BMC TrackIt! Unauthenticated Arbitrary User Password Change

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'BMC TrackIt! Unauthenticated Arbitrary User Password Change', 'Description' = %q This module exploits a flaw in the password reset mechanism in B...

JVN#28515217: Cleartext transmission issue in TONE store App to TONE store

TONE store App provided by DREAM TRAIN INTERNET INC. contains a cleartext transmission issue to TONE store website CWE-419. Impact A man-in-the-middle attack may allow an attacker to obtain and/or alter communications of the affected App. Solution Update the application Update the application to...

419.vn Cross Site Scripting vulnerability OBB-3913435

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in livewire before v3.0.4, allows remote attackers to execute arbitrary code getCsrfToken function. NOTE: the vendor disputes this because the 5d88731 commit fixes a usability problem HTTP 419 status codes for legitimate client activity, not a securit...

Amazon Linux 2023 : cni-plugins (ALAS2023-2023-419)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-419 advisory. The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

The weirdest security stories of 2022

Theres been a lot of weird and frankly bizarre attacks over the course of 2022, nestled in amongst the usual ransomware outbreaks and data breaches. Whether were talking social media, email, or even malware, theres been a mind bending tale of tall behaviour in almost every corner. Its time to...

Text-based fraud: from 419 scams to vishing

E-mail scammers typically combine social engineering with technical skills to bypass spam filters and persuade the recipient to reply. But there is a specific class of attacks that is technically stuck somewhere in the late 90s/early 00s, in the era of CRT monitors and sluggish internet: we are...

Nigerian Tesla: 419 scammer gone malware distributor unmasked

Agent Tesla is a well-known data stealer written in .NET that has been active since 2014 and is perhaps one of the most popular payloads observed in malspam campaigns. While looking for threats targeting Ukraine, we identified a group we call "Nigerian Tesla" that has been dabbling into phishing...

A week in security (April 25 – May 1)

Last week on Malwarebytes Labs: Why MITRE matters to SMBs Apple’s child safety features are coming to a Messages app near you Why software has so many vulnerabilities, with Tanya Janca: Lock and Code S03E09 Watch out for this SMS phish promising a tax refund Rogue ads phishing for cryptocurrency:...

perl security and bug fix update

4:5.26.3-419 - Fix CVE-2020-10543 bug 1839273 - Fix CVE-2020-10878 bug 1839276 - Fix a file mode of a perl-example.stp example bug 1913693 4:5.26.3-418 - Fix CVE-2020-12723 bug 1839279...

Before He Spammed You, this Sly Prince Stalked Your Mailbox

A reader forwarded what he briefly imagined might be a bold, if potentially costly, innovation on the old Nigerian prince scam that asks for help squirreling away millions in unclaimed fortune: It was sent via the U.S. Postal Service, with a postmarked stamp and everything. In truth these old...

Deleted Facebook Cybercrime Groups Had 300,000 Members

Hours after being alerted by KrebsOnSecurity, Facebook last week deleted almost 120 private discussion groups totaling more than 300,000 members who flagrantly promoted a host of illicit activities on the social media network's platform. The scam groups facilitated a broad spectrum of shady...

A week in security (March 19 – March 25)

Last week, we looked at the growing problem of smartphone addiction, how link rot is continually slicing down portions of the web, and the theft of our intellectual property. We also explored the landscape of DDoS problems, and tackled a Stephen Hawking 419 scam. Other news What can only really b...

A week in security (January 8 – January 14)

It's very early in the year, yet everyone has already had a complete meltdown pun intended over a number of serious vulnerabilities found in legacy and modern microprocessors. Last week, rightly so, vendors released patches for hardware and OSes to help mitigate these threats. However, problems i...

Of princes and perpetrators: Beware of getting ensnared in 419 scams

We've mentioned before that 419 scams don't always originate from Nigeria. It's a very simple and popular scam that can be attempted by pretty much anyone with a flair for social engineering. Indeed, 419 scams are so associated with the region that many scammers in non-Nigerian countries know the...

A week in security (October 16 – October 22)

Last week was an eventful one in security, keeping our research and intel teams on their toes. Multiple security researchers homed in on suspicious and malicious apps on Google Play, affecting thousands of Android users. A new variant of Mac malware Proton was also found in the wild, this time...

419 scammer offers USD $60 million—and a free child

Scammers often come crawling out of the woodwork in all sorts of places you wouldn't necessarily expect. This is to their advantage when trying to keep suspicion in check; after all, we're pretty much pre-programmed to think 419 scams will only wander into our inboxes. Twitter, though? That's a...

A week in security (August 28 – September 3)

Last week, we looked at what actions Kronos can perform in the final installment of a 2-part post. We also dived into Locky, again, a ransomware that just made a comeback, and found that its latest variant as of this writing has anti-sandboxing capabilities. This means that once Locky has...

419 spam: 10 million US dollars, courtesy of “Rev. Goodluck Ebola”

I'm not saying an email claiming to be from the "Central Bank of Nigeria" with a contact handler named "Rev. Goodluck Ebola" will raise too many red flags, but… Click to Enlarge CENTRAL BANK OF NIGERIA OFFICE OF THE GOVERNOR Zaria Street, Off Samuel Akintola Street,Garki 11, Garki-Abuja. Our Ref:...

kernel security update

kernel 2.6.18-419 - net dccp: Use AF-independent rebuildheader routine Hannes Frederic Sowa 1424751 - net dccp: fix freeing skb too early for IPV6RECVPKTINFO Hannes Frederic Sowa 1424633 CVE-2017-6074 - redhat kernel.spec.template: disable autoloading for dccp proto Hannes Frederic Sowa 1425177...