data leak

Pierluigi Paganini April 02, 2018
VPNs & Privacy Browsers leak users’ IPs via WebRTC

The security researcher Dhiraj Mishra (@mishradhiraj_) has studied how VPNs & Privacy Browsers leak users’ IPs via WebRTC Hi Internet, You might have heard about VPN’s & Privacy Browsers leaking users’ IPs via WebRTC [1] [2] Summary: Got CVE-2018-6849 reserved, wrote a Metasploit Module for this issue which uses WebRTC and collects the leak private IP address, however this module may […]

Pierluigi Paganini March 31, 2018
Tens of thousands of misconfigured Django apps leak sensitive data

The security researcher Fábio Castro discovered tens of thousands of Django apps that expose sensitive data because developers forget to disable the debug mode. Security researchers have discovered misconfigured Django applications that are exposing sensitive information, including passwords, API keys, or AWS access tokens. Django is a very popular high-level Python Web framework that allows rapid development of Python-based web applications. The […]

Pierluigi Paganini March 28, 2018
VPN leaks users’ IPs via WebRTC. I’ve tested seventy VPN providers and 16 of them leaks users’ IPs via WebRTC (23%)

Cyber security researcher Paolo Stagno (aka VoidSec) has tested seventy VPN providers and found 16 of them leaks users’ IPs via WebRTC (23%) You can check if your VPN leaks visiting: http://ip.voidsec.com Here you can find the complete list of the VPN providers that I’ve tested: https://docs.google.com/spreadsheets/d/1Nm7mxfFvmdn-3Az-BtE5O0BIdbJiIAWUnkoAF_v_0ug/edit#gid=0 Add a comment or send me a tweet if you have […]

Pierluigi Paganini March 18, 2018
Unsecured AWS S3 bucket managed by Walmart jewelry partner exposes data of 1.3M customers

An unsecured Amazon S3 bucket, managed by a Walmart jewelry partner MBM Company Inc, left personal and contact information of 1.3 million customers exposed to the public internet. A new case of an Amazon S3 bucket left open online, this time personal data belonging to 1.3 million customers of Walmart jewelry partner MBM Company have been […]

Pierluigi Paganini March 15, 2018
VPN leaks affect 3 Major VPN vendors, only Hotspot Shield promptly fixed it

The website VPNMentor discovered that IP leak issues in three major VPN vendors, only Hotspot Shield VPN promptly fixed it. The website VPNMentor decided to hire a group of hackers to test popular virtual private networks (VPN) for vulnerabilities that can pose risk for the users. The results of the tests revealed that the solutions evaluated by the […]

Pierluigi Paganini February 28, 2018
A vulnerability in Facebook exposed email and details of page administrator

The security researcher Mohamed Baset discovered a vulnerability in Facebook that exposed email and other details of a page administrator. Facebook has recently addressed an information disclosure vulnerability discovered by the security researcher Mohamed Baset that exposed page administrator. According to Baset, the flaw is a “logical error” that he discovered after receiving an invitation […]

Pierluigi Paganini February 24, 2018
Paypal issue allows disclosure of account balance and recent transactions

Paypal issue allows for enumeration of the last four digits of payment method and for the disclosure of account balance and recent transactions of any given PayPal account. Introduction This post details an issue which allows for enumeration of the last four digits of payment method (such as a credit or debit card) and for […]

Pierluigi Paganini February 19, 2018
An APFS Filesystem flaw could lead macOS losing data under certain conditions

The Apple expert Mike Bombich discovered an APFS Filesystem vulnerability that could lead macOS losing data under certain conditions. A few days ago a ‘text bomb‘ bug was reported for Apple iOS and macOS apps, the issue can crash any Apple iPhone, iPad Or Mac. Now the Apple expert Mike Bombich discovered an APFS Filesystem vulnerability that could lead macOS […]

Pierluigi Paganini February 16, 2018
119,000 Scanned IDs of FedEx-owned company Bongo International’s customers exposed online

Researchers discovered an Amazon S3 bucket contains personal information and scans of IDs of some 119,000 US and international citizens. It has happened again, researchers discovered another unsecured Amazon S3 bucket holding a huge trove of data that was exposed online. The Amazon S3 bucket contains personal information and scans of IDs of some 119,000 […]

Pierluigi Paganini February 09, 2018
The source code of the Apple iOS iBoot Bootloader leaked online

The source code for Apple iOS iBoot secure bootloader has been leaked to GitHub, now we will try to understand why this component is so important for the iOS architecture. The iBoot is the component loaded in the early stages of the boot sequence and it is tasked with loading the kernel, it is stored in […]