All posts in May 2021

■□□□□ SAP admits to ‘thousands’ of illegal software exports to Iran https://www.zdnet.com/article/sap-admits-to-thousands-of-illegal-software-exports-to-iran https://t.me/cKure/7816

■□□□□ Slovakia / Phone Data-Leak: Hacker shares data file publicly to 92K phone records in acsv file. https://t.me/cKure/7814

■□□□□ Stored XSS vulnerability patched in open source firewall pfSense. https://portswigger.net/daily-swig/stored-xss-vulnerability-patched-in-open-source-firewall-pfsense https://t.me/cKure/7813

■■□□□ Data-Leak / Egypt optiontravel.com.eg has apparently been compromised as the hacker is selling data for 1K USD (database + exploit). Most likely SQLi. https://t.me/cKure/7812

■■■■■ The Internet Systems Consortium (ISC) released updates for the BIND DNS software to patch several denial-of-service (DoS) and potential RCE flaws. https://kb.isc.org/v1/docs/cve-2021-25216 https://t.me/cKure/7810

■■□□□ SSRF: https://hackerone.com/reports/997926 https://t.me/cKure/7809

■□□□□ $4 billion lawsuit claims Google tracked iPhone users activities. https://www.hackread.com/lawsuit-google-tracked-iphone-users-activities/ https://t.me/cKure/7808

■■■■■ Python also impacted by critical IP address validation vulnerability. CVE-2021-29921 https://www.bleepingcomputer.com/news/security/python-also-impacted-by-critical-ip-address-validation-vulnerability/ https://t.me/cKure/7807

■■□□□ Data-Leak: Hacking Group That Targeted D.C. Police Briefly Posts Internal Police Files. On Monday, Babuk issued the first warning to D.C. police by uploading screenshots of files the group claimed to have stolen. The group claims to have 250 GB of data, which is enough to store 70,000 images or thousands of pages.  https://www.ehackingnews.com/2021/05/hacking-group-that-targeted-dc-police.html…

■□□□□ Babuk ransomware operators shut down their affiliate program and announced to stop using ransomware, the group plans to move on data theft. https://t.me/cKure/7805