Are You One of the 533M People Who Got Facebooked?

Neer-do-wells leaked personal data -- including phone numbers -- for some 553 million Facebook users this week. Facebook says the data was collected before 2020 when it changed things to prevent such information from being scraped from profiles. To my mind, this just reinforces the need to remove...

How to enable Facebook’s hardware key authentication for iOS and Android

Since 2017 desktop users have had the opportunity to use physical security keys to log in to their Facebook accounts. Now iOS and Android users have the same option too. Physical security keys are a more secure option for two-factor authentication 2FA than SMS which is vulnerable to SIM swap...

Finding the Cracks in the Wall - How Modern Scams Bypass MFA

In my previous blog, I discussed the important role multi-factor authentication MFA plays in further securing access to enterprise and consumer services. We also established the fact that although MFA increases authentication security and decreases the risk of account takeover, MFA can, and is,...

HPE Systems Insight Manager AMF Deserialization Remote Code Execution Exploit

A remotely exploitable vulnerability exists within HPE System Insight Manager SIM version 7.6.x that can be leveraged by a remote unauthenticated attacker to execute code within the context of HPE System Insight Manager's hpsimsvc.exe process, which runs with administrative privileges. The...

WordPress SuperStoreFinder / SuperInteractiveMaps 6.3 SQL Injection Vulnerability

?php Title : SuperStoreFinder & SuperInteractiveMaps Wordpress Plugin SQL Injection Researcher : Eagle Eye Exploit Name : SSF & SIM SQL Injection Request type : POST Plugin Author : Joe lz Plugin Website : https://superstorefinder.net/ Version Affected : All version include latest 6.3 Tested on :...

Gang arrested for SIM-swapping celebrities, stealing $100 million

The UKs National Crime Agency NCA—working alongside the US Secret Service, Homeland Security, the FBI, Europol, and the District Attorneys Office of Santa Clara California—spearheaded the arrest of eight British citizens in the UK and Scotland, aged between 18 to 26, for a string of SIM swapping...

Celeb SIM-Swap Crime Ring Stole $100M from U.S. Victims

A posse of alleged SIM-swapping cybercriminals has been rounded up across Europe by law-enforcement after the crooks finagled more than $100 million from U.S. celebrities and their families. Eight people in the U.K. were arrested in connection with the crime ring, in addition to individuals in...

10 SIM Swappers Arrested for Stealing $100M in Crypto from Celebrities

Ten people belonging to a criminal network have been arrested in connection with a series of SIM-swapping attacks that resulted in the theft of more than $100 million by hijacking the mobile phone accounts of high-profile individuals in the U.S. The Europol-coordinated year-long investigation was...

10 SIM Swappers Arrested for Stealing $100M in Crypto from Celebrities

Ten people belonging to a criminal network have been arrested in connection with a series of SIM-swapping attacks that resulted in the theft of more than $100 million by hijacking the mobile phone accounts of high-profile individuals in the U.S. The Europol-coordinated year-long investigation was...

10 SIM-swapping hackers nabbed for targeting US celebrities

By Waqas Europol has announced arresting 10 hackers involved in large scale SIM-swapping attacks targeting high-profile celebrities in the United States. This is a post from HackRead.com Read the original post: 10 SIM-swapping hackers nabbed for targeting US celebrities...

CVE-2019-20473

An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. Any SIM card used with the device cannot have a PIN configured. If a PIN is configured, the device simply produces a "Remove PIN and restart!" message, and cannot be used. This makes it easier for an attacker to use...

CVE-2019-20473

An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. Any SIM card used with the device cannot have a PIN configured. If a PIN is configured, the device simply produces a "Remove PIN and restart!" message, and cannot be used. This makes it easier for an attacker to use...

Code injection

An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. Any SIM card used with the device cannot have a PIN configured. If a PIN is configured, the device simply produces a "Remove PIN and restart!" message, and cannot be used. This makes it easier for an attacker to use...

CVE-2019-20473

The CVE concerns TK-Star Q90 Junior GPS horloge (version 3.1042.9.8656). It describes a PIN configuration issue: any SIM card attached to the device cannot have a PIN; if a PIN is configured, the device shows “Remove PIN and restart!” and becomes unusable. This makes it easier for an attacker to ...

CVE-2019-20473

An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. Any SIM card used with the device cannot have a PIN configured. If a PIN is configured, the device simply produces a "Remove PIN and restart!" message, and cannot be used. This makes it easier for an attacker to use...

CVE-2019-20473

An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. Any SIM card used with the device cannot have a PIN configured. If a PIN is configured, the device simply produces a "Remove PIN and restart!" message, and cannot be used. This makes it easier for an attacker to use...

PT-2021-9036 · Tk Star · Tk-Star Q90 Junior Gps

Name of the Vulnerable Software and Affected Versions: TK-Star Q90 Junior GPS horloge version 3.1042.9.8656 Description: An issue was discovered where any SIM card used with the device cannot have a PIN configured. If a PIN is configured, the device produces a "Remove PIN and restart!" message an...

Dark Web Pricing Skyrockets for Microsoft RDP Servers, Payment-Card Data

Cybercriminals are vying for Remote Desktop Protocol RDP access, stolen payment cards and DDoS-for-Hire services, based on a recent analysis of underground marketplace pricing. During the COVID-19 pandemic, cybercriminals have profited with “increasingly advantageous positions to benefit from the...

CVE-2020-7200

A potential security vulnerability has been identified in HPE Systems Insight Manager SIM version 7.6. The vulnerability could be exploited to allow remote code execution...

CVE-2020-7200

Summary: CVE-2020-7200 affects HPE Systems Insight Manager (SIM) 7.6.x and enables remote code execution via deserialization in the AMF path. The exploit context (from connected docs) describes a deserialization flaw in the AMF endpoint that leads to RCE in the hpsimsvc.exe process, with an attac...