phpMyFAQ sharing FAQ functionality can easily be abused for phishing purposes

Summary The 'sharing FAQ' functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets. Details The phpMyFAQ application has a functionality where anyone can share a FAQ item to others. The front-end of this functionality...

Cloud Atlas' Spear-Phishing Attacks Target Russian Agro and Research Companies

The threat actor referred to as Cloud Atlas has been linked to a set of spear-phishing attacks on Russian enterprises. Targets included a Russian agro-industrial enterprise and a state-owned research company, according to a report from F.A.C.C.T., a standalone cybersecurity company formed after...

CVE-2020-4964

IBM Jazz Team Server products contain an undisclosed vulnerability that could allow an authenticated user to present a customized message on the application which could be used to phish other users. IBM X-Force ID: 192419...

CVE-2020-4964

IBM Jazz Team Server products contain an undisclosed vulnerability that could allow an authenticated user to present a customized message on the application which could be used to phish other users. IBM X-Force ID: 192419...

Sonic Tone Attacks Damage Hard Disk Drives, Crashes OS

Using sonic and ultrasonic soundwaves as a weapon, researchers can disrupt the read, write and storage functions of a hard disk drive HDD. The method can also be used to crash the host operating system, and in some cases damage targeted drives. Researchers said the attack can be performed by...

New Wave of Hailstorm Spam Pelts Inboxes

Spammers are turning to an old technique known as hailstorm to slip past anti-spam and anti-malware filters. Researchers say that hailstorm spam, first spotted in 2008, has been improved and is once again being used, only this time to spread Dridex banking malware and Locky ransomware. “Hailstorm...

Wekby APT 18 Exploiting Hacking Team Flash Zero Day

The Wekby APT group, implicated in a number of targeted attacks against health care organizations such as Community Health Systems and major pharmaceutical companies, is reportedly making use of the Adobe Flash Player zero-day found in the Hacking Team data dump. According to Virginia-based...

UK banks hit by Ramnit banking malware and social engineering attacks

A dangerous variant of the Ramnit malware has been discovered targeting the UK's financial sector. Trusteer claims to have discovered an interesting trojan based attack technique that injects highly convincing and interactive real-time messages into the user Web stream that they encounter when...

Zeus banking Trojan targeting five major banks in Japan

Zeus continues to strike online bank accounts and users, and technology designed to thwart these Trojan attacks continually fails to keep up. Symantec recently came across a new Zeus file targeting five major banks in Japan. The malware, which has caused serious problems to banking customers in...