51 matches found
From Bounty Leaderboards to Microsoft Security Researcher, Meet Cameron Vincent!
Fun Facts: Game you binged: Guitar Hero and Rock Band fanatic. Go to snack: Nutri-Grain Bars. Favorite Drink: Soda – Coca Cola specifically. Favorite Place: Singapore – stayed an extra week after a hacking collaboration and truly fell in love and hopes to get back as soon as possible. Favorite...
42,000 phishing domains discovered masquerading as popular brands
By Deeba Ahmed According to researchers, this scam is highly sophisticated and large-scale, targeting brands like McDonald’s, Unilever, Emirates, Knorr, Coca-Cola, etc. This is a post from HackRead.com Read the original post: 42,000 phishing domains discovered masquerading as popular brands...
crewconnect.coca-cola.com Cross Site Scripting vulnerability OBB-2515353
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
A week in security (May 28 – June 3)
Last week on Labs, we talked about the significance of SEO poisoning in the world of search marketing, blackmail attempts against financial institutions in Canada, voice command flaws in smart assistants, survey and potential phishing scams on Instagram, and the latest changes in Office 365. We...
Yahoo! Hacker Sentenced; Coke Opens Up a Can of Data Breach
Fortune 500 breaches seem to be a theme this week. As the Yahoo attacker responsible for the company’s 500 million-account data breach has been sentenced, Coca-Cola disclosed an insider stole the information of 8,000 employees. A Canadian man who pleaded guilty last year to a “hacking-for-hire”...
Cola-Cola breach: ex-employee stole hard drive with 8,000 workers’ data
By Carolina The world-renowned carbonated soft drink producer Cola-Cola has announced that it has This is a post from HackRead.com Read the original post: Cola-Cola breach: ex-employee stole hard drive with 8,000 workers' data...
embajadorslbu.coca-cola.com XSS vulnerability
Vulnerable URL: https://www.embajadorslbu.coca-cola.com/recuperarpassword/index.php Details: Description| Value ---|--- Patched:| No Latest check for patch:| 07.10.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No...
CVE-2014-7798
The Coca-Cola FM Brasil aka com.enyetech.radio.cocacola.fmbr application 2.0.41709 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2014-7667
The Coca-Cola FM Honduras aka com.enyetech.radio.cocacola.fmhn application 2.0.41725 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
Design/Logic Flaw
The Coca-Cola FM Honduras aka com.enyetech.radio.cocacola.fmhn application 2.0.41725 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
Design/Logic Flaw
The Coca-Cola FM Brasil aka com.enyetech.radio.cocacola.fmbr application 2.0.41709 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2014-7798
CVE-2014-7798 affects the Coca-Cola FM Brasil Android app (com.enyetech.radio.coca_cola.fm_br, version 2.0.41709). The issue is that the app does not verify X.509 certificates when connecting to SSL servers, enabling potential MitM attackers to spoof servers and access sensitive information via a...
CVE-2014-7667
The Coca-Cola FM Honduras Android app (com.enyetech.radio.coca_cola.fm_hn) version 2.0.41725 does not verify X.509 certificates from SSL servers, enabling man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. The provided documents do not specify...
CVE-2014-7667
The Coca-Cola FM Honduras aka com.enyetech.radio.cocacola.fmhn application 2.0.41725 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2014-7798
The Coca-Cola FM Brasil aka com.enyetech.radio.cocacola.fmbr application 2.0.41709 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2014-7484
The Coca-Cola FM Guatemala aka com.enyetech.radio.cocacola.fmgu application 2.0.41725 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
Design/Logic Flaw
The Coca-Cola FM Guatemala aka com.enyetech.radio.cocacola.fmgu application 2.0.41725 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2014-7484
CVE-2014-7484 affects the Coca-Cola FM Guatemala Android app (com.enyetech.radio.coca_cola.fm_gu) version 2.0.41725. The vulnerability is failure to verify X.509 certificates from SSL servers, enabling man-in-the-middle attackers to spoof servers and access sensitive data via a crafted certificat...
CVE-2014-7484
The Coca-Cola FM Guatemala aka com.enyetech.radio.cocacola.fmgu application 2.0.41725 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2014-6909
The Coca-Cola FM Peru aka com.enyetech.radio.cocacola.fmpe application 2.0.41716 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...