Lucene search
K

374 matches found

CNVD
CNVD
added 2020/02/27 12:0 a.m.1 views

XSS Vulnerability in Cicada Knowledge Enterprise Portal System

Cicada Knowledge Enterprise Portal System is an open source and free enterprise portal system. Cicada Knowledge Enterprise Portal System EPS 8.0 has an XSS vulnerability, users can use the front posting and reply function to upload malicious attachments, which leads to the administrator in the...

6.3AI score
Exploits0
Wired Threat Level
Wired Threat Level
added 2020/02/25 8:18 p.m.39 views

Gmail Is Catching More Malicious Attachments With Deep Learning

Users of Gmail get 300 billion attachments each week. To separate legitimate documents from harmful ones, Google turned to AI—and it’s working...

1.6AI score
Exploits0
ThreatPost
ThreatPost
added 2020/02/19 12:3 p.m.81 views

Small Tax-Preparation Firms at Higher Risk this Tax Season, Report

This tax season crooks are targeting users with a new crop of scams that include leveraging remote desktop software and compromising small tax-prep company websites. “If you have the word ‘tax’ in your domain name; you’re a target this year,” warns Sherrod DeGrippo, senior director of threat...

Exploits0References5
ThreatPost
ThreatPost
added 2019/08/27 6:20 p.m.102 views

Employers Beware: Microsoft Word 'Resume' Phish Delivers Malware

Employers who receive an email from someone purporting to be a job applicant, with an attached resume, could fall victim to a difficult-to-detect phishing campaign peddling a remote-access tool used often for espionage. Researchers with Cofense said they have recently spotted emails with maliciou...

7.2AI score
Exploits0References10
Trellix
Trellix
added 2019/07/16 12:0 a.m.9 views

McAfee ATR Aids Police in Arrest of Rubella & Dryad Office Macro Builder

ARCHIVED STORY McAfee ATR Aids Police in Arrest of Rubella & Dryad Office Macro Builder By John Fokker · July 16, 2019 Everyday thousands of people receive emails with malicious attachments in their email inbox. Disguised as a missed payment or an invoice, a cybercriminal sender tries to entice a...

7.5AI score
Exploits0
CISA
CISA
added 2019/06/18 12:0 a.m.19 views

DHS Email Phishing Scam

The Cybersecurity and Infrastructure Security Agency CISA is aware of an email phishing scam that tricks users into clicking on malicious attachments that look like legitimate Department of Homeland Security DHS notifications. The email campaign uses a spoofed email address to appear like a...

6.6AI score
Exploits0References2
ThreatPost
ThreatPost
added 2019/04/08 3:15 p.m.97 views

Spam Campaigns Spread Trickbot Malware with Tax Lure

Hackers pushing the TrickBot banking trojan are exploiting tax season by pushing malicious Microsoft Excel spreadsheet documents via spam campaigns. Researchers said that they discovered the malware in three different campaigns since Jan. 27, 2019. These campaigns target victims with emails...

7AI score
Exploits0References7
Microsoft Secure
Microsoft Secure
added 2019/04/05 4:0 p.m.30 views

Steer clear of tax scams

In the month of February, we saw an average of 300,000 phishing attempts across Microsoft’s browsing platforms daily. Our security experts expect these attempted scams to become increasingly more prevalent through the April 15 Tax Day, especially in the two weeks leading up to it, when about 25...

0.5AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/02/11 1:35 p.m.172 views

TAU Threat Intelligence Notification: Spear Phishing Targeting Italy

Summary This campaign is targeting users in Italy with spear phishing email containing malicious attachments. Figure 1: Emails with the malicious XLS attachment The image above show one of the sample has attached in multiple email that has been sent to email address with Italy ccTLD. The attached...

0.4AI score
Exploits0
ThreatPost
ThreatPost
added 2019/01/11 5:49 p.m.25 views

TA505 Crime Gang Debuts Brand-New ServHelper Backdoor

A new backdoor named ServHelper has been spotted in the wild, acting as both a remote desktop agent as well as a downloader for a RAT called FlawedGrace. According to Proofpoint, the prolific cybercriminal gang known as TA505 developed ServHelper, which has two variants: one focused on remote...

2.5AI score
Exploits0References6
Carbon Black Blog
Carbon Black Blog
added 2019/01/07 5:27 p.m.130 views

TAU Threat Intelligence Notification: Djvuu Ransomware

Summary Djvuu ransomware is believed to be a newer variant of the “Stop” ransomware strain, which was seen circulating in the early part of 2018. There are also similarities to the Goren-B trojan originally reported by Sophos back in 2016. Djvuu is likely to be delivered through phishing e-mail...

6.7AI score
Exploits0
ThreatPost
ThreatPost
added 2018/12/07 6:35 p.m.10 views

TA505 Crooks are Now Targeting US Retailers with Personalized Campaigns

Cybercriminals behind the notorious Dridex and Locky ransomware have a new target in their sights – large retail, restaurant and grocery chains located in the US. Researchers are warning the well-known financial criminal group TA505 is behind a new wave of email campaigns distributing personalize...

1AI score
Exploits0References4
Securelist
Securelist
added 2018/08/01 10:0 a.m.38 views

Attacks on industrial enterprises using RMS and TeamViewer

Main facts Kaspersky Lab ICS CERT has identified a new wave of phishing emails with malicious attachments targeting primarily companies and organizations that are, in one way or another, associated with industrial production. The phishing emails are disguised as legitimate commercial offers and a...

0.7AI score
Exploits0
NVD
NVD
added 2018/06/05 2:29 p.m.12 views

CVE-2018-8923

Cross-site scripting XSS vulnerability in Attachment Preview in Synology File Station before 1.1.4-0122 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments...

6.5CVSS5.9AI score0.00803EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2018/06/05 2:29 p.m.4 views

CVE-2018-8923

Cross-site scripting XSS vulnerability in Attachment Preview in Synology File Station before 1.1.4-0122 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments...

6.5CVSS5.7AI score0.00803EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/06/05 2:0 p.m.19 views

CVE-2018-8923

Cross-site scripting XSS vulnerability in Attachment Preview in Synology File Station before 1.1.4-0122 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments...

6.5CVSS5.9AI score0.00803EPSS
Exploits0References1
ThreatPost
ThreatPost
added 2018/05/28 12:21 p.m.151 views

Despite Ringleader’s Arrest, Cobalt Group Still Active

Evidence has surfaced that the Cobalt Group – the threat actors behind widespread attacks on banks and ATM jackpotting campaigns across Europe – is continuing to operate, despite the arrest of its accused ringleader in March. The Cobalt Group, first burst on the scene in 2016: in a single night,...

9.3CVSS8.6AI score0.99945EPSS
Exploits50References4
Securelist
Securelist
added 2018/05/28 10:0 a.m.42 views

2018 Fraud World Cup

There are only two weeks to go before the start of the massive soccer event — FIFA World Cup. This championship has already attracted the attention of millions worldwide, including a fair few cybercriminals. Long before kick-off, email accounts began bulging with soccer-related spam, and scammers...

7AI score
Exploits0
OSV
OSV
added 2018/05/10 1:29 p.m.4 views

CVE-2018-8910

Cross-site scripting XSS vulnerability in Attachment Preview in Synology Drive before 1.0.1-10253 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments...

5.4CVSS5.9AI score0.00803EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2018/05/10 1:29 p.m.3 views

CVE-2018-8910

Cross-site scripting XSS vulnerability in Attachment Preview in Synology Drive before 1.0.1-10253 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments...

6.5CVSS5.7AI score0.00803EPSS
Exploits0References2
Rows per page
Query Builder