MapTool v1.11.5 – Denial of Service Vulnerability

Read Time:16 Second

Posted by info () vulnerability-lab com on Oct 20

Document Title:
===============
MapTool v1.11.5 – Denial of Service Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2318

Release Date:
=============
2022-10-10

Vulnerability Laboratory ID (VL-ID):
====================================
2318

Common Vulnerability Scoring System:
====================================
5.7

Vulnerability Class:
====================
Denial of Service…

Read More

WiFi File Transfer v1.0.8 – Cross Site Scripting Vulnerabilities

Read Time:16 Second

Posted by info () vulnerability-lab com on Oct 20

Document Title:
===============
WiFi File Transfer v1.0.8 – Cross Site Scripting Vulnerabilities

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2322

Release Date:
=============
2022-10-17

Vulnerability Laboratory ID (VL-ID):
====================================
2322

Common Vulnerability Scoring System:
====================================
5.6

Vulnerability Class:
====================
Cross Site…

Read More

Webile v1.0.1 – Directory Traversal Web Vulnerability

Read Time:16 Second

Posted by info () vulnerability-lab com on Oct 20

Document Title:
===============
Webile v1.0.1 – Directory Traversal Web Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2320

Release Date:
=============
2022-10-10

Vulnerability Laboratory ID (VL-ID):
====================================
2320

Common Vulnerability Scoring System:
====================================
7.3

Vulnerability Class:
====================
Directory- or…

Read More

Stripe Green Downloads 2.03 – Cross Site Scripting Web Vulnerability

Read Time:16 Second

Posted by info () vulnerability-lab com on Oct 20

Document Title:
===============
Stripe Green Downloads 2.03 – Cross Site Web Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2287

Release Date:
=============
2022-10-17

Vulnerability Laboratory ID (VL-ID):
====================================
2287

Common Vulnerability Scoring System:
====================================
5.2

Vulnerability Class:
====================
Cross Site…

Read More

Vicidial v2.14-783a – Multiple XSS Web Vulnerabilities

Read Time:16 Second

Posted by info () vulnerability-lab com on Oct 20

Document Title:
===============
Vicidial v2.14-783a – Multiple XSS Web Vulnerabilities

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2311

Release Date:
=============
2022-10-11

Vulnerability Laboratory ID (VL-ID):
====================================
2311

Common Vulnerability Scoring System:
====================================
5.2

Vulnerability Class:
====================
Cross Site Scripting…

Read More

Knap (APL) v3.1.3 – Persistent Cross Site Vulnerability

Read Time:16 Second

Posted by info () vulnerability-lab com on Oct 20

Document Title:
===============
Knap (APL) v3.1.3 – Persistent Cross Site Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2307

Release Date:
=============
2022-10-10

Vulnerability Laboratory ID (VL-ID):
====================================
2307

Common Vulnerability Scoring System:
====================================
5.7

Vulnerability Class:
====================
Cross Site…

Read More

OpenStack Horizon, it is posible to trigger a POST Request to any address

Read Time:25 Second

Posted by Sven Anders on Oct 20

Hi,

we opened a bug at OpenStack, 3 month ago, but nobody takes care about it. Due
to the OpenStack guidlines the bug report is now public readable.

https://bugs.launchpad.net/horizon/+bug/1980349

I am not a security expert and do not know how bad this bug is, there is now
CVE and so on. Please be kind.

# Description of the bug

We use OpenStack horizon in the following version: `git+https://opendev.org/

Read More

96% of companies report insufficient security for sensitive cloud data

Read Time:47 Second

The vast majority of organizations lack confidence in securing their data in cloud, while many companies acknowledge they lack sufficient security even for their most sensitive data, according to a new report by the Cloud Security Alliance (CSA).

The CSA report surveyed 1,663 IT and security professionals from organizations of various sizes and in various locations.

“Only 4% report sufficient security for 100% of their data in the cloud. This means that 96% of organizations have insufficient security for at least some of their sensitive data,” according to the report, which was sponsored by data intelligence firm BigID.

Apart from struggling with securing sensitive data, organizations are also having trouble tracking data in the cloud. Over a quarter of organizations polled aren’t tracking regulated data, nearly a third aren’t tracking confidential or internal data, and 45% aren’t tracking unclassified data, the report said.

To read this article in full, please click here

Read More

What Is Smishing and Vishing, and How Do You Protect Yourself

Read Time:5 Minute, 55 Second

Smishing and vishing are scams where criminals attempt to get users to click a fraudulent link through a phone text message, email, or voicemail. These scams are becoming increasingly popular as cybercriminals try to take advantage of people who are more likely to fall for them, such as those who aren’t as familiar with technology or who may be experiencing a crisis.

Be aware that cybercrime and hacking can happen to anyone. Criminals are always looking for new ways to exploit people, and they know that others may not be cautious or recognize the warning signs of phishing scams when using the internet. That’s why it’s important to be aware of the different types of cybercrime and how to protect yourself.

This article discusses how to protect yourself from smishing attempts and scams where criminals try to get you to click on a fraudulent link or respond to their voicemail message to steal your personal data.

What is smishing?

Most people are familiar with phishing scams, where scammers try to trick you into giving them your personal or financial information by pretending to be a legitimate company or organization. But have you ever heard of smishing or vishing?

Smishing is a type of phishing scam where attackers send SMS messages (or text messages) to trick victims into sharing personal information or installing malware on their devices. Vishing is almost identical to smishing, except cybercriminals use VoIP (Voice over IP) to place phone calls to trick victims instead of SMS (short message service) messages.

Smishing messages often appear to be from a legitimate source, such as a well-known company or government agency. It may even include urgent language or threats in an effort to get victims to act quickly. In some cases, the message may also include a link that directs victims to a fake website where they are prompted to enter personal information or download malware.

Examples of a smishing text message

Here are some examples of smishing text messages hackers use to steal your personal details:

“We have detected unusual activity on your account. Please call this number to speak to a customer service representative.”
“You have won a free gift card! Click here to claim your prize.”
“Hi! We noticed that you’re a recent customer of ours. To finish setting up your account, please click this link and enter your personal information.”
“Urgent! Your bank account has been compromised. Please click this link to reset your password and prevent any further fraud.”
“Hey, it’s [person you know]! I’m in a bit of a bind and could really use your help. I sent you a link to my PayPal, could you send me some money?”

How dangerous can smishing be?

If you fall for a smishing scam, you could end up giving away your personal information or money. Cybercriminals use smishing messages to get personal and financial information, like your credit card number or access to your financial services.

For example, one type of smishing scam is when you get a text message that looks like it’s from your bank. The message might say there’s been suspicious activity on your account and that you need to click on a link to verify your identity. If you do click on the link, you’ll be taken to a fake website where you’ll be asked to enter your banking information. Once the scammers have your login information, they have access to clean out your account.

How can you protect yourself from smishing?

Smishing scams can be very difficult to spot, but there are some telltale signs to look for and steps to take to protect yourself.

Recognize the signs of a smishing text

One of the easiest ways to protect yourself from smishing scams is to be able to recognize the signs of a smishing text message. Here are some tips:

Be suspicious of any text messages that ask for personal information or include a link.
Look closely at the sender’s name and number. Fraudulent messages often come from spoofed numbers that may look similar to a legitimate number but with one or two digits off.
Look for errors in spelling or grammar. This can be another sign that the message is not legitimate.
Beware of any text messages that create a sense of urgency or are threatening in nature. Scammers often use these tactics to get you to act quickly without thinking.
If you’re not expecting a message from the sender, be extra cautious.
If you’re unsure whether a text message is legitimate, call the company or organization directly to verify.

Filter unknown text messages

While you can’t avoid smishing attacks altogether, you can block spam text messages you receive on your mobile phone. iPhone and Android have cybersecurity tools like spam filters and phone number blocking to help protect you from phishing attacks and malicious links.

To set up spam filters on your iPhone:

Go to the Settings App
Go to Messages
Find the Filter Unknown Senders option and turn it on

To set up spam filters on your Android mobile device:

Go to the Messaging App
Choose Settings
Tap Spam Protection and turn on Enable Spam Protection

Use McAfee Mobile Security

McAfee Mobile Security is a mobile security app that helps protect your phone from malware, phishing attacks, and other online threats. McAfee Mobile Security is available for Android and iOS cell phones.

One of the benefits of using McAfee Mobile Security is that it can help detect and block smishing attacks. With identity monitoring, McAfee Mobile Security monitors your sensitive information like email accounts, credit card numbers, phone numbers, Social Security numbers, and more to protect against identity theft. They notify you if they find any security breaches.

Other benefits include:

Antivirus
Secure VPN for privacy online
Identity monitoring for up to 10 emails
Guard your identity against risky Wi-Fi connections
Safe browsing
System Scan for the latest updates

Keep your device and information secure with McAfee Mobile Security

These days, our lives are more intertwined with our mobile devices than ever. We use them to stay connected with our loved ones on social media, conduct our business, and even access our most personal, sensitive data. It’s no surprise that mobile cybersecurity is becoming increasingly important.

McAfee Mobile Security is a comprehensive security solution that helps protect your device from viruses, malware, and other online threats. It also offers a variety of other features, like a secure VPN to protect your credit card numbers and other personal data.

Whether you’re browsing your favorite website, keeping up with friends on social media, or shopping online at Amazon, McAfee Mobile Security provides the peace of mind that comes from knowing your mobile device is safe and secure.

So why wait? Don‘t let the smishers win. Get started today with McAfee Mobile Security and rest easy knowing your mobile device and sensitive information are protected.

The post What Is Smishing and Vishing, and How Do You Protect Yourself appeared first on McAfee Blog.

Read More