VulnHub

Real-time Cybersecurity News

Articles tagged "Phishing"

Found 69 articles

​​Spyware Allows Cyber Threat Actors to Target Users of Messaging Applications​

All CISA Advisories

Actively Exploited

CISA has identified that various cyber threat actors are using commercial spyware to target users of mobile messaging applications, employing tactics such as phishing, zero-click exploits, and impersonation. The focus is primarily on high-value individuals including government and military officials, indicating a serious threat to sensitive communications.

Impact: Mobile messaging applications including Signal and WhatsApp.
Remediation: Users are encouraged to review the updated Mobile Communications Best Practice Guidance and Mitigating Cyber Threats with Limited Resources: Guidance for Civil Society for steps to protect mobile communications and messaging apps.
macOSiOSAndroidPhishingExploitUpdate+1 more
Read Original
'Matrix Push' C2 Tool Hijacks Browser Notifications

darkreading

The article highlights a cybersecurity threat where a tool named 'Matrix Push' hijacks browser notifications, exploiting users' lack of awareness regarding these alerts. This tactic is particularly severe as it aids phishing attempts, potentially compromising user security and privacy.

Impact: N/A
Remediation: Users should be cautious about granting permissions for browser notifications and regularly review their notification settings to prevent unauthorized access.
Phishing
Read Original
Same Old Security Problems: Cyber Training Still Fails Miserably

darkreading

The article highlights the ongoing failures of cybersecurity awareness campaigns, particularly in addressing fundamental issues like password hygiene and susceptibility to phishing attacks. This persistent lack of effective training poses significant risks to organizations, making them vulnerable to cyber threats.

Impact: N/A
Remediation: Implement effective cybersecurity awareness training, improve password management practices, and enhance phishing detection measures.
Phishing
Read Original
WhatsApp 'Eternidade' Trojan Self-Propagates Through Brazil

darkreading

Actively Exploited

The 'Eternidade' Trojan is a sophisticated infostealer targeting Brazilian Portuguese speakers, designed to phish banking credentials and steal sensitive data. Its self-propagating nature and unique features tailored for Brazilian users pose significant cybersecurity threats across the region.

Impact: WhatsApp, Brazilian Portuguese-speaking users
Remediation: Users should avoid clicking on suspicious links and ensure their devices have updated security software. Regularly monitor banking activities for unauthorized transactions.
PhishingMalwareTrojan
Read Original
Festo MSE6-C2M/D2M/E2M

All CISA Advisories

The Festo MSE6-C2M/D2M/E2M series has a critical vulnerability (CVE-2023-3634) that allows remote authenticated attackers to exploit undocumented test modes, leading to severe risks including loss of confidentiality, integrity, and availability. This vulnerability has a CVSS score of 8.8, indicating a high severity level and necessitating immediate attention and remediation.

Impact: Affected products include: MSE6-C2M-5000-FB36-D-M-RG-BAR-M12L4-AGD, MSE6-C2M-5000-FB36-D-M-RG-BAR-M12L5-AGD, MSE6-C2M-5000-FB43-D-M-RG-BAR-M12L4-MQ1-AGD, MSE6-C2M-5000-FB43-D-M-RG-BAR-M12L5-MQ1-AGD, MSE6-C2M-5000-FB44-D-M-RG-BAR-AMI-AGD, MSE6-C2M-5000-FB44-D-RG-BAR-AMI-AGD, MSE6-D2M-5000-CBUS-S-RG-BAR-VCB-AGD, MSE6-E2M-5000-FB13-AGD, MSE6-E2M-5000-FB36-AGD, MSE6-E2M-5000-FB37-AGD, MSE6-E2M-5000-FB43-AGD, MSE6-E2M-5000-FB44-AGD. Vendor: Festo SE & Co. KG.
Remediation: Festo has updated the user documentation in the next product version to address this issue. Recommended defensive measures include minimizing network exposure for control systems, using firewalls, and secure remote access methods like VPNs. Organizations should also perform impact analysis and risk assessments before deploying defensive measures.
PhishingCVEExploitVulnerabilityUpdateCritical
Read Original
Festo Didactic products

All CISA Advisories

The article details a critical vulnerability (CVE-2023-26293) in Festo Didactic products, specifically related to improper input validation in Siemens TIA-Portal versions V15 to V18, which could allow attackers to create or overwrite arbitrary files. With a CVSS v3.1 score of 7.8, this vulnerability poses significant risks to engineering systems and requires immediate attention from users to mitigate potential exploitation.

Impact: Affected products include Siemens TIA-Portal V15 prior to V17 Update 6, Siemens TIA-Portal V18 prior to V18 Update 1, all versions of Festo Hardware MES PC, and all versions of Festo Hardware TP260 (before June 2023). Vendor: Festo SE & Co. KG.
Remediation: Festo recommends users of affected devices to update TIA-Portal to the latest versions. Specifically, users should update to Siemens TIA-Portal V17 Update 6 or later and Siemens TIA-Portal V18 Update 1 or later. For further details, refer to Siemens SSA-116924 and Festo's security advisory FSA-202303.
PhishingCVEExploitVulnerabilityUpdateCritical
Read Original
Automated Logic WebCTRL Premium Server

All CISA Advisories

The Automated Logic WebCTRL Premium Server has critical vulnerabilities, including an Open Redirect and Cross-site Scripting, with a CVSS v4 score of 8.6. Successful exploitation could allow remote attackers to redirect users to malicious sites or execute malicious scripts in their browsers, posing significant security risks.

Impact: Affected products include: Automated Logic WebCTRL Server (Versions 6.1, 7.0, 8.0, 8.5), Carrier i-Vu (Versions 6.1, 7.0, 8.0, 8.5), Automated Logic SiteScan Web (Versions 6.1, 7.0, 8.0, 8.5), and Automated Logic WebCTRL for OEMs (Versions 6.1, 7.0, 8.0, 8.5). Vendor: Automated Logic.
Remediation: Users are advised to upgrade to WebCTRL version 9.0, as vulnerabilities have been remediated in this version. WebCTRL 7.0, WebCTRL 6.1, and i-Vu 6.0 are out of support. Users should follow Automated Logic's Security Best Practices Checklists for Building Automation Systems (BAS) to align with best practices installation guidelines. CISA recommends minimizing network exposure for control system devices, using firewalls, and employing secure remote access methods like VPNs.
PhishingCVEExploitVulnerabilityUpdateCritical
Read Original
CISA Releases Guide to Mitigate Risks from Bulletproof Hosting Providers

All CISA Advisories

The Cybersecurity and Infrastructure Security Agency (CISA) has released a guide to help Internet Service Providers (ISPs) mitigate risks associated with Bulletproof Hosting (BPH) providers that facilitate cybercriminal activities like ransomware and phishing. The guide emphasizes the importance of collaboration and proactive measures to reduce the effectiveness of BPH infrastructure, which poses significant threats to critical systems and services.

Impact: Bulletproof Hosting providers, cybercriminal activities including ransomware, phishing, malware delivery, denial-of-service attacks.
Remediation: Curate malicious resource lists, implement filters to block malicious traffic, analyze network traffic for anomalies, use logging systems to track ASNs and IP addresses, share intelligence with public and private entities, notify customers about malicious resources, provide premade filters, set accountability standards, and vet customers to prevent BPH abuse.
RansomwarePhishingMalwareCritical
Read Original
PreviousPage 5 of 5