Trojan Lampion is back after 3 months. The malware was observed last days with a new obfuscation layer, new C2, and distributed inside an MSI file. Trojan Lampion is a malware observed at the end of the year 2019 impacting Portuguese users using template emails from the Portuguese Government Finance & Tax and EDP. The latest campaigns in Portugal were observed […]
Two issues in the popular Page Builder by SiteOrigin WordPress plugin could be exploited to carry out code execution attacks on vulnerable websites. Two high severity vulnerabilities found in the Page Builder WordPress can be exploited by attackers to create new admin accounts and deliver malicious code taking over the compromised websites. The vulnerabilities are a Cross-Site Request […]
Maintainers of the vBulletin project have released an important fix to address a security vulnerability tracked as CVE-2020-12720. Administrators of online discussion forums based on the popular vBulletin CMS urge to update their install to address a critical security vulnerability tracked as CVE-2020-12720. “A security exploit has been reported within vBulletin 5.6.1. To fix this issue, […]
Researchers discovered a set of issues impacting Oracle’s iPlanet Web Server that could result in sensitive data exposure and limited injection attacks. Researchers discovered two security flaws impacting Oracle’s iPlanet Web Server, tracked as CVE-2020-9315 and CVE-2020-9314, that could cause sensitive data exposure and limited injection attacks. The flaws have been discovered by experts at Nightwatch […]
Crooks exploit CVE-2019-18935 deserialization vulnerability to achieve remote code execution in Blue Mockingbird Monero-Mining campaign. Researchers at security firm Red Canary uncovered a Monero cryptocurrency-mining campaign, tracked as Blue Mockingbird, that exploits the CVE-2019-18935 vulnerability in web applications built on the ASP.NET framework. The deserialization vulnerability CVE-2019-18935 could be exploited by attackers to achieve remote […]
Shiny Hunters hacking group is offering for sale on a dark web marketplace databases containing over 73.2 million user records from over 11 companies. A hacking group named Shiny Hunters is attempting to sell on a dark web hacking marketplace databases containing more than 73.2 million user records from 11 different companies. Shiny Hunters started offering […]
This post includes the details of the Coronavirus-themed attacks launched from May 03 to May 09, 2020. Threat actors exploit the interest in the Coronavirus outbreak while infections increase worldwide, experts are observing new campaigns on a daily bases. Please give me your vote for European Cybersecurity Blogger Awards â VOTE FOR YOUR WINNERShttps://docs.google.com/forms/d/e/1FAIpQLSe8AkYMfAAwJ4JZzYRm8GfsJCDON8q83C9_wu5u10sNAt_CcA/viewform Below […]
The personal details of 3.68 million MobiFriends users are available for download since April 2020, it seems that they have been stolen in January 2019. MobiFriends is an online service and Android app that allows registered users to meet new people online. The personal details of 3,688,060 MobiFriends registered users have been released online earlier this year and […]
The Sodinokibi ransomware gang stolen gigabytes of legal documents from the law firm of the stars, Grubman Shire Meiselas & Sacks (GSMLaw). The Sodinokibi ransomware group claims to have stolen gigabytes of legal documents from the entertainment and law firm Grubman Shire Meiselas & Sacks (GSMLaw) that has dozens of international stars and celebrities among […]
Microsoft confirmed that it is investigating claims that its GitHub account has been hacked after some of its files were leaked online. Microsoft launched an investigation into the claims that its GitHub account has been hacked. Recently some files allegedly stolen from the Microsoft Github account have been leaked online, and they appear to be […]