djrc.dowjones.com Cross Site Scripting vulnerability OBB-3137807

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Dow Jones Hammer - Protect The Cloud With The Power Of The cloud(AWS)

Dow Jones Hammer is a multi-account cloud security tool for AWS. It identifies misconfigurations and insecure data exposures within most popular AWS resources, across all regions and accounts. It has near real-time reporting capabilities e.g. JIRA, Slack to provide quick feedback to engineers and...

A week in security (February 25 – March 3)

Last week, we delved into the realm of K-12 schools and security, explored the world of compromised websites and Golang bruteforcers, and examined the possible realms of pay for privacy. We also looked at identity management solutions, Google’s Universal Read Gadget, and did the deepest of dives...

Dow Jones’ screening watchlist data exposed online

By Waqas A database hosted on Amazon Web Services AWS and owned by Dow Jones has accidentally been exposed putting approx. 2.4 million corporate entities and individuals at risk of data theft. Reportedly, the exposed database comprises sensitive information about terrorists, criminals, and shady...

Data Pours from Cloud—And ‘The Enemy is Us’

Accenture, Verizon, Dow Jones and Deep Root Analytics are just the tip of the iceberg when it comes to the millions of private records and sensitive enterprise data exposed on cloud backends this year. And the problem is getting worse not better. “The enemy is us,” said Chris Vickery, director of...

int.dowjones.com XSS vulnerability

Open Bug Bounty ID: OBB-382648 Description| Value ---|--- Affected Website:| int.dowjones.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat...

July 19, 2017 – Morning Cyber Coffee Headlines – “Rosetta Stone” Edition

Good morning! Sit with Carbon Black this morning over a cup of coffee or tea and browse a few industry headlines to get the day started. We’ve got just enough information below to get you through that first cup…enjoy! July 19, 2017 - Headlines Cyberattack on Ukrainian Clinics, Pharmacies Worries...

sso.accounts.dowjones.com XSS vulnerability

Vulnerable URL: https://sso.accounts.dowjones.com/login?client="/alert/openbugbounty/...

hcsc.ewb.dowjones.com Open Redirect vulnerability

Vulnerable URL: http://hcsc.ewb.dowjones.com/Manage/UserTrack.aspx?contID=562672=2443=https://www.openbugbounty.org/ Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa Rank| Unknow...

tools.cisco.com Cross Site Scripting

Exploit Title: Cisco.com sub-domain Reflected XSS RXSS Date: 31/10/2015 Author: Yann CAM @ Synetis - ASafety Vendor or Software Link: www.cisco.com Version: / Category: Reflected Cross Site Scripting Google dork: Tested on: cisco.com sub-domains Cisco description :...

Dow Jones & Company Latest Financial Firm to Report Breach

The financial information firm Dow Jones & Company announced late last week that it’s the latest in an exhaustive list of companies this year to report a data breach. The News Corp.-owned company informed customers Friday that hackers managed to infiltrate their system in an apparent attempt to...