Share to: share facebook share twitter share wa share telegram print page

Sakura Samurai (group)

This article is about the hacker group. For the video game, see Sakura Samurai: Art of the Sword.

Sakura Samurai
Formation2020
FoundersJohn Jackson
PurposeWhite hat hacking and security research
Membership
5
Websitesakurasamurai.pro Edit this at Wikidata

Sakura Samurai was a white hat hacking and security research group that was founded in 2020. The group is responsible for multiple vulnerability disclosures involving governmental groups and various corporations.[1]

History

Sakura Samurai was founded in 2020 by John Jackson, also known as "Mr. Hacking".[2] Active members of the group include Jackson, Robert "rej_ex" Willis, Jackson "Kanshi" Henry, Kelly Kaoudis, and Higinio "w0rmer" Ochoa.[2][3] Ali "ShÄde" Diamond, Aubrey "Kirtaner" Cottle, Sick.Codes, and Arctic are all former members of the group.[4]

In October 2022, Sakura Samurai announced on their Twitter page that they are now inactive due to "various other commitments" the members have individually.[5]

Notable work

Governmental groups

United Nations

Sakura Samurai discovered exposed git directories and git credential files on domains belonging to the United Nations Environmental Programme (UNEP) and United Nations International Labour Organization (UNILO). These provided access to WordPress administrator database credentials and the UNEP source code, and exposed more than 100,000 private employee records to the researchers. Employee data included details about U.N. staff travel, human resources data including personally identifiable information, project funding resource records, generalized employee records, and employment evaluation reports.[6][7] Sakura Samurai publicly reported the breach in January 2021, after first disclosing it through the U.N.'s vulnerability disclosure program.[7]

India

In March 2021, Sakura Samurai publicly disclosed vulnerabilities that affected 27 groups within the Indian government. After finding exposed git and configuration directories, Sakura Samurai were able to access credentials for critical applications, more than 13,000 personal records, police reports, and other data. The group also discovered vulnerabilities relating to session hijacking and arbitrary code execution on finance-related governmental systems.[8] After the issues reported to India's National Critical Information Infrastructure Protection Centre went unaddressed for several weeks, Sakura Samurai involved the U.S. Department of Defense Vulnerability Disclosure Program, and the issues were remediated.[9][8]

Corporations

Apache Velocity Tools

Sakura Samurai discovered and reported a cross site scripting (XSS) vulnerability with Apache Velocity Tools in October 2020. Sophisticated variations of the exploit, when combined with social engineering, could allow attackers to collect the logged-in user's session cookies, potentially allowing them to hijack their sessions. The vulnerable Apache Velocity Tools class was included in more than 2,600 unique binaries of various prominent software applications. Apache acknowledged the report and patched the flaw in November 2020, although Apache did not formally disclose the vulnerability.[10]

Keybase

The group discovered that Keybase, a security-focused chat application owned by Zoom, was insecurely storing images, even after users had ostensibly deleted them. They reported the vulnerability in January 2021, and disclosed it publicly in February after the bug had been patched and updates had been widely distributed.[11]

Pega Infinity and related breaches

Sakura Samurai found a vulnerability in Pegasystems' Pega Infinity enterprise software suite, which is used for customer engagement and digital process automation. The vulnerability, which was first reported to Pegasystems in February 2021, involved a possible misconfiguration that would enable data exposure.[12]

The vulnerability led to Sakura Samurai breaching systems belonging to both Ford Motor Company and John Deere, incidents which were publicly disclosed in August 2021.[13][14] These breaches were the subject of a 2021 DEF CON presentation by Sick.Codes, which was titled "The Agricultural Data Arms Race: Exploiting a Tractor Load of Vulnerabilities in the Global Food Supply Chain (in good faith)".[15]

Fermilab

In May 2021, Sakura Samurai reported vulnerabilities they had discovered and disclosed to Fermilab, a particle physics and accelerator laboratory. The group was able to gain access to a project ticketing system, server credentials, and employee information.[16]

References

  1. ^ Xavier, John (20 February 2021). "India's cyber defenses breached and reported; govt. yet to fix it". The Hindu. ISSN 0971-751X. Retrieved 12 August 2021.
  2. ^ a b Jackson, John (22 January 2021). "Episode 200: Sakura Samurai Wants To Make Hacking Groups Cool Again. And: Automating Our Way Out of PKI Chaos". The Security Ledger with Paul F. Roberts. Retrieved 26 September 2021.
  3. ^ "Sakura Samurai". Sakura Samurai. Retrieved 26 September 2021.
  4. ^ "Retired Members of Sakura Samurai". Sakura Samurai. Retrieved 26 September 2021.
  5. ^ "Retirement Announcement". Twitter. Retrieved 30 October 2022.
  6. ^ Riley, Duncan (11 January 2021). "United Nations data breach exposes details of more than 100,000 employees". SiliconANGLE. Retrieved 12 August 2021.
  7. ^ a b Spadafora, Anthony (11 January 2021). "United Nations suffers major data breach". TechRadar. Retrieved 26 September 2021.
  8. ^ a b Sharma, Ax (12 March 2021). "Researchers hacked Indian govt sites via exposed git and env files". BleepingComputer. Retrieved 26 September 2021.
  9. ^ Majumder, Shayak (22 February 2021). "Government-Run Web Services Found to Have Major Vulnerabilities: Reports". NDTV-Gadgets 360. Retrieved 16 August 2021.
  10. ^ Sharma, Ax (15 January 2021). "Undisclosed Apache Velocity XSS vulnerability impacts GOV sites". BleepingComputer. Retrieved 16 August 2021.
  11. ^ Osborne, Charlie (23 February 2021). "Keybase patches bug that kept pictures in cleartext storage on Mac, Windows clients". ZDNet. Retrieved 16 August 2021.
  12. ^ "NVD – CVE-2021-27653". nvd.nist.gov. Retrieved 12 August 2021.
  13. ^ Sharma, Ax (15 August 2021). "Ford bug exposed customer and employee records from internal systems". BleepingComputer. Retrieved 26 September 2021.
  14. ^ Bracken, Becky (10 August 2021). "Connected Farms Easy Pickings for Global Food Supply-Chain Hack". ThreatPost. Retrieved 26 September 2021.
  15. ^ Kirk, Jeremy (9 August 2021). "Flaws in John Deere Systems Show Agriculture's Cyber Risk". National Cyber Security News Today. Retrieved 26 September 2021.
  16. ^ Sharma, Ax (6 May 2021). "US physics lab Fermilab exposes proprietary data for all to see". Ars Technica. Retrieved 26 September 2021.

External links

Baca informasi lainnya yang berhubungan dengan : article

Article 19 Article 20

Article 19
Article 20

Read other articles:

Associação dos Escuteiros de Cabo Verde

Associação dos Escuteiros de Cabo VerdeScout Association of Cape VerdeCountryCape VerdeFounded1990Membership733Chief CommissionerLuis Miguel DelgadoAffiliationWorld Organization of the Scout Movement  Scouting portal The Associação dos Escuteiros de Cabo Verde, the national Scouting organization of Cape Verde, was founded in 1990, and became a member of the World Organization of the Scout Movement in 2002. The Associação dos Escuteiros de Cabo Verde has 733 members as of 2004. The ass…

Pterois mombasae

Den här artikeln har skapats av Lsjbot, ett program (en robot) för automatisk redigering. (2013-02)Artikeln kan innehålla fakta- eller språkfel, eller ett märkligt urval av fakta, källor eller bilder. Mallen kan avlägsnas efter en kontroll av innehållet (vidare information) Pterois mombasae SystematikDomänEukaryoterEukaryotaRikeDjurAnimaliaStamRyggsträngsdjurChordataUnderstamRyggradsdjurVertebrataÖverklassBenfiskarOsteichthyesKlassStrålfeniga fiskarActinopterygiiOrdningKindpansrade f…

Справа № 306

Справа № 306рос. Дело № 306 Жанр детективРежисер Анатолій РибаковСценарист Матвій Ройзман Сергій ЄрмолинськийУ головних ролях Борис Бітюков Марк Бернес Тетяна ПилецькаОператор Віктор ДомбровськийКомпозитор Володимир ЮровськийХудожник Олександр ЖареновКінокомпанія «М

Ley de criptografía

La criptografía es la práctica y el estudio de cifrar información, o en otras palabras, asegurar la información contra el acceso no autorizado. Hay muchas leyes de criptografía distintas en diferentes naciones . Algunos países prohíben la exportación de software de criptografía y/o algoritmos de cifrado o métodos de criptoanálisis . Algunos países requieren que las claves de descifrado sean recuperables en caso de una investigación policial. Descripción general Los problemas en ref…

Oleg Blokhine

Pour les articles homonymes, voir Blokhine. Oleg Blokhine Oleg Blokhine en 2013 Biographie Nom Oleg Vladimirovitch Blokhine Nationalité Ukrainien Naissance 5 novembre 1952 (71 ans) Kiev (RSS d'Ukraine) Taille 1,80 m (5′ 11″) Poste Ailier gauche Parcours junior Années Club 1962-1969 Dynamo Kiev Parcours senior1 AnnéesClub 0M.0(B.) 1969-1988 Dynamo Kiev 585 (269) 1988-1989 Vorwärts Steyr 045 0(10) 1989-1990 Aris Limassol 028 00(7) 1969-1990 Total 658 (286) Sélections en éq…

George Frederick Bodley

English architect (1827–1907) This article needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed.Find sources: George Frederick Bodley – news · newspapers · books · scholar · JSTOR (August 2011) (Learn how and when to remove this template message) George Frederick BodleyRABodley, c. 1900Born(1827-03-14)14 March 1827Hull, East Riding of…

Сарматський портрет

Портрет Дмитра-Байди Вишневецького в «сарматському вбранні». Сарма́тський портре́т — різновид парадного або обрядового шляхетського портрета, типового для образотворчого мистецтва Польщі, Литви, Речі Посполитої і України XVI — XVIII століть. Передбачає наявність у ма…

Worcestershire County Cricket Club

English cricket club This article needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed.Find sources: Worcestershire County Cricket Club – news · newspapers · books · scholar · JSTOR (September 2018) (Learn how and when to remove this template message) Worcestershire County Cricket ClubOne Day nameWorcestershire RapidsPersonnelCaptainBrett D'O…

Language policy in Ukraine

Laws of Ukraine regarding language Language policy in Ukraine is based on its Constitution, international treaties and on domestic legislation. According to article 10 of the Constitution, Ukrainian is the official language of Ukraine, and the state shall ensure the comprehensive development and functioning of the Ukrainian language in all spheres of social life throughout the entire territory of the country. Some minority languages (such as Russian and Belarusian) have significantly less protec…

Visa requirements for Liberian citizens

Administrative entry restrictions Visa requirements for Liberian citizens are administrative entry restrictions by the authorities of other states placed on citizens of the Republic of Liberia. As of 2 July 2019, Liberian citizens had visa-free or visa on arrival access to 47 countries and territories, ranking the Liberian passport 96th in terms of travel freedom (tied with passports from Burundi, Cameroon and Congo (Rep.)) according to the Henley Passport Index.[1] Visa requirements map…

Ascanio Cortés

Chilean footballer (1914-1998) Ascanio Cortés Personal informationDate of birth (1914-07-05)5 July 1914Date of death 7 February 1998(1998-02-07) (aged 83)Position(s) DefenderInternational careerYears Team Apps (Gls)1935–1941 Chile 13 (0) Ascanio Cortés (5 July 1914 – 7 February 1998) was a Chilean footballer. He played in 13 matches for the Chile national football team from 1935 to 1941.[1] He was also part of Chile's squad for the 1935 South American Championship.[2&#…

Sex show

Live performance of sexual activity This article has multiple issues. Please help improve it or discuss these issues on the talk page. (Learn how and when to remove these template messages) This article needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed.Find sources: Sex show – news · newspapers · books · scholar · JSTOR (October 2008) (Lea…

Welcome (Taproot album)

2002 studio album by TaprootWelcomeStudio album by TaprootReleasedOctober 15, 2002RecordedNovember 2001 – May 2002StudioCherokee Studios (Los Angeles, California)Genre Alternative metal nu metal alternative rock Length46:44Label Atlantic Velvet Hammer ProducerToby WrightTaproot chronology Gift(2000) Welcome(2002) Blue-Sky Research(2005) Singles from Welcome PoemReleased: October 14, 2002 MineReleased: March 3, 2003 Welcome is the second major label album by American alternative metal b…

29-й механізований корпус (СРСР)

29-й механізований корпусНа службі 1941Країна  СРСРВид Бронетанкові військаТип Червона арміяГарнізон/Штаб МонголіяКомандуванняВизначнікомандувачі генерал-майор танкових військ Павелкін М. І. 29-й механізований корпус — військове формування РСЧА в 1941 році. Зміст 1 Іст…

Virtua Fighter Animation

Not to be confused with Virtua Fighter (anime). This article needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed.Find sources: Virtua Fighter Animation – news · newspapers · books · scholar · JSTOR (June 2007) (Learn how and when to remove this template message) 1996 video gameVirtua Fighter AnimationGame Gear cover artDeveloper(s)Aspect Co.…

Сьома печатка (фільм)

Сьома печаткаDet Sjunde Inseglet Оригінальний постер до фільмуЖанр притчаРежисер Інгмар БергманПродюсер Алан ЕкелундСценарист Інгмар БергманНа основі Wood paintingd[1]У головних ролях Макс фон Сюдов, Гунар Бьорнстранд, Бібі АндерсонОператор Гуннар ФішерКомпозитор Ерік НурдгренК…

Mount Haven Hotel

The topic of this article may not meet Wikipedia's notability guideline for geographic features. Please help to demonstrate the notability of the topic by citing reliable secondary sources that are independent of the topic and provide significant coverage of it beyond a mere trivial mention. If notability cannot be shown, the article is likely to be merged, redirected, or deleted.Find sources: Mount Haven Hotel – news · newspapers · books · scholar · JSTO…

Hello Kitty (song)

For other uses, see Hello Kitty (disambiguation). 2014 single by Avril Lavigne Hello KittySingle by Avril Lavignefrom the album Avril Lavigne ReleasedMay 23, 2014[1]Recorded2013StudioHenson Recording Studios (Los Angeles)Conway Recording Studios (Los Angeles)The Lodge (Los Angeles)Genre J-pop dubstep EDM electropop Length3:18LabelEpicSongwriter(s) Avril Lavigne Chad Kroeger David Hodges Martin Johnson Producer(s)Martin JohnsonAvril Lavigne singles chronology Let Me Go (2013) Hello Ki…

Sindri (mythology)

Norse mythical character In Norse mythology, Sindri (Old Norse: [ˈsindre], from sindr, spark) is the name of both a dwarf and a hall that will serve as a dwelling place for the souls of the virtuous after the events of Ragnarök. Sindri is also referred to as Eitri, the brother of Brokkr. A dwarf Völuspá (37) mentions a hall of gods, of the lineage of Sindri[1] located northward, in Niðavellir. There are several reasons to think that Sindri is a dwarf:[2] his name is …

Southern Nevada Veterans Memorial Cemetery

Cemetery in Boulder City, Nevada, US Southern Nevada Veterans Memorial CemeteryA Pearl Harbor Survivors Association stone at the Southern Nevada Veterans Memorial CemeteryDetailsLocationBoulder City, NevadaSize79 acres (32 ha)No. of interments42,964 The Southern Nevada Veterans Memorial Cemetery is located in Boulder City, Clark County, Nevada. Established in 1990, the 79-acre cemetery is approximately 30 miles southeast of Las Vegas, Nevada. This is one of two state operated Veterans Cemet…

Said_Ismail
arsitektur mesopotamia
List_of_presidents_of_South_Korea_by_time_in_office
article/Notre_Dame_of_Jolo_College
orde lama adalah
Förenta nationernas generalsekreterare
smp negeri 1 bahodopi
profil gubernur lampung
bahasa jawa serang
wakil bupati enrekang
flower scholars love story novel
Alfabet fonetik NATO
com.
naver web
mucor javanicus
prinsip prinsip etika bisnis
Daftar stasiun televisi di Kalimantan Timur
it/Claudio_Lippi
article/List_of_power_stations_in_Thailand
Diagram CUSUM
Nattryttarna
jalur vokasi adalah
Pace,_Silo,_Jember
pendeta danny boy
info/sekolah/SMP-ISLAM-AL-MUJAHIDIN-PAMULANG/Kecamatan-Pamulang/Kota Tangerang Selatan/Provinsi-Banten/indonesia/bb414d0a989a11b995a2b347a7142a174050c88c
Perubahan_sosial
Lemak_tak_jenuh_jamak
Habib_Taufiq_Bin_Abdul_Qadir_Assegaf
perjanjian masang
es/Fuerza_A?rea_de_los_Estados_Unidos
shani indira natio
risinge landskommun
linux adalah
mar?a teresa de borb?n
felem forno
dprd nias utara
Latief Hendraningrat
bahasa champa
afrika utara negara
berdasarkan artikel di atas, apa penyebab terjadinya inflasi?
yonif 751
kadir mubarak
blue magic drug
kuwait
nama sultan brunei
Same_sex_marriage_in_Mississippi
info/sekolah/SD-NEGERI-2-CIAWILOR/Kecamatan-Ciawigebang/Kabupaten Kuningan/Prov.-Jawa-Barat/indonesia/8d4d55e027b7a353453766db7b698722e347159f
jenis jenis komunikasi bisnis
sungai di bengkulu
Dewan Perwakilan Rakyat Daerah Kabupaten Buton
keuskupan maumere
Daftar karakter Shokugeki no Sōma
Daftar kecamatan dan kelurahan di Kota Tangerang Selatan
eva wondo
film bokep sunda
scarlet bond slime download
suku marae
vi/S?_?o?n_3_B?_binh_Qu?n_l?c_Vi?t_Nam_C?ng_h?a
hur m?nga g?nger har carola varit med i eurovision
Hikayat Nakhoda Muda
Woeryaningrat
klasemen tim nasional sepak bola hungaria vs tim nasional sepak bola bulgaria
ex on the beach italia 2 cast
info/sekolah/SMP-NEGERI-1-BALARAJA/Kecamatan-Balaraja/Kabupaten Tangerang/Provinsi-Banten/indonesia/0bbef9b6416abbe7df797fa06974df12cdcf8f8a
Bahasa di Jawa Barat
Gog dan Magog
contoh studi kasus yang dibawakan oleh pemateri tentang pemanfaatan artificial intelligence dapat dilakukan melalui ...
hierarki hak penguasaan atas tanah
Abraham
Tata_bahasa_Spanyol
es/Direcci?n_de_Impuestos_y_Aduanas_Nacionales_de_Colombia
prasasti jambu
ikshvaku
how many cities in hungary
Universitas_Islam_Negeri_Mahmud_Yunus_Batusangkar
ordo katolik di indonesia
bobby samuel agama
iman rasuli kristen protestan
agama erni ayuningsih
Daftar_nama_burung_di_Indonesia
sv/Jordi_Rib?
smk pelayaran kupang
Wringinanom,_Poncokusumo,_Malang
khanzab pemeran
36.74.07
The_Return_of_the_Prodigal_Son_(film_1966)
citrus manga sub indo
tengku abdul aziz tengku harris
alamat smk maarif jakarta
naratetama
perusahaan rokok marlboro
2007_ED125
yahoo web search
sv/Loreen
Jepang
Ras_Kaukasia
Bahasa bahasa Papua
faktor yang mempengaruhi panjang ikatan
nordens st?rsta flygplatser
i erebos m?rka djup
v?rldsm?sterskapet i handboll f?r herrar
Daftar kecamatan dan kelurahan di Sumatra Utara
biografi frans kaisiepo
Kereta api Ranggajati
es/Batalla_de_Cabeza_de_Las_Mar?as
yandax
nl/Lijst_van_grootste_gemeenten_in_Nederland
belajar bahasa khmer
detroit lions coaches
Ikatan polar molekul anorganik
Keterlibatan Amerika Serikat dalam Perang Dunia I
Batalyon Infanteri 100Raider
Chit_Thu_Htwin_Tae_Atkhayar
litium sianida
sv/Lista_?ver_svenska_liknelser
ppak unsoed
Gelar kebangsawanan Jawa
Etologi
marga wen
Selena
Daftar stasiun televisi di Lampung
Adiraja,_Adipala,_Cilacap
Baroyo Eko Basuki
cinta alesha
Tari_Arab
linimasa s.s.c. bari vs perugia
copa del mundo de beisbol
biaya masuk sdit uswatun hasanah cimahi
el frente del sur de europa
adiba khanza
stadion diego armando maradona
stasiun di bandung apa saja
cara menggunakan stapler
قائمة قرى محافظة المنيا
es/Abelardo_L._Rodr?guez
daerah korea selatan
sani fahreza biodata
SML_(bahasa_pemrograman)
Warburg_family
struktur kimia
yadex xxx
media komunikasi
tempat ini adalah puncak tujuan wisata belize populer untuk scuba diving dan snorkeling dan menarik hampir setengah dari 260.000 pengunjungnya, dan sangat penting untuk industri?.
jadwal final europa league 2023
serena sub indo
Seni rupa Kristen
film tarzan ngentot
pangkat tentara korea
tk petra 13
haari kids
Kembali kehalaman sebelumnya