13 matches found
Exchange servers abused for spam through malicious OAuth applications
Microsoft has published a security blog about an investigation into an attack in which threat actors used malicious OAuth applications to abuse Exchange servers for their spam campaign. The threat actor behind this attack has been active for many years, and has been running spam campaigns using...
Hackers Using Malicious OAuth Apps to Take Over Email Servers
Microsoft on Thursday warned of a consumer-facing attack that made use of rogue OAuth applications deployed on compromised cloud tenants to ultimately seize control of Exchange servers and spread spam. "The threat actor launched credential stuffing attacks against high-risk accounts that didn't...
Feds Crack Down on Money Mules, Warn of BEC Scams
The Justice Department said this week that it is cracking down on money mules, i.e., middlemen who assist in fraud schemes by receiving money from victims and forwarding proceeds to foreign-based perpetrators. So far, feds say they have halted more than 600 domestic money mules – exceeding the 40...
Hacking the McDonald's Monopoly Sweepstakes
Long and interesting story -- now two decades old -- of massive fraud perpetrated against the McDonald's Monopoly sweepstakes. The central fraudster was the person in charge of securing the winning tickets...
sandals.com XSS vulnerability
Open Bug Bounty ID: OBB-613960 Description| Value ---|--- Affected Website:| sandals.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
FTC Releases Alert on Charity Scams
The Federal Trade Commission FTC has released an alert on charity scams. Recent acts of fraud include solicitations from scammers requesting payment to claim a sweepstakes prize. Anytime someone asks you to pay to obtain a prize, it is a scam. US-CERT encourages consumers to refer to the FTC Aler...
Sweepstakes Pro Software SQL Injection Vulnerability
Sweepstakes Pro Software is a suite of sweepstakes software to increase email lists, increase social networking, and drive sales by running sweepstakes software in conjunction with sweepstakes. A SQL injection vulnerability exists in the s parameter in both win.php and widgetlb.php in Sweepstakes...
Sweepstakes Pro Software - SQL Injection
Sweepstakes Pro Software - SQL Injection Exploit Title: Sweepstakes Pro Software - SQL Injection Google Dork: N/A Date: 05.04.2017 Vendor Homepage: http://bimedia.info/ Software: http://bimedia.info/sweepstakes-pro-software/ Demo: http://mysweepstakespro.com/demo/ Version: N/A Tested on: Win7 x64...
Sweepstakes Pro Software SQL Injection
Exploit Title: Sweepstakes Pro Software - SQL Injection Google Dork: N/A Date: 05.04.2017 Vendor Homepage: http://bimedia.info/ Software: http://bimedia.info/sweepstakes-pro-software/ Demo: http://mysweepstakespro.com/demo/ Version: N/A Tested on: Win7 x64, Kali Linux x64 Exploit Author: Ihsan...
Sweepstakes Pro Software - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Sweepstakes Pro Software - SQL Injection Google Dork: N/A Date: 05.04.2017 Vendor Homepage: http://bimedia.info/ Software: http://bimedia.info/sweepstakes-pro-software/ Demo: http://mysweepstakespro.com/demo/ Version: N/A Tested...
Sweepstakes Pro Software - SQL Injection
Exploit Title: Sweepstakes Pro Software - SQL Injection Google Dork: N/A Date: 05.04.2017 Vendor Homepage: http://bimedia.info/ Software: http://bimedia.info/sweepstakes-pro-software/ Demo: http://mysweepstakespro.com/demo/ Version: N/A Tested on: Win7 x64, Kali Linux x64 Exploit Author: Ihsan...
online-sweepstakes.com XSS vulnerability
Vulnerable URL: http://www.online-sweepstakes.com/search/?db==aids%22%3Cscript%3Ealert%28%27XSSPOSED%27%29%3C%2Fscript%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 36372 Googl...
Threat Outbreak Alert RuleID13827: Email Messages Distributing Malicious Software on March 5, 2015
Medium Alert ID: 37731 First Published: 2015 March 5 18:11 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID13827 may contain the following files: Name | Siz...