eTick Data Breach - Improperly designed APIs lead to Data Breach and Data Manipulation
Bishop's Univertitys eTick mobile applicaiton exposes the private information of users, and leads to eventual data manipulation of any users submission.…
Bishop's Univertitys eTick mobile applicaiton exposes the private information of users, and leads to eventual data manipulation of any users submission.…
Pet IoT company Dogness, has exposed it's unsecured ElasticSearch server, containing usernames, emails, clear-text passwords, which has lead to the complete exposure of its production SQL database, application source code, and the complete takeover it's pet feeding devices and associated accounts.…
The Privacy Comissioner of Canada has found that BIOS Medical lacks adequate security safeguards to protect customer personal information…
Sweet Chat, an Android based chatting and photo sharing application with over 10 million users, has been exposing it's users chat content, and privatly shared photos on an unsecured server.…
The following blog will walk you though a major security issue found with older versions of the OpenVPN Pritunl software's Mongo Database, and how to discover, and exploit it's misconfiguration…
An unsecured ElasticSearch server used by Viec.co a Vietnamese freelance outsourcing company, has lead to the discovery of several security deficiencies that are exposing the PII of it’s ~6000 workforce.…
A misconfigured ElasticSearch server run by a North American immigration consulting agency located in the United Arab Emirates, has lead to the exposure of confidential documents sush as Passports, Visas, Birth Certificates, Academic records, and Video taped interviews.…
Burke Consulting is in the news: Google admits two password hash blunders, one dating back 14 years 1e3)g=1e3;else if(~~g IT World Article on Recent Google announcement about its use of unhashed passwords for gSuite users…
An unsecured ElasticSearch server, containing detailed mobile client API calls, leads to the exposure of several thousand Chefling users emails, cleartext passwords, and login tokens…
Unsecured ElasticSearch server run by Seva.id exposes the emails and clear-text password of over 100,000 users…