OpenOffice and LibreOffice Digital Signature Spoofing Vulnerabilities
OpenOffice and LibreOffice Digital Signature Spoofing Vulnerabilities
  • Alert & Advisory
  • October 12, 2021

Three flaws has been uncovered in OpenOffice and LibreOffice that if successfully exploited could permit an attacker to manipulate the timestamp of signed ODF documents, and worse, alter the contents of a document or self-sign a document with an untrusted signature, which is then tweaked to change the signature algorithm to an invalid or unknown algorithm.

Facebook, Instagram and WhatsApp global outage
Facebook, Instagram and WhatsApp global outage
  • Alert & Advisory
  • October 4, 2021

Some social media platforms including Facebook, Instagram and WhatsApp are currently experiencing technical downtime due to unknown causes resulting to a major global outage with many users unable to use the platforms. The outage is affecting every Facebook owned platforms according to data on Downdetector and Twitter. These Facebook owned Platforms are Instagram, Facebook, WhatsApp and Facebook Messenger. The outages appear to have started around 16:40pm and all services on the affected platforms remain inaccessible. The outages generated trends on Twitter as users flocked to the competing social network to see if other users were affected by the downtime. Humorously, the hashtag “#DeleteFacebook” is also trending on Twitter as Facebook battles negative reactions to its current challenge.

Browser’s DNS Rebinding Attacks
Browser’s DNS Rebinding Attacks
  • Alert & Advisory
  • September 22, 2021

Cybercriminals have been discovered to be using a technique known as DNS rebinding to compromise internal networks by abusing web-based consoles. This method exposes the attack surface of internal web applications to malicious websites after being launched on victims' browsers. The DNS rebinding attack can use victims' browsers as a proxy to expand the attack surface to private networks.

Fortinet Leaked VPN Account Credentials
Fortinet Leaked VPN Account Credentials
  • Alert & Advisory
  • September 10, 2021

A malicious actor has leaked a list of almost 500,000 Fortinet VPN login names and passwords that were allegedly scraped from exploitable devices last summer. These credentials were reported to be obtained from systems that remained unpatched against FG-IR-18-384 / CVE-2018-13379 at the time of the actor's scan.

COVID-19 RELATED SCAMS
COVID-19 RELATED SCAMS
  • Alert & Advisory
  • August 25, 2021

Several fake portals requesting beneficiaries' account details to get the Federal Government’s 2021 Survival Fund, check the N-Power Batch-C eligibility, and apply for CBN The COVID-19 Loan has been discovered to be circulating on the social media and through email messages to unsuspecting members of the public. These fraudsters parade themselves as operators of the Federal Government’s schemes.

Related Articles