386 matches found
Threat landscape for industrial automation systems. Statistics for H2 2020
Figures Indicator | H1 2020 | H2 2020 | 2020 ---|---|---|--- Global percentage of attacked ICS computers | 32.6% | 33.42% | 38.55% Percentage of attacked ICS computers by region Northern Europe | 10.1% | 11.5% | 12.3% Western Europe | 15.1% | 14.8% | 17.6% Australia | 16.3% | 17.0% | 18.9% United...
CVE-2019-1983 Cisco Email Security Appliance and Cisco Content Security Management Appliance Denial of Service Vulnerability
A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliance ESA and Cisco Content Security Management Appliance SMA could allow an unauthenticated, remote attacker to cause repeated crashes in some internal processes that are running on the...
USN-4524-1 tnef vulnerabilities
Paul Dreik discovered that TNEF incorrectly handled filenames. If a user were tricked into opening a specially crafted email attachment, an attacker could possibly use this issue to write arbitrary files to the filesystem or cause TNEF crash, resulting in a denial of service. CVE-2019-18849...
Malicious Cyber Actor Spoofing COVID-19 Loan Relief Webpage via Phishing Emails
Summary The Cybersecurity and Infrastructure Security Agency CISA is currently tracking an unknown malicious cyber actor who is spoofing the Small Business Administration SBA COVID-19 loan relief webpage via phishing emails. These emails include a malicious link to the spoofed SBA website that th...
CVE-2020-12782
Openfind MailGates contains a Command Injection flaw, when receiving email with specific strings, malicious code in the mail attachment will be triggered and gain unauthorized access to system files...
Iranian Hackers Target U.S. Gov. Vendor With Malware
Iran-linked threat actor APT34 has been observed sending targeted, malicious email attachments to customers and employees of a company that works closely with U.S. government agencies. The company in question is U.S.-based Westat, a professional services company that provides research services to...
Increased Emotet Malware Activity
The Cybersecurity and Infrastructure Security Agency CISA is aware of a recent increase in targeted Emotet malware attacks. Emotet is a sophisticated Trojan that commonly functions as a downloader or dropper of other malware. Emotet primarily spreads via malicious email attachments and attempts t...
Drake Lyrics Used as Calling Card in Malware Attack
A hacker with the handle “Master X” leverages a PowerShell script that contains a reference to singer-songwriter Drake lyric’s “Kiki Do You Love Me” and ultimately delivers a malicious payload to its victims. The campaign is email based; with missives containing a malicious PowerPoint attachment...
All in the (Ransomware) Family: 10 Ways to Take Action
In a world where everything is an “as-a-service,” it’s no surprise that ransomware-as-a-service RaaS is a hot ticket on the Dark Web. FortiGuard Labs has observed at least two significant ransomware families – Sodinokibi and Nemty – now being deployed as RaaS solutions. Meanwhile, cybercriminals...
Microsoft PowerPoint CVE-2019-1462 Remote Code Execution Vulnerability
Description Microsoft PowerPoint is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial of service conditions. Technologies Affected...
Microsoft Access CVE-2019-1400 Information Disclosure Vulnerability
Description Microsoft Access is prone to an information-disclosure vulnerability. An attacker can leverage this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Microsoft Office 2010 32-bit edition SP2 Microsoft Office 2010 64-bit edition SP2 Microsoft...
DEBIAN-CVE-2019-18180
Improper Check for filenames with overly long extensions in PostMaster sending in email or uploading files e.g. attaching files to mails of OTRS Community Edition and OTRS allows an remote attacker to cause an endless loop. This issue affects: OTRS AG: OTRS Community Edition 5.0.x version 5.0.38...
ACSC Releases Advisory on Emotet Malware Campaign
The Australian Cyber Security Centre ACSC has released an advisory on an ongoing, widespread Emotet malware campaign. Emotet is a Trojan—commonly spread via malicious email attachments—that attempts to proliferate within a network by brute forcing user credentials and writing to shared drives. AC...
FBI Releases Article on Defending Against E-Skimming
The Federal Bureau of Investigation FBI has released an article to raise awareness on e-skimming threats. E-skimming occurs when an attacker injects malicious code onto a website to capture credit or debit card data or personally identifiable information PII. The Cybersecurity and Infrastructure...
Outlook for Web Bans 38 More File Extensions in Email Attachments
Malware or computer virus can infect your computer in several different ways, but one of the most common methods of its delivery is through malicious file attachments over emails that execute the malware when you open them. Therefore, to protect its users from malicious scripts and executable,...
Astaroth Spy Trojan Uses Facebook, YouTube Profiles to Cover Tracks
Facebook and YouTube profiles are at the heart of an ongoing phishing campaign spreading the Astaroth trojan, bent on the eventual exfiltration of sensitive information. The attack is sophisticated in that it uses normally trusted sources as cover for malicious activities – thus evading usually...
Debian DLA-1877-1 : otrs2 security update
Several security issues have been fixed in otrs2, a well known trouble ticket system. CVE-2018-11563 An attacker who is logged into OTRS as a customer can use the ticket overview screen to disclose internal article information of their customer tickets. CVE-2019-12746 A user logged into OTRS as a...
Staying Cyber Safe During Memorial Day
As Memorial Day approaches, the Cybersecurity and Infrastructure Security Agency CISA reminds users to stay cyber safe. Users should be cautious of potential scams, such as unsolicited emails that contain malicious links or attachments with malware. Users should also be aware of the risks...
Microsoft Dynamics On-Premise Security Feature Bypass
A security feature bypass vulnerability exists in Dynamics On Premise. An attacker who exploited the vulnerability could send attachment types that are blocked by the email attachment system. To exploit the vulnerability, an attacker would need to capture and edit the POST request to include a...
[SECURITY] Fedora 27 Update: php-PHPMailer-5.2.27-1.fc27
Full Featured Email Transfer Class for PHP. PHPMailer features: Supports emails digitally signed with S/MIME encryption! Supports emails with multiple TOs, CCs, BCCs and REPLY-TOs Works on any platform. Supports Text & HTML emails. Embedded image support. Multipart/alternative emails for mail...