37 matches found
EUVD-2018-4051
Malware in sbrugna...
EUVD-2018-3477
Malware in sbrugna...
EUVD-2018-4050
Malware in sbrugna...
EUVD-2018-4053
Malware in sbrugna...
EUVD-2018-4046
Malware in sbrugna...
DOJ Charges Nashville Man for Helping North Koreans Get U.S. Tech Jobs
The U.S. Department of Justice DoJ on Thursday charged a 38-year-old individual from Nashville, Tennessee, for allegedly running a "laptop farm" to help get North Koreans remote jobs with American and British companies. Matthew Isaac Knoot is charged with conspiracy to cause damage to protected...
A Penetration Testing Buyer's Guide for IT Security Teams
The frequency and complexity of cyber threats are constantly evolving. At the same time, organizations are now collecting sensitive data that, if compromised, could result in severe financial and reputational damage. According to Cybersecurity Ventures, the cost of cybercrime is predicted to hit ...
Business Logic Attacks: Why Should You Care?
Imagine this: Youve just launched an amazing new application with top-of-the-line API security, reinforced it with client-side protection, and even set up defenses against bot attacks. Youre feeling safe and secure, congratulating yourself on a job well done. But, despite all your efforts, your...
Mozilla: DOS via cache poisoning on [developer.mozilla.org]
A vulnerability was discovered on the developer.mozilla.org website that allowed an attacker to perform a denial-of-service DoS attack by adding an "X-Forwarded-Host" header with a value causing a 404 error. The website's cache configuration allowed the error response to be saved and served to...
SMTP server credentials are returned
Description The vulnerability discovered in the Calibre-Web application is a security flaw in the management of email configurations that allows the SMTP server credentials to be viewed by an account with editing permission. This could allow a malicious user with access to the administrative...
Potential Manipulation Vulnerability in _validateOrdersAndPrepareToFulfill Function
Lines of code Vulnerability details Impact The smart contract may not be properly validated, which could lead to fraudulent or malicious orders being fulfilled. This could result in loss of assets or other financial damage to users of the contract. Additionally, if the validation process is not...
Summer of Cybercrime Continues: What To Do
We recently coined this as the Summer of Cybercrime. Major ransomware attacks continue to hit companies globally. The attacks can cause significant damage, from a financial, reputation and productivity standpoint...
The Threat That Never Went Away Is Back (with a Vengeance)
What is your recollection of May 2017? Emmanuel Macron won the French election. The Ringling Bros. and Barnum & Bailey Circus gave its final performance after a 146-year run. The U.S. FCC voted to overturn net neutrality rules. And the National Health Service in the United Kingdom was crippled by...
Uber: Chain of IDORs Between U4B and Vouchers APIs Allows Attackers to View and Modify Program/Voucher Policies and to Obtain Organization Employees' PII
The security researchers discovered a number of connected IDORs in the Uber business and voucher applications. By chaining these vulnerabilities together, the researchers could retrieve information related to existing voucher policies and modify those policies for monetary gain, such as for free...
Yandex Employee Caught Selling Access to Users' Email Inboxes
Russian Dutch-domiciled search engine, ride-hailing and email service provider Yandex on Friday disclosed a data breach that compromised 4,887 email accounts of its users. The company blamed the incident on an unnamed employee who had been providing unauthorized access to the users' mailboxes for...
Yandex Data Breach Exposes 4K+ Email Accounts
Yandex – one of Europe’s largest internet companies – is warning of a data breach that compromised 4,887 email accounts. The breach stems from an insider threat. Yandex is the most-used search engine in Russia – and the fifth most-popular search engine worldwide. Beyond its search engine, Yandex’...
Zenly: Google Maps API key stored as plain text leading to DOS and financial damage
The researcher highlighted the fact that the Google Maps API key which is by design easily retrievable from the .apk was missing some restrictions. It then could be used by anyone to query the Google Static Map API, and possibly lead to financial damage. Resolved by enforcing missing restrictions...
Ex-Cisco Employee Pleads Guilty to Deleting 16K Webex Teams Accounts
A former Cisco Systems employee pleaded guilty this week to hacking into the networking company’s cloud infrastructure and deleting 16,000 Webex Teams accounts in 2018. Webex Teams is Cisco’s collaboration application for enterprises. In a plea agreement in a San Jose federal court, Sudhish Kasab...
Buffer overflow
The sell function of a smart contract implementation for SEC, a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka the...
CVE-2018-11446
The buy function of a smart contract implementation for Gold Reward GRX, an Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the buyer because of overflow of the multiplication of its argument amount and a manipulable variable buyPrice, aka the...