Threat landscape for industrial automation systems. Statistics for H2 2020

Figures Indicator | H1 2020 | H2 2020 | 2020 ---|---|---|--- Global percentage of attacked ICS computers | 32.6% | 33.42% | 38.55% Percentage of attacked ICS computers by region Northern Europe | 10.1% | 11.5% | 12.3% Western Europe | 15.1% | 14.8% | 17.6% Australia | 16.3% | 17.0% | 18.9% United...

[SECURITY] Fedora 33 Update: containerd-1.4.4-1.fc33

Containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Lin ux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervisio...

Fake Google reCAPTCHA Phishing Attack Swipes Office 365 Passwords

Microsoft users are being targeted with thousands of phishing emails, in an ongoing attack aiming to steal their Office 365 credentials. The attackers add an air of legitimacy to the campaign by leveraging a fake Google reCAPTCHA system and top-level domain landing pages that include the logos of...

Masslogger Trojan Upgraded to Steal All Your Outlook, Chrome Credentials

A credential stealer infamous for targeting Windows systems has resurfaced in a new phishing campaign that aims to steal credentials from Microsoft Outlook, Google Chrome, and instant messenger apps. Primarily directed against users in Turkey, Latvia, and Italy starting mid-January, the attacks...

Masslogger Swipes Outlook, Chrome Credentials

Cybercriminals are targeting Windows users with a new variant of the Masslogger trojan, which is spyware designed to swipe victims’ credentials from Microsoft Outlook, Google Chrome and various instant-messenger accounts. Researchers uncovered the campaign targeting users in Italy, Latvia and...

Spam and phishing in 2020

Figures of the year In 2020: The share of spam in email traffic amounted to 50.37%, down by 6.14 p.p. from 2019. Most spam 21.27% originated in Russia. Kaspersky solutions detected a total of 184,435,643 malicious attachments. The email antivirus was triggered most frequently by email messages...

CVE-2021-25768

In JetBrains YouTrack before 2020.4.4701, permissions for attachments actions were checked improperly...

CVE-2021-25769

In JetBrains YouTrack before 2020.4.6808, the YouTrack administrator wasn't able to access attachments...

CVE-2021-25769

In JetBrains YouTrack before 2020.4.6808, the YouTrack administrator wasn't able to access attachments...

CVE-2021-25769

CVE-2021-25769 affects JetBrains YouTrack prior to version 2020.4.6808. The issue is described as an administrator being unable to access attachments, indicating a permissions/access-control flaw related to YouTrack attachments. Public sources confirm the affected product and the fixed version (2...

Jetbrains JetBrains YouTrack 安全漏洞

JetBrains YouTrack is a browser-based bug tracking and project management software from the Czech company JetBrains. The software features bug tracking, creating workflows and monitoring project progress. A security vulnerability exists in JetBrains YouTrack before 2020.4.6808 that stems from an...

Pryaniki 跨站脚本漏洞

Pryaniki is a website building system for building a corporate communication platform from the Russian company Pryaniky. The platform is used for organizing communication within the company, motivational planning, idea management projects and other business processes. Pryaniki 6.44.3 suffers from...

CVE-2020-29604

An issue was discovered in MantisBT before 2.24.4. A missing access check in bugactiongroup.php allows an attacker with rights to create new issues to use the COPY group action to create a clone, including all bugnotes and attachments, of any private issue i.e., one having Private view status, or...

CVE-2020-29604

An issue was discovered in MantisBT before 2.24.4. A missing access check in bugactiongroup.php allows an attacker with rights to create new issues to use the COPY group action to create a clone, including all bugnotes and attachments, of any private issue i.e., one having Private view status, or...

Design/Logic Flaw

An issue was discovered in MantisBT before 2.24.4. A missing access check in bugactiongroup.php allows an attacker with rights to create new issues to use the COPY group action to create a clone, including all bugnotes and attachments, of any private issue i.e., one having Private view status, or...

OPENSUSE-SU-2021:0127-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird 78.6.1 changed: MailExtensions: browserAction, composeAction, and messageDisplayAction toolbar buttons now support label and defaultlabel properties bmo1583478 fixed: Running a quicksearch that returned no result...

Security update for MozillaThunderbird (important)

openSUSE Security Update: Security update for MozillaThunderbird Announcement ID: openSUSE-SU-2021:0093-1 Rating: important References: 1180623 Cross-References: CVE-2020-16044 Affected Products: openSUSE Leap 15.2 An update that fixes one vulnerability is now available. Description: This update...

SUSE-SU-2021:0123-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird 78.6.1 changed: MailExtensions: browserAction, composeAction, and messageDisplayAction toolbar buttons now support label and defaultlabel properties bmo1583478 fixed: Running a quicksearch that returned no result...

Qualcomm Qualcomm Graphics Resource Management Error Vulnerability

Qualcomm Graphics is a graphics support firmware for use on processors from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Graphics, which arises from attachments that are not properly cleaned. pm3003a, pm4125, pm439, pm456, pm6125, pm6150, pm6150a, pm6150l, pm6250, pm6350...

Tangro Business Workflow Authorization Issues Vulnerability (CNVD-2020-74066)

Tangro Business Workflow is a German Tangro company's internal control of the contents of SAP documents and the approval process for the visual drawing of the software. A vulnerability exists in Tangro Business Workflow prior to version 1.18.1 due to an authorization issue, which stems from the...