13 matches found
CVE-2013-3376
Open redirect vulnerability in the help page in Cisco Video Surveillance Operations Manager allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka Bug ID CSCty74490...
Hackers Target Uyghurs and Tibetans with MOONSHINE Exploit and DarkNimbus Backdoor
A previously undocumented threat activity cluster dubbed Earth Minotaur is leveraging the MOONSHINE exploit kit and an unreported Android-cum-Windows backdoor called DarkNimbus to facilitate long-term surveillance operations targeting Tibetans and Uyghurs. "Earth Minotaur uses MOONSHINE to delive...
APT42 Hackers Pose as Journalists to Harvest Credentials and Access Cloud Data
The Iranian state-backed hacking outfit called APT42 is making use of enhanced social engineering schemes to infiltrate target networks and cloud environments. Targets of the attack include Western and Middle Eastern NGOs, media organizations, academia, legal services and activists, Google Cloud...
Intellexa and Cytrox: From fixer-upper to Intel Agency-grade spyware
By Mike Gentile, Asheer Malhotra and Vitor Ventura. Editors note: This blog post is a public version of a talk presented at LabsCon 2023 on Sept. 22, 2023. You can watch a recording of the talk here. Some of the intelligence presented at LabsCon was later confirmed by an Amnesty International blo...
China's Border Guards Secretly Installing Spyware App on Tourists' Phones
Chinese authorities are secretly installing surveillance apps on smartphones of foreigners at border crossings in the Xinjiang region who are entering from neighboring Kyrgyzstan, an international investigation revealed. Xinjiang XUAR is an autonomous territory and home to many Muslim ethnic...
Phishing Spy Campaign Targets Top Mideast Officials
Researchers have discovered a phishing campaign that infected Android devices with custom surveillance-ware bent on extracting data from top officials, primarily in the Middle East. Researchers at Lookout Security told Threatpost that the tool, dubbed Stealth Mango, has been used to collect over ...
Pelco VideoXpert 1.12.105 - Directory Traversal
Schneider Electric Pelco VideoXpert Core Admin Portal Directory Traversal Vendor: Schneider Electric SE Product web page: https://www.pelco.com Affected version: 2.0.41 1.14.7 1.12.105 Summary: VideoXpert is a video management solution designed for scalability, fitting the needs surveillance...
White House Approves New Rules for Sharing of Raw Intelligence Data
President Obama last week approved a change in the way the National Security Agency shares raw signals intelligence data with the rest of the U.S. intelligence community, a shift that privacy experts worry will erode the civil liberties of Americans. An unclassified document released by the Offic...
Twitter State-Sponsored Attack Notification
Twitter’s decision to notify users when their accounts are targeted in state-sponsored attacks earned its share of praise. But Twitter’s silence in terms of specifics about the attacks—whether by choice or gagged by a National Security Letter—has foisted some anxiety upon those who were notified....
FreeBSD Bans Intel, Via Chips
FreeBSD, the open-source operating system, announced that it will no longer support Intel’s RdRand and Via Technology’s Padlock on-chip random number generators RNGs moving forward in new versions of the UNIX-like operating system. The move apparently follows reports from earlier this year that t...
Cisco Video Surveillance Operations Manager 6.3.2 - Multiple Vulnerabilities
Cisco Video Surveillance Operations Manager 6.3.2 - Multiple Vulnerabilities Exploit Title:Cisco Video Surveillance Operations Manager Multiple vulnerabilities Google Dork: intitle:"Video Surveillance Operations Manager Login" Date: 22 Feb 2013 reported to the vendor Exploit Author: Bassem |...
Cisco Video Surveillance Operations Manager 6.3.2 XSS / LFI / Bypass
Exploit Title:Cisco Video Surveillance Operations Manager Multiple vulnerabilities Google Dork: intitle:"Video Surveillance Operations Manager Login" Date: 22 Feb 2013 reported to the vendor Exploit Author: Bassem | bassem.co Vendor Homepage: www.cisco.com Version: Version 6.3.2 Tested on: Versio...
GhostNet shows extent of online spying
As a result of some tremendous work done by researchers at the University of Toronto, we now know that there is an enormous network of compromised machines in more than 100 countries around the world, many of them in government agencies, embassies and other sensitive locations. The network has it...