All posts by cK-bot

■□□□□ Multiple Authorization bypass issues in Google’s Richmedia Studio. https://www.ehpus.com/post/multiple-authorization-bypass-issues-in-google-s-richmedia-studio https://t.me/cKure/7344

■□□□□ Sierra Wireless Halts Production After Ransomware Attack. https://www.infosecurity-magazine.com:443/news/sierra-wireless-halts-production/ https://t.me/cKure/7343

■□□□□ Tourister.RU – #DataLeak | 24/03/2021, as hacker leaks 356,271 user records publicly. https://t.me/cKure/7341

■□□□□ Version 90 of Google’s Chrome browser arrives in mid-April, initial website visits will default to a secure HTTPS connection in the event the user has failed to specify a preferred URI scheme. https://t.me/cKure/7340

■■□□□ The history and details of China Chopper – a Web shell commonly seen in the widespread Microsoft Exchange Server attacks. https://www.darkreading.com/attacks-breaches/inside-the-web-shell-used-in-the-microsoft-exchange-server-attacks/d/d-id/1340498?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple https://t.me/cKure/7339

■■□□□ Purple Fox, a Windows malware previously known for infecting machines by using exploit kits and phishing emails, has now added a new technique to its arsenal that gives it worm-like propagation capabilities. The ongoing campaign makes use of a new spreading technique via indiscriminate port scanning and exploitation of exposed SMB services with weak…

■■■■□ GitHub awards bug bounty hunter $25,000 for Actions secrets theft report. Tracked as CVE-2021-22862, the security flaw is described as an improper access control vulnerability that “allowed an authenticated user with the ability to fork a repository to disclose Actions secrets for the parent repository of the fork”. https://blog.teddykatz.com/2021/03/17/github-actions-write-access.html https://portswigger.net/daily-swig/github-awards-bug-bounty-hunter-25-000-for-actions-secrets-theft-report https://t.me/cKure/7337

■■■□□ Energy Giant Shell Is Latest Victim of Accellion Attacks. Attackers accessed personal and business data from the company’s legacy file-transfer service in a recent data-security incident but core IT systems remained untouched. https://threatpost.com/shell-victim-of-accellion-attacks/164973/ https://t.me/cKure/7336

■■■■□ Ransomwared Bank Tells Customers It Lost Their SSNs. Flagstar Bank was hacked by a ransomware gang has notified several customers that it lost their Social Security Numbers, home address, full name, phone number, and home address. https://www.vice.com/en/article/xgznxw/ransomwared-bank-tells-customers-it-lost-their-ssns #DataLeak https://t.me/cKure/7335

■■■■■ Facebook awards $55k bug bounty for SSRF; via third-party vulnerabilities that could compromise its internal network. https://portswigger.net/daily-swig/facebook-awards-55k-bug-bounty-for-third-party-vulnerabilities-that-could-compromise-its-internal-network https://t.me/cKure/7333