Lucene search
+L

639 matches found

Prion
Prion
added 2019/10/08 1:15 p.m.17 views

Xxe

In Centreon Web through 2.8.29, disclosure of external components' passwords allows authenticated attackers to move laterally to external components...

4CVSS6.3AI score0.01067EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2019/10/08 12:21 p.m.29 views

CVE-2019-17106

In Centreon Web through 2.8.29, disclosure of external components' passwords allows authenticated attackers to move laterally to external components...

6.3AI score0.01067EPSS
Exploits0References3
CVE
CVE
added 2019/10/08 12:21 p.m.53 views

CVE-2019-17106

CVE-2019-17106 affects Centreon Web up to version 2.8.29. The issue is disclosure of external components’ passwords, which authenticated attackers can use to move laterally to external components. The available connected records repeat the same description without adding new technical details (no...

6.5CVSS6.2AI score0.01067EPSS
Exploits0References3Affected Software1
Malwarebytes
Malwarebytes
added 2019/09/16 5:4 p.m.44 views

Emotet is back: botnet springs back to life with new spam campaign

After a fairly long hiatus that lasted nearly four months, Emotet is back with an active spam distribution campaign. For a few weeks, there were signs that the botnet was setting its gears in motion again, as we observed command and control C2 server activity. But this morning, the Trojan started...

0.5AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/09/05 4:0 p.m.34 views

How To Handle Evolutions in Cybercrime

Cybercriminals are Evolving Attackers are constantly evolving their techniques—finding ways to evade your defenses and stay in your systems longer. Today, 68% of attacks remain undetected for months or more. Traditional antivirus AV can’t hold up against the modern hacker. New attacks, like...

1AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2019/08/19 2:47 p.m.79 views

This Week in Security News: Phishing Campaigns and a Biometric Data Breach

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about ever-increasing amounts of phishing campaigns and how Trend Micro caught 2.4 million attacks of this type — a 59% increase from...

0.1AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2019/08/19 1:22 p.m.55 views

XDR Is The Best Remedy As Attackers Increasingly Seek To Evade EDR

Real enterprises are messy places. One messy reality is that enterprises don’t manage all their endpoints. A smart colleague turned me onto using the % of endpoints and servers managed as a prime security metric. On one end of the spectrum are places like universities that maybe manage 10% of the...

1AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2019/08/16 2:5 p.m.86 views

This Week in Security News: Phishing Campaigns and a Biometric Data Breach

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about ever-increasing amounts of phishing campaigns and how Trend Micro caught 2.4 million attacks of this type — a 59% increase from...

0.1AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2019/08/12 3:11 p.m.41 views

Cyberattack Lateral Movement Explained

Lightly edited transcript of the video above Hi there, Mark Nunnikhoven from Trend Micro Research, I want to talk to you about the concept of lateral movement. And the reason why I want to tackle this today is because I've had some conversations in the last few days that have really kind of hit...

6.9AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2019/08/07 3:56 p.m.53 views

XDR Needs Network Data and Here’s Why

As we’ve discussed in previous blogs, XDR is a better way to detect attacks within a network since it is able to coordinate and collaborate threat intelligence and data across multiple threat vectors, including endpoint including mobile and IIoT, server, network, messaging, web, and cloud. In thi...

0.9AI score
Exploits0
Metasploit
Metasploit
added 2019/07/27 5:22 p.m.200 views

Nagios XI Enumeration

NagiosXI may store credentials of the hosts it monitors. This module extracts these credentials, creating opportunities for lateral movement. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule...

0.1AI score
Exploits0
ThreatPost
ThreatPost
added 2019/07/23 8:22 p.m.94 views

Citrix Confirms Password-Spraying Heist of Reams of Internal IP

UPDATE Digital workspace and enterprise networks vendor Citrix has concluded its investigation into a 6TB data heist in March, which it said was the work of international cybercriminals who exploited weak passwords on an internal network. The attackers intermittently accessed Citrix’ infrastrucur...

7.3AI score
Exploits0References6
Akamai Blog
Akamai Blog
added 2019/06/25 4:0 p.m.238 views

Intercept SaaS Services with the Akamai EAA Client

I was quite fortunate to visit Tokyo for the first time last year, and it was an unforgettable experience to explore all the sights and sounds around the Ginza district and to interact with the very friendly Japanese people. It wasn't all play, though -- and I had to get some real work done as...

7.7AI score
Exploits0
ThreatPost
ThreatPost
added 2019/06/24 1:0 p.m.156 views

The Modern-Day Heist: IP Theft Techniques That Enable Attackers

The Great Train Robbery of 1963 in Buckinghamshire, U.K., was orchestrated by a gang of 15 robbers that devised and executed a well-laid-out plan over the course of several months. Fast-forward 56 years and we’re still seeing gangs of modern-day robbers orchestrating elaborate plans – only in 201...

0.3AI score
Exploits0References4
FireEye
FireEye
added 2019/06/04 12:0 a.m.38 views

Hunting COM Objects

COM objects have recently been used by penetration testers, Red Teams, and malicious actors to perform lateral movement. COM objects were studied by several other researchers in the past, including Matt Nelson enigma0x3, who published a blog post about it in 2017. Some of these COM objects were...

8.1AI score
Exploits0References4
Gitee
Gitee
added 2019/05/06 10:3 p.m.2 views

Shr3dKit

This is an offensive tool for Red Team operations. The tool kit, named Shr3dKit, is a collection of scripts and tools for various stages of a Red Team engagement, including reconnaissance, weaponization, delivery, command and control, lateral movement, establishing a foothold, escalating...

7AI score
Exploits0
FireEye
FireEye
added 2019/04/10 4:0 a.m.23 views

TRITON Actor TTP Profile, Custom Attack Tools, Detections, and ATT&CK Mapping

Overview FireEye can now confirm that we have uncovered and are responding to an additional intrusion by the attacker behind TRITON at a different critical infrastructure facility. In December 2017, FireEye publicly released our first analysis on the TRITON attack where malicious actors used the...

7.8AI score
Exploits0References22
Carbon Black Blog
Carbon Black Blog
added 2019/04/08 5:29 p.m.45 views

Can You Handle the Cyber Threats Coming in 2019?

I never thought I’d long for the days when Pikachu and Anna Kournikova worms were thriving. But back then, cyber attacks caused chaos, but not significant damage. Fast forward to 2019 and the threat landscape has changed. Now attackers are out to do significant damage to your company. This damage...

Exploits0
FireEye
FireEye
added 2019/04/05 5:0 p.m.94 views

Pick-Six: Intercepting a FIN6 Intrusion, an Actor Recently Tied to Ryuk and LockerGoga Ransomware

Summary Recently, FireEye Managed Defense detected and responded to a FIN6 intrusion at a customer within the engineering industry, which seemed out of character due to FIN6’s historical targeting of payment card data. The intent of the intrusion was initially unclear because the customer did not...

10CVSS0.1AI score0.79842EPSS
Exploits13References3
ThreatPost
ThreatPost
added 2019/04/02 8:26 p.m.82 views

ThreatList: Half of All Attacks Aim at Supply Chain

Increasingly sophisticated attacks that target supply chains, counter-incident response and lateral movement within a network are quickly becoming the new normal in the corporate security threat landscape. That’s according to Carbon Black’s latest quarterly Global Incident Response Threat Report,...

0.2AI score
Exploits0References7
Rows per page
Query Builder