Aggregator

CVE-2020-2871 | Oracle Advanced Outbound Telephony up to 12.2.9 User Interface

Vuldb Updates
2 months 2 weeks ago
A vulnerability, which was classified as critical, was found in Oracle Advanced Outbound Telephony up to 12.2.9. Affected is an unknown function of the component User Interface. The manipulation leads to an unknown weakness. This vulnerability is traded as CVE-2020-2871. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2020-2854 | Oracle Advanced Outbound Telephony 12.1.1/12.1.2/12.1.3 User Interface

Vuldb Updates
2 months 2 weeks ago
A vulnerability has been found in Oracle Advanced Outbound Telephony 12.1.1/12.1.2/12.1.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the component User Interface. The manipulation leads to an unknown weakness. This vulnerability is known as CVE-2020-2854. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2020-2856 | Oracle Advanced Outbound Telephony 12.1.1/12.1.2/12.1.3 User Interface

Vuldb Updates
2 months 2 weeks ago
A vulnerability was found in Oracle Advanced Outbound Telephony 12.1.1/12.1.2/12.1.3 and classified as critical. Affected by this issue is some unknown functionality of the component User Interface. The manipulation leads to an unknown weakness. This vulnerability is handled as CVE-2020-2856. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2020-2857 | Oracle Advanced Outbound Telephony 12.1.1/12.1.2/12.1.3 User Interface

Vuldb Updates
2 months 2 weeks ago
A vulnerability was found in Oracle Advanced Outbound Telephony 12.1.1/12.1.2/12.1.3. It has been classified as critical. This affects an unknown part of the component User Interface. The manipulation leads to an unknown weakness. This vulnerability is uniquely identified as CVE-2020-2857. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2020-2890 | Oracle Applications Framework up to 12.2.9 Diagnostics

Vuldb Updates
2 months 2 weeks ago
A vulnerability was found in Oracle Applications Framework up to 12.2.9. It has been declared as critical. This vulnerability affects unknown code of the component Diagnostics. The manipulation leads to an unknown weakness. This vulnerability was named CVE-2020-2890. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

Global cybersecurity readiness remains critically low

Help Net Security
2 months 2 weeks ago

Only 4% of organizations worldwide have achieved the ‘mature’ level of readiness required to withstand cybersecurity threats, according to Cisco’s 2025 Cybersecurity Readiness Index. This is a slight increase from last year’s index, in which 3% of organizations worldwide were designated as mature. This demonstrates that despite a slight improvement from last year, global cybersecurity preparedness remains low as hyperconnectivity and AI introduce new complexities for security practitioners. AI is changing the threat landscape AI … More →

The post Global cybersecurity readiness remains critically low appeared first on Help Net Security.

Help Net Security

CVE-2023-20198

CVE Trends
2 months 2 weeks ago
Currently trending CVE - Hype Score: 26 - Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. We are updating the list of fixed releases and adding the Software Checker. Our investigation has determined that the actors exploited two ...

Healthcare workers regularly upload sensitive data to GenAI, cloud accounts

Help Net Security
2 months 2 weeks ago

Healthcare organizations are facing a growing data security challenge from within, according to a new report from Netskope Threat Labs. The analysis reveals that employees in the sector are frequently attempting to upload sensitive information, including potentially protected health data, to unauthorized websites and cloud services. Among the most common destinations are AI tools like ChatGPT and Gemini. Healthcare GenAI data policy violations Over the past 12 months, 81% of all data policy violations in … More →

The post Healthcare workers regularly upload sensitive data to GenAI, cloud accounts appeared first on Help Net Security.

Help Net Security

Luna Moth勒索黑客冒充IT服务台大面积入侵美国公司

嘶吼
2 months 2 weeks ago

被称为Luna Moth的数据盗窃勒索组织,又名Silent Ransom group,已经加大了对美国法律和金融机构的回调网络钓鱼攻击力度。

据 EclecticIQ 研究员 Arda Büyükkaya 称,这些攻击的最终目的是窃取数据和实施勒索。

Luna Moth,内部称为 Silent Ransom Group,他们之前曾发起 BazarCall 活动,以便为 Ryuk 获取公司网络的初始访问权限,后来又发起 Conti 勒索软件攻击。

2022年3月,随着Conti开始关闭,BazarCall威胁组织从Conti集团中分离出来,成立了一个名为Silent Ransom Group (SRG)的新组织。

Luna moth最近的攻击包括通过电子邮件、虚假网站和电话冒充IT支持人员,并且完全依赖社会工程和欺骗,在任何情况下都没有部署勒索软件。

据安全公司评估,截至2025年3月,Luna Moth可能已经通过GoDaddy注册了至少37个域名,以支持其回调网络钓鱼活动。

这些域名中的大多数都是美国主要律师事务所和金融服务公司的IT帮助台或支持门户,使用的是键入的模式。

Luna Moth在过去12个月的目标

elecectiq发现的最新活动始于2025年3月,目标是美国的组织,这些组织发送恶意电子邮件,其中包含假的号码,收件人被敦促拨打电话解决不存在的问题。

一名Luna Moth操作员冒充IT人员接听电话,并说服受害者安装来自假IT帮助台网站的远程监控和管理(RMM)软件,使攻击者能够远程访问他们的机器。

虚假的帮助台网站使用域名,这些域名遵循像[company_name]-helpdesk.com和[company_name]helpdesk.com这样的命名模式。

虚假IT支持网站

在这些攻击中被滥用的工具包括Syncro、SuperOps、Zoho Assist、Atera、AnyDesk和Splashtop。这些都是合法的数字签名工具,所以它们不太可能触发对受害者的任何警告。

一旦安装了RMM工具,攻击者就可以动手访问键盘,允许他们传播到其他设备并搜索本地文件和共享驱动器以获取敏感数据。

找到有价值的文件后,他们使用WinSCP(通过SFTP)或Rclone(云同步)将这些文件泄露到攻击者控制的基础设施中。

数据被盗后,Luna Moth联系受害组织,威胁要在其清晰网域名上公开泄露数据,除非他们支付赎金。每个受害者的赎金金额各不相同,从100万美元到800万美元不等。

Luna Moth的勒索网站

Büyükkaya评论了这些攻击的隐蔽性,指出它们不涉及恶意软件、恶意附件或恶意软件网站的链接。受害者只是自己安装RMM工具,认为他们正在接受帮助台的支持。由于企业通常使用这些RMM工具,因此它们不会被安全软件标记为恶意工具,并允许运行,建议考虑限制在组织环境中不使用的RMM工具的执行。

胡金鱼

I Got 99 Problems But a Log Ain’t One

TrustedSec
2 months 2 weeks ago
<p>1.1 IntroductionHere at TrustedSec, one of the goals of the Tactical Awareness &amp; Countermeasures (TAC) team is to assess and enhance our partners' security posture. Every organization benefits from improving and…</p>
Zach Bevilacqua

CVE-2024-23759 | Gambio up to 4.9.2.0 AddAddressBookEntry Search deserialization (usd-2023-0046)

Vuldb Updates
2 months 2 weeks ago
A vulnerability, which was classified as problematic, was found in Gambio up to 4.9.2.0. This affects an unknown part of the file Parcelshopfinder/AddAddressBookEntry. The manipulation of the argument Search leads to deserialization. This vulnerability is uniquely identified as CVE-2024-23759. The attack needs to be done within the local network. There is no exploit available.
vuldb.com

CVE-2024-23763 | Gambio up to 4.9.2.0 GET Request modifiers[attribute][] sql injection (usd-2023-0047)

Vuldb Updates
2 months 2 weeks ago
A vulnerability was found in Gambio up to 4.9.2.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component GET Request Handler. The manipulation of the argument modifiers[attribute][] leads to sql injection. This vulnerability is known as CVE-2024-23763. The attack needs to be approached within the local network. There is no exploit available.
vuldb.com

CVE-2023-20587 | AMD EPYC(TM) Embedded 9003 System Management Mode access control

Vuldb Updates
2 months 2 weeks ago
A vulnerability has been found in AMD 3rd Gen EPYC Processors, 4th Gen EPYC Processors, 1st Gen EPYC Processors, 2nd Gen EPYC Processors, EPYC(TM) Embedded 3000, EPYC(TM) Embedded 7002, EPYC(TM) Embedded 7003 and EPYC(TM) Embedded 9003 and classified as critical. Affected by this vulnerability is an unknown functionality of the component System Management Mode. The manipulation leads to improper access controls. This vulnerability is known as CVE-2023-20587. The attack needs to be approached within the local network. There is no exploit available.
vuldb.com

Managed ad