Home Tags Uniform Resource Locator (URL)

Tag: Uniform Resource Locator (URL)

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables.

An attacker could exploit ...
A vulnerability in the web interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters in the HTTP requ...
A new means of exploiting Google Apps Script lets attackers deliver malware using URLs.
As long as you know the right URL, anyone with access to the internet could retrieve all the data that was left online by marketing analytics company Alteryx.

This is the second major exposure of data stored and improperly managed in the Amazon Web ...
At the end of September, Palo Alto released a report on Unit42 activity where they – among other things – talked about PYLOT malware. We have been detecting attacks that have employed the use of this backdoor since at least 2015 and refer to it as Travle.

Coincidentally, KL was recently involved in an investigation of a successful attack where Travle was detected, during which we conducted a deep analysis of this malware.

Jack of all trades

Among this array of threats we found a rather interesting sample – Trojan.AndroidOS.Loapi.

This Trojan boasts a complicated modular architecture that means it can conduct a variety of malicious activities: mine cryptocurrencies, annoy users with constant ads, launch DDoS attacks from the affected device and much more.

Still Stealing

Two years ago we published a blogpost about a popular malware that was being distributed from the Google Play Store.
In October and November 2017 we found 85 new malicious apps on Google Play that are stealing credentials for VK.com
Multiple vulnerabilities exist in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files.

A remote attacker could exploit these vulnerabilities by providing a user with a malicious ARF or WRF...
A vulnerability in Cisco WebEx Meeting Center could allow an authenticated, remote attacker to initiate connections to arbitrary hosts. The vulnerability is due to insufficient access control for HTTP traffic directed to the Cisco WebEx Meeting Ce...
A vulnerability in Cisco WebEx Network Recording Player for WebEx Recording Format (WRF) files could allow an attacker to cause a denial of service (DoS) condition.

An attacker could exploit this vulnerability by providing a user with a malicious W...
A vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (.arf) files could allow an attacker to execute arbitrary code on a system.

An attacker could exploit this vulnerability by providing a user with a malicious .arf...