article thumbnail

Almost 800,000 SonicWall VPN appliances online are vulnerable to CVE-2020-5135

Security Affairs

Security experts from Tenable have published a post detailing the flaw, they also shared Shodan dorks for searching SonicWall VPNs. At the time of this post, the first search query provides 448,400 results, the second one 24,149, most of the vulnerable devices are in the United States. ” wrote Tenable.

article thumbnail

Experts warn of the exposure of thousands of Google Calendars online

Security Affairs

“What I found is that — Using a single Google dork (advance search query), I am able to list down all the public google calendar or users who all have set their calendar as public. I found dozens of calendars which are indexed by google’s search engines, revealing or disclosing several sensitive information.”

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Gootkit delivery platform Gootloader used to deliver additional payloads

Security Affairs

When the visitor clicks on the link provided by the search engine, they are redirected to landing pages that answer their exact questions, using the same wording as the search query. ” continues the analysis. “This.js

article thumbnail

Unsecured Microsoft Bing Server Leaks Search Queries, Location Data

Threatpost

Data exposed included search terms, location coordinates, and device information - but no personal data.

article thumbnail

Facebook flaw could have exposed private info of users and their friends

Security Affairs

. “For this attack to work we need to trick a Facebook user to open our malicious site and click anywhere on the site, (this can be any site we can run JavaScript on) allowing us to open a popup or a new tab to the Facebook search page, forcing the user to execute any search query we want.”

article thumbnail

Multiple threat actors are targeting Elasticsearch Clusters

Security Affairs

These attacks leverage CVE-2014-3120 and CVE-2015-1427, both of which are only present in old versions of Elasticsearch and exploit the ability to pass scripts to search queries.” . “Through ongoing analysis of honeypot traffic, Talos detected an increase in attacks targeting unsecured Elasticsearch clusters.

article thumbnail

Experts warn of a new malvertising campaign spreading the ChromeLoader

Security Affairs

The malware is able to redirect the user’s traffic and hijacking user search queries to popular search engines, including Google, Yahoo, and Bing. ” reads the analysis published by the experts.