184 matches found
CVE-2019-15630
Directory Traversal in APIkit, HTTP connector, and OAuth2 Provider components in MuleSoft Mule Runtime 3.2.0 and higher released before August 1 2019, MuleSoft Mule Runtime 4.1.0 and higher released before August 1 2019, and all versions of MuleSoft API Gateway released before August 1 2019 allow...
What’s in the spam mailbox this week?
We've seen a fair few spam emails in circulation this week, ranging from phishing to money muling to sexploitation. Shall we take a look? The FBI wants to give you back your money First out of the gate, we have a missive claiming to be from the FBI. Turns out you lost a huge sum of money that you...
419 spam: 10 million US dollars, courtesy of “Rev. Goodluck Ebola”
I'm not saying an email claiming to be from the "Central Bank of Nigeria" with a contact handler named "Rev. Goodluck Ebola" will raise too many red flags, but… Click to Enlarge CENTRAL BANK OF NIGERIA OFFICE OF THE GOVERNOR Zaria Street, Off Samuel Akintola Street,Garki 11, Garki-Abuja. Our Ref:...
Business Email Compromise Losses Up 2,370 Percent Since 2015
Business Email Compromise BEC schemes, where executives are scammed via social engineering and phishing compromises that ultimately lead to fraudulent wire transfers, grew at a jaw-dropping rate of 2,370 percent in the last two years. The FBI yesterday published its latest statistics on these...
Turning Tables on Nigerian Business Email Scammers
SAN FRANCISCO – Traditional takedowns of cybercrime enterprises generally rely on court orders that facilitate either taking servers offline or sending the criminals malware that helps identify them or their locations. Sometimes, however, the technical option is second best. Researchers at Dell...
New Variant of Ploutus ATM Malware Observed in the Wild in Latin America
Introduction Ploutus is one of the most advanced ATM malware families we’ve seen in the last few years. Discovered for the first time in Mexico back in 2013, Ploutus enabled criminals to empty ATMs using either an external keyboard attached to the machine or via SMS message, a technique that had...
New Variant of Ploutus ATM Malware Observed in the Wild in Latin America
Introduction Ploutus is one of the most advanced ATM malware families we’ve seen in the last few years. Discovered for the first time in Mexico back in 2013, Ploutus enabled criminals to empty ATMs using either an external keyboard attached to the machine or via SMS message, a technique that had...
Europol Arrests Gang Behind Zeus And SpyEye Banking Malware
The Law enforcement agencies from six different European countries have taken down a major Ukrainian-based cyber criminals gang suspected of developing, distributing and deploying Zeus and SpyEye banking malware. According to the report on the official website of Europol, authorities have arreste...
CVE-2014-9000
Mule Enterprise Management Console MMC does not properly restrict access to handler/securityService.rpc, which allows remote authenticated users to gain administrator privileges and execute arbitrary code via a crafted request that adds a new user. NOTE: this issue was originally reported for ESB...
Design/Logic Flaw
Mule Enterprise Management Console MMC does not properly restrict access to handler/securityService.rpc, which allows remote authenticated users to gain administrator privileges and execute arbitrary code via a crafted request that adds a new user. NOTE: this issue was originally reported for ESB...
CVE-2014-9000
Mule Enterprise Management Console MMC does not properly restrict access to handler/securityService.rpc, which allows remote authenticated users to gain administrator privileges and execute arbitrary code via a crafted request that adds a new user. NOTE: this issue was originally reported for ESB...
CVE-2014-9000
The CVE-2014-9000 entry concerns Mule Enterprise Management Console (MMC). The issue is an access control flaw where MMC does not properly restrict access to handler/securityService.rpc, allowing remote authenticated users to gain administrator privileges and execute arbitrary code by crafting a ...
Brazilian Payment Fraud Campaign Steals Billions
UPDATE–Hackers are targeting Brazil’s Boleto payment system, the second most popular payment method in the country, and have conducted hundreds of thousands of fraudulent transactions, though researchers differ over how much money has been stolen. Formally known as Boleto Bancario, Boletos are...
Luuuk Bank Fraud Campaign Nets €500K in One Week
A fraud campaign siphoned more than half a million dollars from a European bank over the course of a week earlier this year, researchers with Kaspersky Lab announced this week. The campaign, dubbed Luuuk, extracted €500,000 roughly $679,700 USD from 190 victims, mostly in Italy and Turkey, from...
Dyreza Banker Trojan Seen Bypassing SSL
Banker Trojans have proven to be reliable and effective tools for attackers interested in quietly stealing large amounts of money from unwitting victims. Zeus, Carberp and many others have made piles of money for their creators and the attackers who use them, and researchers have been looking at ...
Ramnit Man-in-the-Browser Attack Targets UK Banks
Nowhere is the cat-and-mouse game between attackers and the security of users more evident than with social engineering schemes. Users’ awareness of phishing campaigns, for example, may be improving, but that’s just forcing attackers bent on identity theft and stealing payment card information to...
Zitmo Trojan Variant Eurograbber Beats Two-Factor Authentication to Steal Millions
Online banking customers in Europe are falling victim by the thousands to a new banking Trojan that is infecting Android and BlackBerry devices and is capable of defeating two-factor authentication. The Trojan, dubbed Eurograbber by researchers at Check Point Software Technologies and Verasafe, i...
A Russian Zeus attacker Sentenced from Million Dollar Fraud
A Russian Zeus attacker Sentenced from Million Dollar Fraud A Russian Hacker, who was part of an elaborate Cyber attack that used Zeus Banking Trojan in U.S. visas to move cash stolen from U.S. businesses out of the country was sentenced on March 23 to two years in U.S. federal prison. Nikokay...
An Inside Look at Criminal Shipping Operations
Cyber criminals are relying more than ever on mules to move fenced goods from the U.S. to foreign markets for resale, according to a report on krebsonsecurity.com. With online retailers cracking down on fraudulent purchases, criminal gangs are using networks of complicit or unwitting citizens to...
Legitimate-Looking Ads Used to Recruit Money Mules for Criminal Operations
Money mules have been aggressively recruited this year to help cybercriminals launder money, according to Fortinet. A recent example of this is the worldwide prosecution of a Zeus criminal operation, which included 37 charges against alleged money mules. Recent Zeus stories illustrate how prevale...