27 matches found
FBI issues advisory over Play ransomware
The Federal Bureau of Investigation FBI, Cybersecurity and Infrastructure Security Agency CISA, and the Australian Signals Directorate’s Australian Cyber Security Centre ACSC have released a joint Cybersecurity Advisory CSA about Play ransomware. According to the FBI, Play made around 300 victims...
Overlay Malware Targets Windows Users with a DLL Hijack Twist
Brazilians are being warned of a new overlay malware targeting Windows users in order to siphon victims’ financial data and drain their bank accounts. Researchers say what the malware, dubbed Vizom, lacks in sophistication it makes up for in its creative abuse of the Windows ecosystem. Trusteer, ...
DLL Search Path and Symbolic Link Vulnerabilities - Lenovo Support US
No description provided...
Privacy Awareness Week
The Federal Trade Commission FTC has released an announcement promoting Privacy Awareness Week PAW. PAW is an annual event fostering awareness of privacy issues and the importance of protecting personal information. This year’s theme, “Protecting Privacy is Everyone’s Responsibility,” focuses on...
Debian: Security Advisory (DLA-1014-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DLA-1014-1 : libclamunrar security update
It was discovered that there was an arbitrary code execution vulnerability in libcamunrar, a library to add unrar support to the Clam anti-virus software. This was caused by an integer overflow resulting in a negative value of the DestPos variable, which allows the attacker to write out of bounds...
Gmail Android APP vulnerability allows anyone to send fraudulent mail-vulnerability warning-the black bar safety net
! Security researcher Yan Zhu in the Gmail Android APP and found an interesting vulnerability that allows anyone to send an e-mail, leaving the e-mail looks to be other people sent, which is likely for phishers have opened a door for malicious activity. Gmail Android APP the presence of mail frau...
Microsoft Windows NTLM automatically authenticates via SMB when following a file:// URL
Overview Software running on Microsoft Windows that utilizes HTTP requests can be forwarded to a file:// protocol on a malicious server, which causes Windows to automatically attempt authentication via SMB to the malicious server in some circumstances. The encrypted form of the user's credentials...
Google Researcher Reveals Zero-Day Windows 8.1 Vulnerability
A Google security researcher, 'James Forshaw' has discovered a privilege escalation vulnerability in Windows 8.1 that could allow a hacker to modify contents or even to take over victims' computers completely, leaving millions of users vulnerable. The researcher also provided a Proof of Concept P...
JVN#02017463: Norman Security Suite vulnerable to privilege escalation
Norman Security Suite is an anti-virus software. Norman Security Suite contains a privilege escalation vulnerability. Impact An attacker with access to the target machine may obtain escalated privileges and execute arbitrary code. Solution Apply an Update Apply the update according to the...
Osama Bin Laden-Themed Phishing
Summary The intent of this advisory is to provide general guidance to public and private sector organizations and individuals on potential targeted phishing attacks often referred to as “spear phishing” with respect to the Osama Bin Laden related media reporting, and to offer some suggested metho...
Chinese Hackers hit New York Times and Wall Street Journal
The New York Times says Chinese hackers probably working for the military or Chinese government have carried out sustained attacks on its computer systems, breaking in and stealing the passwords of high-profile reporters and other staff members. For the last four months, Chinese hackers have...
God Horses are Floating Clouds: The Story of a Chinese Banker Trojan
Dong Yan In China these days, e-commerce has become an important part of daily life, especially among young people. According to a report from CNNIC China Internet Network Information Center, the number of Chinese e-commerce users reached 242 million at the end of the December 2012. This is nearl...
Australian medical centre infected with Ransomware Malware demanding $4000 to Unlock
A Gold Coast, Australian medical centre computers are infected with some ransom malware by a group of Russian hackers. The hackers encrypted the practice's patient database, demanding payment of $4000 for the files to be decrypted. "Cyber criminals based mainly throughout Eastern Europe look for...
Denial-of-Service Malware Campaign
US-CERT is aware of public reports of ongoing distributed denial-of-service attacks against entities in the government and private sector. According to the reports, these attacks are being attributed to the hacker group Anonymous. US-CERT encourages users and administrators to do the following to...
Phishing Campaign Using Spoofed US-CERT Email Addresses
On January 10, 2012, US-CERT received reports of a phishing campaign that is spoofing US-CERT email to deliver a variant of the Zeus/Zbot Trojan known as Ice-IX. This campaign appears to be targeting a large number of private sector organizations as well as federal, state, and local governments...
USAA Phishing Scam and Malware Campaign
US-CERT is aware of public reports of an active spear-phishing attack via email messages directed at United Services Automobile Association USAA members. These messages contain the subject line "Deposit Posted" and contain a randomly generated four-digit number placed in the USAA security zone...
Stuxnet Code Now Available to Hackers, Posing Major Threat to Infrastructure
According to a report from Sky News, the Stuxnet worm has already been traded on the black market. The report does not specify whether this refers to the source code or binary samples. British security specialists now fear that terrorists could use the worm to attack critical infrastructure. The...
8) Your next wallet is a phone. Discuss.
Mobile payments have been going strong in countries like Japan and Finland for years now. In the U.S., however, its taken longer for mobile payments to get a hold on consumers. That’s all about to change. Late model mobile devices like Apple’s iPhone and Google Android-based phones now offer...
HDWiki-V4. 0. 5 proof 0day cross site vulnerability-vulnerability warning-the black bar safety net
Effects: the HDWiki-V4. 0. 5 Degree of harm: high-risk Vulnerability description: Ann-day lab Safety research and Emergency Response Center of Antiy CERT by penetration testing found the HDWiki-V4. 0. 5 This version in the Create and edit entries, for inside the HTML element does not have very go...