CVE-2017-20177

Read Time:25 Second

A vulnerability, which was classified as problematic, has been found in WangGuard Plugin 1.8.0. Affected by this issue is the function wangguard_users_info of the file wangguard-user-info.php of the component WGG User List Handler. The manipulation of the argument userIP leads to cross site scripting. The attack may be launched remotely. The name of the patch is 88414951e30773c8d2ec13b99642688284bf3189. It is recommended to apply a patch to fix this issue. VDB-220214 is the identifier assigned to this vulnerability.

Read More

CVE-2015-10073

Read Time:30 Second

A vulnerability, which was classified as problematic, was found in tinymighty WikiSEO 1.2.1. This affects the function modifyHTML of the file WikiSEO.body.php of the component Meta Property Tag Handler. The manipulation of the argument content leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.2.2 is able to address this issue. The name of the patch is 089a5797be612b18a820f9f1e6593ad9a91b1dba. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220215.

Read More

Massive ransomware attack targets VMware ESXi servers worldwide

Read Time:27 Second

A global ransomware attack has targeted thousands of servers running the VMware ESxi hypervisor, with many more servers expected to be affected, according to national cybersecurity agencies and security experts around the world.

The Computer Emergency Response Team of France (CERT-FR) was the first to notice and send an alert about the attack.

“On February 3, CERT-FR became aware of attack campaigns targeting VMware ESXi hypervisors with the aim of deploying ransomware on them,” CERT-FR wrote

To read this article in full, please click here

Read More

How to remove yourself from the internet and from people search sites

Read Time:21 Second

Graham Cluley Security News is sponsored this week by the folks at Incogni. Thanks to the great team there for their support! Cybercrimes happen much more often than you might think and affect a growing amount of people. With crimes such as identity theft and various other scams, being mindful of your digital footprint is … Continue reading “How to remove yourself from the internet and from people search sites”

Read More

Super Scams – Beat the Online Scammers Who Want to Sack Your Super Bowl

Read Time:7 Minute, 59 Second

Crooks will aways try to cash in on a good thing, and football is no exception. Online scammers are ramping up for the big game with all types of schemes designed to rip you off and steal your personal info—but you have several ways you can beat them at their game.  

Like shopping holidays, tax season, and even back-to-school time, scammers take advantage of annual events that get people searching for deals and information online. You can include big games and tournaments in that list too. 

Specific to this big game, you can count on several types of scams to rear their heads this time of year—ticket scams, merchandise scams, betting scams, and phony sweepstakes as well. They’re all in the mix, and they’re all avoidable. Here, we’ll break them down. 

Keep an eye out for ticket scams. 

As of two weeks out, tickets for the big game on the official ticketing website were going for $6,000 or so, and that was for the so-called “cheap seats.” Premium seats in the lower bowl 50-yard line, sold by verified resellers, were listed at $20,000 a pop or higher.  

While the game tickets are now 100% mobile, that hasn’t prevented scammers trying to pass off phony tickets as the real deal. They’ll hawk those counterfeits in plenty of places online, sometimes in sites like your friendly neighborhood Craigslist.  

So if you’re in the market for tickets, there are certainly a few things to look out for: 

First off, the safest bet is to purchase tickets through the official marketplaces of the NFL with a 100% ticket guarantee. 
If someone is selling physical tickets, it’s a scam. As mentioned above, tickets are now 100% mobile. 
If you see so-called deals for tickets that are going well below the current rate, you can practically bet that’s a scam as well. 
Another sign of a scam, someone is asking for payment by a payment app like Venmo or by wire transfer or even crypto. These payment methods work like cash, meaning that if you pay a scammer with them, your money is good as gone.  

Look out for online merch scams. 

If you plan on enjoying the game closer to home, you may be in the market for some merch—a hat, a jersey, a tee, maybe some new mugs for entertaining when you host the game at your place. With all the hype around the game, out will come scammers who set up bogus online stores. They’ll advertise items for sale but won’t deliver—leaving you a few dollars lighter and the scammers with your payment information, which they can use on their own for identity fraud. 

You can shop safely with a few straightforward steps: 

Stick with known, legitimate retailers online for your merch. 

This is a great one to start with. Directly typing in the correct address for reputable online stores and retailers is a prime way to avoid scammers online. In the case of retailers that you don’t know much about, the U.S. Better Business Bureau (BBB) asks shoppers to do their research and make sure that retailer has a good reputation. The BBB makes that easier with a listing of retailers you can search simply by typing in their name. 

If you feel like doing extra sleuthing, look up the address of the website and see when it was launched. A visit to the Internet Corporation for Assigned Names and Numbers (ICANN) at ICANN.org gives you the option to search a web address and see when it was launched, along with other information about who registered it. While a recently launched site is not an indicator of a scam site alone, sites with limited track records may give you pause if you want to shop there—particularly if there’s a chance it was just propped up by a scammer.  

<h3>Look for the lock icon in your browser when you shop. 

Secure websites begin their address with “https,” not just “http.” That extra “s” in stands for “secure,” which means that it uses a secure protocol for transmitting sensitive info like passwords, credit card numbers, and the like over the internet. It often appears as a little padlock icon in the address bar of your browser, so double-check for that. If you don’t see that it’s secure, it’s best to avoid making purchases on that website. 

Use a secure payment method other than your debit card. 

Credit cards are a good way to go. One reason why is the Fair Credit Billing Act, which offers protection against fraudulent charges on credit cards by giving you the right to dispute charges over $50 for goods and services that were never delivered or otherwise billed incorrectly. Your credit card companies may have their own policies that improve upon the Fair Credit Billing Act as well. Debit cards don’t get the same protection under the Act.  

Get online protection. 

Comprehensive online protection software will defend against the latest virus, malware, spyware, and ransomware attacks plus further protect your privacy and identity. In addition to this, it can also provide strong password protection by generating and automatically storing complex passwords to keep your credentials safer from hackers and crooks who may try to force their way into your accounts. And, specific to the scams floating around this time of year, online protection can help prevent you from clicking links to known or suspected malicious sites. 

Placing a bet? Make it a safe(r) one. 

It’s hard to watch sports these days without odds and stat lines popping up onto the screen, along with a fair share of ads that promote online betting. If you’re thinking about making things interesting with some betting, keep a few things in mind: 

As of January 2023, online betting is live and legal in some form across 32 states in the U.S., with “live and legal” meaning that sports betting is legally offered through retail and/or online sportsbooks. Where you can bet and how you can bet varies from state to state, and this interactive map can show you the details for yours. 
Stick with the legal mobile betting apps and sites in your state, which you can also view via the interactive map linked above. Yet it shouldn’t come as a surprise that scam betting sites have cropped up. According to the Better Business Bureau (BBB), they’ve received plenty of complaints. “You place a bet, and, at first, everything seems normal. But as soon as you try to cash out your winnings, you find you can’t withdraw a cent. Scammers will make up various excuses,” says the BBB. 
Also, read the fine print on those promo offers that betting sites and apps advertise. Chances are you’ve seen the commercials with all manner of special sign-up bonuses. The BBB advises people to closely read the terms and conditions behind those offers. For one, “Gambling companies can restrict a user’s activity,” meaning that they can freeze accounts and the funds associated with them based on their terms and conditions. Also, the BBB cautions people about those promo offers that are often heavily advertised, “[L]ike any sales pitch, these can be deceptive. Be sure to read the fine print carefully.”  
In addition to choosing a state-approved option, check out the organization’s BBB listing at BBB.org. Here you can get a snapshot of their BBB rating, complaints registered against them, and the organization’s response to those complaints if they have chosen to respond. Doing a little reading here can be enlightening. It can show you what complaints typically arise, and how the organization has historically addressed them. 

Watch out for phony sweepstakes and prizes too. 

As it is every year, you’ll see kinds of sweepstakes and giveaways leading up to the game, plenty of them legitimate. Yet as they do, scammers will try and blend in by rolling out their own bogus promotions. Their aim: to part you from your cash or even your personal information. 

A quick way to sniff out these scams is to take a close look at the promotion. For example, if it asks you to provide your bank information to send you your prize money, count on it being a scam. Likewise, if the promotion asks you to pay to claim a prize in some form or other, it’s also likely someone’s trying to scam you.  

In all, steer clear of promotions that ask something for something in return, particularly if it’s your money or personal information. 

Enjoy your big game. 

As it is of late, all kinds of scams will try to glom onto the big game this year. And some of the best advice for avoiding them is not to give into the hype. Scammers prey on scarcity, a sense of urgency, and keyed up emotions in general. Their hope is that these things may make you less critical and more likely to overlook things that would otherwise seem sketchy or too good to be true. Staying focused as you shop, place a wager, or otherwise look to round out your enjoyment of the big game is some of your absolute best defense against scammers right now, and any time. 

The post Super Scams – Beat the Online Scammers Who Want to Sack Your Super Bowl appeared first on McAfee Blog.

Read More

CVE-2020-36660

Read Time:26 Second

A vulnerability was found in paxswill EVE Ship Replacement Program 0.12.11. It has been rated as problematic. This issue affects some unknown processing of the file src/evesrp/views/api.py of the component User Information Handler. The manipulation leads to information disclosure. The attack may be initiated remotely. Upgrading to version 0.12.12 is able to address this issue. The name of the patch is 9e03f68e46e85ca9c9694a6971859b3ee66f0240. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220211.

Read More