45 matches found
Booking.com phish uses fake CAPTCHAs to trick hotel staff into downloading malware
A new phishing campaign that uses the fake CAPTCHA websites we reported about recently is targeting hotel staff in a likely attempt to access customer data, according to research from ThreatDown. Here's how it works: Cybercriminals send a fake Booking.com email to a hotel’s email address, asking...
CVE-2023-33949
In Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.2 and earlier the default configuration does not require users to verify their email address, which allows remote attackers to create accounts using fake email addresses or email addresses which they don't control. The portal property...
Liferay Portal和Liferay DXP 安全漏洞
Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...
Gozi Malware Spreads through Fake Italian Revenue Agency Email Campaign
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A fake Italian Revenue Agency email campaign tricks victims into downloading a malicious attachment that installs Gozi, a binary that bypasses Italys geofencing and creates a loader process on the victim...
Fake Amazon Prime email abuses LinkedIn's URL shortener
Over the last few days, scammers have been sending out phishing mails that disguise bogus URLs with something called Slinks--shortened Linkedin URLs. The shortened URLs redirect users to a different URL when they are clicked. If youve ever seen a Tiny URL, or a Bit.ly link, youll already be...
CVE-2022-23079
In motor-admin versions 0.0.1 through 0.2.56 are vulnerable to host header injection in the password reset functionality where malicious actor can send fake password reset email to arbitrary victim...
FBI Email Hoaxer ID’ed by the Guy He Allegedly Loves to Torment
Vinny Troia, the cybersecurity researcher mentioned in a fake alert gushed out to thousands of people from the FBI’s own email system on Friday night, has fingered the guy who allegedly pulled off the exploit. Register now for our LIVE event! Troia – white hat threat hunter, cybercrime investigat...
omniauth-apple allows attacker to fake their email address during authentication
Impact This vulnerability impacts applications using the omniauth-apple strategy of OmniAuth and using the info.email field of OmniAuth's Auth Hash Schema for any kind of identification. The value of this field may be set to any value of the attacker's choice including email addresses of other...
Ping Identity: No valid SPF record not found
There are no SPF Records found for ort-admin.pingone.com Description: There is an email spoofing vulnerability. Email spoofing is the forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source. Email spoofing is a tactic used i...
Back-to-School Scams Target Students with Library-Themed Emails
College students settling back into school might want to think twice before clicking on an email prompting them to renew their school library account. Researchers warn that students at hundreds of universities worldwide are being targeted with fake emails this week, which tout attachments or link...
Chainlink: No Valid SPF Records.
Hiii, There is any issue No valid SPF Records Desciprition : There is a email spoofing vulnerability.Email spoofing is the forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source. Email spoofing is a tactic used in phishing...
Khan Academy: Users can make accounts with a fake email address.
A valid email address is not required to create a Khan Academy account. We do not consider this a security vulnerability...
Nextcloud: Missing SPF flags for customerupdates.nextcloud.com
Hey, I just checked for SPF records for the customerupdates.nextcloud.com domain, and there are none. The fake message reaches the inbox from this domain. Not spam. You can validate by testing yourself here: http://www.kitterman.com/spf/validate.html This subdomain too: update.nextcloud.com Impac...
Liberapay: REGISTRATION USING FAKE EMAIL ACCOUNT
Go to page https://liberapay.com/sign-up 2. Input email address I tried to register with some email address [email protected] [email protected] [email protected] [email protected] [email protected] 3. Select the currency you want to use 4. click "GO" button 5. Will automatically enter into account without going through the process of verification email...
A week in security (September 4 – September 10)
Last week, we looked into expired domain names being used for malvertising, delved into dubious Facebook apps, and checked out Chinese seminar scams. We also explained the whys and wherefores of false positives, explained what Google is doing with HTTPs, warned you away from a fake DHS email, and...
Gratipay: Avoid "resend verification email" confusion
Let's assume Alice has a Gratipay account https://gratipay.com/alice and an [email protected] email 1. Mallory creates an a1[email protected] email address, base64-encodes it, and sends Alice a link https://gratipay.com/alice/emails/verify.html?email2=YTFpY2VAZm9vLmNvbQ&nonce=x 2. When Alice opens the...
Threat Outbreak Alert: Fake Scanned Document Delivery Email Messages on May 20, 2014
Medium Alert ID: 34304 First Published: 2014 May 20 16:05 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a scanned document for the recipient. The text in the email message attempts to convince the recipient to open the...
Threat Outbreak Alert: Fake Email Messages Distributing Malicious Software on May 17, 2014
Medium Alert ID: 34264 First Published: 2014 May 19 13:24 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that contain malicious software for the recipient. The text in the email message attempts to convince the recipient to open the attachme...
Threat Outbreak Alert: Fake Software Security Update Email Messages on May 17, 2014
Medium Alert ID: 34254 First Published: 2014 May 16 13:47 GMT Last Updated: 2014 May 19 13:17 GMT Version: 2 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a software security update for the recipient. The email message attempts to...
Threat Outbreak Alert: Fake Shipment Tracking Information Email Messages on April 30, 2014
Medium Alert ID: 34010 First Published: 2014 April 30 19:09 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain shipment tracking information for the recipient. The text in the email message attempts to convince the recipien...