Researcher discovered a high-severity flaw in Shopify e-commerce platform that could have been abused to expose the traffic and revenue data for the stores. Bug bounty hunter Ayoub Fathi. discovered a vulnerability in a Shopify API endpoint that could be exploited to leak the revenue and traffic data of thousands of stores. The Shopify platform […]
Security researcher discovered a database belonging to a ride-hailing company operating in Iran that was left exposed online containing over 6.7M records. Security researcher Bob Diachenko discovered a database belonging to a ride-hailing company operating in Iran that was left exposed online without protection. The MongoDB instance named ‘doroshke-invoice-production‘ contained over 6.7 million records of […]
A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Kindle Edition Paper Copy Once again thank you! Attackers hacked support agent to access Microsoft Outlook email accounts Major coordinated disinformation campaign hit the Lithuanian Defense Romanian duo convicted of fraud Scheme infecting 400,000 computers Security Affairs […]
Researcher discovered eight unsecured databases exposed online that contained approximately 60 million records of LinkedIn user data. Researcher Sanyam Jain at GDI foundation discovered eight unsecured databases exposed online that contained approximately 60 million records of LinkedIn user data. Most of the data are publicly available, the databases also include the email addresses of the […]
A new service called Inpivx represents the evolution of the ransomware-as-a-service making it very easy for wannabe crooks to develop their malware and build a management panel. A new Tor hidden service called Inpivx evolves the concept of the ransomware-as-a-service making it very easy for crooks without technical skills to develop their own malware and […]
British malware researcher Marcus Hutchins has pleaded guilty to developing and sharing the banking malware between July 2014 and July 2015. The popular British cybersecurity expert Marcus Hutchins has pleaded guilty to developing and sharing the Kronos banking malwarebetween July 2014 and July 2015. Marcus Hutchins, also known as MalwareTech, made the headlines after discovering […]
Antivirus solutions from different vendors are having malfunctions after the installation of Windows security patches released on April 9, including McAfee, Avast and Sophos. Antivirus solutions from different vendors are showing malfunctions after the installation of Windows security patches released on April 9. Antivirus solutions from Sophos, Avira, ArcaBit, Avast, and recently McAfee reported security […]
Google this week announced that it is going to block login attempts from embedded browser frameworks to prevent man-in-the-middle (MiTM) phishing attacks. Phishing attacks carried out by injecting malicious content in legitimate traffic are difficult to detect when attackers use an embedded browser framework or any other automated tool for authentication. For example, the embedded […]
A white hat hacker discovered how to break Tchap, a new secure messaging app launched by the French government for officials and politicians. The popular French white hat hacker Robert Baptiste (aka @fs0c131y) discovered how to break into Tchap, a new secure messaging app launched by the French government for encrypted communications between officials and […]
Other problems for Facebook that admitted to have stored millions of Instagram users’ passwords in plaintext Yesterday, Facebook made the headlines once again for alleged violations of the privacy of its users, the company admitted to have ‘unintentionally’ collected contacts from 1.5 Million email accounts without permission In March, Facebook admitted to have stored the […]