12 matches found
CVE-2024-39033
In Newgensoft OmniDocs 11.0SP103006, Insecure Direct Object Reference IDOR in the getuserproperty function allows user's configuration and PII to be stolen...
Novel Smishing Kit Leverages Cloud Platform
Summary: SNS Sender, a malicious Python script that leverages AWS SNS for mass SMS spamming, presents a novel approach to cloud-based attack tools, particularly in the area of smishing. The ARDUINODAS threat actor is linked to the operation that uses this cloud capability to send out a lot of...
Malicious 'SNS Sender' Script Abuses AWS for Bulk Smishing Attacks
A malicious Python script known as SNS Sender is being advertised as a way for threat actors to send bulk smishing messages by abusing Amazon Web Services AWS Simple Notification Service SNS. The SMS phishing messages are designed to propagate malicious links that are designed to capture victims'...
Information stealer compromises legitimate sites to attack other sites
Security researchers at Akamai have published a blog about a new Magecart-alike web skimming campaign that uses compromised legitimate sites as command and control C2 servers. A web skimmer is a piece of malicious code embedded in web payment pages to steal personally identifiable information PII...
SSNDOB stolen data marketplace shut down by global law enforcement operation
The United States Department of Justice has announced a major takedown of a criminal marketplace that traded Personally Identifiable Information PII. Not just any old marketplace; this was a major, years-long operation with several failsafes to prevent permanent takedown. It took quite the...
CVE-2021-24249 Business Directory Plugin < 5.11.2 - Arbitrary Listing Export
The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator export files, which could then be downloaded by the attacker to get access to PII, such as...
Magecart’s Success Paves Way For Cybercriminal Credit Card 'Sniffer' Market
The Magecart threat group has dominated headlines for its use of malicious JavaScript code, which is injected into e-commerce websites to exfiltrate customer payment card data. But new research points to a growing industry on underground forums where so-called “sniffers” are being advertised, sol...
16Shop Phishing Gang Goes After PayPal Users
A prolific phishing gang known as 16Shop has added PayPal customers to its target set. According to researchers at the ZeroFOX Alpha Team, the latest version of the group’s phishing kit is designed with a number of features that are aimed to steal as much personally identifiable information PII a...
Chinese Hackers Behind 2015 Anthem Data Breach Indicted
Two Chinese nationals have been charged in the massive 2015 data breach of health insurer Anthem that impacted more than 78 million people. Fujie Wang, 32, and another Chinese man, who remains unnamed, were allegedly part of a China-based hacking group that was behind the breach of Indiana-based...
U.S. Dept Of Defense: Admin panel take over | User info leakage | Mass Comprimise
NOTE! Thanks for submitting a report! Please replace all the square sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report! Summary: add summary of the vulnerabili...
This Week in Security News: Rules and Regulation
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, House lawmakers approved legislation for securing technology used to power critical infrastructures from cyberattacks. Read on to learn more...
U.S. Dept Of Defense: Publicly accessible Order confirmations leaking User Emails on ███
Summary: I noticed that a user's order confirmation was publicly accessible leaking email information Description: An attacker can gleam sensitive information that is stored in the order confirmation file Impact Medium Step-by-step Reproduction Instructions...