Metamorfo Returns with Keylogger Trick to Target Financial Firms

Researchers have discovered a recent spate of phishing emails spreading a new variant of Metamorfo, a financial malware known for targeting Brazilian companies. Now, however, it’s expanding its geographic range and adding a new technique. Metamorfo was first discovered in April 2018, in various...

CVE-2019-11288

In Pivotal tc Server, 3.x versions prior to 3.2.19 and 4.x versions prior to 4.0.10, and Pivotal tc Runtimes, 7.x versions prior to 7.0.99.B, 8.x versions prior to 8.5.47.A, and 9.x versions prior to 9.0.27.A, when a tc Runtime instance is configured with the JMX Socket Listener, a local attacker...

Huawei EulerOS: Security Advisory for mariadb (EulerOS-SA-2019-2543)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-2699

Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications component: Infrastructure. Supported versions that are affected are 12.0.1-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTT...

CVE-2020-2636

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager component: Application Service Level Mgmt. Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via...

CVE-2020-2589

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.28 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

CVE-2020-2577

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

Design/Logic Flaw

Vulnerability in the Enterprise Manager for Oracle Database product of Oracle Enterprise Manager component: Enterprise Config Management. Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access...

Design/Logic Flaw

Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications component: Infrastructure. Supported versions that are affected are 12.0.1-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTT...

CVE-2020-2614

Vulnerability in the Enterprise Manager for Fusion Middleware product of Oracle Enterprise Manager component: APM Mesh. Supported versions that are affected are 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise...

CVE-2020-2588

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...

Design/Logic Flaw

An issue was discovered on Intelbras IWR 3000N 1.8.7 devices. When the administrator password is changed from a certain client IP address, administrative authorization remains available to any client at that IP address, leading to complete control of the router...

CVE-2018-2769

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Pluggable Auth. Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

CVE-2019-19995

A CSRF issue was discovered on Intelbras IWR 3000N 1.8.7 devices, leading to complete control of the router, as demonstrated by v1/system/user...

CVE-2019-2960

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Replication. Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM i

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is used by IBM i. Vulnerability Details CVEID: CVE-2015-2638 DESCRIPTION: An unspecified vulnerability related to the 2D component has complete confidentiality impact, complete integrity impact, and complete...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM i.

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is used by IBM i. Vulnerability Details CVEID: CVE-2015-4844DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the 2D component has complete confidentiality impact, complete integrity impact,...

Amazon's Blink Smart Security Cameras Open to Hijack

Multiple high-severity vulnerabilities have been discovered in Amazon-owned Blink XT2 security camera systems, which if exploited could give attackers complete control over them. The internet of things IoT cameras not to be confused with the Blink open-source browser engine, consist of a wireless...

Ransomware at Colorado IT Provider Affects 100+ Dental Offices

A Colorado company that specializes in providing IT services to dental offices suffered a ransomware attack that is disrupting operations for more than 100 dentistry practices, KrebsOnSecurity has learned. Multiple sources affected say their IT provider, Englewood, Colo. based Complete Technology...

CVE-2017-10286

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: InnoDB. Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise...