Lucene search
K

812 matches found

NVD
NVD
added 2018/11/08 7:29 p.m.22 views

CVE-2018-15448

A vulnerability in the user management functions of Cisco Registered Envelope Service could allow an unauthenticated, remote attacker to discover sensitive user information. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to an insecu...

7.5CVSS5.9AI score0.02222EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2018/11/08 7:0 p.m.11 views

CVE-2018-15448 Cisco Registered Envelope Service Information Disclosure Vulnerability

A vulnerability in the user management functions of Cisco Registered Envelope Service could allow an unauthenticated, remote attacker to discover sensitive user information. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to an insecu...

5.3CVSS6.5AI score0.02222EPSS
Exploits0References2
Cisco
Cisco
added 2018/11/07 4:0 p.m.583 views

Cisco Registered Envelope Service Information Disclosure Vulnerability

A vulnerability in the user management functions of Cisco Registered Envelope Service could allow an unauthenticated, remote attacker to discover sensitive user information. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to an insecu...

5.3CVSS1.3AI score0.02222EPSS
Exploits0References1
ThreatPost
ThreatPost
added 2018/11/01 4:37 p.m.542 views

Utilities, Energy Sector Attacked Mainly Via IT, Not ICS

While industrial control systems ICS are the most talked-about when it comes to cyberattacks against energy and utilities firms, most attacks actually take aim at the enterprise IT networks used by these organizations, rather than critical infrastructure itself. The Vectra 2018 Spotlight Report o...

2.1AI score
Exploits0References4
ThreatPost
ThreatPost
added 2018/10/24 4:32 p.m.559 views

sLoad Banking Trojan Downloader Displays Sophisticated Recon and Targeting

A new PowerShell downloader dubbed sLoad is making the rounds, sporting impressive reconnaissance tactics and a penchant for geofencing, which indicate increasing sophistication when it comes to targeting efforts. First spotted in May 2018, sLoad typically delivers the Ramnit banking trojan but h...

0.3AI score
Exploits0References1
n0where
n0where
added 2018/10/23 4:10 a.m.129 views

Web Testing Framework Samurai

The Samurai Web Testing Framework is a virtual machine, supported on VirtualBox and VMWare, that has been pre-configured to function as a web pen-testing environment. The VM contains the best of the open source and free tools that focus on testing and attacking websites. In developing this...

7AI score
Exploits0References2
Kitploit
Kitploit
added 2018/10/21 12:48 p.m.151 views

BetterCap v2.10 - The Swiss Army Knife For 802.11, BLE And Ethernet Networks Reconnaissance And MITM Attacks

bettercap is the Swiss Army knife for 802.11, BLE and Ethernet networks reconnaissance and attacks. How to Install A precompiled version is available for each release, alternatively you can use the latest version of the source code from this repository in order to build your own binary. Make sure...

7.6AI score
Exploits0References5
ThreatPost
ThreatPost
added 2018/10/18 3:8 p.m.71 views

GreyEnergy Spy APT Mounts Sophisticated Effort Against Critical Infrastructure

A new APT group, dubbed GreyEnergy by researchers, has emerged as a successor to the infamous BlackEnergy APT group, which was behind the electric grid cyberattack and resulting power outage in the Ukraine in December 2015. However, GreyEnergy’s focus and targeting revolve around cyber-espionage...

Exploits0References6
Kitploit
Kitploit
added 2018/10/15 12:2 p.m.95 views

ReconDog v2.0 - Reconnaissance Swiss Army Knife

Reconnaissance Swiss Army Knife Main Features Wizard + CLA interface Can extracts targets from STDIN piped input and act upon them All the information is extracted with APIs, no direct contact is made to the target Utilities Censys: Uses censys.io to gather massive amount of information about an ...

6.9AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2018/10/05 2:0 p.m.7 views

CVE-2018-15405 Cisco Integrated Management Controller Supervisor and Cisco UCS Director Authenticated Web Interface Information Disclosure Vulnerability

A vulnerability in the web interface for specific feature sets of Cisco Integrated Management Controller IMC Supervisor and Cisco UCS Director could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to an authorization check that does not properly...

6.5AI score0.01846EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/10/05 2:0 p.m.21 views

CVE-2018-15405 Cisco Integrated Management Controller Supervisor and Cisco UCS Director Authenticated Web Interface Information Disclosure Vulnerability

A vulnerability in the web interface for specific feature sets of Cisco Integrated Management Controller IMC Supervisor and Cisco UCS Director could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to an authorization check that does not properly...

6.4AI score0.01846EPSS
Exploits0References2
Cisco
Cisco
added 2018/10/03 4:0 p.m.541 views

Cisco Integrated Management Controller Supervisor and Cisco UCS Director Authenticated Web Interface Information Disclosure Vulnerability

A vulnerability in the web interface for specific feature sets of Cisco Integrated Management Controller IMC Supervisor and Cisco UCS Director could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to an authorization check that does not properly...

6.5CVSS1.7AI score0.01846EPSS
Exploits0References1
n0where
n0where
added 2018/09/12 7:31 p.m.71 views

Advanced Network Reconnaissance Toolkit: badKarma

badKarma is a python3 GTK+ toolkit that aim to assist penetration testers during all the network infrastructure penetration testing activity phases. It allow testers to save time by having point-and-click access to their toolkits, launch them against single or multiple targets and interacte with...

0.2AI score
Exploits0References1
ThreatPost
ThreatPost
added 2018/09/11 7:56 p.m.18 views

Bad Actors Sizing Up Systems Via Lightweight Recon Malware

Well-known financial crime gang Cobalt Group and other threat actors have recently shifted tactics to incorporate lightweight modular downloaders that “vet” target machines for their attractiveness before proceeding with a full-fledged attack. The emergence of the AdvisorsBot and Marap malwares, ...

0.2AI score
Exploits0References6
The Hacker News
The Hacker News
added 2018/09/06 5:12 p.m.2 views

U.S. Charges North Korean Spy Over WannaCry and Sony Pictures Hack

The U.S. Department of Justice announces criminal charges against a North Korean government spy in connection with the 2017 global WannaCry ransomware attack and the 2014 Sony Pictures Entertainment hack. According to multiple government officials cited by the NY Times who are familiar with the...

7.1AI score
Exploits0
ThreatPost
ThreatPost
added 2018/08/30 3:27 p.m.22 views

Cobalt Group Targets Banks in Eastern Europe with Double-Threat Tactic

The infamous financial cybercrime gang known as Cobalt Group has been spotted actively pushing a fresh campaign that uses a peculiar tactic: Double infection points and two command-and-control C2 servers. The Cobalt Group, a known financial cybercrime ring since 2016, has been suspected in attack...

1.3AI score
Exploits0References6
n0where
n0where
added 2018/08/29 3:43 a.m.32 views

The Offensive Web Application Penetration Testing Framework: TIDoS

TIDoS Framework is a comprehensive web-app audit framework. TIDoS is made to be comprehensive and versatile. It is a highly flexible framework where you just have to select and use modules. But before that, you need to set your own API KEYS for various OSINT purposes. To do so, open up APIKEYS.py...

0.2AI score
Exploits0References2
Kitploit
Kitploit
added 2018/08/28 9:11 p.m.56 views

badKarma - Advanced Network Reconnaissance Toolkit

badKarma is a python3 GTK+ network infrastructure penetration testing toolkit. badKarma aim to help the tester in all the penetration testing phases information gathering, vulnerability assessment,exploitation,post-exploitation and reporting. It allow the tester to save time by having...

7.2AI score
Exploits0References1
n0where
n0where
added 2018/08/22 5:26 p.m.30 views

Social Media Enumeration & Correlation Tool: Social Mapper

Social Mapper is a Open Source Intelligence Tool that uses facial recognition to correlate social media profiles across different sites on a large scale. It takes an automated approach to searching popular social media sites for targets names and pictures to accurately detect and group a person’s...

Exploits0References1
ThreatPost
ThreatPost
added 2018/08/16 5:6 p.m.16 views

‘China’s MIT’ Linked to Espionage Campaign Against Alaska, Economic Partners

An extensive cyberespionage campaign was disclosed today, targeting high-value international and U.S. government agencies and companies and emanating from an IP address associated with Tsinghua University, colloquially known as “China’s MIT.” The actors have gone after a range of targets, includi...

0.2AI score
Exploits0References7
Rows per page
Query Builder