BackBox News

Latest news and insights on Security

Chinese Hackers Stole 60,000 US State Department Emails from Microsoft
by Deeba Ahmed on September 29, 2023 at 3:28 pm
By Deeba Ahmed Chinese hackers have struck again! This is a post from HackRead.com Read the original post: Chinese Hackers Stole 60,000 US State Department Emails from Microsoft
People Still Matter in Cybersecurity Management
by Curtis Franklin, Senior Analyst, Omdia on September 29, 2023 at 2:00 pm
Cybersecurity's constant stream of shiny new things shouldn't distract managers from their focus on the people they're protecting.
Attacks on Azerbaijan Businesses Drop Malware via Fake Image Files
by Dan Raywood, Senior Editor, Dark Reading on September 29, 2023 at 1:55 pm
Images purporting to be of the Armenia and Azerbaijan conflict were malware downloaders in disguise.
National Security Agency is Starting an Artificial Intelligence Security Center
by Associated Press on September 29, 2023 at 1:54 pm
The NSA is starting an artificial intelligence security center — a crucial mission as AI capabilities are increasingly acquired, developed and integrated into U.S. defense and intelligence systems. The post National Security Agency is Starting an Artificial Intelligence Security Center appeared […]
CISA Warns of Old JBoss RichFaces Vulnerability Being Exploited in Attacks
by Eduard Kovacs on September 29, 2023 at 12:42 pm
CISA has added CVE-2018-14667, an old critical JBoss RichFaces flaw to its known exploited vulnerabilities catalog. The post CISA Warns of Old JBoss RichFaces Vulnerability Being Exploited in Attacks appeared first on SecurityWeek.
Lazarus Group Impersonates Recruiter from Meta to Target Spanish Aerospace Firm
by info@thehackernews.com (The Hacker News) on September 29, 2023 at 12:10 pm
The North Korea-linked Lazarus Group has been linked to a cyber espionage attack targeting an unnamed aerospace company in Spain in which employees of the firm were approached by the threat actor posing as a recruiter for Meta. "Employees of the targeted company were contacted by a fake recruiter […]
Hackers Set Sights on Apache NiFi Flaw That Exposes Many Organizations to Attacks
by Ionut Arghire on September 29, 2023 at 12:08 pm
Hackers have set their sights on CVE-2023-34468, an RCE vulnerability in Apache NiFi that impacts thousands of organizations. The post Hackers Set Sights on Apache NiFi Flaw That Exposes Many Organizations to Attacks appeared first on SecurityWeek.
Post-Quantum Cryptography: Finally Real in Consumer Apps?
by info@thehackernews.com (The Hacker News) on September 29, 2023 at 11:48 am
Most people are barely thinking about basic cybersecurity, let alone post-quantum cryptography. But the impact of a post-quantum world is coming for them regardless of whether or not it's keeping them up tonight. Today, many rely on encryption in their daily lives to protect their fundamental […]
Chinese threat actors stole around 60,000 emails from US State Department in Microsoft breach
by Pierluigi Paganini on September 29, 2023 at 11:08 am
China-linked threat actors stole around 60,000 emails from U.S. State Department after breaching Microsoft’s Exchange email platform in May. China-linked hackers who breached Microsoft’s email platform in May have stolen tens of thousands of emails from U.S. State Department accounts, a Senate […]
Cloudflare Users Exposed to Attacks Launched From Within Cloudflare: Researchers
by Ionut Arghire on September 29, 2023 at 10:32 am
Gaps in Cloudflare’s security controls allow users to bypass protections and target others from the platform itself. The post Cloudflare Users Exposed to Attacks Launched From Within Cloudflare: Researchers appeared first on SecurityWeek.

BackBox.org offers a range of Penetration Testing services to simulate an attack on your network or application. If you are interested in our services, please contact us and we will provide you with further information as well as an initial consultation.

Click me

Stories

ZenRAT Malware Targets Windows Users Via Fake Bitwarden Password Manager Installation Package
by Cedric Pernet on September 29, 2023 at 2:15 pm
We talked to Proofpoint researchers about this new malware threat and how it infects Windows systems to steal information.
Beware of scammers! Dangerous apps in the App Store | Kaspersky official blog
by Sergey Puzan on September 29, 2023 at 12:26 pm
Dangerous investment-apps in the App Store take users’ personal data and hand it to phone scammers.
Censys Reveals Open Directories Share More Than 2,000 TB of Unprotected Data
by Cedric Pernet on September 29, 2023 at 10:34 am
These open directories could leak sensitive data, intellectual property or technical data and let an attacker compromise the entire system. Follow these security best practices for open directories.
Protect Your Passwords for Life for Just $30
by TechRepublic Academy on September 29, 2023 at 10:25 am
Automatically create and save passwords, fill in forms and logins, even securely share passwords and sync across all of your devices via WiFi.
Best SIEM Tools and Software for 2023
by Drew Robb on September 29, 2023 at 10:13 am
Looking for the best SIEM tool? Check out our list and find the security information and event management solution that fits your business needs.

Twitter

[fts_twitter twitter_name=backbox_org tweets_count=3 cover_photo=no stats_bar=no show_retweets=no show_replies=no]

Exploit

[remote] Techview LA-5570 Wireless Gateway Home Automation Controller - Multiple Vulnerabilities
Source: Exploit DB Published on 2023-09-08
[webapps] Axigen < 10.3.3.47, 10.2.3.12 - Reflected XSS
Source: Exploit DB Published on 2023-09-08
[webapps] Drupal 10.1.2 - web-cache-poisoning-External-service-interaction
Source: Exploit DB Published on 2023-09-08
[webapps] Jorani v1.0.3-(c)2014-2023 - XSS Reflected & Information Disclosure
Source: Exploit DB Published on 2023-09-08
[webapps] SPA-Cart eCommerce CMS 1.9.0.3 - SQL Injection
Source: Exploit DB Published on 2023-09-08
[dos] SyncBreeze 15.2.24 - 'login' Denial of Service
Source: Exploit DB Published on 2023-09-08
[local] GOM Player 2.3.90.5360 - Buffer Overflow (PoC)
Source: Exploit DB Published on 2023-09-08
[webapps] Wp2Fac - OS Command Injection
Source: Exploit DB Published on 2023-09-08
[webapps] Wordpress Plugin Elementor 3.5.5 - Iframe Injection
Source: Exploit DB Published on 2023-09-08
[remote] GOM Player 2.3.90.5360 - Remote Code Execution (RCE)
Source: Exploit DB Published on 2023-09-08

Tools

Skyhook - A Round-Trip Obfuscated HTTP File Transfer Setup Built To Bypass IDS Detections
Source: KitPloit Published on 2023-09-29
Pinkerton - An JavaScript File Crawler And Secret Finder Developed In Python
Source: KitPloit Published on 2023-09-28
WMIExec - Set Of Python Scripts Which Perform Different Ways Of Command Execution Via WMI Protocol
Source: KitPloit Published on 2023-09-27
AtlasReaper - A Command-Line Tool For Reconnaissance And Targeted Write Operations On Confluence And Jira Instances
Source: KitPloit Published on 2023-09-26
KnockKnock - Enumerate Valid Users Within Microsoft Teams And OneDrive With Clean Output
Source: KitPloit Published on 2023-09-26

[social_icons_group id="1409"]

Make a Donation