Visualize Visitor Prioritization in Real Time with mPulse
COVID-19 is changing our behavior as we try to avoid person-to-person contact. For example, according to the Google Mobility Report, September 2020 shows an average 23% drop in retail and recreation activity and a 22% drop in workplace traffic in Tokyo compared to a baseline average before...
-0.1AI Score
Keeping ransomware cash away from your business
A ransomware gang has made headlines for donating a big chunk of stolen funds to two charities. Two separate donations given to Children International and The Water Project rang tills to the tune of $10,000 each. Their reason was that they’re targeting “only large profitable corporations, we think....
6.8AI Score
Holiday Shopping Craze, COVID-19 Spur Retail Security Storm
As online retailers prepare for the upcoming holiday shopping season, security researchers are warning that cybercriminals will be on the prowl this year, with the added factor of the coronavirus pandemic pushing many Black Friday shoppers online. Chris Eng, chief research officer with Veracode,...
-0.6AI Score
Ransomware Group Makes Splashy $20K Donation to Charities
The Darkside ransomware group has distinguished itself from its cybercriminal counterparts not by technical innovation, but by slapping a shiny corporate veneer on its attacks. The latest evolution in Darkside’s ransomware-as-a-corporation gimmick is a hefty $20,000 donation that the group made...
-0.2AI Score
Dickey's BBQ Breach: Meaty 3M Payment Card Upload Drops on Joker's Stash
Popular U.S. smoked-meat franchise Dickey’s Barbecue Pit has been hit with a data breach, with cybercriminals posting the fat cap of the compromised data – 3 million payment cards – on the popular Joker’s Stash underground marketplace this week. The Dallas-based franchise, which is a subsidiary of....
-0.4AI Score
Breach at Dickey’s BBQ Smokes 3M Cards
One of the digital underground's most popular stores for peddling stolen credit card information began selling a batch of more than three million new card records this week. KrebsOnSecurity has learned the data was stolen in a lengthy data breach at more than 100 Dickey's Barbeque Restaurant...
6.7AI Score
Barnes & Noble Hack: A Reading List for Phishers and Crooks
UPDATE Barnes & Noble is warning that it has been hacked, potentially exposing personal data for shoppers – and offering phishers an early holiday gift. The book purveyor sent out emailed notices to customers very late Wednesday night and in the wee hours of Thursday morning, warning that a...
0.3AI Score
kernel security, bug fix, and enhancement update
[3.10.0-1160.OL7] - Oracle Linux certificates (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)([email protected]) - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15-2.0.3 [3.10.0-1160] - [kernel]...
8.1CVSS
0.4AI Score
0.039EPSS
Charities and the advertising industry: data ecosystems and privacy risks
Data makes the world go round, more often than not via advertising and its tracking mechanisms. Whether you think making money from large volumes of PII to keep the web ticking over is a good thing, or a sleazy data-grab often encouraging terrible ad practices, it’s not going to go away anytime...
-0.4AI Score
An exploitable code execution vulnerability exists in the JPEG2000 Stripe Decoding functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when decoding sub-samples. While initializing tiles with sub-sample data, the application can miscalculate a pointer for the stripes in the tile which...
7.8CVSS
0.001EPSS
An exploitable code execution vulnerability exists in the JPEG2000 Stripe Decoding functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when decoding sub-samples. While initializing tiles with sub-sample data, the application can miscalculate a pointer for the stripes in the tile which...
7.8CVSS
7.9AI Score
0.001EPSS
An exploitable code execution vulnerability exists in the JPEG2000 Stripe Decoding functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when decoding sub-samples. While initializing tiles with sub-sample data, the application can miscalculate a pointer for the stripes in the tile which...
7.8CVSS
7.9AI Score
0.001EPSS
An exploitable code execution vulnerability exists in the JPEG2000 Stripe Decoding functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when decoding sub-samples. While initializing tiles with sub-sample data, the application can miscalculate a pointer for the stripes in the tile which...
8.8CVSS
7.9AI Score
0.001EPSS
Nitro Pro PDF JPEG2000 Stripe Sub-sample Decoding Out-of-bounds Write Code Execution Vulnerability
Summary An exploitable code execution vulnerability exists in the JPEG2000 Stripe Decoding functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when decoding sub-samples. While initializing tiles with sub-sample data, the application can miscalculate a pointer for the stripes in the tile.....
7.8CVSS
AI Score
0.001EPSS
The includes/gateways/stripe/includes/admin/admin-actions.php in GiveWP plugin through 2.5.9 for WordPress allows unauthenticated settings...
5.3CVSS
5.4AI Score
0.001EPSS
The includes/gateways/stripe/includes/admin/admin-actions.php in GiveWP plugin through 2.5.9 for WordPress allows unauthenticated settings...
5.3CVSS
5.5AI Score
0.001EPSS
The includes/gateways/stripe/includes/admin/admin-actions.php in GiveWP plugin through 2.5.9 for WordPress allows unauthenticated settings...
5.3CVSS
5.5AI Score
0.001EPSS
The includes/gateways/stripe/includes/admin/admin-actions.php in GiveWP plugin through 2.5.9 for WordPress allows unauthenticated settings...
5.4AI Score
0.001EPSS
Bashtop - Linux/OSX/FreeBSD Resource Monitor
Bpytop, bashtop python port is now available at https://github.com/aristocratos/bpytop It's a lot faster and about a third as cpu heavy and has more features, including: Mouse support Toggleable mini mode More customization Graphs for memory consumption It's also a lot easier...
7.2AI Score
donation-receipt-template.com Cross Site Scripting vulnerability OBB-1276826
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence....
-0.1AI Score
donation-receipt.com Cross Site Scripting vulnerability OBB-1276824
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence....
-0.1AI Score
University of Utah Pays $457K After Ransomware Attack
The University of Utah coughed up a $457,000 ransom payment after a ransomware attack hit the university’s servers, impacting undisclosed student and faculty related data. The Salt Lake City school, which has 24,485 undergraduate students and 8,333 graduate students enrolled, as well as 1,592...
0.1AI Score
MMS Exploit Part 5: Defeating Android ASLR, Getting RCE
Posted by Mateusz Jurczyk, Project Zero This post is the fifth and final of a multi-part series capturing my journey from discovering a vulnerable little-known Samsung image codec, to completing a remote zero-click MMS attack that worked on the latest Samsung flagship devices. Previous posts are...
9.8CVSS
9.5AI Score
0.034EPSS
Quarterly highlights Targeted attacks The second quarter often saw phishers resort to targeted attacks, especially against fairly small companies. To attract attention, scammers imitated email messages and websites of companies whose products or services their potential victims could be using. The....
-0.4AI Score
0.974EPSS
Is Your Chip Card Secure? Much Depends on Where You Bank
Chip-based credit and debit cards are designed to make it infeasible for skimming devices or malware to clone your card when you pay for something by dipping the chip instead of swiping the stripe. But a recent series of malware attacks on U.S.-based merchants suggest thieves are exploiting...
6.5AI Score
Here’s Why Credit Card Fraud is Still a Thing
Most of the civilized world years ago shifted to requiring computer chips in payment cards that make it far more expensive and difficult for thieves to clone and use them for fraud. One notable exception is the United States, which is still lurching toward this goal. Here's a look at the havoc...
6.8AI Score
Zomato: Ability to manipulate price with a max threshold of `<1 Rupee` in support rider parameter
Hi Team I have found an issue in support rider amount calculation at the time of checkout where the amount is tamperable by negative fraction of rupees which makes the total amount decreased by maximum of 1rs. POC - 1-Goto - zomato.com 2 - Add anything to your cart 3- At the checkout page , Add...
0.4AI Score
openSUSE Security Update : the Linux Kernel (openSUSE-2020-935)
The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-19462: relay_open in kernel/relay.c allowed local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result ...
7.8CVSS
7.8AI Score
0.008EPSS
WordPress: Clickjacking on donation page
Description: Vulnerable URL: https://wordpressfoundation.org/donate/ Clickjacking on the vulnerable URL allows an attacker to redirect a victim to do a donation at an attacker's page. Steps To Reproduce: 1) To test whether the page is vulnerable to clickjacking or not use this code i Frame ...
0.4AI Score
Shhgit - Find GitHub Secrets In Real Time
Shhgit finds secrets and sensitive files across GitHub code and Gists committed in near real time by listening to the GitHub Events API. NEW: LIVE VERSION. Find GitHub secrets straight from your browser! Finding secrets in GitHub is nothing new. There are many great tools available to help...
7.6AI Score
Security update for the Linux Kernel (important)
An update that solves 16 vulnerabilities and has 117 fixes is now available. Description: The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2019-19462: relay_open in kernel/relay.c allowed local users to ...
7.8CVSS
0.3AI Score
0.008EPSS
COVID-19 ‘Breach Bubble’ Waiting to Pop?
The COVID-19 pandemic has made it harder for banks to trace the source of payment card data stolen from smaller, hacked online merchants. On the plus side, months of quarantine have massively decreased demand for account information that thieves buy and use to create physical counterfeit credit...
6.7AI Score
Coughing in the face of scammers: security tips for the 2020 tax season
In spite of everything happening in the world right now—the 2020 tax season is about to come to an end, and taxes are due. Americans got a reprieve back in March when the US Treasury Department and Internal Revenue Service (IRS) announced they were pushing back the federal income tax filing due...
-0.5AI Score
Popular Techniques Used by Cybercriminals Amid COVID-19
(Editor's Note: Gary Stevens, a technology writer, is posting as a guest author to carbonblack.com). Cybercriminals constantly leverage fear and confusion by launching cyberattacks during major world events. Such attacks are mostly carried out with social engineering campaigns using malicious...
0.4AI Score
Popular Techniques Used by Cybercriminals Amid COVID-19
(Editor's Note: Gary Stevens, a technology writer, is posting as a guest author to carbonblack.com). Cybercriminals constantly leverage fear and confusion by launching cyberattacks during major world events. Such attacks are mostly carried out with social engineering campaigns using malicious...
0.4AI Score
Explicit content and cyberthreats: 2019 report
'Stay at home' is the new motto for 2020 and it has entailed many changes to our daily lives, most importantly, in terms of our digital content consumption. With users opting to entertain themselves online, malicious activity has grown. Over the past two years we have reviewed how adult content...
-0.5AI Score
The rack cookie parser parses the cookie string using unescape. This allows a malicious attacker to set a second cookie with the name being percent encoded. Typically it would be expected that we cannot trust cookies and in most cases that's true. However in a couple of cases certain expectations.....
7.5CVSS
0.4AI Score
0.002EPSS
Understanding the Payload-Less Email Attacks Evading Your Security Team
The traditional image of a successful email attack is that of a naive employee clicking the link in a crudely crafted spam email bent on phishing. But times have changed, and employees are much more security-educated than they used to be. So, today’s threat actors are creating increasingly...
-0.1AI Score
The zero-day exploits of Operation WizardOpium
Back in October 2019 we detected a classic watering-hole attack on a North Korea-related news site that exploited a chain of Google Chrome and Microsoft Windows zero-days. While we've already published blog posts briefly describing this operation (available here and here), in this blog post we'd...
-0.3AI Score
0.974EPSS
Quarterly highlights Don't get burned Burning Man is one of the most eagerly awaited events among fans of spectacular performance and installation art. The main obstacle to attending is the price of admission: a standard ticket will set you back $475, the number is limited, and the buying process.....
0.2AI Score
0.974EPSS
Exclusive: Scammers using fake WHO Bitcoin wallet to steal donation
By Waqas Scammers are disguising as representatives from the World Health Organization (WHO) to scam... This is a post from HackRead.com Read the original post: Exclusive: Scammers using fake WHO Bitcoin wallet to steal...
1.9AI Score
Financial Cyberthreats in 2019
Methodology Financial cyberthreats are malicious programs that target users of services such as online banking, e-money, and cryptocurrency, or that attempt to gain access to financial organizations and their infrastructure. These threats are usually accompanied by spam and phishing activities,...
0.9AI Score
Letter from the CEO: A time of kindness and compassion
Dear Customers, Together, we are facing a truly unprecedented situation and we have all had to adapt to the new reality. The global coronavirus pandemic is affecting our families, our communities, our organizations – indeed, it affects our perspective and way of life. As you certainly have too, at....
-0.1AI Score
Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 update: April 2014
Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 update: April 2014 Important When you install this update (2919355) from Windows Update, updates 2932046, 2937592, 2938439, 2934018, and 2959977 are included in the installation. Important This update (2919355) replaces update 2883200. You...
7.4AI Score
kernel security, bug fix, and enhancement update
[3.10.0-1127.OL7] - Oracle Linux certificates (Alexey Petrenko) - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)([email protected]) - Update x509.genkey [Orabug: 24817676] [3.10.0-1127] - [fs] flexfiles: Dont tie up all the rpciod threads in...
9.8CVSS
-0.4AI Score
0.024EPSS
openSUSE Security Update : the Linux Kernel (openSUSE-2020-388)
The openSUSE Leap 15.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2020-8647: There was a use-after-free vulnerability in the vc_do_resize function in drivers/tty/vt/vt.c (bnc#1162929 1164078). CVE-2020-8649: There was a...
7.5CVSS
7.5AI Score
0.01EPSS
Security update for the Linux Kernel (important)
An update that solves four vulnerabilities and has 37 fixes is now available. Description: The openSUSE Leap 15.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2020-8647: There was a use-after-free vulnerability in the ...
7.5CVSS
-0.6AI Score
0.01EPSS
Coronavirus scams, found and explained
Coronavirus has changed the face of the world, restricting countless individuals from dining at restaurants, working from cafes, and visiting their loved ones. But for cybercriminals, this global pandemic is expanding their horizons. In the past week, Malwarebytes discovered multiple email scams...
-0.2AI Score
Coronavirus Widens the Money Mule Pool
With many people being laid off or working from home thanks to the Coronavirus pandemic, cybercrooks are almost certain to have more than their usual share of recruitable "money mules" -- people who get roped into money laundering schemes under the pretense of a work-at-home job offer. Here's the.....
6.7AI Score
APT36 jumps on the coronavirus bandwagon, delivers Crimson RAT
Since the coronavirus became a worldwide health issue, the desire for more information and guidance from government and health authorities has reached a fever pitch. This is a golden opportunity for threat actors to capitalize on fear, spread misinformation, and generate mass hysteria—all while...
7.8CVSS
-0.4AI Score
0.974EPSS