MOLGENIS EMX2 输入验证错误漏洞

MOLGENIS EMX2 is a MOLGENIS open source data platform. An input validation error vulnerability exists in MOLGENIS EMX2 version v11.14.0 that stems from the manipulation of redirection parameters that could create malicious URLs, potentially causing users to be redirected to phishing websites or...

Hackers Exploit Milesight Routers to Send Phishing SMS to European Users

Unknown threat actors are abusing Milesight industrial cellular routers to send SMS messages as part of a smishing campaign targeting users in European countries since at least February 2022. French cybersecurity company SEKOIA said the attackers are exploiting the cellular router's API to send...

Enhance the Machine Learning Algorithm Performance in Phishing Detection with Keyword Features

Recently, we can observe a significant increase of the phishing attacks in the Internet. In a typical phishing attack, the attacker sets up a malicious website that looks similar to the legitimate website in order to obtain the end-users' information. This may cause the leakage of the sensitive...

Malicious Android Apps Pose as Google, Instagram, WhatsApp to Steal Credentials

Malicious Android apps masquerading as Google, Instagram, Snapchat, WhatsApp, and X formerly Twitter have been observed to steal users' credentials from compromised devices. "This malware uses famous Android app icons to mislead users and trick victims into installing the malicious app on their...

New Phishing Attack Uses Clever Microsoft Office Trick to Deploy NetSupport RAT

A new phishing campaign is targeting U.S. organizations with the intent to deploy a remote access trojan called NetSupport RAT. Israeli cybersecurity company Perception Point is tracking the activity under the moniker Operation PhantomBlu. "The PhantomBlu operation introduces a nuanced exploitati...

Pimcore admin UI vulnerable to Cross-site Scripting in 2 factor authentication setup page

Summary Unauthenticated HTML Injection / XSS Possible. Conditions: 2factor authentication must not set before Vulnerable Endpoint: /admin/login/2fa-setup Vulnerable Param: error= How it works, So basically any admin, who has not setup 2 factor authentication before is vulnerable for this attack,...

Microsoft Security reaches another milestone—Comprehensive, customer-centric solutions drive results

Yesterday, we shared some exciting news about the momentum we’re seeing in the security industry. Microsoft Chief Executive Officer Satya Nadella announced that Microsoft Security has surpassed USD20 billion in revenue. I’m grateful to all our customers and partners who have been on this journey...

A Look Back at the 2018 Security Landscape

Do you ever question the value of the mounds of data we all collect? We make a point to stop, analyze and share, especially because we know you might not have the time. So, I bring you our annual look back at the more interesting security events and trends seen last year. The report, Caught in th...

HouseProxy - HTTP proxy focused on block phishing URL's

Protect your parents from phishing, HTTP proxy focused on block phishing URL's Install git clone https://github.com/mthbernardes/HouseProxy.git cd HouseProxy/ pip install -r requeriments.txt Config Edit etc/HouseProxy.conf to change de default user and password Create a entry in your DNS to...

Android Banking Trojan Svpeng Adds Keylogger

The authors behind the Android banking malware family Svpeng have added a keylogger to a recent strain, giving attackers yet another way to steal sensitive data. Roman Unuchek, a senior malware analyst with Kaspersky Lab, said Monday he spotted a new variant of the Trojan in mid-July. Unuchek say...