Lucene search
K

57 matches found

ThreatPost
ThreatPost
added 2019/10/24 6:47 p.m.72 views

Raccoon Malware Scavenges 100,000+ Devices to Steal Data

A new information stealer, dubbed Raccoon, is rapidly gaining popularity with cybercriminals. In just a few months, researchers say the malware has already infected hundreds of thousands of devices across the world to rove through victims’ credit card data, email credentials and more. The malware...

Exploits0References8
CNVD
CNVD
added 2019/07/31 12:0 a.m.3 views

Ubiquiti Networks UniFi Controller Trust Management Issue Vulnerability

Ubiquiti Networks UniFi Controller is a suite of software from Ubiquiti Networks, Inc. for managing multiple wireless access point devices in a single platform. A trust management issue vulnerability exists in Ubiquiti Networks UniFi Controller version 5.10.21 and prior versions, which can be...

8.1CVSS6.8AI score0.01295EPSS
Exploits0References1
CVE
CVE
added 2019/07/02 6:44 p.m.99 views

CVE-2017-8411

CVE-2017-8411 affects D-Link DCS-1130 devices. A command-injection path exists via a POST parameter that can be processed by a vulnerable system API, enabling execution of arbitrary commands. Investigations point to libmailutils.so, where a vulnerable function sub_1FC4 receives POST data; the val...

9.3CVSS8.9AI score0.0585EPSS
Exploits1References3Affected Software1
ThreatPost
ThreatPost
added 2019/02/20 8:48 p.m.69 views

Separ Malware Plucks Hundreds of Companies' Credentials in Ongoing Phish

An ongoing phishing campaign is using malicious PDF documents to spread Separ malware and ultimately steal victims’ browser and email credentials. Since the attack started at the end of January, it has affected around 200 companies and over 1,000 individuals, located mainly in Southeast Asia, the...

1.2AI score
Exploits0References4
ThreatPost
ThreatPost
added 2017/11/13 1:29 p.m.11 views

Phishing Biggest Threat to Google Account Security

Last year may have been mostly about ransomware, but it’s difficult to forget the billion or so passwords that were spilled in high-profile breaches and credential leaks. Google and researchers from the University of California Berkeley attempted to ease some of that pain, and teamed up to analyz...

0.4AI score
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2017/09/28 12:0 a.m.7 views

The vulnerability of the Advantech WebAccess remote monitoring software lies in the lack of protection for email account credentials, allowing attackers to access confidential information.

The vulnerability of Advantech WebAccess remote monitoring software lies in the lack of protection for email account credentials stored in unencrypted form. Exploiting this vulnerability can allow a malicious actor to gain access to confidential information...

5CVSS6.4AI score0.01765EPSS
Exploits0References5Affected Software1
ThreatPost
ThreatPost
added 2017/09/01 11:30 a.m.10 views

On the Onliner Spambot, WireX, and Sarahah

Mike Mimoso and Chris Brook discuss the news of the week, including the Onliner spambot, Google’s forthcoming Not Secure warnings for Chrome, the WireX botnet, Sarahah privacy and more. Download: ThreatpostNewsWrapSeptember12017.mp3 Music by Chris Gonsalves Show notes: Google Reminding Admins HTT...

0.1AI score
Exploits0References9
ThreatPost
ThreatPost
added 2017/08/30 12:10 p.m.25 views

Spambot Contains 'Mind-Boggling' Amount of Email, SMTP Credentials

Researchers have managed to penetrate a spam bot and uncover a massive list of 711 million records that includes email addresses, email and password combinations some in cleartext, and SMTP credentials and configuration files. Troy Hunt who runs the Have I Been Pwned service called it a...

0.8AI score
Exploits0References3
Microsoft Malware Protection
Microsoft Malware Protection
added 2017/01/27 1:10 a.m.16 views

Phishers unleash simple but effective social engineering techniques using PDF attachments

The Gmail phishing attack is reportedly so effective that it tricks even technical users, but it may be just the tip of the iceberg. We’re seeing similarly simple but clever social engineering tactics using PDF attachments. These deceitful PDF attachments are being used in email phishing attacks...

6.8AI score
Exploits0
ThreatPost
ThreatPost
added 2017/01/05 5:5 p.m.10 views

Experts Warn of Novel PDF-based Phishing Scam

The SANS Internet Storm Center published a warning on Wednesday about an active phishing campaign that utilizes PDF attachments in a novel ploy to harvest email credentials from victims. According to the SANS bulletin, the email has the subject line “Assessment document” and the body contains a...

0.7AI score
Exploits0References3
ThreatPost
ThreatPost
added 2015/01/07 10:35 a.m.13 views

New Emomet Variant Targets Banking, Email Credentials

Security researchers are tracking a new version of the Emomet malware that is targeting users’ banking credentials and also has the ability to steal email usernames and passwords, which are then used to send spam from compromised accounts. The new variant of Emomet has mostly been seen targeting...

2.4AI score
Exploits0References3
ThreatPost
ThreatPost
added 2014/12/01 10:41 a.m.10 views

Cybercrime Group Preys on Wall Street Insider Information

A criminal hacking group with an innate understanding of how Wall Street moves and what influences stock prices has found a soft spot in more than 100 publicly traded companies and is stealing, among other data, mergers and acquisitions intelligence. The group is homed in on healthcare and...

7.1AI score
Exploits0References1
ThreatPost
ThreatPost
added 2014/11/19 2:54 p.m.33 views

Citadel Variant Targets Password Managers

The Citadel Trojan has once again branched out beyond its roots as banking malware and is now targeting the master passwords guarding major password management products. Researchers from IBM Trusteer today said they’ve notified makers of the nexus Personal Security Client, Password Safe and KeePa...

10CVSS0.1AI score0.81943EPSS
Exploits5
The Hacker News
The Hacker News
added 2013/11/21 11:52 a.m.18 views

New Banking malware 'i2Ninja' being sold via underground Russian Cybercrime Market

Researchers at Trusteer spotted a new banking malware program on the underground Russian cybercrime market, that communicates with attackers over the I2P anonymity network is for sale on underground Russian cybercrime forums. Dubbed 'i2Ninja', malware has most of the features found in other...

6.9AI score
Exploits0
Prion
Prion
added 2013/09/05 11:44 a.m.25 views

Open redirect

Open-Xchange AppSuite before 7.0.2 rev14, 7.2.0 before rev11, 7.2.1 before rev10, and 7.2.2 before rev9 relies on user-supplied data to predict the IMAP server hostname for an external domain name, which allows remote authenticated users to discover e-mail credentials of other users in...

3.5CVSS6.7AI score0.0093EPSS
Exploits2References1Affected Software1
ThreatPost
ThreatPost
added 2013/07/19 12:21 p.m.8 views

BlackBerry Refutes Claim Private Email Passwords Sent to RIM

BlackBerry is refuting a claim made by a German researcher that private email credentials are sent by the new BlackBerry 10 mobile devices to the company without consent, possibly in the clear, and that they’re also stored without permission. Frank Rieger said that when users enter their POP/IMAP...

0.4AI score
Exploits0References2
ThreatPost
ThreatPost
added 2011/09/14 3:30 p.m.18 views

Ice IX: Not Cool At All

My colleague Jorge Mieres recently found a C&C server of a botnet based on a malicious program called Ice IX. As announced on several user forums, Ice IX is a bot created using the source code of ZeuS 2.0.8.9, which became publicly available in May. The author of the new bot says the program...

7.3AI score
Exploits0References3
Rows per page
Query Builder