Security News
A new set of critical vulnerabilities uncovered in SAP's Sybase database software can grant unprivileged attackers complete control over a targeted database and even the underlying operating system in certain scenarios. A second vulnerability concerns ASE Cockpit, a web-based administrative console that's used for monitoring the status and availability of ASE servers.
A new set of critical vulnerabilities uncovered in SAP's Sybase database software can grant unprivileged attackers complete control over a targeted database and even the underlying operating system in certain scenarios. A second vulnerability concerns ASE Cockpit, a web-based administrative console that's used for monitoring the status and availability of ASE servers.
Back in March, Daniel Winzen, the German software developer who runs DH, originally said that his portal was kaput, at least for the foreseeable future which he also said, more or less, after DH suffered an earlier attack in September 2018. DarkOwl - a darknet intelligence, tools, and cybersecurity outfit that keeps an eye on DH and other dark web goings-on and which analyzed the September 2018 breach - had spotted Winzen's post acknowledging the most recent attack and shared it on Twitter on 10 March.
A hacker has leaked online the database of the largest free hosting service popular with cybercriminals, the result of a breach that took down the service earlier this year, according to a published report. The database apparently was stolen on March 10 from the hosting service, operated by Daniel Winzen, a German software developer.
Reposify unveiled research findings of critical asset exposures and vulnerabilities in attack surfaces of the world's leading multinational banks. Researchers measured the prevalence of exposed sensitive assets including exposed databases, remote login services, development tools and additional assets for 25 multinational banks and their 350+ subsidiaries.
Last week we had the story of miscreants stealing a massive trove of data from the computers of an American law firm representing a galaxy of showbiz stars. Red teams rejoice! Microsoft has released an offensive security tool called Stormspotter that identifies potential weaknesses in an organization's Azure deployments - which a miscreant could exploit to gain access to data or drill further into a network.
Last week we had the story of miscreants stealing a massive trove of data from the computers of an American law firm representing a galaxy of showbiz stars. Red teams rejoice! Microsoft has released an offensive security tool called Stormspotter that identifies potential weaknesses in an organization's Azure deployments - which a miscreant could exploit to gain access to data or drill further into a network.
Security researchers at Comparitech have reported that an estimated 24,000 Android apps are leaking user data because of misconfigured Firebase databases. Data is secured using rules which "Work by matching a pattern against database paths, and then applying custom conditions to allow access to data at those paths", according to the docs.
More than 4,000 Android apps that use Google's cloud-hosted Firebase databases are 'unknowingly' leaking sensitive information on their users, including their email addresses, usernames, passwords, phone numbers, full names, chat messages and location data. "4.8 percent of mobile apps using Google Firebase to store user data are not properly secured, allowing anyone to access databases containing users' personal information, access tokens, and other data without a password or any other authentication," Comparitech said.
More than 4,000 Android apps that use Google's cloud-hosted Firebase databases are 'unknowingly' leaking sensitive information on their users, including their email addresses, usernames, passwords, phone numbers, full names, chat messages and location data. "4.8 percent of mobile apps using Google Firebase to store user data are not properly secured, allowing anyone to access databases containing users' personal information, access tokens, and other data without a password or any other authentication," Comparitech said.