A reader sent us an interesting find of a phishing site that is going after Uber credentials. Uber credentials are often stolen and resold to obtain free rides. One method the credentials are stolen is phishing. The latest example is using convincing looking Uber receipt emails. These emails feature a prominent link to uberdisputes.com. Uberdisputes.c

CALL FOR PAPERS===============****************************************************** 2017 Workshop on Privacy in the Electronic Society (WPES 2017) Dallas, Texas, USA - October 30, 2017 https://cs.pitt.edu/wpes2017******************************************************The need for privacy-aware policies, regulations, an

[+] Credits: John Page AKA hyp3rlinx[+] Website: hyp3rlinx.altervista.org[+] Source:http://hyp3rlinx.altervista.org/advisories/PEGASUS-MAILTO-LINK-REMOTE-CODE-EXECUTION.txt[+] ISR: APPARITIONSECVendor:=============www.pmail.comProduct:===========================Pegasus "winpm-32.exe"v4.72 build 572Pegasus Mail: Pegasus Mail is a free, standards-bas

[+] Credits: John Page aka HYP3RLINX[+] Website: hyp3rlinx.altervista.org[+] Source:http://hyp3rlinx.altervista.org/advisories/SECURE-AUDITOR-v3.0-DIRECTORY-TRAVERSAL.txt[+] ISR: ApparitionSecVendor:====================www.secure-bytes.comProduct:=====================Secure Auditor - v3.0Vulnerability Type:===================Directory TraversalCVE Reference:

[+] Credits: John Page a.k.a hyp3rlinx[+] Website: hyp3rlinx.altervista.org[+] Source:http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-CSRF-PERMALINK-INJECTION.txt[+] ISR: ApparitionSecVendor:================www.mantisbt.orgProduct:=========Mantis Bug Tracker1.3.10 / v2.3.0MantisBT is a popular free web-based bug tracking system. It is written i

# Vulnerability Title: HP SimplePass Local Privilege Escalation# Advisory Release Date: 05/18/2017# Credit: Discovered By Rehan Ahmed# Contact: knight_rehan () hotmail com# Severity Level: Medium# Type: Local# Tested Platform: Windows 8 & 10 x64# Vendor: HP Inc.# Vendor Site: http://www.hp.com# Download Link: http://ftp.hp.com/pub/softpaq/sp64001-64500/s

# Out of bound memory access in PJSIP multipart parser crashes Asterisk- Authors: - Alfred Farrugia <alfred () enablesecurity com> - Sandro Gauci <sandro () enablesecurity com>- Vulnerable version: Asterisk 14.4.0 running `chan_pjsip`, PJSIP 2.6- References: AST-2017-003- Enable Security Advisory:<https://github.com/EnableSecurity/advis

# Asterisk Skinny memory exhaustion vulnerability leads to DoS- Authors: - Alfred Farrugia <alfred () enablesecurity com> - Sandro Gauci <sandro () enablesecurity com>- Vulnerable version: Asterisk 14.4.0 with `chan_skinny` enabled- References: AST-2017-004- Enable Security Advisory:<https://github.com/EnableSecurity/advisories/tree/mas

# Heap overflow in CSEQ header parsing affects Asterisk chan_pjsip andPJSIP- Authors: - Alfred Farrugia <alfred () enablesecurity com> - Sandro Gauci <sandro () enablesecurity com>- Vulnerable version: Asterisk 14.4.0 running `chan_pjsip`, PJSIP 2.6- References: AST-2017-002- Enable Security Advisory:<https://github.com/EnableSecurity/a

Document Title:===============Wordpress Newsletter Supsystic 1.1.7 - Cross Site Scripting VulnerabilityReferences (Source):====================https://www.vulnerability-lab.com/get_content.php?id=2070Release Date:=============2017-05-16Vulnerability Laboratory ID (VL-ID):====================================2070Common Vulnerability Scoring System:============

Document Title:===============Simple ASC CMS v1.2 - (Guestbook) Persistent VulnerabilityReferences (Source):====================https://www.vulnerability-lab.com/get_content.php?id=2072Release Date:=============2017-05-21Vulnerability Laboratory ID (VL-ID):====================================2072Common Vulnerability Scoring System:===========================

Document Title:===============HTTrack v3.x - Stack Buffer Overflow VulnerabilityReferences (Source):====================https://www.vulnerability-lab.com/get_content.php?id=2068Release Date:=============2017-05-22Vulnerability Laboratory ID (VL-ID):====================================2068Common Vulnerability Scoring System:===================================

SEC Consult Vulnerability Lab Security Advisory < 20170523-0 >======================================================================= title: Arbitrary File Upload & Stored XSS product: InvoicePlane vulnerable version: 1.4.10 fixed version: 1.5.2 CVE number: - impact: High homepage: https://

27 people have been arrested by the Europol for jackpotting attacks on ATM across many countries in Europe. Europol has arrested 27 people accused of being involved in a series of successful black box attacks against ATMs across Europe. Since 2016, these attacks have resulted in more than €45 million in losses.“The efforts of a number of EU Member Stat

A security expert discovered a new worm, dubbed EternalRocks, that exploits the EternalBlue flaw to spread itself like WannaCry ransomware. The security expert Miroslav Stampar, a member of the Croatian Government CERT, has discovered a new worm, dubbed EternalRocks, that exploits the EternalBlue flaw in the SMB protocol to spread itself like the popular Wan