Posted by psy on Mar 09
Hi Community,
I am glad to present a new release of this tool:
———
“UFONet is a free software, P2P and cryptographic -disruptive toolkit-
that allows to perform DoS and DDoS attacks; on the Layer 7 (APP/HTTP)
through the exploitation of Open Redirect vectors on third-party
websites to act as a botnet and on the Layer3 (Network) abusing the
protocol.”
“It also works as an encrypted DarkNET to…
Posted by Jonathan Gregson via Fulldisclosure on Mar 09
Mr. Post is an Outlook add-in used for inspecting emails for threats. Its tagline states “One click to visualize email.
Unveil scam, phishing, ransom and BEC (Business Email Compromise).” The add-in is featured prominently in the Outlook
Add-in store, including those on iOS and Android. It’s possible that users in your org use this add-in. You can find it
in Microsoft AppSource here:…
Proofpoint cybersecurity researchers have identified ramped-up activities by China-aligned APT (advanced persistent threat) actor TA416, targeting European diplomatic entities as the war between Russia and Ukraine intensifies.
TA416 (aka RedDelta ) is known to have been targeting Europe for several years using web bugs to profile target accounts, according to a research report by Proofpoint.
Also known as tracking pixels, web bugs hyperlink a malicious object within the body of an email which, when activated, attempts to retrieve a benign image file from the hacker server. This provides a “sign of life” confirmation to the bad actor establishing that the target account is valid and inclined to open malicious emails with social engineering content.
Ciaran Martin examines the cyber-dimension of the Ukraine-Russia conflict while Leeza Garber offers solutions to the cyber skills crisis
rust-regex-1.5.5-1.fc34
Update to version 1.5.5.
This includes a fix for a denial-of-service vulnerability (RUSTSEC-2022-0013 / CVE-2022-24713).
rust-regex-1.5.5-1.fc35
Update to version 1.5.5.
This includes a fix for a denial-of-service vulnerability (RUSTSEC-2022-0013 / CVE-2022-24713).
rust-regex-1.5.5-1.fc36
Update to version 1.5.5.
This includes a fix for a denial-of-service vulnerability (RUSTSEC-2022-0013 / CVE-2022-24713).
Social media sites and search engines will be forced to prevent fraudulent adverts appearing on their platforms
Zelle is rife with fraud:
Zelle’s immediacy has also made it a favorite of fraudsters. Other types of bank transfers or transactions involving payment cards typically take at least a day to clear. But once crooks scare or trick victims into handing over money via Zelle, they can siphon away thousands of dollars in seconds. There’s no way for customers — and in many cases, the banks themselves — to retrieve the money.
[…]
It’s not clear who is legally liable for such losses. Banks say that returning money to defrauded customers is not their responsibility, since the federal law covering electronic transfers — known in the industry as Regulation E – requires them to cover only “unauthorized” transactions, and the fairly common scam that Mr. Faunce fell prey to tricks people into making the transfers themselves. Victims say because they were duped into sending the money, the transaction is unauthorized. Regulatory guidance has so far been murky.
When swindled customers, already upset to find themselves on the hook, search for other means of redress, many are enraged to find out that Zelle is owned and operated by banks.
[…]
The Zelle network is operated by Early Warning Services, a company created and owned by seven banks: Bank of America, Capital One, JPMorgan Chase, PNC, Truist, U.S. Bank and Wells Fargo. Early Warning, based in Scottsdale, Ariz., manages the system’s technical infrastructure. But the 1,425 banks and credit unions that use Zelle can customize the app and add their own security settings.
Multiple vulnerabilities have been discovered in PTC Axeda Agent and Axeda Desktop Server, the most severe of which could allow for remote code execution. PTC Axeda is a cloud based remote access solution commonly used for devices within the healthcare industry. Successful exploitation of these vulnerabilities could result in full system access, remote code execution, read/change configuration, file system read access, log information access, and a denial-of-service condition.
