Message board scams

Marketplace fraud is nothing new. Cybercriminals swindle money out of buyers and sellers alike. Lately, weve seen a proliferation of cybergangs operating under the Fraud-as-a-Service model and specializing in tricking users of online marketplaces, in particular, message boards. Criminals are...

Asylum Ambuscade: A Cybercrime Group with Espionage Ambitions

The threat actor known as Asylum Ambuscade has been observed straddling cybercrime and cyber espionage operations since at least early 2020. "It is a crimeware group that targets bank customers and cryptocurrency traders in various regions, including North America and Europe," ESET said in an...

Google Ads for Faux Cryptowallets Net Scammers At Least $500K

Crypto-thieves are buying Google Ads to target victims with fake wallets, which steal credentials and drain balances. So far, it looks like the cybercrooks have made off with more than $500,000 and counting. The ads serve links to purportedly download popular cryptowallets Phantom and MetaMask,...

SAP Netweaver 跨站脚本漏洞

SAP Netweaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. A cross-site scripting vulnerability exists in SAP Netweaver, which can be exploited by an attacker to craft a...

Exploit for Insertion of Sensitive Information into Log File in Canonical Subiquity

CVE-2020-11932 Double-Free bug in WhatsApp exploit poc. N...

CVE-2019-4166

IBM StoredIQ 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that...

FIN10: Anatomy of a Cyber Extortion Operation

FireEye has identified a set of financially motivated intrusion operations being carried out by a threat actor we have dubbed FIN10. FIN10 is known for compromising networks, stealing sensitive data, and directly engaging victim executives and board members in an attempt to extort them into payin...

‘One-Stop Shop’ – Phishing Domain Targets Information from Customers of Several Indian Banks

FireEye Labs recently discovered a malicious phishing domain designed to steal a variety of information – including credentials and mobile numbers – from customers of several banks in India. Currently, we have not observed this domain being used in any campaigns. The phishing websites appear to b...

Pro-Syrian Malware Increasing in Number, Complexity

As the civil war in Syria continues, malware targeting those who oppose the embattled regime of Bashar al Assad is increasing in number, organization and sophistication according to a new report from Kaspersky Lab’s Global Research and Analysis Team. Most of the malware samples related to the...