Chrysalis, Notepad++, and Supply Chain Risk: What it Means, and What to Do Next

When Rapid7 published its analysis of the Chrysalis backdoor linked to a compromise of Notepad++ update infrastructure, it raised understandable questions from customers and security teams. The investigation showed that attackers did not exploit a flaw in the application itself. Instead, they...

An Overview of 7726 User Reports: Uncovering SMS Scams and Scammer Strategies

Mobile network operators implement firewalls to stop illicit messages, but scammers find ways to evade detection. Previous work has looked into SMS texts that are blocked by these firewalls. However, there is little insight into SMS texts that bypass them and reach users. To this end, we...

Octopus Deploy 安全漏洞

Octopus Deploy is an automation tool for .NET, Java and other application development and deployment from Octopus Australia. A security vulnerability exists in Octopus Deploy that stems from the fact that the server can be induced to send requests containing authentication material, which could...

Oracle Communications Applications 安全漏洞

Oracle Communications Applications is an advanced communications and collaboration services application from Oracle Corporation. A security vulnerability exists in Oracle Communications BRM that can be exploited by an attacker to allow an elevated privilege attacker to log in to the infrastructur...

Command injection

A privileged attacker in GeoNetwork before 3.12.0 and 4.x before 4.0.4 can use the directory harvester before-script to execute arbitrary OS commands remotely on the hosting infrastructure. A User Administrator or Administrator account is required to perform this. This occurs in the runBeforeScri...

Oracle Virtualization 输入验证错误漏洞

Oracle Virtualization and Oracle VM VirtualBox are both products of Oracle Corporation. Oracle VM VirtualBox is a virtual machine management software for Oracle Virtualization. VirtualBox is vulnerable to an input validation error that allows a low privilege attacker to log into the infrastructur...

Oracle Virtualization 安全漏洞

Oracle Virtualization is a set of virtualization solutions from Oracle Corporation. The product is used to unify the management of the entire hardware and software system from applications to disks, enabling virtualization from the desktop to the data center.VM VirtualBox is one of the virtual...

Google Report Outlines Dependencies in the For-Profit Cybercrime Food Chain

Security specialists need to change the game and shift gears, researchers argue – instead of focusing on protecting their users and systems, they should narrow their sights on trying to shake up cybercrime’s seedy underbelly. At least that’s how Kurt Thomas and Elie Bursztein, researchers at...