Stellar.org: Admin panel of https://www.stellar.org/wp-admin/

https://www.stellar.org/wp-admin/ link has various operations which should not be accessible to an anonymous user. As admin panel is accessible an attacker can use this information in targeted attack and he can bruteforce the username and password. on the other side server information is easily...

Private Message PHP Script 2.0 - Cross-Site Scripting

Private Message PHP Script 2.0 - Cross-Site Scripting Exploit Title: Private Message PHP Script 2.0 - Persistent Cross-Site scripting Date: 2018-05-20 Exploit Author: Borna nematzadeh L0RD Vendor Homepage: https://codecanyon.net/item/private-message-php-script/21027192?srank=1 Version: 2.0 Tested...

Threat Analysis: Malicious Microsoft Word Documents Being Used in Targeted Attack Campaigns

A Microsoft Word document .doc believed to be malicious was recently submitted to Carbon Black’s Threat Analysis Unit TAU. The submitting organization did not feel that that document and subsequent payload was fully executing in their analysis environment, and questioned whether or not it was...

Inside the CCleaner Backdoor Attack

MADRID—As the investigation continues into the backdoor planted inside CCleaner, two members of parent company Avast’s threat intelligence team said today the desktop and cloud versions of the popular software contained different payloads. The revelation was made during a talk at Virus Bulletin...

A simple example of a complex cyberattack

We're already used to the fact that complex cyberattacks use 0-day vulnerabilities, bypassing digital signature checks, virtual file systems, non-standard encryption algorithms and other tricks. Sometimes, however, all of this may be done in much simpler ways, as was the case in the malicious...

Google Removes Chrome Extension Used in Banking Fraud

Google has removed from the Chrome Web Store a malicious browser extension used by criminals in Brazil to target corporate users with the aim of stealing banking credentials. The twist is that the attackers did their homework on their targets, learning via social networks whom inside an...

CVE-2017-5001

EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an information exposure through an error message vulnerability. A remote low privileged attacker may potentially exploit this vulnerability to use information disclosed in an error message to launch another more...

Spear Phishing Attacks

Really interesting research: "Unpacking Spear Phishing Susceptibility," by Zinaida Benenson, Freya Gassmann, and Robert Landwirth. Abstract: We report the results of a field experiment where we sent to over 1200 university students an email or a Facebook message with a link to non-existing party...

GlobaLeaks: Information Disclosure

I have observed that the application is leaking information while accessing "https://demo.globaleaks.org/l10n/en". It does not restrict access to file, which can possibly provide an attacker with information such as default credentials test:test, username for accessing administrative functions,...

Attacks on SWIFT Banking System Benefit From Insider Knowledge

ARCHIVED STORY Attacks on SWIFT Banking System Benefit From Insider Knowledge By Trellix · May 20, 2016 In recent months, we’ve seen headlines about the compromise of a bank in Bangladesh from which cybercriminals attempted to steal US$951 million. The malware they used was able to manipulate and...

MULTIGRAIN – Point of Sale Attackers Make an Unhealthy Addition to the Pantry

FireEye recently discovered a new variant of a point of sale POS malware family known as NewPosThings. This variant, which we call “MULTIGRAIN”, consists largely of a subset of slightly modified code from NewPosThings. The variant is highly targeted, digitally signed, and exfiltrates stolen payme...

Proofpoint Warns Of New MSIL/Crimson Tied To Cyber Espionage

Diplomats and military personnel in India have been victimized in targeted espionage attacks that use a number of means of infection including phishing and watering hole sites. Researchers at Proofpoint this week published a report on Operation Transparent Tribe, which was ongoing as of Feb. 11...

Chrome 0day so that millions of Android devices suffer from a remote threat-vulnerability warning-the black bar safety net

! From China qihoo 3 6 0 security researcher Guang Gong in the latest version of the Android platform, Chrome browser found a serious 0day vulnerability, which allows attacker to obtain the victim's cell phone the full administrator access, and the vulnerability of the use of the code to be able ...

Outlook Web Access Targeted Attack

Attackers aiming for lateral movement inside an enterprise network have done well in the past to target domain controller credentials. Researchers at Cybereason, however, have uncovered a targeted attack in which hackers were able to burrow onto the corporate network and steal thousands of...

Heze city science and technology information network suffered HackingTeam leakage of 0day vulnerabilities attack-exploit warning-the black bar safety net

For the attacker, the HackingTeam data leak certainly gives them a“spring”. Attackers in the data leak the next day it will be baked 0day vulnerabilities added to the mainstream exploit kits. Copy the leaked 0day attack HackingTeam leakage of various 0day information can be easily reused. In...

Shopify: Notification request disclose private information about other myshopify accounts

Hello Attacker, using notification feature in Admin panel, can successfully disclose\enumerate Shopify customers and retrieve their user-id, first+last name and email address. Last part of information is most avluble piece of information, since it can be used to conduct targeted attack on Shopify...

Microsoft Office Powerpoint encounter 0day vulnerabilities attack-exploit warning-the black bar safety net

The hackers of 0day vulnerabilities using seems to be never-ending. Microsoft before has repaired Windows on three 0day vulnerabilities, and now they found a new PPT 0day vulnerability number CVE-2 0 1 4-6 3 5 2 in. It is understood that this vulnerability affects all versions of Windows operatin...

Motives Behind Havex ICS Malware Campaign Remain a Mystery

Since Stuxnet there have been few confirmed reports of malware targeting particular industrial control system software. But now we have a campaign using the Havex remote access Trojan that has three European energy sector vendors in its crosshairs—or does it? The outbreak, reported by security...

Mail.ru: Admin panel of http://tp-test1.corp.mail.ru/ is acccessible publicly

http://tp-test1.corp.mail.ru/ link has various operations which should not be accessible to an anonymous user. As admin panel is accessible an attacker can use this information in targeted attack and he can bruteforce the username and password. on the other side server information is easily...

Targeted Attack Uses Heartbleed to Hijack VPN Sessions

A targeted attack against an unnamed organization exploited the Heartbleed OpenSSL vulnerability to hijack web sessions conducted over a virtual private network connection. Incident response and forensics firm Mandiant shared some details on a recent investigation of an incident that began April ...