CVE-2019-2682

Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite subcomponent: Attachments / File Upload. Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker wit...

Step 8. Protect your documents and email: top 10 actions to secure your environment

The “Top 10 actions to secure your environment” series outlines fundamental steps you can take with your investment in Microsoft 365 security solutions. In “Step 8. Protect your documents and email,” you’ll learn how to deploy Azure Information Protection and use Office 365 Advanced Threat...

Spam Campaigns Spread Trickbot Malware with Tax Lure

Hackers pushing the TrickBot banking trojan are exploiting tax season by pushing malicious Microsoft Excel spreadsheet documents via spam campaigns. Researchers said that they discovered the malware in three different campaigns since Jan. 27, 2019. These campaigns target victims with emails...

Steer clear of tax scams

In the month of February, we saw an average of 300,000 phishing attempts across Microsoft’s browsing platforms daily. Our security experts expect these attempted scams to become increasingly more prevalent through the April 15 Tax Day, especially in the two weeks leading up to it, when about 25...

September 26, 2018—KB4457136 (OS Build 16299.699)

September 26, 2018—KB4457136 OS Build 16299.699 Note This update has been re-released because of a missing solution. If you installed build 16299.697, please install this newer version of OS build 16299.699. Improvements and fixes This update includes quality improvements. No new operating system...

September 26, 2018—KB4458469 (OS Build 17134.320)

September 26, 2018—KB4458469 OS Build 17134.320 Note This update has been re-released because of a missing solution. If you installed build 17134.319, please install this newer version of OS build 17134.320. Improvements and fixes This update includes quality improvements. No new operating system...

RSAC 2019: Malicious Emailed URLs See Triple-Digit Increase

SAN FRANCISCO: Business emails laced with malicious URLs in the message body have spiked by more than 125 percent in Q4 2018 in comparison with the quarter before. According to Mimecast’s latest Email Security Risk Assessment ESRA report, released at the RSA Conference 2019 in San Francisco this...

CVE-2019-1995

In ComposeActivityEmail of ComposeActivityEmail.java, there is a possible way to silently attach files to an email due to a confused deputy. This could lead to local information disclosure, sending files accessible to AOSP Mail to a remote email recipient, with no additional execution privileges...

Joomla Attachments 3.2.6 Shell Upload

Exploit Title : Joomla Attachments Components 3.2.6 Shell Upload Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 18/02/2019 Vendor Homepage : jmcameron.net Software Download Links : jmcameron.net/attachments/...

TAU Threat Intelligence Notification: Spear Phishing Targeting Italy

Summary This campaign is targeting users in Italy with spear phishing email containing malicious attachments. Figure 1: Emails with the malicious XLS attachment The image above show one of the sample has attached in multiple email that has been sent to email address with Italy ccTLD. The attached...

Croogo cross-site scripting vulnerability (CNVD-2019-03593)

Croogo is a content management system CMS based on the CakePHP framework development . The system provides content type can be customized for Blog, Node, Page, content editing using WYSIWYG editor and other features. A cross-site scripting vulnerability exists in Croogo 3.0.5 and earlier versions...

CVE-2019-7173

A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/file-manager/attachments/edit/4...

TA505 Crime Gang Debuts Brand-New ServHelper Backdoor

A new backdoor named ServHelper has been spotted in the wild, acting as both a remote desktop agent as well as a downloader for a RAT called FlawedGrace. According to Proofpoint, the prolific cybercriminal gang known as TA505 developed ServHelper, which has two variants: one focused on remote...

Description of the security update for Outlook 2016: January 8, 2019

Description of the security update for Outlook 2016: January 8, 2019 Summary This security update resolves an information disclosure vulnerability that exists when Microsoft Outlook improperly handles certain types of messages. To learn more about the information disclosure vulnerability, see...

TAU Threat Intelligence Notification: Djvuu Ransomware

Summary Djvuu ransomware is believed to be a newer variant of the “Stop” ransomware strain, which was seen circulating in the early part of 2018. There are also similarities to the Goren-B trojan originally reported by Sophos back in 2016. Djvuu is likely to be delivered through phishing e-mail...

CVE-2018-1000890

FrontAccounting 2.4.5 contains a Time Based Blind SQL Injection vulnerability in the parameter "filterType" in /attachments.php that can allow the attacker to grab the entire database of the application...

Faraday v3.4 - Collaborative Penetration Test and Vulnerability Management Platform

Here’s the main new features and improvements in Faraday v3.4: Services can now be tagged. With this new feature, you can now easily identify important services, geolocate them and more. New search operators OR/NOT In a previous release we added the AND operator, now with 3.4 you can also use OR...

TA505 Crooks are Now Targeting US Retailers with Personalized Campaigns

Cybercriminals behind the notorious Dridex and Locky ransomware have a new target in their sights – large retail, restaurant and grocery chains located in the US. Researchers are warning the well-known financial criminal group TA505 is behind a new wave of email campaigns distributing personalize...

[SECURITY] Fedora 27 Update: php-PHPMailer-5.2.27-1.fc27

Full Featured Email Transfer Class for PHP. PHPMailer features: Supports emails digitally signed with S/MIME encryption! Supports emails with multiple TOs, CCs, BCCs and REPLY-TOs Works on any platform. Supports Text & HTML emails. Embedded image support. Multipart/alternative emails for mail...

Gmail Glitch Offers Stealthy Trick for Phishing Attacks

A strange glitch in Gmail can be exploited to place emails into a person’s “Sent” folder — even if that person never sent them. Researchers who discovered the bug worry that it gives phishers and scammers another avenue to trick unsuspecting users into clicking on malicious links or opening rogue...