-
Unsecured API Leads to 'Yelp for Conservatives' App Data Leak
The API of the 63Red Safe mobile app known as "Yelp for conservatives" was found by French security researcher Robert Baptiste wide open, with no authentication needed to access and view the data stored within the app's database.
- March 12, 2019
- 04:19 PM
0
-
Creepy Database Lists 'BreedReady' Status for 1.8 Million Women
A database left unprotected online reveals a creepy set of details collected on more than 1.8 million women in China. Apart from the regular info one would expect, like name, age, and date of birth, the data set also includes a "BreedReady" status.
- March 11, 2019
- 11:53 AM
2
-
New Webinar: Choose Your Own Investigation — Browser Attack Edition
Modern attacks have shifted focus to the browser, yet detection tools remain largely blind to the crucial activity happening there.
Join Push Security on February 11th for an interactive "choose-your-own-adventure" webinar on ClickFix, credential phishing, and other in-browser attacks we've observed in the wild.
-
Open MongoDB Databases Expose Chinese Surveillance Data
18 MongoDB databases with information generated by accounts on several online social services in China have been sitting on the web ready for plucking by anyone knowing where to look.
- March 04, 2019
- 03:06 AM
- 0
-
MySQL Design Flaw Allows Malicious Servers to Steal Files from Clients
A design flaw in the file transfer interaction between a client host and a MySQL server allows the latter to request from the former any data the client user has read access to.
- January 21, 2019
- 09:33 AM
- 1
-
Flaws in a Card Access Control System May Allow Hackers to Bypass Security
Vulnerabilities discovered in the PremiSys IDentity access system could render the building entrance security it provides useless. The vendor was warned about the flaws but still hasn't released the necessary patches.
- January 15, 2019
- 05:28 AM
- 0
-
Unprotected MongoDB Exposes Over 200 Millions Resumes
A huge MongoDB database containing over 200 million records with resumes from job seekers in China stayed accessible without authentication for at least one week to anyone able to locate it. The size of the cache weighed 854GB.
- January 10, 2019
- 09:00 AM
- 0
-
Millions of Voter Records Up for Sale Ahead of the US Midterm Elections
As the US midterm elections close in, the underground markets appear to be flush with voter databases available for affordable prices.
- October 30, 2018
- 11:01 AM
- 0
-
Vending Machine App Hacked for Unlimited Credit
A hacker enticed by the payment method used by the vending machines located on a university campus found a way to get free credit after looking at the inner workings of the machine's accompanying mobile app.
- October 16, 2018
- 05:55 PM
- 1
-
Illegal Patch Allows Easier Access to India's Aadhaar Biometric Database
Access to India's Aadhaar unique identity enrollment software is unrestricted to anyone for as much as $35 - the price of a debilitating patch for important security features.
- September 14, 2018
- 11:43 AM
- 0
-
MongoDB Server Exposes Babysitting App's Database
The makers of Sitter, a popular app for connecting babysitters with parents, have involuntarily exposed the personal details of over 93,000 users.
- August 21, 2018
- 10:28 AM
- 0
-
Robocall Firm Exposes Hundreds of Thousands of US Voters' Records
RoboCent, a Virginia Beach-based political robocall firm, has exposed the personal details of hundreds of thousands of US voters, according to the findings of a security researcher who stumbled upon the company's database online.
- July 18, 2018
- 02:25 PM
- 0
-
Russia Runs Incomplete, Slow, Sloppy Vulnerability Database
Russia's national vulnerability database (BDU) indexes and lists about a tenth of the security flaws it should be indexing on a normal basis.
- July 16, 2018
- 01:41 PM
- 0
-
Thousands of Apps Leak Sensitive Data via Misconfigured Firebase Backends
Thousands of iOS and Android mobile applications are exposing over 113 GBs of data via over 2,271 misconfigured Firebase databases, according to a report released this week by mobile security firm Appthority.
- June 23, 2018
- 05:00 AM
- 0
-
Around 75% of Open Redis Servers Are Infected With Malware
The vast majority of Redis servers left open on the Internet without any authentication system in place are most likely harboring malware, an Imperva spokesperson said.
- June 01, 2018
- 06:31 AM
- 0
-
Hacker Shuts Down Copenhagen’s Public City Bikes System
An unidentified hacker has breached Bycyklen —Copenhagen's city bikes network— and deleted the organization's entire database, disabling the public's access to bicycles over the weekend.
- May 09, 2018
- 12:45 AM
- 2
-
Exposed MongoDB Server Exposes Details of Cryptocurrency Users
Security researchers have stumbled across a MongoDB database containing the personal details of over 25,000 users who invested in or received Bezop (BEZ) cryptocurrency.
- April 26, 2018
- 01:40 PM
- 0
-
Misconfigured Django Apps Are Exposing Secret API Keys, Database Passwords
Security researchers have begun stumbling upon misconfigured Django applications that are exposing sensitive information such as API keys, server passwords, or AWS access tokens.
- March 30, 2018
- 07:10 PM
- 0
-
Hackers Target PostgreSQL DBs With Coinminer Hidden in Scarlett Johannsson Image
A new type of attack has been discovered targeting PostgreSQL databases, in which malware authors are using an image of Hollywood actress Scarlett Johansson to hide a cryptocurrency miner they intend to run on the DB's underlying server.
- March 16, 2018
- 09:25 AM
- 0
-
Amazon AWS Servers Might Soon Be Held for Ransom, Similar to MongoDB
Amazon AWS S3 cloud storage servers might soon fall victims to ransom attacks, similar to how hacker groups held tens of thousands of MongoDB databases for ransom throughout 2017.
- February 21, 2018
- 12:46 AM
- 0
-
Anchor CMS Sites May Be Spewing Their Database Passwords
Websites built using the Anchor CMS may be accidentally exposing their database passwords in publicly-facing error logs, Dutch security researcher Tijme Gommers has discovered.
- February 19, 2018
- 04:56 AM
- 0
