Lucene search
K

138 matches found

CISA
CISA
added 2019/07/12 12:0 a.m.12 views

NCSC Releases Advisory on Ongoing DNS Hijacking Campaign

The United Kingdom’s National Cyber Security Centre NCSC has released an advisory about an ongoing Domain Name System DNS hijacking campaign. The advisory details risks and mitigations for organizations to defend against this campaign, in which attackers use compromised credentials to modify the...

6.6AI score
Exploits0References2
Cvelist
Cvelist
added 2019/06/07 7:17 p.m.26 views

CVE-2018-10690

An issue was discovered on Moxa AWK-3121 1.14 devices. The device by default allows HTTP traffic thus providing an insecure communication mechanism for a user connecting to the web server. This allows an attacker to sniff the traffic easily and allows an attacker to compromise sensitive data such...

8AI score0.01468EPSS
Exploits1References3
ICS
ICS
added 2019/02/13 12:0 p.m.20 views

DNS Infrastructure Hijacking Campaign

Summary The National Cybersecurity and Communications Integration Center NCCIC, part of the Cybersecurity and Infrastructure Security Agency CISA, is aware of a global Domain Name System DNS infrastructure hijacking campaign. Using compromised credentials, an attacker can modify the location to...

9.3AI score
Exploits0References21
The Hacker News
The Hacker News
added 2019/02/05 6:39 p.m.136 views

Google's New Tool Alerts When You Use Compromised Credentials On Any Site

With so many data breaches happening almost every week, it has become difficult for users to know if their credentials are already in possession of hackers or being circulated freely across the Internet. Thankfully, Google has a solution. Today, February 5, on Safer Internet Day, Google launches ...

1.1AI score
Exploits0
The Hacker News
The Hacker News
added 2019/02/05 6:39 p.m.1 views

Google's New Tool Alerts When You Use Compromised Credentials On Any Site

With so many data breaches happening almost every week, it has become difficult for users to know if their credentials are already in possession of hackers or being circulated freely across the Internet. Thankfully, Google has a solution. Today, February 5, on Safer Internet Day, Google launches ...

6.7AI score
Exploits0
ThreatPost
ThreatPost
added 2019/01/29 5:43 p.m.49 views

Feds Dismantle Dark Web Credentials Market

Law-enforcement agencies across the world have taken aim at Dark Web denizens this week, with the takedown of a credentials marketplace as well as continued action against former users of the Webstresser.org DDoS-for-hire site. An international law-enforcement operation has dismantled the xDedic...

Exploits0References7
CISA
CISA
added 2019/01/10 12:0 a.m.11 views

DNS Infrastructure Hijacking Campaign

The National Cybersecurity and Communications Integration Center NCCIC, part of the Cybersecurity and Infrastructure Security Agency CISA, is aware of a global Domain Name System DNS infrastructure hijacking campaign. Using compromised credentials, an attacker can modify the location to which an...

6.8AI score
Exploits0References2
ThreatPost
ThreatPost
added 2018/12/24 2:38 p.m.10 views

San Diego School District Data Breach Hits 500k Students

A phishing attack against California’s San Diego Unified School District has led to hackers scooping up Social Security numbers and addresses of more than 500,000 students and staff. The district became aware of the breach Oct. 2018. The actual breach occurred between January 2001 and November...

1AI score
Exploits0References3
OSV
OSV
added 2018/10/03 8:27 p.m.17 views

GHSA-646X-M363-9RH4 node-opensl is malware

The node-opensl package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security...

7.5CVSS7.6AI score0.01123EPSS
Exploits0References3
Prion
Prion
added 2018/08/23 6:29 p.m.11 views

Design/Logic Flaw

An issue was discovered in the MapR File System in MapR Converged Data Platform and MapR-XD 6.x and earlier. Under certain conditions, it is possible for MapR ticket credentials to become compromised, allowing a user to escalate their privileges to act as aka impersonate any other user, including...

4CVSS8.6AI score0.00961EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2018/05/31 8:29 p.m.12 views

CVE-2016-10526

A common setup to deploy to gh-pages on every commit via a CI system is to expose a github token to ENV and to use it directly in the auth part of the url. In module versions 0.9.1 the auth portion of the url is outputted as part of the grunt tasks logging function. If this output is publicly...

8.6CVSS8.6AI score
Exploits0References2
FireEye
FireEye
added 2016/10/13 8:0 a.m.15 views

Operations of a Brazilian Payment Card Fraud Group

Introduction Brazil has been designated a major hub for financially motivated eCrime threat activity. Brazilian threat actors are targeting domestic and foreign entities and individuals, with frequent targeting of U.S. assets. The country routinely places in "Top Five" lists of various global cyb...

8.5AI score
Exploits0
The Hacker News
The Hacker News
added 2015/10/20 6:18 a.m.12 views

Here's How SIEM Can Protect Your Privileged Accounts in the Enterprise

It’s inevitable. Most security threats eventually target privileged accounts. In every organization each user has different permissions, and some users hold the metaphorical keys to your IT kingdom. If the privileged accounts get compromised, it can lead to theft or sabotage. Because these accoun...

6.9AI score
Exploits0
0day.today
0day.today
added 2015/01/24 12:0 a.m.36 views

Cisco Ironport Appliances Privilege Escalation Exploit

Cisco Ironport appliances are vulnerable to authenticated "admin" privilege escalation. By enabling the Service Account from the GUI or CLI allows an admin to gain root access on the appliance, therefore bypassing all existing "admin" account limitations. The vulnerability is due to weak algorith...

7.2AI score
Exploits0
ThreatPost
ThreatPost
added 2012/09/17 6:18 p.m.11 views

PwnedList Partnership Provides Credential Monitoring for LastPass Users

A partnership announced today merges LastPass’s credential management services with PwnedList’s credential monitoring services. The companies said “credential management and credential monitoring are natural complements” and that the move will bolster password security for LastPass end users...

1.3AI score
Exploits0References8
The Hacker News
The Hacker News
added 2012/07/17 12:18 p.m.9 views

FACT : One in five Microsoft logins controlled by hackers

About 20 percent of Microsoft Account logins are found on lists of compromised credentials in the wake of hack attacks on other service providers, Eric Doerr, Group Program Manager for Microsoft's Account system said. A significant proportion of compromised credentials Microsoft sees from other...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2011/01/27 7:29 a.m.5 views

Fedora Web Site Hacked, But the Servers Undamaged !

An attacker who had credentials and the use of taxpayer Fedora Fedora server, but the project leaders say the assailants apparently managed to compromise any software or servers. An attacker has attempted to compromise the servers for the Fedora Project, the community version of Red Hat Enterpris...

6.8AI score
Exploits0
Packet Storm
Packet Storm
added 2006/04/01 12:0 a.m.36 views

BPMSQL.txt

+Blog Pixel Motion +Sowtware's Web Site:www.pixelmotion.org +founded by Morocco Security Team +creetz to:SnIpErSA,Esp!onLeRaVaGe,CiM-TeaM,Kasparov,nabil,sniper,www.lezr.com and all muslim morocco +http://victim/blog/admin/index.php +user:moroccan-security //you can write any name : +pass:' or...

7.4AI score
Exploits0
Rows per page
Query Builder