ERPNext 安全漏洞

ERPNext is a set of open-source enterprise resource planning solutions developed by the Indian company ERPNext. Version 16.16.0 of ERPNext contains a security vulnerability. This vulnerability allows authenticated users to persist arbitrary HTML/JavaScript in customer records’ email or mobile...

Everest Ransomware Says It Stole Data of Millions of Under Armour Users

Everest ransomware claims to have breached Under Armour, stealing 343GB of data, including customer info, product records, and internal company files...

Harrods Data Breach: 430,000 Customer Records Stolen Via Third-Party Attack

Luxury retailer Harrods confirms 430,000 customer records names, contacts were stolen from a third-party provider in the latest UK retail cyberattack wave...

Global Fashion Label SABO’s 3.5M Customer Records Exposed Online

Global fashion brand SABO suffers data breach, exposing 3.5+ million customer records including names, addresses, and order details. Learn about the risks and what to do...

U.S. Army Soldier Arrested in AT&T, Verizon Extortions

Federal authorities have arrested and indicted a 20-year-old U.S. Army soldier on suspicion of being Kiberphant0m , a cybercriminal who has been selling and leaking sensitive customer call records stolen earlier this year from AT &T and Verizon. As first reported by KrebsOnSecurity last month, th...

UAE’s Lulu Hypermarket Data Breach: Hackers Claim Millions of Customer Records

Lulu Hypermarket has experienced a major data breach, exposing over 200,000 customer records. The attack, claimed by IntelBroker…...

Major CRM Provider Really Simple Systems Leaked 3M Customer Records

By Deeba Ahmed Really Simple Systems exposed its database publicly without any password or security authentication. KEY FINDINGS A global CRM… This is a post from HackRead.com Read the original post: Major CRM Provider Really Simple Systems Leaked 3M Customer Records...

100m T-Mobile Customer Records Purportedly Up for Sale

A threat actor is selling what they claim to be 30 million T-Mobile customers’ Social Security and driver license numbers on an underground web forum. The collection is a subset of the purported 100 million records contained in stolen databases. The seller told Motherboard – which first reported...

Baby Clothes Giant Carter’s Leaks 410K Customer Records

Baby clothes retailer Carter’s inadvertently exposed the personal data of hundreds of thousands of its customers, dating back years, according to a new disclosure. The issue started with Linc, which is a vendor the company used to automate purchases online, according to analysts with vpnMentor wh...

Broadvoice Leak Exposes 350M Records, Personal Voicemail Transcripts

UPDATE Broadvoice, a well-known VoIP provider that serves small- and medium-sized businesses, has leaked more than 350 million customer records related to the company’s “b-hive” cloud-based communications suite. The data includes hundreds of thousands of voicemail transcripts, many involving...

Marketing firm Friendemic exposed 2.7 million customer records

By Deeba Ahmed Exposed data belonged to Friendemic and included full names, email addresses, and contact numbers of its customers. This is a post from HackRead.com Read the original post: Marketing firm Friendemic exposed 2.7 million customer records...

Brazil's Biggest Cosmetic Brand Natura Exposes Personal Details of Its Users

Brazil's biggest cosmetics company Natura accidentally left hundreds of gigabytes of its customers' personal and payment-related information publicly accessible online that could have been accessed by anyone without authentication. SafetyDetective researcher Anurag Sen last month discovered two...

Gaming controllers manufacturer exposed 1.1M customer records

By Sudais Asif The company, a known manufacturer of gaming controllers and other accessories had left the database exposed to malicious actors without any security authentication. This is a post from HackRead.com Read the original post: Gaming controllers manufacturer exposed 1.1M customer record...

Phish of GoDaddy Employee Jeopardized Escrow.com, Among Others

A spear-phishing attack this week hooked a customer service employee at GoDaddy.com, the world's largest domain name registrar, KrebsOnSecurity has learned. The incident gave the phisher the ability to view and modify key customer records, access that was used to change domain settings for a...

Microsoft Leaves 250M Customer Service Records Open to the Web

UPDATE Misconfigured Microsoft cloud databases containing 14 years of customer support logs exposed 250 million records to the open internet for 25 days. The account info dates back as far as 2005 and is as recent as December 2019 — and exposes Microsoft customers to phishing and tech scams...

CVE-2019-18387

Sourcecodester Hotel and Lodge Management System 1.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the id parameter to the edit page for Customer, Room, Currency, Room Booking Details, or Tax Details...

Hackers Sell Access to Bait-and-Switch Empire

Cybercriminals are auctioning off access to customer information stolen from an online data broker behind a dizzying array of bait-and-switch Web sites that sell access to a vast range of data on U.S. consumers, including DMV and arrest records, genealogy reports, phone number lookups and people...

FitMetrix Exposes Millions of Customer Details, Accessed by Criminals

FitMetrix, which makes performance-tracking software that gym owners can brand and offer to their customers, has exposed millions of customers’​ records, because they were maintaining completely open cloud servers. To boot, the records were accessed by cybercriminals prior to the public access...

GovPayNow.com Leaks 14M+ Records

Government Payment Service Inc. — a company used by thousands of U.S. state and local governments to accept online payments for everything from traffic citations and licensing fees to bail payments and court-ordered fines — has leaked more than 14 million customer records dating back at least six...

CVE-2018-14607

Thomson Reuters UltraTax CS 2017 on Windows, in a client/server configuration, transfers customer records and bank account numbers in cleartext over SMBv2, which allows attackers to 1 obtain sensitive information by sniffing the network or 2 conduct man-in-the-middle MITM attacks via unspecified...