US dangles $10 million reward for information about Cl0p ransomware gang

The US Department of States national security rewards program, Rewards for Justice RFJ, is offering a reward of up to $10 million for information linking the Cl0p ransomware gang, or any other malicious cyber actors targeting US critical infrastructure, to a foreign government. Advisory from...

Automating Social Engineering in MiTM Attacks

French researchers have developed an automated social engineering tool that uses a man-in-the middle attack and strikes up online conversations with potential victims. Read the full article. Dark Reading...

webMathematica XSS Vulnerability

No description provided by source. In some installations, the MSP script of webMathematica is vulnerable to reflected XSS. Just insert a backslash after the script name MSP, which is normally located under the "webMathematica" folder: http://www.example.com/webMathematica/MSP\scriptalert'a'/scrip...

[DR018] Quartz Composer / QuickTime 7 information leakage

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The canonical URI of this advisory is http://remahl.se/david/vuln/ 018/. This advisory concerns an as-yet unpatched problem in QuickTime 7 on Mac OS X 10.4. The reason for disclosure before a vendor patch is that another person realized the potential...