Saudi Caller I d App (Dalil) Exposes 5 million users via Unprotected DatabaseByBill Toulas-March 6, 2019.272 The information available is highly sensitive, including Gps co-ordinates in real time. The total number of users affected by the leak is roughly five million. For over a week now, a Saudi caller I d app called “Dalil,” which has been downloaded by over 5 million people, leaks data from its users, with the insecure MongoDb database still accessible online and wide open to anyone to use. The researchers who discovered the specific database are Noam Rotem and Ran Locar, and they have failed to receive a response despite their efforts to reach out to the app developers. The open data is highly sensitive like personal details as well as all user activity logs including full name Viber account computer Imei Sim number Mac address Gps co-ordinates and more. Dalil Device with more than 5000000 installs user data leaks over 5857Gb via MongoDb which is not safe. Leaks: namesmails phone numbersuserIpgps locationcall logs …Google Project Zero finds vulnerabilities in remote execution of code in the common uTorrent BitTorrent application. BitTorrent Inc. has managed to release the latest Beta version of a patch. ByAravindhsriram-February 21, 2018.273 The lightweight, elegant and secure downloading torrent client uTorrent had recently discovered a security flaw by Google security researcher Tavis Ormandy. From the study it is established that the popular torrent clients contain “remote code execution flaws.” The main goal of the Google Project Zero team is to capture the vulnerability found in various products and disclose the bug to the supplier and warn them to fix the problem within the 90-day deadline that is Google’s responsible disclosure implementation strategy. The organization will deliver a fix within the restricted 90-day time limit, or reveal the bug to the public without providing a patch. Google recently discloses security flaw on Microsoft Edge before the patch is ready. This is because at a given time, the team failed to fix the issue and there’s no way for Google to stay safe than to open the thread to the public. The developer of the peer-to-peer BitTorrent protocol met Bram Cohen at first Google security researcher Tavis Ormandy and posted on the vulnerability found in their torrent client in November last year. Tavis also gave them a 90-day disclosure deadline to fix the issue. When they can’t reach the target then the vulnerability is exposed to the public to avoid unnecessary attacks. BitTorrent remained silent even after discussing the weakness and their deadline. So Tavis left a message on his Twitter account saying “I don’t think bittorrent will be making a 90-day disclosure deadline do you have any direct contacts that might help? I’m not persuaded that they understand the severity or urgency. “@bramcohen I don’t think that bittorrent is going to make a 90-day disclosure deadline. I am not sure they understand the urgency or the extent. Tavis Ormandy (@taviso) 30 January 2018 These updates are then exchanged with the Tavis Ormandy to inform the team of the new update. Check the notes below for the uTorrent Beta release: Point Remote “Learn More” connect to better multiple security fixes for Url. Thanks for reporting to Tavis Ormandy. Please visit this page for more information on the new and previous Beta release notes. Hmm it looks like just adding a second token to uTorrent Web to BitTorrent. That doesn’t solve the question of Dns rebinding it just ruined my exploit. Tavis Ormandy (@taviso) 20 February 2018 From his tweet, we believe that there is a Dns rebinding issue which allows the hacker to execute code remotely through the remote control feature of uTorrent. And a few hours later he notes that I just patched the hack and checked that it still works. I would suggest that you ask BitTorrent to solve this problem if you’re affected and that works in the default setup so you’re possibly. Sigh. Sigh.