Lucene search
K

663 matches found

ATTACKERKB
ATTACKERKB
added 2017/12/07 12:29 a.m.3 views

CVE-2017-17436

An issue was discovered in the software on Vaultek Gun Safe VT20i products. There is no encryption of the session between the Android application and the safe. The website and marketing materials advertise that this communication channel is encrypted with "Highest Level Bluetooth Encryption" and...

8.8CVSS5.6AI score0.00582EPSS
Exploits0References5
OSV
OSV
added 2017/11/20 8:29 p.m.1 views

DEBIAN-CVE-2017-3157

By exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrieved by the attacker by, e.g., using hidden sections to store the information, tricking the user in...

5.5CVSS5.6AI score0.03122EPSS
Exploits0References1
Malwarebytes
Malwarebytes
added 2017/11/15 5:46 p.m.34 views

Bad romance: catphishing explained

You've heard or read about some variant of this story before: Girl meets Boy on a dating website. Girl falls in love. Boy claims he does, too. Girl is excited to meet Boy soon. But at the last minute, Girl finds out that Boy 1 had an accident and broke a hip; 2 has a very sick relative he needs t...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2017/11/08 5:13 p.m.31 views

Phony WhatsApp used Unicode to slip under Google’s radar

After a troubling week for Google not so long ago, the company is under the spotlight once more for missing another app that, after further investigations by several members of Reddit, was found laden with adware. This app, which was called "Update WhatsApp Messenger," used the logo and developer...

7AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2017/10/06 1:0 p.m.48 views

This Week in Security News

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back...

7.1AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2017/10/03 12:0 p.m.58 views

Taking Healthcare Threat Protection to the Next Level with HITRUST

Healthcare organizations HCOs worldwide continue to be on the receiving end of cyber-attacks. But if we work together we have both the tools and motivation to turn this around. That’s why Trend Micro has been a long-time partner and advocate of the great work HITRUST is doing to help improve...

6.9AI score
Exploits0
Hacker One
Hacker One
added 2017/10/02 5:26 p.m.10 views

Tor: Content spoofing on

Vulnerability description not provided...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2017/08/16 1:6 p.m.36 views

Discourse: CSRF-tokens on pages without no-cache headers, resulting in ATO when using CloudFlare proxy (Web Cache Deception)

Hi, I noticed this issue on one of your clients which was using CloudFlare in front of their Discourse. This is not affecting try.discourse.org but the same underlying issue can be seen there as well even though it's not exploitable on that specific domain. The TL;DR of issue is basically:...

6.5AI score
Exploits0
CNVD
CNVD
added 2017/08/09 12:0 a.m.2 views

Microsoft Internet Explorer Remote Memory Corruption Vulnerability (CNVD-2017-28003)

Microsoft Internet Explorer is a popular WEB browser. A memory corruption vulnerability exists in Microsoft Internet Explorer, which allows remote attackers to exploit the vulnerability by presenting a special WEB page and tricking a user into visiting it, which could crash the application or...

7.6CVSS8.2AI score0.09181EPSS
Exploits0References1
Kitploit
Kitploit
added 2017/07/24 11:31 p.m.37 views

HoneypotBuster - Microsoft PowerShell Module to Find HoneyPots and HoneyTokens in the Network

Microsoft PowerShell module designed for red teams that can be used to find honeypots and honeytokens in the network or at the host. CodeExecution Execute code on a target machine using Import-Module. Invoke-HoneypotBuster HoneypotBuster is a tool designed to spot Honey Tokens, Honey Bread Crumbs...

7.4AI score
Exploits0References1
CNVD
CNVD
added 2017/05/22 12:0 a.m.1 views

WordPress FTP/SSH Forms Function Cross-Site Request Forgery Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in the WordPress FTP/SSH forms feature. The vulnerability can be used to...

8.6CVSS8.4AI score0.03668EPSS
Exploits0References1
Kitploit
Kitploit
added 2017/05/21 2:50 p.m.26 views

Airachnid Burp Extension - A Burp Extension to test applications for vulnerability to the Web Cache Deception attack

A Burp extension to test applications for vulnerability to the Web Cache Deception attack. Once the extension has been loaded, it can be accessed in the Target - Sitemap tab and right click on the resource that should be tested. A context sensitive menu item called "Airachnid Web Cache Test" will...

7AI score
Exploits0References1
CNVD
CNVD
added 2017/05/09 12:0 a.m.2 views

Google Android kernel trace subsystem elevation of privilege vulnerability

Google Android is a Linux-based operating system for smartphone devices. An elevation of privilege vulnerability exists in the Google Android kernel trace subsystem, which can be exploited by a remote attacker to build a malicious application that can be elevated in privilege by inducing a user t...

8.1AI score
Exploits0References1
CNVD
CNVD
added 2017/03/31 12:0 a.m.2 views

Huawei Enjoy 5 cell phone design flaw vulnerability

Huawei Enjoy 5 is a smartphone from the Chinese company Huawei Huawei. A design flaw vulnerability exists in previous versions of the Huawei Enjoy 5 phone, TIT-AL00C583B214, where an attacker could trick a user into installing a malicious program to call the interface and modify system properties...

7.1CVSS6.7AI score0.00556EPSS
Exploits0References1
Microsoft Malware Protection
Microsoft Malware Protection
added 2017/03/03 5:39 a.m.27 views

Breaking down a notably sophisticated tech support scam M.O.

Note: Our Tech support scams FAQ page has the latest info on this type of threat, including scammer tactics, fake error messages, and the latest scammer hotlines. You can also read our latest blog, New tech support scam launches communication or phone call app. The cornerstone of tech support sca...

6.6AI score
Exploits0
CNVD
CNVD
added 2017/03/01 12:0 a.m.3 views

Iceni Argus Integer Overflow Vulnerability

Iceni Argus is the British Iceni company's set of PDF document type conversion tool. Iceni Argus handles special PDF files with an integer overflow vulnerability that can be exploited by an attacker to build malicious PDF files and trick users into parsing them, which can crash the application...

9.3CVSS7.2AI score0.02116EPSS
Exploits2References1
FireEye
FireEye
added 2017/02/22 2:45 p.m.12 views

Spear Phishing Techniques Used in Attacks Targeting the Mongolian Government

Introduction FireEye recently observed a sophisticated campaign targeting individuals within the Mongolian government. Targeted individuals that enabled macros in a malicious Microsoft Word document may have been infected with Poison Ivy, a popular remote access tool RAT that has been used for...

8.1AI score
Exploits0References2
CNVD
CNVD
added 2017/02/20 12:0 a.m.2 views

Google Chrome blink ui forgery vulnerability

Google Chrome is a popular web browser. Google Chrome blink suffers from a ui forgery vulnerability that allows remote attackers to build malicious WEB pages that can be exploited to trick users into parsing, which can deceive them...

6.5CVSS9.1AI score0.0129EPSS
Exploits0References1
OSV
OSV
added 2017/01/19 5:59 a.m.2 views

UBUNTU-CVE-2016-5218

The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled navigation within PDFs, which allowed a remote attacker to temporarily spoof the contents of the Omnibox URL bar via a crafted HTML page containing PDF data...

6.5CVSS7AI score0.0123EPSS
Exploits0References3
rapid7community
rapid7community
added 2016/12/05 6:28 p.m.8 views

Deception Technology: Can It Detect Intruders Earlier in their Attack Chain?

Every infosec conference is chatting about the Attack Chain, a visual mapping of the steps an intruder must take to breach a network. If you can detect traces of an attack earlier, you not only have more time to respond, but can stop the unauthorized access to monetizable data and its exfiltratio...

7.1AI score
Exploits0
Rows per page
Query Builder