Lucene search
K

91 matches found

The Hacker News
The Hacker News
added 2021/04/26 10:38 a.m.265 views

How to Test and Improve Your Domain's Email Security?

No matter which type of business you are in, whether small, medium, or large, email has become an irrefutable tool for communicating with your employees, partners, and customers. Emails are sent and received each day in bulk by companies from various sources. In addition, organizations may also...

0.5AI score
Exploits0
ThreatPost
ThreatPost
added 2021/04/13 6:29 p.m.54 views

Tax Phish Swims Past Google Workspace Email Security

A W2 tax email scam is circulating in the U.S. using Typeform, a popular software that specializes in online surveys and form building. The campaign is aimed at harvesting victims’ email account credentials, researchers said. According to Armorblox, the campaign also bypasses native Google...

7.5AI score
Exploits0References7
The Hacker News
The Hacker News
added 2021/02/22 11:21 a.m.54 views

How to Fight Business Email Compromise (BEC) with Email Authentication?

An ever-evolving and rampant form of cybercrime that targets emails as the potential medium to conduct fraud is known as Business Email Compromise. Targeting commercial, government as well as non-profit organizations, BEC can lead to huge amounts of data loss, security breach, and compromised...

7.3AI score
Exploits0
Veracode
Veracode
added 2021/02/15 10:48 a.m.17 views

Lightweight Directory Access Protocol (LDAP) Injection

is-user-valid is vulnerable to Lightweight Directory Access Protocol LDAP Injection. The vulnerability exists due to an unsanitized validate function when authenticating the email in the getEmail function...

7.5CVSS2.4AI score0.01419EPSS
Exploits1References2Affected Software1
The Hacker News
The Hacker News
added 2020/12/07 10:47 a.m.33 views

How DMARC Can Stop Criminals Sending Fake Emails on Behalf of Your Domain

21st-century technology has allowed Cybercriminals to use sophisticated and undetectable methods for malicious activities. In 2020 alone, a survey revealed that 65% of US-based companies were vulnerable to email phishing and impersonation attacks. This calls for upgrading your organization's...

7.2AI score
Exploits0
OSV
OSV
added 2020/11/30 7:22 p.m.6 views

OPENSUSE-SU-2020:2127-1 Security update for neomutt

This update for neomutt fixes the following issues: Update neomutt to 20201120. Address boo1179035, CVE-2020-28896. Security - imap: close connection on all failures Features - alias: add function to Alias/Query dialogs - config: add validators for imap,smtp,popauthenticators - config: warn when...

5.9CVSS6.2AI score0.02323EPSS
Exploits0References10
ThreatPost
ThreatPost
added 2020/10/29 8:45 p.m.15 views

University Email Hijacking Attacks Push Phishing, Malware

Cybercriminals are hijacking legitimate email accounts from more than a dozen universities – including Purdue University, University of Oxford in the U.K. and Stanford University – and using the accounts to bypass detection and trick victims into handing over their email credentials or installing...

7.8AI score
Exploits0References11
CISA
CISA
added 2020/09/10 12:0 a.m.16 views

CISA Insights: Email-Based Attacks on Elections-Related Entities

The Cybersecurity and Infrastructure Security Agency CISA has released CISA Insights: Actions to Counter Email-Based Attacks on Elections-Related Entities in light of increased sophisticated phishing operations targeting individuals and groups involved in the upcoming U.S. elections. CISA strongl...

7AI score
Exploits0References6
CNVD
CNVD
added 2020/08/12 12:0 a.m.1 views

GitLab Authorization Issues Vulnerability (CNVD-2020-46490)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab versions prior ...

9.6CVSS6.8AI score0.00996EPSS
Exploits0References1
ThreatPost
ThreatPost
added 2020/07/13 1:0 p.m.60 views

A 'New Age' of Sophisticated Business Email Compromise is Coming

A newly discovered, sophisticated threat group that targets organizations without DMARC implemented and relies on business email compromise is heralding what researchers call “a new age” of business email compromise. The group, called Cosmic Lynx, is the first reported Russian BEC cybercriminal...

6.7AI score
Exploits0References11
CNVD
CNVD
added 2020/06/22 12:0 a.m.11 views

GitLab Data Forgery Issue Vulnerability

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab Enterprise...

5.3CVSS6.4AI score0.00726EPSS
Exploits0References1
CNVD
CNVD
added 2020/05/06 12:0 a.m.2 views

Longbrothers Digital OKLOK Code Issue Vulnerability

Longbrothers Digital Fingerprint Bluetooth Padlock FB50 and OKLOK are both products of Longbrothers Digital China.Fingerprint Bluetooth Padlock FB50 is a fingerprint round The Fingerprint Bluetooth Padlock FB50 is a fingerprint round padlock that supports fingerprint unlocking, remote unlocking...

7.5CVSS7.2AI score0.01067EPSS
Exploits1References1
NVD
NVD
added 2020/04/27 2:15 p.m.13 views

CVE-2020-12272

OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication results to provide false information about the domain that originated an e-mail message. This is caused by incorrect parsing and interpretation of SPF/DKIM authentication results, as demonstrated by the...

5.3CVSS6.3AI score0.02136EPSS
Exploits1References5
CNVD
CNVD
added 2019/12/19 12:0 a.m.3 views

GitLab Authorization Issues Vulnerability (CNVD-2020-12719)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. An authorization issue vulnerability exists in GitLab...

8.8CVSS7AI score0.01511EPSS
Exploits1References1
ThreatPost
ThreatPost
added 2019/07/29 7:54 p.m.194 views

ThreatList: DMARC Adoption Nonexistent at 80% of Orgs

About 80 percent of company web domains don’t have standard email authentication protections in place. That’s according to 250ok’s Global DMARC Adoption 2019 report, which analyzed 25,700 domains in the education, e-commerce, legal, financial services, SaaS and nonprofit sectors, as well as the...

7.2AI score
Exploits0References6
Microsoft Secure
Microsoft Secure
added 2019/06/03 4:0 p.m.85 views

Secure your journey to the cloud with free DMARC monitoring for Office 365

Not knowing who is sending email “from” your organization is an enormous problem for IT managers for two reasons. One problem is “shadow IT”—cloud services that employees have signed up for without IT oversight. Many of these services send mail—to employees, customers, or marketing prospects—whic...

7.3AI score
Exploits0
Hacker One
Hacker One
added 2019/04/29 7:23 p.m.66 views

Automattic: Insufficient DKIM record with RSA 512-bit key used on WordPress.com

What is DomainKeys Identified Mail DKIM ? DKIM allows the receiver to check that an email claimed to have come from a specific domain was indeed authorized by the owner of that domain. It achieves this by affixing a digital signature, linked to a domain name, to each outgoing email message. The...

6.7AI score
Exploits0
CISA
CISA
added 2018/10/25 12:0 a.m.10 views

FTC Releases Alert with Cybersecurity Resources for Non-Profits and Small Businesses

The Federal Trade Commission FTC has released an alert with new cybersecurity resources for non-profits and small businesses. These resources, which cover topics such as ransomware, phishing, and email authentication, aim to help organizations protect their network and information. NCCIC encourag...

6.9AI score
Exploits0References3
Hacker One
Hacker One
added 2018/02/13 10:2 a.m.15 views

Coalition, Inc.: No authentication on email address for password reset functionality/ https://platform.thecoalition.com/forgot-password

NOTE! Thanks for submitting a report! Please replace all the square sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report! Summary: It was observed that the forgo...

0.5AI score
Exploits0
OPENSUSE Linux
OPENSUSE Linux
added 2017/08/18 3:7 p.m.326 views

Security update for MozillaThunderbird (important)

This update for MozillaThunderbird to version 52.3 fixes security issues and bugs. The following vulnerabilities were fixed: - CVE-2017-7798: XUL injection in the style editor in devtools - CVE-2017-7800: Use-after-free in WebSockets during disconnection - CVE-2017-7801: Use-after-free with marqu...

9.8AI score0.04187EPSS
Exploits12References1
Rows per page
Query Builder