BackBox News
Latest news and insights on Security
- You've Just Been Ransomed ... Now What?by Daniel Clayton, Vice President Global Security Services and Support at Bitdefender on October 28, 2021 at 2:00 pm
Six crucial steps executives and IT teams should be prepared to take immediately after a ransomware attack.
- Best gifts for hackers 2021: Cybersecurity presents for pros and hobbyistson October 28, 2021 at 1:56 pm
From hobbyist hackers and programmers to professionals, people will love our picks for tech gifts this holiday season.
- Codenotary: Notarize and verify your software bill of materialson October 28, 2021 at 1:48 pm
What's really in that program? Codenotary can show your customers what's inside your software.
- German investigators identify crypto millionaire behind REvil operationsby Pierluigi Paganini on October 28, 2021 at 1:37 pm
German authorities have identified a Russian man named Nikolay K. who is suspected to be a prominent member of the REvil ransomware gang. REvil ransomware gang is one of the most successful ransomware operations, the group and its affiliated hit hundreds of organizations worldwide. On July 2, the […]
- SlashNext, which uses AI to combat phishing, raises $26Mby Kyle Wiggers on October 28, 2021 at 1:00 pm
SlashNext, a startup developing AI-powered antiphishing solutions for enterprise customers, has raised $43M in a venture capital round.
- Learn skills to kick off a lucrative cybersecurity career for only $20on October 28, 2021 at 1:00 pm
Entry-level IT professionals now have a quick, affordable way to boost their career opportunities by getting their foot in the door of a profitable cybersecurity career.
- Grief Ransomware Targets NRAby Elizabeth Montalbano on October 28, 2021 at 12:07 pm
Grief, a ransomware group with ties to Russia-based Evil Corp, claims to have stolen data from the gun-rights group and has posted files on its dark web site.
- Cloud security in 2021: A business guide to essential tools and best practiceson October 28, 2021 at 11:58 am
Cloud applications have proved useful to enabling remote work. But cloud computing brings its own security risks.
- Ransomware: It's a 'golden era' for cyber criminals - and it could get worse before it gets betteron October 28, 2021 at 11:57 am
The ENISA Threat Landscape report details how ransomware has become the 'prime' cybersecurity threat facing organisations today.
- HTTPS threats grow more than 314% through 2021: Reporton October 28, 2021 at 11:22 am
Zscaler researchers are predicting an increase in ransomware attacks on e-commerce platforms during the holiday season.
Stories
- How to prepare your team to address a significant security issueon October 28, 2021 at 1:47 pm
As you work to resolve a security issue, technical knowledge is necessary—and a team with a broad base of expertise is invaluable.
- Squid Game Joker | Kaspersky official blogby Jeffrey Esposito on October 28, 2021 at 12:57 pm
Ahmed, Jag, and Jeff discuss the FBI hacking REvil, AI mistaking a woman for a car, Squid Game, and more on this week’s Kaspersky podcast,.
- S3 Ep56: Cryptotrading rodent, ransomware hackback, and a Docusign phish [Podcast]by Paul Ducklin on October 28, 2021 at 12:45 pm
Latest episode - listen now! Serious security explained with personality in plain English.
- Apple ships Monterey with security updates, fixes 0-day in Watch and TV products, updates iDevicesby Paul Ducklin on October 27, 2021 at 10:16 pm
A slew of security bulletins from Apple HQ, including 37 bugs listed as fixed in the initial public release of macOS Monterey.
- The Pixel 6 Chip’s Best Upgrade Isn’t Speed. It’s Securityby Lily Hay Newman on October 27, 2021 at 7:44 pm
Google’s new flagship smartphone is its most secure yet, thanks to a little vertical integration.
Updated Packages: apktool, binwalk, bully, dirsearch, knockpy, sqlmap, wireshark https://t.co/qVJUW0YWxY
Exploit
- [webapps] Simple Student Information System 1.0 - SQL Injection (Authentication Bypass)
- [webapps] Blitar Tourism 1.0 - Authentication Bypass SQLi
- [webapps] ExpressVPN VPN Router 1.0 - Router Login Panel's Integer Overflow
- [remote] vsftpd 2.3.4 - Backdoor Command Execution
- [webapps] PrestaShop 1.7.6.7 - 'location' Blind Sql Injection
- [webapps] DMA Radius Manager 4.4.0 - Cross-Site Request Forgery (CSRF)
- [webapps] Composr 10.0.36 - Remote Code Execution
- [remote] Linux Kernel 5.4 - 'BleedingTooth' Bluetooth Zero-Click Remote Code Execution
- [webapps] CMSimple 5.2 - 'External' Stored XSS
- [webapps] Atlassian Jira Service Desk 4.9.1 - Unrestricted File Upload to XSS
Tools
- Ronin - A Ruby Platform For Vulnerability Research And Exploit Development
- Dwn - D(Ockerp)Wn - A Docker Pwn Tool Manager
- SYNwall - A Zero-Configuration (IoT) Firewall
- Cpufetch - Simplistic Yet Fancy CPU Architecture Fetching Tool
- AzureC2Relay - An Azure Function That Validates And Relays Cobalt Strike Beacon Traffic By Verifying The Incoming Requests Based On A Cobalt Strike Malleable C2 Profile