252 matches found
Hackers Leak Personal Data from Hundreds of German Politicians On Twitter
Germany has been hit with the biggest hack in its history. A group of unknown hackers has leaked highly-sensitive personal data from more than 100 German politicians, including German Chancellor Angela Merkel, Brandenburg's prime minister Dietmar Woidke, along with some German artists, journalist...
30 Million Facebook Accounts Were Hacked: Check If You're One of Them
Late last month Facebook announced its worst-ever security breach that allowed an unknown group of hackers to steal secret access tokens for millions of accounts by taking advantage of a flaw in the 'View As' feature. At the time of the initial disclosure, Facebook estimated that the number of...
30M Facebook breach; includes users phone numbers and location data
By Waqas FBI has asked Facebook not to discuss who may be behind this attack. On September 28th, 2018 the social media giant Facebook announced that it suffered a massive data breach in which hackers stole access tokens of millions of accounts after exploiting a critical vulnerability in its "Vie...
Datasploit - An OSINT Framework To Perform Various Recon Techniques On Companies, People, Phone Number, Bitcoin Addresses, Etc., Aggregate All The Raw Data, And Give Data In Multiple Formats
Overview of the tool: Performs OSINT on a domain/email/username/phone and find out information from different sources. Correlate and collaborate the results, show them in a consolidated manner. Tries to find out credentials, api-keys, tokens, subdomains, domain history, legacy portals, etc. relat...
Brazilian Crypto exchange hacked; private data of over 264,000 users exposed
By Waqas A Brazilian firm Crypto exchange Atlas has become a victim of a security breach and over 264,000 users’ email addresses, phone numbers, and cryptocurrency amount related information might have been leaked. The news of data hack was reported firstly by a YouTube channel in Brazil called...
CVE-2018-14608
Thomson Reuters UltraTax CS 2017 on Windows has a password protection option; however, the level of protection might be inconsistent with some customers' expectations because the data is directly accessible in cleartext. Specifically, it stores customer data in unique directories...
PT-2018-12614 · Thomson Reuters · Thomson Reuters Ultratax Cs
Name of the Vulnerable Software and Affected Versions: Thomson Reuters UltraTax CS version 2017 Description: The software has a password protection option, but the level of protection may not meet some customers' expectations because the data is stored in cleartext. Customer data is stored in...
Timehop Hacked — Hackers Stole Personal Data Of All 21 Million Users
And the hacks just keep on coming. Timehop social media app has been hit by a major data breach on July 4th that compromised the personal data of its more than 21 million users. Timehop is a simple social media app that collects your old photos and posts from your iPhone, Facebook, Instagram,...
BlackWidow - A Python Based Web Application Scanner To Gather OSINT And Fuzz For OWASP Vulnerabilities On A Target Website
BlackWidow is a python based web application spider to gather subdomains, URL's, dynamic parameters, email addresses and phone numbers from a target website. This project also includes Inject-X fuzzer to scan dynamic URL's for common OWASP vulnerabilities. DEMO VIDEO: FEATURES: Automatically...
CVE-2015-3888
Jolla Sailfish OS before 1.1.2.16 allows remote attackers to spoof phone numbers and trigger calls to arbitrary numbers via spaces in a tel: URL...
CVE-2015-3888
CVE-2015-3888 affects Jolla Sailfish OS before 1.1.2.16. The issue is in the tel: URL handling, where spaces in the URL can be exploited to spoof the caller ID and trigger calls to arbitrary numbers. This is a remote defense/reachability concern for users and operators relying on accurate caller ...
CVE-2015-3888
Jolla Sailfish OS before 1.1.2.16 allows remote attackers to spoof phone numbers and trigger calls to arbitrary numbers via spaces in a tel: URL...
Web Application Spider: BlackWidow
BlackWidow is a python based web application spider to gather subdomains, URL’s, dynamic parameters, email addresses and phone numbers from a target website. This project also includes Inject-X fuzzer to scan dynamic URL’s for common OWASP vulnerabilities. Features: Automatically collect all URL’...
HOT Man Android App Has Information Leakage Vulnerability
HOT Man Android APP is a mobile magazine software. There is an information leakage vulnerability in HOT Man Android APP. After registering and logging in to the system, an attacker can obtain sensitive information such as other users' UIDs, names, and cell phone numbers by clicking on "My Avatar"...
Xiaofeng Air Ching App for Android suffers from arbitrary account password reset vulnerability
Xiaofeng Air Dorje APP is the APP developed by Shenzhen Xiaofeng Technology Co., Ltd. to work with Xiaofeng Air Dorje system, mainly used to monitor the indoor air quality and Xiaofeng Air Dorje internal and external machine operation status, monitoring items including PM2.5, formaldehyde, oxygen...
HEYI Intelligent Alarm System Android APP has malicious bulk registration vulnerability
HEYI Smart Alarm System Android APP is a smart alarm APP that integrates security class monitoring, firmware upgrade, smart extension and so on. HEYI Smart Alarm System Android APP has a malicious bulk registration vulnerability, attackers can bulk register accounts by grabbing packet data to...
Malicious Bulk Registration Vulnerability in Bodivis Android APP of Tongfang Co.
The bodivis Android App is a healthy life management app for use with the bodivis Health Scale and Exercise Bracelet. There is a malicious bulk registration vulnerability in the bodivis Android APP of Tongfang Co. Attackers can bypass the authentication code and register accounts in bulk by...
Tweep - An Advanced Twitter Scraping Tool
Tweep is an advanced Twitter scraping tool written in python that allows for scraping Tweets and pictures from Twitter profiles without using Twitter's API. Benefits Some of the benefits of using Tweep vs Twitter API: Fast initial setup Can be used anonymously No rate limitations Can fetch all...
Flower Han App Has Logic Design Flaws
Flower Han is a cosmetic surgery and beauty community app. There is a logical design vulnerability in the Flower Han app that allows an attacker to register any user and reset a user's password by grabbing packets and modifying a cell phone number...
Arbitrary User Registration and Password Reset Vulnerability in Sapless App
The Paceless App is a software that provides cloud-based intelligent menstrual cycle data recording and analysis. There is an arbitrary user registration vulnerability in Snappy Worry-Free App, which allows an attacker to register any user and reset the user's password by catching packets and...