CVE-2017-3800

A vulnerability in the content scanning engine of Cisco AsyncOS Software for Cisco Email Security Appliances ESA could allow an unauthenticated, remote attacker to bypass configured message or content filters on the device. Affected Products: This vulnerability affects all releases prior to the...

Cisco Email Security Appliance Filter Bypass Vulnerability

A vulnerability in the content scanning engine of Cisco AsyncOS Software for Cisco Email Security Appliances ESA could allow an unauthenticated, remote attacker to bypass configured message or content filters on the device. The vulnerability is due to incomplete input validation of email message...

Don't Fall For This Dangerously Convincing Ongoing Phishing Attack

Security researchers have discovered a new phishing campaign targeting Gmail users, which is so convincing and highly effective that even tech-savvy people can be tricked into giving away their Google credentials to hackers. The attackers first compromise a victim's Gmail account, and once they a...

CVE-2017-5223

An issue was discovered in PHPMailer before 5.2.22. PHPMailer's msgHTML method applies transformations to an HTML document to make it usable as an email message body. One of the transformations is to convert relative image URLs into attachments using a script-provided base directory. If no base...

DEBIAN-CVE-2017-5223

An issue was discovered in PHPMailer before 5.2.22. PHPMailer's msgHTML method applies transformations to an HTML document to make it usable as an email message body. One of the transformations is to convert relative image URLs into attachments using a script-provided base directory. If no base...

CVE-2017-5223

An issue was discovered in PHPMailer before 5.2.22. PHPMailer's msgHTML method applies transformations to an HTML document to make it usable as an email message body. One of the transformations is to convert relative image URLs into attachments using a script-provided base directory. If no base...

UBUNTU-CVE-2017-5223

An issue was discovered in PHPMailer before 5.2.22. PHPMailer's msgHTML method applies transformations to an HTML document to make it usable as an email message body. One of the transformations is to convert relative image URLs into attachments using a script-provided base directory. If no base...

CVE-2017-5223

CVE-2017-5223 affects PHPMailer before 5.2.22. The vulnerability arises in msgHTML, which transforms HTML and may convert relative image URLs to attachments using a base directory. If no base directory is provided, relative URLs become absolute local file paths, enabling local file disclosure whe...

Experts Warn of Novel PDF-based Phishing Scam

The SANS Internet Storm Center published a warning on Wednesday about an active phishing campaign that utilizes PDF attachments in a novel ploy to harvest email credentials from victims. According to the SANS bulletin, the email has the subject line “Assessment document” and the body contains a...

CVE-2016-5740

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev5. JavaScript code can be used as part of ical attachments within scheduling E-Mails. This content, for example an appointment's location, will be presented to the user at the E-Mail App, depending on the invitation workflow. Th...

CVE-2016-5740

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev5. JavaScript code can be used as part of ical attachments within scheduling E-Mails. This content, for example an appointment's location, will be presented to the user at the E-Mail App, depending on the invitation workflow. Th...

CVE-2016-5740

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev5. JavaScript code can be used as part of ical attachments within scheduling E-Mails. This content, for example an appointment's location, will be presented to the user at the E-Mail App, depending on the invitation workflow. Th...

New Cerber Variant Leverages Tor2Web Proxies, Google Redirects

Criminals behind the latest Cerber ransomware variant are leveraging Google redirects and Tor2Web proxies in a new and novel way to evade detection. Researchers with Cisco Talos spotted the shifting tactic last week when it began tracking the latest Cerber 5.0.1 ransomware variant. The technique...

CVE-2016-6462

A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass Advanced Malware Protection AMP filters that are configured for an affected device. This vulnerability affects all releases...

CVE-2016-6458

A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass content filters configured on an affected device. Email that should have been filtered could instead be forwarded by the...

Design/Logic Flaw

A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass Advanced Malware Protection AMP filters that are configured for an affected device. This vulnerability affects all releases...

CVE-2016-6462

A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass Advanced Malware Protection AMP filters that are configured for an affected device. This vulnerability affects all releases...

TrickBot Banking Trojan Adds New Browser Manipulation Tools

The TrickBot banking Trojan, a close relative to Dyre, has a growing target list and new browser manipulation techniques, experts at IBM X-Force said. “We expect to see it amplify infection campaigns and fraud attacks, sharpen its aim on business and corporate accounts,” wrote Limor Kessem,...

Nymaim Dropper Updates Delivery, Obfuscation Methods

A new variant of the Nymaim dropper has been identified that includes updated delivery and obfuscation methods, and the use of PowerShell routines to download its payloads. The updated dropper, used primarily to download banking Trojans in the past, has also been spreading ransomware, according t...

Android OSP Mail Arbitrary Attachment Read Vulnerability

Android is an open source operating system based on Linux. A security vulnerability in the email/provider/AttachmentProvider.java file in Android's AOSP Mail allows remote attackers to exploit the vulnerability to build malicious apps that can read the contents of attachments...