Disguised as Citrix Utility, Kedi RAT Exploits Gmail to Transfer Data

By Uzair Amir A Remote Access Trojan RAT is one of the most used This is a post from HackRead.com Read the original post: Disguised as Citrix Utility, Kedi RAT Exploits Gmail to Transfer Data...

Compromised LinkedIn accounts used to send phishing links via private message and InMail

Phishing continues to be a criminals' favorite for harvesting user credentials with more or less sophisticated social engineering tricks. In this post, we take a look at a recent attack that uses existing LinkedIn user accounts to send phishing links to their contacts via private message but also...

Legal Robot: Email Length Verification

Hi Team, Hope you are good. I found your website app.legalrobot.com vulnerable to this vulnerability. Bug: Improper authentication - generic Description: Dont know much about the websites that how they stored email address.Email addresses are stored as VARCHAR128 But here your website legalrobot...

Gmail for iOS Adds Anti-Phishing Feature that Warns of Suspicious Links

Phishing — is an older style of cyber-attack but remains one of the most common and efficient attack vectors for attackers, as a majority of banking malware and various ransomware attacks begin with a user clicking on a malicious link or opening a dangerous attachment in an email. Phishing has...

Inbox by Gmail - BSD license, Base64 encoded String, Exported ContentProvider vulnerabilities

HackApp vulnerability scanner discovered that application Inbox by Gmail published at the 'play' market has multiple vulnerabilities...

Weblate: Running 2 accounts with a single email #3

Following the fixes: 241608 & 224072. there's still another way round this. Reproduction Steps 1. Register 2 accounts Preferably using Gmail not third party - Login both accounts on separate browsers - In Browser1, navigate to https://demo.weblate.org/accounts/profile/auth - Add a new association...

WordPress Ultimate Product Catalogue 4.2.2 SQL Injection

Exploit Title: Ultimate Product Catalogue 4.2.2 Sql Injection a Plugin WordPress a Sql Injection Exploit Author: Lenon Leite Vendor Homepage: https://wordpress.org/plugins/ultimate-product-catalogue/ Software Link: https://wordpress.org/plugins/ultimate-product-catalogue/ Contact:...

A week in security (June 19 – June 25)

Last week, we expanded on all the different technologies that Malwarebytes uses to break the attack chain and our Incident Response solution. We also warned you about a Roblox Robux generator scam and a phish targeting customers of Barclays Bank. Below are notable news stories and security-relate...

Google to stop scanning user emails for Gmail ads

By Jahanzaib Hassan Diane Greene, the founder of VMware Inc. and the board member at Google revealed that Google will now stop analyzing user’s personal emails for targeted advertising purposes. Gmail As you may know, Gmail users encounter a number of ads based on their emails content. That is, t...

Dedicated Machine Learning Behind Early Phishing Detection in Gmail

Cybercrime and state-sponsored advanced attacks continue to cling to email as a primary distribution vehicle for first-stage malware. Phishing campaigns thrive in targeted attacks, and criminals have even resuscitated old-school macro malware in attachments to gain that initial foothold on a...

Russian Hackers Made 'Tainted Leaks' a Thing — Phishing to Propaganda

We came across so many revelations of sensitive government and corporate data on the Internet these days, but what's the accuracy of that information leaked by unknown actors? Security researchers have discovered new evidence of one such sophisticated global espionage and disinformation campaign...

1 Million Gmail Users Impacted by Google Docs Phishing Attack

Google said that up to 1 million Gmail users were victimized by yesterday’s Google Docs phishing scam that spread quickly for a short period of time. In a statement, Google said that fewer than 0.1 percent of Gmail users were affected; as of last February, Google said it had one billion active...

Warning! Don't Click that Google Docs Link You Just Received in Your Email

Did someone just share a random Google Doc with you? First of all — Do not click on that Google Doc link you might have just received in your email and delete it immediately — even if it's from someone you know. I, my colleagues at The Hacker News, and even people all around the Internet,...

Weblate: Open redirect in Signing in via Social Sites

Weak Authentication Leads to the Open redirection to Malicios Sites : Signing in via Facebook : + https://hosted.weblate.org/accounts/login/facebook/?next=///evil.com Signing in via Gmail : + https://hosted.weblate.org/accounts/login/google-oauth2/?next=///evil.com Signing in via Github: +...

Hacker Selling Over 1 Million Decrypted Gmail and Yahoo Passwords On Dark Web

Hardly a day goes without headlines about any significant data breach. In past year, billions of accounts from popular sites and services, including LinkedIn, Tumblr, MySpace, Last.FM, Yahoo!, VK.com were exposed on the Internet. Now, according to the recent news, login credentials and other...

Fully Featured Backdoor – Telegram C&C: BrainDamage

A python based backdoor which uses Telegram as C&C server. Features Persistance USB spreading Port Scanner Router Finder Run shell commands Keylogger Insert keystrokes Record audio Webserver Screenshot logging Download files in the host Execute shutdown, restart, logoff, lock Send drive tree...

Google Releases E2EMail to Open Source

The ongoing struggle to provide encrypted email solutions that aren’t on a PGP level of complexity and difficulty is a real challenge. Google’s attempt at it, called E2EMail, was introduced more than a year ago as an effort to give users a Chrome app that allows for the simple exchange of private...

SMTP STS Coming Soon to Gmail, Other Webmail Providers

Gmail users can expect the introduction of SMTP Strict Transport Security to the email service some time this year, bringing a measure of security similar to certificate pinning to one of the world’s biggest webmail services. Elie Bursztein, the head of Google’s anti-abuse research team, said at...

Google to Block .js Attachments in Gmail

Spammers and cybercriminals have revived email-based attacks in the last year, giving new life to macro-based malware hidden in Word documents, and with greater intensity of late, .js files that run JavaScript on infected clients, largely to download malware from an attacker’s site. Google...

Don't Fall For This Dangerously Convincing Ongoing Phishing Attack

Security researchers have discovered a new phishing campaign targeting Gmail users, which is so convincing and highly effective that even tech-savvy people can be tricked into giving away their Google credentials to hackers. The attackers first compromise a victim's Gmail account, and once they a...