490 matches found
No More Ransom Offers Free Decryptor to LockerGoga Ransomware Victims
By Deeba Ahmed LockerGoga ransomware has been targeting industrial organizations since around 2019. This is a post from HackRead.com Read the original post: No More Ransom Offers Free Decryptor to LockerGoga Ransomware Victims...
Vulnerability fixed in IBM WebSphere Application Server
IBM has fixed a vulnerability in WebSphere Application Server. An authenticated malicious person could exploit the vulnerability potentially exploit it to perform a cross-site scripting attack. Through such an attack, the malicious party could execute code in the browser of the victim and thus be...
12 Arrested as Interpol Takes Down Transnational Sextortion Ring
By Deeba Ahmed Interpol has confirmed the dismantling of a transnational sextortion gang that raked in a whopping $47,000 from dozens of victims. This is a post from HackRead.com Read the original post: 12 Arrested as Interpol Takes Down Transnational Sextortion Ring...
Israeli Spyware Vendor Uses Chrome 0day to Target Journalists
By Deeba Ahmed The spyware vendor Candiru used the Chrome zero-day in March 2022 to target journalists and other unsuspected victims… This is a post from HackRead.com Read the original post: Israeli Spyware Vendor Uses Chrome 0day to Target Journalists...
Fraudulent cryptocurrency investment apps are duping investors
Together with the Department of Homeland Security DHS and the Cybersecurity and Infrastructure Security Agency CISA, the FBI has released a warning about cybercriminals creating fraudulent cryptocurrency investment apps in order to defraud cryptocurrency investors. The threat actors convince...
CVE-2022-34160
IBM CICS TX Standard and Advanced 11.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 229330...
IBM Security Verify Access 跨站脚本漏洞
IBM Security Verify Access ISAM is a service from IBM USA that improves user access security. The service enables secure and simple access to platforms such as Web, mobile, IoT and cloud technologies through the use of risk-based access, single sign-on, integrated access management controls,...
motor-admin 安全漏洞
motor-admin is a code-free management panel and business intelligence tool from Motor Admin open source. A security vulnerability exists in motor-admin versions 0.0.1 through 0.2.56, which stems from the vulnerability of the host header in the password reset function. An attacker could use this...
Adconion Execs Plead Guilty in Federal Anti-Spam Case
At the outset of their federal criminal trial for hijacking vast swaths of Internet addresses for use in large-scale email spam campaigns, three current or former executives at online advertising firm Adconion Direct now Amobee have pleaded guilty to lesser misdemeanor charges of fraud and...
WordPress plugin Social Share Buttons 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Social Share Buttons plugin 2.2.2 and earlier versions are vulnerable to cross-site request forgery...
More than a quarter of Americans fell for robocall scam calls in past year
More and more Americans have been falling victim to phone scams since 2019. According to the latest report from Truecaller Google Docs upload of the entire report, separate blog here, a known spam blocker and caller ID app, 68.4 million Americans were victimized in the last 12 months, a substanti...
Eerie GoodWill ransomware forces victims to publish videos of good deeds on social media
Ransomware does what the name implies: holds your files or network to ransom. Pay the authors, typically in cryptocurrency, and you may get your files back. Refuse, and the files could be lost forever or even leaked to the far corners of the net. Sometimes creators of ransomware try different...
General Motors suffers credential stuffing attack
American car manufacturer General Motors GM says it experienced a credential stuffing attack last month. During the attack customer information and reward points were stolen. The subject of the attack was an online platform, run by GM, to help owners of Chevrolet, Buick, GMC, and Cadillac vehicle...
Custom PowerShell RAT targets Germans seeking information about the Ukraine crisis
This blog post was authored by Hossein Jazi and Jérôme Segura Populations around the world—and in Europe in particular—are following the crisis in Ukraine very closely, and with events unfolding on a daily basis, people are hungry for information. Although all countries have reasons to be...
Craft fair vendors targeted by fake event scammers on Facebook
A real world scam which sucks the fun out of craft fairs has caused nothing but stress for victims. It may sound bizarre, but it’s actually a fairly popular attack focused on small/self-run business owners selling their own creations. Are you ready for a trip to the craft fair? You’re a small...
多款 VMware 产品跨站请求伪造漏洞
Vmware vRealize Automation and others are products of Vmware, Inc. vRealize Automation is a management tool that provides self-service, supervised multi-cloud automation. vRealize Automation is a management tool that provides self-service, supervised multi-cloud automation. vRealize Automation is...
RagnarLocker ransomware gang breached 52 critical infrastructure organizations
In a FLASH publication issued by the FBI in coordination with DHS/CISA, the FBI says it has identified at least 52 organizations across 10 critical infrastructure sectors affected by RagnarLocker ransomware, including organizations in the critical manufacturing, energy, financial services,...
Details of an NSA Hacking Operation
Pangu Lab in China just published a report of a hacking operation by the Equation Group aka the NSA. It noticed the hack in 2013, and was able to map it with Equation Group tools published by the Shadow Brokers aka some Russian group. …the scope of victims exceeded 287 targets in 45 countries,...
Apache JSPWiki 跨站脚本漏洞
JSPWiki is an open source JSP-based Wiki system from Apache, based on the file system, with permissions management and search capabilities.Apache JSPWiki versions prior to 2.11.2 have a cross-site scripting vulnerability in the user preferences screen. An attacker could use this vulnerability to...
TrickBot Malware Targeted Customers of 60 High-Profile Companies Since 2020
The notorious TrickBot malware is targeting customers of 60 financial and technology companies, including cryptocurrency firms, primarily located in the U.S., even as its operators have updated the botnet with new anti-analysis features. "TrickBot is a sophisticated and versatile malware with mor...