Phishing Attacks Enlist Amazon AWS, Microsoft Azure in Ploys

Recent phishing campaigns have been spotted boosting their anti-detection efforts by using Amazon Web Services to host their landing pages. It’s a sign of a nascent trend towards using public cloud storage, according to researchers. The attackers are also layering on various obfuscation technique...

New BEC Spam Campaign Targets Fortune 500 Businesses

Researchers have identified a wave of new business email compromise campaigns targeting Fortune 500 companies that are designed to trick victims into fraudulent wire transfers. Researchers said the campaigns originate from Nigeria and are targeting companies in the retail, healthcare and financia...

support.docusign.com XSS vulnerability

Vulnerable URL: https://support.docusign.com/en/search Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No Coordinated Disclosure Timeline: Description| Value ---|---...

docusign.com XSS vulnerability

Vulnerable URL: https://www.docusign.com/esignature/my-electronic-signature?'"-- Details: Description| Value ---|--- Patched:| Yes, at 30.05.2017 Latest check for patch:| 30.05.2017 17:43 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 2549 VIP website status:|...

DocuSign Data Breach Led to Targeted Email Malware Campaign

While we all were busy in the WannaCry ransomware menace, two separate data breaches have been reported, one in DocuSign, a major provider of electronic signature technology, and another in BELL, Canada’s largest telecommunications company. In a notice on its website on Tuesday, DocuSign confirme...

DocuSign Phishing Campaign Includes Hancitor Downloader

Electronic document exchange vendor DocuSign warned on Monday of a wave of phishing emails targeting its customers with links to malicious Word documents. The campaign, it said, was tied to an earlier breach of its computer networks where hackers were able to gain “temporary access” and exfiltrat...

Breach at DocuSign Led to Targeted Email Malware Campaign

DocuSign, a major provider of electronic signature technology, acknowledged today that a series of recent malware phishing attacks targeting its customers and users was the result of a data breach at one of its computer systems. The company stresses that the data stolen was limited to customer an...

secure.docusign.com XSS vulnerability

Vulnerable URL: https://secure.docusign.com/signup/free?tgr=com-freeplan-netlogin=%22%3E%3Csvg/onload=prompt/OPENBUGBOUNTY/%3E Details: Description| Value ---|--- Patched:| Yes, at 11.01.2017 Latest check for patch:| 11.01.2017 21:20 GMT Vulnerability type:| XSS Vulnerability status:| Publicly...

ElasticSearch < 1.4.5 / < 1.5.2 - Directory Traversal

!/usr/bin/python Crappy PoC for CVE-2015-3337 - Reported by John Heasman of DocuSign Affects all ElasticSearch versions prior to 1.5.2 and 1.4.5 Pedro Andujar || twitter: pandujar || email: @segfault.es || @digitalsec.net Tested on default Linux .deb install /usr/share/elasticsearch/plugins/...