Lucene search
+L

490 matches found

Schneier on Security
Schneier on Security
added 2023/04/25 10:9 a.m.25 views

Cyberweapons Manufacturer QuaDream Shuts Down

Following a report on its activities, the Israeli spyware company QuaDream has shut down. This was QuadDream: Key Findings Based on an analysis of samples shared with us by Microsoft Threat Intelligence, we developed indicators that enabled us to identify at least five civil society victims of...

6.6AI score
Exploits0
The Hacker News
The Hacker News
added 2023/04/19 9:30 a.m.3 views

U.S. and U.K. Warn of Russian Hackers Exploiting Cisco Router Flaws for Espionage

U.K. and U.S. cybersecurity and intelligence agencies have warned of Russian nation-state actors exploiting now-patched flaws in networking equipment from Cisco to conduct reconnaissance and deploy malware against select targets. The intrusions, per the authorities, took place in 2021 and targete...

9CVSS8.1AI score0.21424EPSS
Exploits1
Malwarebytes
Malwarebytes
added 2023/04/13 5:0 a.m.17 views

Sextortion "assistance" scammers con victims further

The FBI is warning of a particular aspect of sextortion scams: Supposed organisations that offer "help" to remove stolen images, often at a significant financial cost and no guarantee of success. Sextortion, the act of blackmailing individuals for cash in return for not leaking sensitive imagery...

6.3AI score
Exploits0
The Hacker News
The Hacker News
added 2023/03/16 7:12 a.m.70 views

What's Wrong with Manufacturing?

In last year's edition of the Security Navigator we noted that the Manufacturing Industry appeared to be totally over-represented in our dataset of Cyber Extortion victims. Neither the number of businesses nor their average revenue particularly stood out to explain this. Manufacturing was also th...

Exploits0
HackRead
HackRead
added 2023/02/28 2:0 p.m.26 views

Bitdefender Releases Free MortalKombat Ransomware Decryptor

By Waqas The free Mortal Kombat ransomware decryptor is now available for victims to recover their encrypted files without having to pay the ransom. This is a post from HackRead.com Read the original post: Bitdefender Releases Free MortalKombat Ransomware Decryptor...

2AI score
Exploits0
The Hacker News
The Hacker News
added 2023/02/23 3:2 p.m.95 views

Experts Sound Alarm Over Growing Attacks Exploiting Zoho ManageEngine Products

Multiple threat actors have been observed opportunistically weaponizing a now-patched critical security vulnerability impacting several Zoho ManageEngine products since January 20, 2023. Tracked as CVE-2022-47966 CVSS score: 9.8, the remote code execution flaw allows a complete takeover of the...

9.8CVSS1.6AI score0.99753EPSS
Exploits15
HackRead
HackRead
added 2023/02/15 9:13 p.m.19 views

New MortalKombat Ransomware Attack Aiming for Crypto Wallets

By Habiba Rashid Hackers are deploying the MortalKombat ransomware and Laplas Clipper malware in a financially motivated campaign against victims worldwide. This is a post from HackRead.com Read the original post: New MortalKombat Ransomware Attack Aiming for Crypto Wallets...

4AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 5:56 a.m.4 views

SUSE CVE-2010-3694

Cross-site request forgery CSRF vulnerability in the Horde Application Framework before 3.3.9 allows remote attackers to hijack the authentication of unspecified victims for requests to a preference form...

6.8CVSS6.9AI score0.0062EPSS
Exploits0References3
Malwarebytes
Malwarebytes
added 2023/01/28 11:45 a.m.23 views

Hive! Hive! Hive! Ransomware site submerged by FBI

On January 26, 2023, the United States Department of Justice DoJ released details about a disruption campaign against the Hive ransomware group. The disruption campaign has reportedly had access to Hive's infrastructure since July of 2022. Its access became public on Thursday when Hive's dark web...

0.6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/01/23 3:0 a.m.23 views

Ransomware revenue significantly down over 2022

According to blockchain data platform Chainalysis, ransomware revenue "plummeted" from $765.6 in 2021 to at least $456.8 in 2022. The data is based on an analysis of the cryptocurrency addresses known to be controlled by ransomware attackers. Precision While the real numbers are likely much highe...

1AI score
Exploits0
HackRead
HackRead
added 2023/01/18 11:31 p.m.25 views

Avast Releases Free Decryptor for BianLian Ransomware

By Deeba Ahmed Using this decryptor, BianLian victims can retrieve their encrypted data for free and avoid paying the ransom to the attackers. This is a post from HackRead.com Read the original post: Avast Releases Free Decryptor for BianLian Ransomware...

4.5AI score
Exploits0
OSV
OSV
added 2022/12/19 8:15 p.m.6 views

CVE-2022-42345

Adobe Experience Manager version 6.5.14 and earlier is affected by a reflected Cross-Site Scripting XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...

5.4CVSS5.7AI score0.0048EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2022/12/16 2:0 p.m.50 views

Trojanized Windows 10 Installer Used in Cyberattacks Against Ukrainian Government Entities

Government entities in Ukraine have been breached as part of a new campaign that leveraged trojanized versions of Windows 10 installer files to conduct post-exploitation activities. Mandiant, which discovered the "socially engineered supply chain" attack around mid-July 2022, said the malicious I...

1AI score
Exploits0
CNNVD
CNNVD
added 2022/12/14 12:0 a.m.6 views

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a content management solution from Adobe that can be used to build websites, mobile applications and forms. The solution supports mobile content management, marketing and sales campaign management, and multi-site management, etc. A cross-site scripting vulnerabilit...

5.4CVSS6.2AI score0.0048EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2022/11/22 9:10 a.m.62 views

U.S. Authorities Seize Domains Used in 'Pig butchering' Cryptocurrency Scams

The U.S. Justice Department DoJ on Monday announced the takedown of seven domain names in connection to a "pig butchering" cryptocurrency scam. The fraudulent scheme, which operated from May to August 2022, netted the actors over $10 million from five victims, the DoJ said. Pig butchering, also...

0.8AI score
Exploits0
Huntr
Huntr
added 2022/11/14 1:31 p.m.45 views

XSS in RSS Description Link

Description An Administrator can import a malicious RSS feed that contains Cross Site Scripting XSS payloads inside RSS links. Victims who wish to visit an RSS content and click on the link will execute the Javascript. Proof of Concept 1. Create a malicious RSS feeds The XSS payload is inside ite...

1.2AI score
Exploits0
CNNVD
CNNVD
added 2022/11/04 12:0 a.m.8 views

GitLab 跨站脚本漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. GitLab CE/EE has a security vulnerability that stems from an attacker can use t...

7.3CVSS6.5AI score0.86326EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/10/12 12:0 a.m.4 views

Grafana 数据伪造问题漏洞

Grafana is Grafana Labs open source set of open source monitoring tools that provide a visual monitoring interface . The tool is mainly used to monitor and analyze Graphite, InfluxDB and Prometheus. Grafana has a data forgery problem vulnerability. An attacker exploits this vulnerability to use...

7.8CVSS7AI score0.00249EPSS
Exploits0References8
Talos Blog
Talos Blog
added 2022/10/04 12:51 p.m.13 views

Developer account body snatchers pose risks to the software supply chain

By Jaeson Schultz. Over the past several years, high-profile software supply chain attacks have increased in frequency. These attacks can be difficult to detect and source code repositories became a key focus of this research. Developer account takeovers present a substantial risk to the software...

Exploits0
CISA
CISA
added 2022/09/30 12:0 a.m.11 views

Hurricane-Related Scams 

CISA warns users to remain on alert for malicious cyber activity targeting potential disaster victims and charitable donors following a hurricane. Fraudulent emails—often containing malicious links or attachments—are common after major natural disasters. Exercise caution in handling emails with...

1.5AI score
Exploits0References6
Rows per page
Query Builder