Massive VW Data Leak Exposed 800,000 EV Owners’ Movements, From Homes To Private Spaces | Carscoops
The sensitive information of VW, Audi, Seat, and Skoda EV owners was stored on a poorly secured Amazon cloud account for months
300,000+ Prometheus Servers and Exporters Exposed to DoS Attacks
In this research, we uncovered several vulnerabilities and security flaws within the Prometheus ecosystem. These findings span across three major areas: information disclosure, denial-of-service (DoS), and code execution. We found that exposed Prometheus servers or exporters, often lacking proper authentication, allowed attackers to easily gather sensitive information, such as credentials and API keys. Additionally, we identified an alarming risk of DoS attacks stemming from the exposure of pprof debugging endpoints, which, when exploited, could overwhelm and crash Prometheus servers, Kubernetes pods and other hosts.
Deloitte Says No Threat to Sensitive Data After Hacker Claims Server Breach
A notorious hacker has announced the theft of data from an improperly protected server allegedly belonging to Deloitte. The hacker known as IntelBroker announced late last week on the BreachForums cybercrime forum the availability of “internal communications” obtained from Deloitte, specifically an internet-exposed Apache Solr server that was accessible with default credentials.
TfL confirms 5,000 customers' bank data exposed
Transport for London's ongoing cyber incident has taken a dark turn as the organization confirmed that some data, including bank details, might have been accessed, and 30,000 employees' passwords will need to be reset via in-person appointments.
Vulnerability in Cisco Webex cloud service exposed government authorities, companies
A previously discovered vulnerability affecting self-hosted Cisco Webex instances similarly affected the Webex cloud service.
Cyber house of cards – Politicians’ personal details exposed online
We searched the dark web for politicians’ official email addresses, and roughly 40% of them appeared, along with other sensitive information. This is a scandal waiting to happen.
Employee Personal GitHub Repos Expose Internal Azure and Red Hat Secrets
Our research reveals that personal repositories often expose sensitive corporate data, leading to severe security breaches
Vulnerable Fortinet Devices: Low-hanging Fruit for Threat Actors
Cyble analyzes the increasing incidences of vulnerabilities in Fortinet, highlighting the impact they have on Critical Infrastructure.
Binance Code and Internal Passwords Exposed on GitHub for Months
A takedown request said the GitHub account was “hosting and distributing leaks of internal code which poses significant risk to BINANCE.”
How a mistakenly published password exposed Mercedes-Benz source code
Mercedes accidentally exposed a trove of sensitive data after a leaked security key gave “unrestricted access” to company’s source code.
Over 5,300 GitLab servers exposed to zero-click account takeover attacks
Over 5,300 internet-exposed GitLab instances are vulnerable to CVE-2023-7028, a zero-click account takeover flaw GitLab warned about earlier this month.
CVE-2024-21591 - Juniper J-Web OOB Write vulnerability
- Juniper Networks recently patched a critical pre-authentication Remote Code Execution (RCE) vulnerability in the J-Web configuration interface across all versions of Junos OS on SRX firewalls and EX switches. Unauthenticated actors could exploit this vulnerability to gain root access or initiate Denial of Service (DoS) attacks on devices that have not been patched. Ensure your systems are updated promptly to mitigate this risk. Check for exposed J-Web configuration interfaces using this Censys Search query: services.software.uniform_resource_identifier:
cpe:2.3:a:juniper:jweb:*:*:*:*:*:*:*:*. * As emphasized last year in CISA’s BOD 23-02 guidance, exposed network management interfaces continue to pose a significant risk. Restrict access to these interfaces from the public internet wherever possible.
New hacking forum leaks data of 478,000 RaidForums members
A database for the notorious RaidForums hacking forums has been leaked online, allowing threat actors and security researchers insight into the people who frequented the forum.
A Major App Flaw Exposed the Data of Millions of Indian Students
A mandatory app exposed the personal information of students and teachers across the country for over a year.
Over 3.6 million exposed MySQL servers on IPv4 and IPv6
We have recently began scanning for accessible MySQL server instances on port 3306/TCP. These are instances that respond to our MySQL connection request with a Server Greeting. Surprisingly to us, we found around 2.3M IPv4 addresses responding with such a greeting to our queries. Even more surprisingly, we found over 1.3M IPv6 devices responding as well (though mostly associated with a single AS). IPv4 and IPv6 scans together uncover 3.6M accessible MySQL servers worldwide.
A Major App Flaw Exposed the Data of Millions of Indian Students
A mandatory app exposed the personal information of students and teachers across the country for over a year.
Over 3.6 million exposed MySQL servers on IPv4 and IPv6
We have recently began scanning for accessible MySQL server instances on port 3306/TCP. These are instances that respond to our MySQL connection request with a Server Greeting. Surprisingly to us, we found around 2.3M IPv4 addresses responding with such a greeting to our queries. Even more surprisingly, we found over 1.3M IPv6 devices responding as well (though mostly associated with a single AS). IPv4 and IPv6 scans together uncover 3.6M accessible MySQL servers worldwide.
Over 3.6 million exposed MySQL servers on IPv4 and IPv6
We have recently began scanning for accessible MySQL server instances on port 3306/TCP. These are instances that respond to our MySQL connection request with a Server Greeting. Surprisingly to us, we found around 2.3M IPv4 addresses responding with such a greeting to our queries. Even more surprisingly, we found over 1.3M IPv6 devices responding as well (though mostly associated with a single AS). IPv4 and IPv6 scans together uncover 3.6M accessible MySQL servers worldwide.