490 matches found
CVE-2015-5412
Cross-site request forgery CSRF vulnerability in HP Version Control Repository Manager VCRM before 7.5.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in HP System Management Homepage SMH before 7.5.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors...
New Bill Would Grant Lifetime Credit Monitoring to OPM Victims
A group of lawmakers are proposing victims of last month’s expansive Office of Personnel Management hack receive lifetime fraud protection and credit monitoring. Democratic lawmakers on Monday presented the Reducing the Effects of the Cyberattack on OPM Victims Emergency Response, or RECOVER Act...
FBI Says Cryptowall Cost Victims $18 Million Since 2014
In a little more than a year, consumers affected by the Cryptowall ransomware have reported to the FBI more than $18 million in losses related to infections from the malware. Cryptowall is among the group of ransomware families that encrypt the files on victims’ computers and then demands a ranso...
Duqu Resurfaces With New Round of Victims, Including Kaspersky Lab
The Duqu attackers, who are considered by researchers to be at the top of the food chain of APT groups and are responsible for attacking certificate authorities and perhaps spying on Iran’s nuclear program, have resurfaced with a new platform that was used to compromise high-profile victims,...
Author Behind Ransomware Tox Calls it Quits, Sells Platform
Earlier this week, when the author behind the crypto-ransomware Locker apologized and released decryption keys for his victims, it seemed like a change of heart, uncharacteristic for an attacker. Now another ransomware creator has also decided to cut his losses and get out of the game – but not...
TeslaCrypt Ransomware Taking a Toll on Victims
The attackers behind the TeslaCrypt ransomware, which is one of the newer entries on the scene, may not be making as much money yet as some of their more experienced competitors, but researchers say that their malware is having a profound effect on victims. Like many other pieces of ransomware,...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in CA Release Automation formerly iTKO LISA Release Automation before 4.7.1 b448 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors...
Red October Attackers Return With CloudAtlas APT Campaign
The attackers behind the Red October APT campaign that was exposed nearly two years ago have resurfaced with a new campaign that is targeting some of the same victims and using similarly constructed tools and spear phishing emails. Red October emerged in January 2013 and researchers found that th...
Detekt Open Source Surveillance Detection Tool
Hours spent on long-distance phone calls to political activists in the Middle East, journalists in Africa or human rights organizations in Asia are stressful for Claudio Guarnieri, an independent security researcher, white-hat hacker and civil rights activist. Often he has to convince that party,...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in HP System Management Homepage SMH before 7.4 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors...
NewGOZ Gameover Zeus Botnet Rebuilds
It didn’t take long for an updated version of GameOver Zeus to make some headway in rebuilding itself. Research published today from Arbor Networks demonstrates that cybercriminals behind GameOver Zeus, which was taken down by law enforcement in early June, have renewed the botnet with at least...
CVE-2014-3305
Cross-site request forgery CSRF vulnerability in the web framework in Cisco WebEx Meetings Server 1.5.1.131 and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCuj81735...
CVE-2014-2369
Cross-site request forgery CSRF vulnerability in the web application on Omron NS5, NS8, NS10, NS12, and NS15 HMI terminals 8.1xx through 8.68x allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors...
Phishers Use Luis Suarez Bite as Bait
The World Cup is the most popular sporting event on the planet, and not just among sports fans; attackers and scammers of all stripes love it as well, as it presents a unique opportunity to separate victims from their money. Phishing and malware scams tied to the World Cup in Brazil have been...
CVE-2014-4188
Cross-site request forgery CSRF vulnerability in Hitachi Tuning Manager before 7.6.1-06 and 8.x before 8.0.0-04 and JP1/Performance Management - Manager Web Option 07-00 through 07-54 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors...
CVE-2013-4726
Cross-site request forgery CSRF vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to hijack the authentication of unspecified victims via unknown vectors...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in HP System Management Homepage SMH 7.1 through 7.2.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors...
Second Group Seen Using IE 10 Zero Day
There are at least two different groups running attacks exploiting the recently published zero day vulnerability in Internet Explorer 10, and researchers say one of the groups used the bug to impersonate a French aerospace manufacturer and compromise victims visiting the spoofed Web page. The...