Iran-Linked Hackers Breach FBI Director’s Personal Email, Hit Stryker With Wiper Attack

Threat actors with ties to Iran successfully broke into the personal email account of Kash Patel, the director of the U.S. Federal Bureau of Investigation FBI, and leaked a cache of photos and other documents to the internet. Handala Hack Team, which carried out the breach, said on its website th...

EUVD-2009-3720

Malware in sbrugna...

EUVD-2015-2856

Malware in sbrugna...

EUVD-2015-2859

Malware in sbrugna...

CVE-2015-2769

Multiple cross-site request forgery CSRF vulnerabilities in the Personal Email Manager PEM in Websense TRITON AP-EMAIL before 8.0.0 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors...

Improper Privilege Management in dolibarr/dolibarr

💥 BUG unprivileged user can add personal email to another user. 💥 IMPACT user who dont have any access in "users and groups" can update users personal email. 💥 TESTED VERSION dolibarr 14.0.0-beta 💥 STEP TO REPRODUCE 1. First goto admin account and add user B as normal user .\ Now give user B...

9 things to consider when staff work from home unexpectedly

Many businesses are reviewing and updating their response plans currently. Some might consider closing offices. This may be an appropriate response, but have you considered the effect on employees that have never worked from home before? Security considerations can be quite different, as working ...

Theory: 'Simple Hack' Behind Bezos’ Alleged Compromising Images

Researchers are shooing away theories of an elaborate “deep state” hacking plot against Jeff Bezos tied to the alleged tawdry images of him and girlfriend Lauren Sanchez. They say, alleged images that Bezos claims that the National Enquirer is threatening to release were likely obtained via a...

Shopify: PII disclosure -- Past team members & their email ID(personal email) can be viewed by Staff member with no permissions on Partner Dashboard

Hi, I'm not too sure if this is intentional and a expected feature or was it really an unnecessary information disclosure. If this is intentional, kindly close this as Informative or allow me to self-close so as not affect my signal. From my perspective, I noticed 2 issues, PART 1: Using Partners...

HackerOne: People who interviewed for HackerOne security analyst position can be enumerated and their personal email address may be exposed

Summary: It's possible to gather basic information on potential employees at the very least who interviewed via old sample reports not being removed from the program Description: This report is meant to provide awareness of potentially private data being accessed by potential candidates. When giv...

FBI Arrests Two Hackers Who Hacked US Spy Chief, FBI and CIA Director

US authorities have arrested two North Carolina men on charges that they were part of the notorious hacking group "Crackas With Attitude." Crackas with Attitude is the group of hackers who allegedly was behind a series of audacious and embarrassing hacks that targeted personal email accounts of...

US Intelligence Chief Hacked by the Teen Who Hacked CIA Director

Nation's Top Spy Chief Got Hacked! The same teenage hacker who broke into the AOL email inbox of CIA Director John Brennan last October has now claimed to have broken into personal email and phone accounts of the US Director of National Intelligence James Clapper. Clapper was targeted by the...

Websense TRITON AP-EMAIL PEM Has Multiple Cross-Site Request Forgery Vulnerabilities

Websense TRITON is a unified content architecture to protect data security. A cross-site request forgery vulnerability in Websense TRITON AP-EMAIL Personal Email Manager PEM allows remote attackers to construct malicious URIs that can be tricked into being resolved by a user, which can then be us...

Websense TRITON AP-EMAIL Brute Force Vulnerability

Websense TRITON is the Unified Content Architecture for data security. A brute force vulnerability in Websense TRITON AP-EMAIL Personal Email Manager PEM allows attackers to submit a special request to brute force an account...

Code injection

The Personal Email Manager PEM in Websense TRITON AP-EMAIL before 8.0.0 allows attackers to have unspecified impact via a brute force attack...

CVE-2015-2769

Multiple cross-site request forgery CSRF vulnerabilities in the Personal Email Manager PEM in Websense TRITON AP-EMAIL before 8.0.0 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors...

Kris McConkey on OpSec Failures

At last week’s Security Analyst Summit Kris McConkey, part of PricewaterhouseCoopers’ UK Cyber Threat Operations team, discusses hacker OpSec failures: How attackers are still humans and sometimes make mistakes like using personal email addresses and real names in their campaigns...

BasiliX Webmail 1.1 Email Header HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10662/info BasiliX Webmail is reported to be prone to an email header HTML injection vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied email header strings. An attacker ca...

SquirrelMail 1.x Email Header HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10439/info SquirrelMail is reported to be prone to an email header HTML injection vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied email header strings. An attacker can...

SquirrelMail 1.2.x From Email Header HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10450/info SquirrelMail is reported to be prone to a 'from' field email header HTML injection vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied email header strings. An...