Hacker Selling Shanghai Police Database with Billions of Chinese Citizens Data

As seen by Hackread.com, the database is currently being sold for 10 Bitcoin (around $200,000) at the time of publishing this article. Unidentified hackers claim to have stolen data of…

Elasticsearch Database Mess Up Exposed Login, PII Data of 30,000 Students

The misconfigured Elasticsearch database apparently belonged to the US-based software solution provider Transact Campus. SafetyDetectives’ cybersecurity research team led by Anurag Sen identified a misconfigured Elasticsearch server that exposed the…

Personal Data of Tens of Millions of Russians and Ukrainians Exposed Online

The trove of data was leaked due to a misconfigured Elasticsearch server and in total it stored 870 million records or 147 GB of data. SafetyDetectives security team led by…

Misconfigured ElasticSearch Servers Exposed 579 GB of Users’ Website Activity

In total, two misconfigured ElasticSearch servers belonging to an unknown organization exposed 359,019,902 (359 million) records that were collected with the help of data analytics software developed by SnowPlow Analytics.…

US and China Exposed Most Databases Among 308,000 Discovered in 2021

In total, 308,000 unsecured databases were found exposing sensitive assets worldwide of which around 90,000 databases have already been identified in the first quarter of 2022, a dramatically higher number…

A List of Vulnerable Products to the Log4j Vulnerability

Two days ago, we wrote a post about the Log4j vulnerability that is currently wreaking havoc on the cyberthreat landscape. The flaw stands for an open-source Java logging library. By…

Apache’s Fix for Log4Shell Can Lead to DoS Attacks

Not only is the jaw-dropping flaw in the Apache Log4j logging library ubiquitous; Apache’s blanket of a quickly baked patch for Log4Shell also has holes. As if finding one easily-exploited…

Technical Advisory: Zero-day critical vulnerability in Log4j2 exploited in the wild

On December 9, 2021, Apache disclosed CVE-2021-44228, a remote code execution vulnerability – assigned with a severity of 10 (the highest possible risk score). The source of the vulnerability is Log4j,…

“Worst-Case Scenario” Log4j Exploit Travels the Globe

“Worst-Case Scenario” Log4j Exploit Travels the Globe Security teams across the globe have been scrambling to address a dangerous new zero-day vulnerability in a popular Apache logging system currently being…

Patch Now: Apache Log4j Vulnerability Called Log4Shell Actively Exploited

Trend Micro – Trend Micro – A vulnerability in Apache Log4j, a widely used logging package for Java has been found. The vulnerability, which can allow an attacker to execute…