45 matches found
Your Shipment Notification is Now a Malware Dropper
Forcepoint X-Labs reports a surge in sophisticated email attacks using obfuscated JavaScript and steganography to deliver dangerous RATs and info-stealers like Formbook and Agent Tesla. Learn how to defend against the threat...
EUVD-2004-0182
Malware in sbrugna...
EUVD-2009-1586
Malware in sbrugna...
EUVD-2009-1426
Malware in sbrugna...
EUVD-2019-5897
Malware in sbrugna...
EUVD-2015-9118
Malware in sbrugna...
EUVD-2023-2126
Malicious code in bioql PyPI...
EUVD-2023-56053
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2022-4055
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that shou...
CVE-2023-51323
A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Shared Asset Booking System v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service DoS via a large amount of generated e-mail messages...
CVE-2023-51321
CVE-2023-51321 describes a missing rate limit in the Forgot Password/Forgot Email flow of PHPJabbers Night Club Booking Software v1.0, enabling an attacker to trigger a high volume of email messages to a legitimate user and potentially cause a Denial of Service. The affected product is PHPJabbers...
Alert: CISA Warns of Active 'Roundcube' Email Attacks - Patch Now
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added a medium-severity security flaw impacting Roundcube email software to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The issue, tracked as CVE-2023-43770 CVSS score: 6.1,...
New Agent Tesla Malware Variant Using ZPAQ Compression in Email Attacks
A new variant of the Agent Tesla malware has been observed delivered via a lure file with the ZPAQ compression format to harvest data from several email clients and nearly 40 web browsers. "ZPAQ is a file compression format that offers a better compression ratio and journaling function compared t...
Email crypto phishing scams: stealing from hot and cold crypto wallets
The higher the global popularity of cryptocurrencies and the more new ways of storing them, the wider the arsenal of tools used by malicious actors who are after digital money. Scammers tailor the complexity of technology they use and the thoroughness of their efforts to imitate legitimate websit...
QBot banker delivered through business correspondence
In early April, we detected a significant increase in attacks that use banking Trojans of the QBot family aka QakBot, QuackBot, and Pinkslipbot. The malware would be delivered through e-mail letters written in different languages — variations of them were coming in English, German, Italian, and...
Trend-spotting email techniques: How modern phishing emails hide in plain sight
With the massive volume of emails sent each day, coupled with the many methods that attackers use to blend in, identifying the unusual and malicious is more challenging than ever. An obscure Unicode character in a few emails is innocuous enough, but when a pattern of emails containing this obscur...
Microsoft Warns of LemonDuck Malware Targeting Windows and Linux Systems
An infamous cross-platform crypto-mining malware has continued to refine and improve upon its techniques to strike both Windows and Linux operating systems by setting its sights on older vulnerabilities, while simultaneously latching on to a variety of spreading mechanisms to maximize the...
Google Services Weaponized to Bypass Security in Phishing, BEC Campaigns
A spike in recent phishing and business email compromise BEC attacks can be traced back to criminals learning how to exploit Google Services, according to research from Armorblox. Social distancing has driven entire businesses into the arms of the Google ecosystem looking for a reliable, simple w...
PT-2020-4325 · Microsoft · Windows Camera Codec Pack +1
Name of the Vulnerable Software and Affected Versions: Windows Camera Codec Pack affected versions not specified Description: The issue is related to errors in handling objects in memory within the Windows Camera Codec Pack. Exploitation of this issue could allow an attacker to execute arbitrary...
Malicious Attachments Remain a Cybercriminal Threat Vector Favorite
While attachment threat vectors are one of the oldest malware-spreading tricks in the books, email users are still clicking on malicious attachments that hit their inbox, whether it’s a purported “job offer” or a pretend “critical invoice.” The reason why threat actors are still relying on this...