1182 matches found
AWCM 2.2 Final - Persistent Cross Site Script Vulnerability
No description provided by source. Exploit Title: AWCM v2.2 final Persistent Cross Site Script Date: 13-02-2011 Author:84kur10 Software Link: www.awcm-cms.com Version: v2.2 CVE : Contact: 84kur10atgmail.com Greetz to: SLG all Members, D4nb4r, Naviterrible, J3h3s, C4br4...
Flappy Bird app clones send text messages to Premium Number
Flappy Bird, developed by a 29-year old, Dong Nguyen, was one of the top free gaming apps of the last month, but now officially unavailable for users. After achieving income of $50,000 per day in advertising revenue, Dong Nguyen pulled out Flappy Bird gaming app from all the web app stores and no...
Scammers Using World Cup as Phishing Lure
The World Cup is still four months away, but attackers already are ramping up their efforts to defraud fans. As with most major events, such as the Super Bowl, the Olympics and others, attackers are using fans’ enthusiasm for the event as a lure to separate them from their money. When a major eve...
800,000 Customers' detail stolen in Data Breach at French Telecom 'Orange'
One of the world’s largest mobile operator 'Orange' has been hit by data breach. The French multinational telecommunication company announced recently, it was targeted by unknown hackers on 16th January 2014, who allegedly gained access to the accounts of up to 800,000 customers of Orange website...
RAM Scrapers and the Target Data Breach
The retail and hospitality industries have a painful history with wonky point-of-sale systems and malware known as RAM scrapers. These attacks, which date back as many as six years, are designed to be injected into running processes and steal payment card data before it’s encrypted by a...
Illegal Online Marketplaces Booming
A complete bundle of personal information hackers require to steal identities is available on the underground for as little as $25. The data, known as Fullz in underground parlance, includes name, address, phone number, date of birth, Social Security or EIN numbers, email address with password an...
Lavabit Gives Users Chance to Recover Email Archives
Lavabit, the now-shuttered secure email provider that has become something of a rallying point for privacy advocates and security experts in the ongoing NSA surveillance saga, is giving its former users until Thursday night to change their passwords on the service. They will then have a short...
XAMPP 1.8.1 Local Write Access Vulnerability
XAMPP version 1.8.1 allows an unprivileged user the ability to write to the local disk. It has been detected than an unprivileged user can write in the local disk and the local file "lang.tmp" can be modified in the remote machine. The injection is done through the page "/xampp/lang.php"...
OAuth Administration screen is visible to anonymous users
If anonymous user access is enabled under "Global Permission", user can access to "OAuth Administration" page without the need to log-in. Here is the URL to the page: /plugins/servlet/oauth/view-consumer-info This page display Confluence administrators menu on the sidebar and other information su...
2 Million Customer Records Stolen in Vodafone Germany breach
Security experts are warning Vodafone customers, particularly those in Germany, of a possible increase in phishing attacks after an insider at the telecommunications giant accessed a database and stole personal information on as many as two million customers. German police have a suspect, adding...
LulzSec hacker sentenced to 1 year jail & ordered to pay $605,663 in restitution
A second member of hacking group LulzSec - Raynaldo Rivera, 21, of Tempe, Arizona, has been sentenced to 1 year in prison, 13 months of house arrest, and 1,000 hours of community service for hacking into the computers of Sony Pictures Entertainment. Raynaldo who went by Internet names ”neuron” wa...
German Video Game 'Crytek' Websites go offline after Security Breach
It seems that German Video Game company 'Crytek' has been the latest victim of hacking attacks on its website and few forums, and caused Crytek's family of websites to go offline. According to the company, "Our Crytek.com, Mycryengine.com, Crydev.net and MyCrysis.com sites were all subject to a...
Google ordered to hand over sensitive users details to FBI without a warrant
Judge Susan Illston of the U.S. District Court for the Northern District of California on Friday has ordered the Google to hand over customer details to FBI without a warrant. FBI counter terrorism agents began issuing the secret letters, which don't require a judge's approval, after Congress...
Thousands of DHS Personnel Notified of Data Breach
The Department of Homeland Security this week began notifying up to tens of thousands of employees, contractors and others with a DHS security clearance that their personal data may be at risk. The notifications began on Monday, according to an online statement, after officials learned of a...
The Pirate Bay co-founder charged for hacking and stealing money
The Pirate Bay co-founder Gottfrid Svartholm Warg Anakata charged with hacking the IBM mainframe of Logica, a Swedish IT firm that provided tax services to the Swedish government, and the IBM mainframe of the Swedish Nordea bank. Svartholm has been charged with several hacking related offenses...
Lock Screen Bypass Flaw Found in Samsung Androids
A vulnerability exists in Samsung devices running Android version 4.1.2 that could give unauthenticated users the ability to circumvent the screen lock and view the home screen, run apps, and reach out to contacts without successfully completing Android’s pattern lock, PIN, password or Face Unloc...
Google Play privacy issue, sends app buyers personal details to developers
Google is again under attack for its apparent mishandling of its users’ personal information. An Australian software developer 'Dan Nolan' revealed that the search giant was sending him the full names, email and post codes of everyone who purchased his app on Google's Play. In a blog post, Nolan...
Stolen NASA Laptop Puts 'Large Number' of Employees at Risk
NASA has enacted new policies to protect employee and other sensitive information after a laptop was stolen from an employee’s locked vehicle, exposing records of personal information on a “large number” of NASA employees. The laptop was not protected by whole disk encryption, NASA officials said...
Hacker steal 16000 unencrypted credit cards & 3.6 million Social Security numbers
The South Carolina Department of Revenue has announced that millions of Social Security numbers and debit/credit card numbers have been compromised. Hackers from outside the United States recently penetrated the website for South Carolina's Department of Revenue and reportedly made off with 3.6...
CVE-2012-4830
Unspecified vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11 and 7.0 through 7.0.0.6 allows remote attackers to obtain users' personal data via unknown vectors...