Ax Sharma

Hacker selling Vodafone’s Ho Mobile database of 2.5M users 3 min read

• Cybercrime
• News
• Security

Hacker selling Vodafone’s Ho Mobile database of 2.5M users

Ax Sharma December 29, 2020

The database contains ICCID that can be used in SIM swapping attacks. Other information in the leaked dump includes mobile number, customer PII, SIM PUK, IMSI and security hashes.... Read More

Joomla fixes ACL violation vulnerability after 2 years 2 min read

• News
• Security

Joomla fixes ACL violation vulnerability after 2 years

Ax Sharma December 29, 2020

Joomla! CMS project has fixed an access control violation flaw, CVE-2020-35616 nearly after 2 years of its reporting.... Read More

Google ‘Send Feedback’ bug could expose your sensitive data to attackers 3 min read

• News
• Security

Google ‘Send Feedback’ bug could expose your sensitive data to attackers

Ax Sharma December 28, 2020

Google Docs "Send Feedback" feature vulnerability which could expose your sensitive files to attackers earns researcher a $3,134 bounty.... Read More

Word malware uses GitHub and Imgur pic to run Cobalt Strike script 1 min read

• Malware
• News

Word malware uses GitHub and Imgur pic to run Cobalt Strike script

Ax Sharma December 28, 2020

A new strand of malware uses Word files with macros to download a PowerShell script from GitHub. This PowerShell script further downloads a legitimate image file from... Read More

UK energy supplier E.ON erroneously takes out Direct Debit payments early 2 min read

• News
• Technology

UK energy supplier E.ON erroneously takes out Direct Debit payments early

Ax Sharma December 27, 2020

UK energy provider E.ON has apologised for mistakenly debiting customer bank accounts earlier than expected for their energy bill payments.... Read More

Insecure QR codes on COVID-19 test results come with data exposure risks 4 min read

• Breaches
• News
• Security

Insecure QR codes on COVID-19 test results come with data exposure risks

Ax Sharma December 26, 2020

Medical labs appointed by governments to test incoming international passengers for COVID-19 contain insecure QR code implementations that may lead to data exposure.... Read More

Facebook fixes Instagram bug that leaked user’s private email address and birthday 2 min read

• Breaches
• News
• Security

Facebook fixes Instagram bug that leaked user’s private email address and birthday

Ax Sharma December 21, 2020

Facebook has fixed an Instagram bug which leaked users' private email address and date of birth. The company awarded the researcher a $13,125 bug bounty for the report.... Read More

American Bank Systems slapped with class-action lawsuit for not timely disclosing ransomware data breach 3 min read

• Breaches
• Business
• News

American Bank Systems slapped with class-action lawsuit for not timely disclosing ransomware data breach

Ax Sharma December 18, 2020

American Bank Systems (ABS) has been sued by a class of plaintiffs for their failure to protect customer data and for delaying the disclosure of ransomware attack.... Read More

Source code used by Central Banks and Stock Exchanges leaked online 2 min read

• News
• Security

Source code used by Central Banks and Stock Exchanges leaked online

Ax Sharma December 1, 2020

This week, the source code of CMA, a software provider relied on by leading central banks across nations and stock exchanges has been exposed online.... Read More

Steam gamers: your Windows PC is prone to privilege escalation attacks 2 min read

• News
• Security

Steam gamers: your Windows PC is prone to privilege escalation attacks

Ax Sharma November 25, 2020

Multiple privilege escalation vulnerabilities in Stream gaming service that remain unpatched can make it easy for malware and malicious threat actors to gain persistence and escalate permissions on Windows systems.... Read More