […]
The researchers demanded data left visible entered names, phone numbers, locations and Google queries. The chief of the Israeli company back the app confirmed the breach but said most of the data was not sensitive. Bob Diachenko, from the Kromtech Security Centre, part of contract company Mackeeper, said the number of data required by the […]
It’s just another day with just another breach exposing personal details of unsuspecting users. This time, it’s an immensely popular virtual keyboard app called AI.Type whose developers have exposed personal details of over 31 million users. The database was discovered by security researchers at the Kromtech Security Center who detailed that in total 577 GB of data containing […]
A former National Security Agency hacker has admitted to illegally taking highly classified information from the agency’s headquarters, which was later stolen by Russian hackers. Nghia Pho, 67, a Maryland resident who worked for the NSA’s Tailored Access Operations, the agency’s elite hacking unit, entered a guilty plea on Friday to charges of willful retention […]
Another day another massive trove of sensitive NSA data exposed online – This time, security firm UpGuard’s Cyber Risk team has identified yet another unsecured AWS (Amazon Web Service) S3 cloud storage bucket containing sensitive, confidential data that belongs to the joint command of National Security Agency (NSA) and US Defense Department called the United States […]
Mozilla is joining hands with popular data breach notification website HaveIBeenPwned.com (HIBP) to send an in-browser alert to Firefox browser users if they are visiting a site that was previously hacked and whether their login credentials have been involved in a data breach. “This is an addon that I’m going to be using for prototyping an upcoming […]
Discovered by UpGuard defense researcher Chris Vickery, the databases were entitled “CENTCOM-backup,” “CENTCOM-archive,” and “pacom-archive.” Based on their titles, it was obvious the databases related to US Central Command (CENTCOM) and US Pacific Command (PACOM), two of the DOD’s combatant command operations. According to the researcher, the data received from the databases did not include […]
UpGuard’s security researcher Chris Vickery has discovered three misconfigured AWS S3 buckets that are available for public access on the internet. The archives contain several terabytes of data, which includes social media posts and similar pages from across the globe. The data is the property of the US military, and it is alleged that the […]
A couple of days ago it was reported that an IT security researcher Robert Baptiste who goes by the handle of Elliot Alderson on Twitter had discovered a pre-installed backdoor application called “EngineerMode” on OnePlus smartphones including its 5, 3, 3T models and OxygenOS for OnePlus 1. Now, the same researcher has found another preinstalled app in OnePlus devices sold to customers around the […]
If you are using OnePlus 5, 3 or its 3T model, an IT security researcher Elliot Alderson (whose real name is Robert Baptiste) has bad news for you. The researcher has discovered that all three of its top models are being sold with a pre-installed application that can be exploited to grant a backdoor root access to an attacker. […]
Ride-hailing apps are currently in vogue now, there are countless small to large startups that are providing apps such as Uber and Lyft that are able to access confidential personal information on a daily basis. Users of these apps are required to provide explicit personal details about their whereabouts and destinations, which is nothing out […]
A Linux alternative to enum.exe for enumerating data from Windows and Samba hosts. Enum4linux is a tool for enumerating information from Windows and Samba systems. It is written in Perl and is basically a wrapper around the Samba tools smbclient, rpclient, net and nmblookup. Key features RID cycling (When RestrictAnonymous is set to 1 on […]
A Chinese mechanical keyboard manufacturer MantisTek has been caught in the middle of a controversy in which it’s being blamed for spying on users through built-in keylogger in its GK2 model and sending the data to a server apparently hosted on Alibaba Cloud server. The communication is happening over HTTP, not HTTPS which means the user data is being […]
According to reports from the Sunday Mirror, a USB device was found lying on the street in West London having sensitive data belonging to Heathrow security. An unnamed individual discovered the USB stick from Ilbert Street in Queens Park. This USB had highly sensitive data that could easily be termed as a treasure trove for […]
DET (is provided AS IS), is a proof of concept to perform Data Exfiltration using either single or multiple channel(s) at the same time. This is a Proof of Concept aimed at identifying possible DLP failures. This should never be used to exfiltrate sensitive/live data (say on an assessment) The idea was to create a […]
It’s another day with yet another Amazon Web Services (AWS) bucket exposing sensitive user data to the public. IT security researchers at Kromtech Security discovered an unprotected Amazon Web Services (AWS) bucket available for public access. The bucket contained personal and sensitive data of more than 150,000 patients from Patient Home Monitoring (PHM) healthcare firm (Lafayette, Louisiana, United States) […]
On September 17th, 2017, Chris Vickery, director of Cyber Risk Research at UpGuard discovered a trove of highly sensitive data exposed online without any security or login credentials. The data belonged to one of the world’s largest corporate consulting and management firms Accenture PLC based in Dublin, Ireland. The data was left exposed on four Amazon Web […]
It’s another day with yet another story of a data breach affecting millions of users around the world – This time, the targeted platforms are Bitly and Kickstarter. Bit.ly Troy Hunt, an IT security researcher and founder of breach notification website HaveIBeenPwned (HIBP) has discovered that Bitly, a URL shortener service provider was compromised back in May 2014 […]
Facebook is known for tracking users even when they log off from the site; the social media giant also faces criticism over its tactics to collect user data. Now, it is being reported that Facebook is testing facial recognition technology to assist users in unlocking their Facebook accounts. This means Facebook will use your face to verify […]
Over Half a Million Vehicle Records from SVR Tracking Leaked Online – Thanks to Amazon Web Services Bucket. SVR Tracking, a renowned vehicle tracker devices manufacturer, has become the latest victim of data exposure. According to Kromtech Security Centre’s research, login data of more than half a million records of SVR Tracking was leaked online […]