Data Privacy Day

January 28 is Data Privacy Day DPD, an annual effort promoting data privacy awareness and education. This year’s DPD events, sponsored by the National Cyber Security Alliance NCSA, focus on how to Own Your Privacy. The NCSA teaches users how to protect valuable data online, while encouraging...

Database of 176 million Pakistani mobile phone users sold online

By Waqas The database contains personal data including full names, physical addresses, and phone numbers. This is a post from HackRead.com Read the original post: Database of 176 million Pakistani mobile phone users sold online...

2.28M MeetMindful Daters Compromised in Data Breach

More than 2.28 million members of the online dating site MeetMindful have reportedly been caught up in a wide-ranging data breach that exposes everything from Facebook tokens to physical characteristics. The ShinyHunters hacking group has stolen and published the personally identifiable PII data ...

HCL Commerce Information Disclosure Vulnerability

HCL Commerce is a software platform framework for e-commerce from HCL India. The software includes marketing, sales, customer and order processing functions in a customizable and integrated package. It is a unified platform that provides the ability to conduct business directly with consumers, wi...

Hackers Leak Stolen Pfizer-BioNTech COVID-19 Vaccine Data

On the heels of a previously-reported cyberattack on the European Medicines Agency EMA, cybercriminals have spilled compromised data related to COVID-19 vaccinations onto the internet. The EMA is an agency of the European Union in charge of the evaluation and supervision of medicinal products in...

CVE-2020-14274

Information disclosure vulnerability in HCL Commerce 9.0.1.9 through 9.0.1.14 and 9.1 through 9.1.4 could allow a remote attacker to obtain user personal data via unknown vectors...

CVE-2020-14275

Security vulnerability in HCL Commerce 9.0.0.5 through 9.0.0.13, 9.0.1.0 through 9.0.1.14 and 9.1 through 9.1.4 could allow denial of service, disclosure of user personal data, and performing of unauthorized administrative operations...

Information disclosure

Information disclosure vulnerability in HCL Commerce 9.0.1.9 through 9.0.1.14 and 9.1 through 9.1.4 could allow a remote attacker to obtain user personal data via unknown vectors...

CVE-2020-14274

Information disclosure vulnerability in HCL Commerce 9.0.1.9 through 9.0.1.14 and 9.1 through 9.1.4 could allow a remote attacker to obtain user personal data via unknown vectors...

CVE-2020-14275

Security vulnerability in HCL Commerce 9.0.0.5 through 9.0.0.13, 9.0.1.0 through 9.0.1.14 and 9.1 through 9.1.4 could allow denial of service, disclosure of user personal data, and performing of unauthorized administrative operations...

HCL Commerce 信息泄露漏洞

HCL Commerce is a software platform framework for e-commerce from HCL India. The software includes marketing, sales, customer and order processing functions in a customizable and integrated package. It is a unified platform that provides the ability to conduct business directly with consumers, wi...

h1-ctf: HackyHolidays H1 CTF Writeup

HackyHolidays Day 1 Once the CTF started and the Grinch released the scope hackyholidays.h1ctf.com, I started the CTF by a good old Nmap scan, to see whats running on the server. So the nmap command looked like nmap -sC -sV -oA nmap hackyholidays.h1ctf.com/. The result showed a promising entry...

REvil hackers to leak photos of plastic surgery patients after massive hack

By Waqas The latest victim of REvil hackers aka Sodinokibi group is The Hospital Group based in Manchester, England. A Manchester, England-based prominent cosmetic and weight loss specialist The Hospital Group has suffered a ransomware attack carried out by REvil hackers. As a result, hackers hav...

Police Arrest 21 WeLeakInfo Customers Who Bought Breached Personal Data

21 people have been arrested across the UK as part of a nationwide cyber crackdown targeting customers of WeLeakInfo.com, a now-defunct online service that had been previously selling access to data hacked from other websites. The suspects used stolen personal credentials to commit further cyber...

Ditch Your Data-Hungry Apps for These Privacy-Focused Swaps

From messaging to maps, many popular apps slurp up your data to sell you ads. There’s a better way...

Gerrit Security Vulnerabilities

Gerrit is a code review software for the Gerrit community. Gerrit has a security vulnerability that originates from a lack of authentication measures or insufficient authentication strength in a networked system or product. An attacker could exploit the vulnerability to gain read access to the...

Dox, steal, reveal. Where does your personal data end up?

The technological shift that we have been experiencing for the last few decades is astounding, not least because of its social implications. Every year the online and offline spheres have become more and more connected and are now completely intertwined, leading to online actions having real...

Dating Site Bumble Leaves Swipes Unsecured for 100M Users

After a taking closer look at the code for popular dating site and app Bumble, where women typically initiate the conversation, Independent Security Evaluators researcher Sanjana Sarda found concerning API vulnerabilities. These not only allowed her to bypass paying for Bumble Boost premium...

Home Depot Confirms Data Breach in Order Confirmation SNAFU

Home Depot has exposed the private order confirmations of hundreds of Canadian consumers, containing names, physical addresses, email addresses, order details and partial credit-card information. After customers began reporting that they had received hundreds of emails from the home-improvement...

U.S. Dept Of Defense: Reflected XSS www.█████ search form

Description: Reflected XSS vulnerabilities arise when the application accepts a malicious input script from a user and then this is executed in the victim's browser.Since the XSS is reflected, the attacker has to trick the victim into executing the payload, usually using another website. In this...