Category: Research & Alerts

IC3 Releases Alert for a Scam Targeting Businesses 0

IC3 Releases Alert for a Scam Targeting Businesses

Original release date: January 24, 2015 The Internet Crime Complaint Center (IC3) has released an alert warning companies of a sophisticated wire payment scam dubbed the Business E-mail Compromise. Scammers use fraudulent information to trick companies into directing financial transactions into accounts they control.

FBI Releases "Ransomware on the Rise" 0

FBI Releases "Ransomware on the Rise"

Original release date: January 23, 2015 The FBI has released an article addressing ransomware campaigns that use intimidating messages claiming to be from the FBI or other government agencies. Scam operators use ransomware – a type of malicious software – to infect a computer and restrict access to it until a ransom is paid to unlock it. Users and administrators are encouraged to review the FBI article ” Ransomware on the Rise ” for details and refer to Alert TA-295A for information on Crypto Ransomware.

VU#546340: QPR Portal contains multiple vulnerabilities 0

VU#546340: QPR Portal contains multiple vulnerabilities

Vulnerability Note VU#546340 QPR Portal contains multiple vulnerabilities Original Release date: 23 Jan 2015 | Last revised: 23 Jan 2015 Overview QPR Portal versions 2014.1.1 and older contain reflected and stored cross-site scripting vulnerabilities, and versions 2012.2.0 and older contain an insecure direct object reference vulnerability.

Infocon change to yellow for Adobe Flash issues, (Fri, Jan 23rd) 0

Infocon change to yellow for Adobe Flash issues, (Fri, Jan 23rd)

We have decided to change the Infocon 1 to yellow in order to bring attention to the multiple recentAdobe Flash Player vulnerabilities 2 that are being actively exploited. There have been 3 patchedvulnerabilities thathave an update and applying themis highly recommended. 1 of the vulnerabilities has not yet been patched, and is expected to be released as an OOB (Outof Band) next week by Adobe 3 .

VU#637068: LabTech contains privilege escalation vulnerability 0

VU#637068: LabTech contains privilege escalation vulnerability

Vulnerability Note VU#637068 LabTech contains privilege escalation vulnerability Original Release date: 23 Jan 2015 | Last revised: 23 Jan 2015 Overview LabTech startup scripts and directories on Linux platforms are world-writeable and the scripts execute with root privileges. Description CWE-284 : Improper Access Control LabTech startup scripts and directories on Linux platforms are world-writeable and the scripts execute with root privileges.