I Can't Recognize (Yet): Delayed Rendering to Defeat Visual Phishing Detectors

Phishing webpages are continuously polluting the Web. Plenty of countermeasures have been proposed and the most advanced techniques leverage machine-learning methods that infer whether a webpage is benign or not by inspecting its visual representation. Yet, despite the demonstrated effectiveness ...

Coinbase Employee Falls for SMS Scam in Cyber Attack, Limited Data Exposed

Popular cryptocurrency exchange platform Coinbase disclosed that it experienced a cybersecurity attack that targeted its employees. The company said its "cyber controls prevented the attacker from gaining direct system access and prevented any loss of funds or compromise of customer information."...

SUSE CVE-2008-0594

Mozilla Firefox before 2.0.0.12 does not always display a web forgery warning dialog if the entire contents of a web page are in a DIV tag that uses absolute positioning, which makes it easier for remote attackers to conduct phishing attacks...

LinkedIn Adds Verified Emails, Profile Creation Dates

Responding to a recent surge in AI-generated bot accounts, LinkedIn is rolling out new features that it hopes will help users make more informed decisions about with whom they choose to connect. Many LinkedIn profiles now display a creation date, and the company is expanding its domain validation...

Hospitals taken offline after cyberattack

The GHT Coeur Grand Est has become a victim of a cyberattack on the hospital centers of Vitry-le-François and Saint-Dizier. The hospital’s administration has warned French that data have been exfiltrated and might be used for phishing in the future. As a consequence, the GHT Cœur Grand Est has cu...

Security update for claws-mail (moderate)

openSUSE Security Update: Security update for claws-mail Announcement ID: openSUSE-SU-2021:1045-1 Rating: moderate References: 1174457 Cross-References: CVE-2020-15917 CVSS scores: CVE-2020-15917 NVD : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Leap 15.2 openSUSE...

Security update for claws-mail (moderate)

openSUSE Security Update: Security update for claws-mail Announcement ID: openSUSE-SU-2020:1192-1 Rating: moderate References: 1174457 Cross-References: CVE-2020-15917 Affected Products: openSUSE Backports SLE-15-SP2 An update that fixes one vulnerability is now available. Description: This updat...

OPENSUSE-SU-2020:1192-1 Security update for claws-mail

This update for claws-mail fixes the following issues: - Update to 3.17.6: It is now possible to 'Inherit Folder properties and processing rules from parent folder' when creating new folders with the move message and copy message dialogues. A Phishing warning is now shown when copying a phishing...

openSUSE Security Update : claws-mail (openSUSE-2020-1139)

This update for claws-mail fixes the following issues : - Update to 3.17.6 : - It is now possible to 'Inherit Folder properties and processing rules from parent folder' when creating new folders with the move message and copy message dialogues. - A Phishing warning is now shown when copying a...

OPENSUSE-SU-2020:1139-1 Security update for claws-mail

This update for claws-mail fixes the following issues: - Update to 3.17.6: It is now possible to 'Inherit Folder properties and processing rules from parent folder' when creating new folders with the move message and copy message dialogues. A Phishing warning is now shown when copying a phishing...

Security update for claws-mail (moderate)

openSUSE Security Update: Security update for claws-mail Announcement ID: openSUSE-SU-2020:1139-1 Rating: moderate References: 1174457 Cross-References: CVE-2020-15917 Affected Products: openSUSE Leap 15.2 An update that fixes one vulnerability is now available. Description: This update for...

Upcoming Google Password Alert 1.7 Update Could Disable Phishing Warning Feature

Google Chrome browser's new Anti-Phishing Password Alert extension is in controversies right after its launch last Wednesday, but now the search engine giant has effectively pulled off Password Alert from its store. Password Alert was not bypassed once, twice, but every time Google introduced a n...

Linksys Router Cross Site Request Forgery

It seems to be fairly well known that there are multiple unpatched CSRF vulnerabilities in the administration interfaces for various Linksys routers. Since the initial reports of these are from a few years ago, and since some exploits are available, I have written additional proof of concept...