U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Corporate Finance firms leak 500K+ legal and financial documents online

Security experts from vpnMentor have discovered two corporate finance companies that leak half a million legal and financial documents online vpnMentor experts uncovered a database exposed online on Amazon Web Services (AWS) that is leaking a huge amount of sensitive legal and financial documents. “Whatever the intended purpose of this database was, over 500,000 highly sensitive and private […]

Advantage Argus

Security experts from vpnMentor have discovered two corporate finance companies that leak half a million legal and financial documents online

vpnMentor experts uncovered a database exposed online on Amazon Web Services (AWS) that is leaking a huge amount of sensitive legal and financial documents.

“Whatever the intended purpose of this database was, over 500,000 highly sensitive and private legal and financial documents were exposed, compromising numerous parties to the risk of fraud and theft.” reads the post published by vpnMentor.

The database appears to belong to MCA Wizard, an iOS and Android app developed by two companies: Advantage Capital Funding and Argus Capital Funding. The application was launched in January 2018, but it is currently no longer available for download.

Advantage and Argus seem to be the same company working under two different names, they offer funding and startup capital to business owners without access to traditional lending and financial services.

The researchers discovered the unsecured database in December 2019.

After the initial analysis, the experts were able to link the database to the two companies that unfortunately did not respond to any contact.

Then the researchers contacted AWS directly that secured the S3 bucket. Below the timeline of the discovery:

  • Date discovered: 24/12
  • Date vendors contacted: 30/12
  • Date of contact with AWS: 7/01
  • Date of Action: 9/01

At the time of the discovery, the database contained over 500,000 documents for a total of 425GB of data. The documents were covering many aspects of Advantage and Argus’s businesses, finances, and dealings with other companies, they included:

  • Credit reports
  • Bank statements
  • Contracts
  • Legal paperwork
  • Driver’s licenses
  • Purchase orders and receipts
  • Tax returns
  • Transaction reports for credit cards and merchant bank accounts
  • Scanned copies of bank checks
  • Access information for bank accounts
  • Corporate shares outline
  • Social Security information

“This leak raises serious credibility and trust issues for Advantage and Argus. By not sufficiently securing this database and revealing so much information, they have compromised the safety, privacy, and security of their clients, partners, and customers.” concludes vpnMentor.

“Furthermore, a leak like this may attract the attention of US financial and data security regulators.” 

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – financial documents, cybercrime)

[adrotate banner=”5″]

[adrotate banner=”13″]