All posts tagged telegram

■■■■□ GitHub awards bug bounty hunter $25,000 for Actions secrets theft report. Tracked as CVE-2021-22862, the security flaw is described as an improper access control vulnerability that “allowed an authenticated user with the ability to fork a repository to disclose Actions secrets for the parent repository of the fork”. https://blog.teddykatz.com/2021/03/17/github-actions-write-access.html https://portswigger.net/daily-swig/github-awards-bug-bounty-hunter-25-000-for-actions-secrets-theft-report https://t.me/cKure/7337

■■■□□ Energy Giant Shell Is Latest Victim of Accellion Attacks. Attackers accessed personal and business data from the company’s legacy file-transfer service in a recent data-security incident but core IT systems remained untouched. https://threatpost.com/shell-victim-of-accellion-attacks/164973/ https://t.me/cKure/7336

■■■■□ Ransomwared Bank Tells Customers It Lost Their SSNs. Flagstar Bank was hacked by a ransomware gang has notified several customers that it lost their Social Security Numbers, home address, full name, phone number, and home address. https://www.vice.com/en/article/xgznxw/ransomwared-bank-tells-customers-it-lost-their-ssns #DataLeak https://t.me/cKure/7335

■■■■■ Facebook awards $55k bug bounty for SSRF; via third-party vulnerabilities that could compromise its internal network. https://portswigger.net/daily-swig/facebook-awards-55k-bug-bounty-for-third-party-vulnerabilities-that-could-compromise-its-internal-network https://t.me/cKure/7333

■■■□□ Pizap.com #DataLeak: 60 million records leaked. https://t.me/cKure/7330

■■■■□ ProxyLogon exploit code. https://github.com/hausec/ProxyLogon https://t.me/cKure/7328

■□□□□ Security Flaws in GE Power Management Devices. https://threatpost.com/cisa-security-flaws-ge-power-management/164961/ https://t.me/cKure/7327

■□□□□ #DataLeak: Manga scanlation giant MangaDex has been temporarily shut down after suffering a cyberattack and having its source code stolen. MangaDex is one of the largest manga scanlation (scanned translations) sites where visitors can read manga comics online for free. According to SimilarWeb, MangaDex is the 179th most frequently visited site on the web, with over 76…

■■■■■ A New Android Zero-Day Vulnerability Is Under Active Attack. Google has disclosed that a now-patched vulnerability affecting Android devices that use Qualcomm chipsets is being weaponized by attackers to launch targeted attacks. Tracked as CVE-2020-11261 (CVSS score 8.4), the flaw concerns an “improper input validation” issue in Qualcomm’s Graphics component that could be exploited…

■■□□□ #DataLeak: RGO47.com | 418k Users data leaked online. #Myanmar https://t.me/cKure/7323