Threat Round Up for Dec 01 - Dec 08

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between December 01 and December 08. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavior...

Cross site scripting

A vulnerability in the web-based UI of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to execute a cross-frame scripting XFS attack. The vulnerability exists because the affected software does not provide sufficient protections for HTML inline frames iframes...

CVE-2017-12258

CVE-2017-12258 affects Cisco Unified Communications Manager (CUCM) Web UI. The flaw stems from insufficient protections for HTML inline frames (iframes), enabling an unauthenticated, remote attacker to direct a user to a page containing a malicious iframe to perform a click-jacking/XSF-style brow...

Cisco Unified Communications Manager Cross-Frame Scripting Vulnerability

A vulnerability in the web-based UI of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to execute a cross-frame scripting XFS attack. The vulnerability exists because the affected software does not provide sufficient protections for HTML inline frames iframes...

Spam Domains Imitating Popular Banks Spreading Trickbot Banking Trojan

Santander Bank customers should be aware of an effective spam campaign spreading the Trickbot banking Trojan that is coming from domains similar to those used by the financial institution. Researchers at My Online Security and the SANS Institute’s Internet Storm Center say that Santander is not t...

Red Hat JBoss BPMS Cross-Site Scripting Vulnerability

Red Hat JBoss BPM Suite is a business process management platform from Red Hat, Inc. that brings together all the features of JBoss BRMS. The platform provides additional support for modeling, automation, simulation and business process monitoring. A cross-site scripting vulnerability exists in R...

CVE-2016-9000

IBM InfoSphere DataStage is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection. A remote attacker could exploit this vulnerability using a specially-crafted URL to navigate to a web page the attacker controls. An attacker could use this vulnerability to conduct...

CVE-2016-9000

IBM InfoSphere DataStage is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection. A remote attacker could exploit this vulnerability using a specially-crafted URL to navigate to a web page the attacker controls. An attacker could use this vulnerability to conduct...

CVE-2016-9000

IBM InfoSphere DataStage is affected by CVE-2016-9000, a Cross‑Frame Scripting issue caused by insufficient HTML iframe protection. A remote attacker could entice a user to visit a crafted URL to load a page under the attacker’s control, enabling clickjacking or other client‑side browser attacks....

CVE-2016-5984

IBM InfoSphere Information Server is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection. A remote attacker could exploit this vulnerability using a specially-crafted URL to navigate to a web page the attacker controls. An attacker could use this vulnerability to...

Cross site scripting

IBM InfoSphere Information Server is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection. A remote attacker could exploit this vulnerability using a specially-crafted URL to navigate to a web page the attacker controls. An attacker could use this vulnerability to...

CVE-2016-5984

CVE-2016-5984 affects IBM InfoSphere Information Server and ISF/InfoSphere on Cloud. The vulnerability is a cross-frame scripting issue due to insufficient HTML iframe protection, enabling a remote attacker to use a crafted URL to perform clickjacking or similar client-side browser attacks. Affec...

CVE-2016-5984

IBM InfoSphere Information Server is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection. A remote attacker could exploit this vulnerability using a specially-crafted URL to navigate to a web page the attacker controls. An attacker could use this vulnerability to...

Cross site scripting

An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a reflected Cross Site Scripting vulnerability which affects the raceMasterList.jsp page within the Patient Portal. Inserted payload is rendered within the Patient Portal and the raceMasterList.jsp page does not requir...

Cisco Prime Infrastructure Cross-Frame Scripting Vulnerability

A vulnerability in the web interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to execute a cross-frame scripting XFS attack. This vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerability by directing a user to a...

Cisco Prime Infrastructure Frame Injection Vulnerability

A vulnerability in the web interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to execute a cross-frame scripting XFS attack. The vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerability by directing a user to an...

Kunai - Pwning & Info Gathering via User Browser

Sometimes there is a need to obtain ip address of specific person or perform client-side attacks via user browser. This is what you need in such situations. Kunai is a simple script which collects many informations about a visitor and saves output to file; furthermore, you may try to perform...

Cisco Prime Infrastructure Cross-Frame Scripting Vulnerability

A vulnerability in the web interface of the Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to execute a cross-frame scripting XFS attack. This vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerability by directing a user ...

Luuuk Bank Fraud Campaign Nets €500K in One Week

A fraud campaign siphoned more than half a million dollars from a European bank over the course of a week earlier this year, researchers with Kaspersky Lab announced this week. The campaign, dubbed Luuuk, extracted €500,000 roughly $679,700 USD from 190 victims, mostly in Italy and Turkey, from...

Cisco Wireless LAN Controller Cross-Frame Scripting Vulnerability

A vulnerability in the web interface of the Cisco Wireless LAN Controller WLC could allow an unauthenticated, remote attacker to execute a cross-frame scripting XFS attack. The vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerability by directing a...