490 matches found
YzmCMS 跨站请求伪造漏洞
YzmCMS is an open source CMS Content Management System.A cross-site request spoofing vulnerability exists in YzmCMS, which stems from insufficient validation in admin.add that the request is coming from a trusted user. An attacker could use this vulnerability to spoof malicious requests to trick...
‘Malsmoke’ Exploits Microsoft’s E-Signature Verification
Threat actors are exploiting Microsoft’s digital signature verification to steal user credentials and other sensitive information by delivering the ZLoader malware, which previously has been used to distribute Ryuk and Conti ransomware, researchers have found. Researchers at Check Point Research...
New Zloader Banking Malware Campaign Exploiting Microsoft Signature Verification
An ongoing ZLoader malware campaign has been uncovered exploiting remote monitoring tools and a nine-year-old flaw concerning Microsoft's digital signature verification to siphon user credentials and sensitive information. Israeli cybersecurity company Check Point Research, which has been trackin...
140,000 Reasons Why Emotet is Piggybacking on TrickBot in its Return from the Dead
The operators of TrickBot malware have infected an estimated 140,000 victims across 149 countries a little over a year after attempts were to dismantle its infrastructure, even as the advanced Trojan is fast becoming an entry point for Emotet, another botnet that was taken down at the start of...
SideCopy APT: Connecting lures to victims, payloads to infrastructure
This blog post was authored by Hossein Jazi and the Threat Intelligence Team. Last week, Facebook announced that back in August it had taken action against a Pakistani APT group known as SideCopy. Facebook describes how the threat actors used romantic lures to compromise targets in Afghanistan. I...
CVE-2021-42564
An open redirect through HTML injection in confidential messages in Cryptshare before 5.1.0 allows remote attackers with permission to provide confidential messages via Cryptshare to redirect targeted victims to any URL via the '...
What Is a Watering Hole Attack?
It's a technique that can hit thousands of victims—through no fault of their own...
GitLab 跨站脚本漏洞
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features.GitLab CE/EE is vulnerable to a cross-site scripting vulnerability that could b...
What To Expect in a Ransomware Negotiation
We wanted to get a better understanding of what victims go through during the aftermath and recovery process of a ransomware attack to help others in case they find themselves in a similar situation. To do this, we analyzed victim support chats for five ransomware families...
New Study Links Seemingly Disparate Malware Attacks to Chinese Hackers
Chinese cyber espionage group APT41 has been linked to seemingly disparate malware campaigns, according to fresh research that has mapped together additional parts of the group's network infrastructure to hit upon a state-sponsored campaign that takes advantage of COVID-themed phishing lures to...
Paypal Donation < 1.3.1 - CSRF to Stored Cross-Site Scripting
The plugin offers a function to create donation buttons, which internally are posts. The process to create a new button is lacking a CSRF check. An attacker could use this to make an authenticated admin create a new button. Furthermore, one of the Button field is not escaped before being output i...
Android Trojan GriftHorse, the gift horse you definitely should look in the mouth
Researchers at Zimperium have discovered an aggressive mobile premium services campaign with over 10 million victims all over the world. The stolen amount could amass hundreds of millions of Euros. The scam was hidden behind malicious Android apps, and the researchers have named the Trojan...
This Week in Security News - September 24, 1021
Water Basilik Uses New HCrypt Variant to Flood Victims With RAT Payloads & Biden Administration Issues Sanctions To Counter Ransomware...
FBI Had the REvil Decryption Key
The Washington Post reports that the FBI had a decryption key for the REvil ransomware, but didnt pass it along to victims because it would have disrupted an ongoing operation. The key was obtained through access to the servers of the Russia-based criminal gang behind the July attack. Deploying i...
Romance, BEC Scams Lands Soldier in Jail for 46 Months
A former Army reservist was just sentenced to 46 months in prison and ordered to pay nearly $2 million in penalties and restitution, after pleading guilty to scamming dozens of people online, including the elderly and a veteran’s organization for Marines. Joseph Iorhemba Asan Jr. along with his...
Sextortion on the rise, warns FBI
The pandemic saw a surge in sextortion cases in 2020. Fast forward 12 months, and the numbers continue to rise significantly. This revelation came from the FBI Internet Crime Complaint Center IC3. Until 31 July 2021, it had received over 16,000 sextortion complaints, with victims losing a combine...
Smurf DDoS attack:❗️ How it works and how to mitigate
Attacks geared at denying users access to servers are executed in different ways. One notable approach — similar in many forms of service denials — is the use of volume. The sheer volume of requests is employed by attackers to render a particular network useless. A good representation of that is...
CVE-2021-22098
UAA server versions prior to 75.4.0 are vulnerable to an open redirect vulnerability. A malicious user can exploit the open redirect vulnerability by social engineering leading to take over of victims’ accounts in certain cases along with redirection of UAA users to a malicious sites...
OpenStack 输入验证错误漏洞
OpenStack is a cloud platform management program developed by the National Aeronautics and Space Administration NASA in collaboration with Rackspace in the United States. Openstack Nova suffers from an input validation error vulnerability that allows remote attackers to exploit the vulnerability ...
AvosLocker enters the ransomware scene, asks for partners
This blog post was authored by Hasherezade In mid-July we responded to an incident that involved an attack on a Microsoft Exchange server. The threat actor used this entry point to get into a Domain Controller and then leveraged it as a springboard to deploy ransomware. While examining the...