BackBox News
Latest news and insights on Security
- Security Awareness Training 101: Which Employees Need It?by Ronda Swaney on June 9, 2023 at 1:00 pm
To understand why you need cybersecurity awareness training, you must first understand employees’ outsized roles in security breaches. “People remain — by far — the weakest link in an organization’s cybersecurity defenses,” noted Verizon on the release of their 2022 Data Breach […]
- 3rd-Party Reddit App Apollo Forced to Shut Down Due to API Chargesby Waqas on June 9, 2023 at 12:50 pm
By Waqas Apollo app will be shut down on June 30th, 2023. This is a post from HackRead.com Read the original post: 3rd-Party Reddit App Apollo Forced to Shut Down Due to API Charges
- Google Introduces SAIF, a Framework for Secure AI Development and Useby Kevin Townsend on June 9, 2023 at 12:30 pm
The Google SAIF (Secure AI Framework) is designed to provide a security framework or ecosystem for the development, use and protection of AI systems. The post Google Introduces SAIF, a Framework for Secure AI Development and Use appeared first on SecurityWeek.
- ‘Asylum Ambuscade’ Group Hit Thousands in Cybercrime, Espionage Campaignsby Ionut Arghire on June 9, 2023 at 12:05 pm
ESET has linked several cybercrime and espionage campaigns to a threat actor tracked as Asylum Ambuscade. The post ‘Asylum Ambuscade’ Group Hit Thousands in Cybercrime, Espionage Campaigns appeared first on SecurityWeek.
- Evidence Suggests Ransomware Group Knew About MOVEit Zero-Day Since 2021by Eduard Kovacs on June 9, 2023 at 11:44 am
Evidence suggests that the Cl0p ransomware group has known about and conducted tests with the recently patched MOVEit zero-day since mid-2021. The post Evidence Suggests Ransomware Group Knew About MOVEit Zero-Day Since 2021 appeared first on SecurityWeek.
- 5 Reasons Why Access Management is the Key to Securing the Modern Workplaceby info@thehackernews.com (The Hacker News) on June 9, 2023 at 11:17 am
The way we work has undergone a dramatic transformation in recent years. We now operate within digital ecosystems, where remote work and the reliance on a multitude of digital tools is the norm rather than the exception. This shift – as you likely know from your own life – has led to superhuman […]
- SaaS Ransomware Attack Hit Sharepoint Online Without Using a Compromised Endpointby Kevin Townsend on June 9, 2023 at 11:00 am
A SaaS ransomware attack against a company’s Sharepoint Online was done without using a compromised endpoint. The post SaaS Ransomware Attack Hit Sharepoint Online Without Using a Compromised Endpoint appeared first on SecurityWeek.
- Google Cloud Now Offering $1 Million Cryptomining Protectionby Ionut Arghire on June 9, 2023 at 10:35 am
Google Cloud is offering up to $1 million in financial protection to cover expenses associated with undetected cryptomining attacks. The post Google Cloud Now Offering $1 Million Cryptomining Protection appeared first on SecurityWeek.
- Democrats and Republicans Are Skeptical of US Spying Practices, an AP-NORC Poll Findsby Associated Press on June 9, 2023 at 10:07 am
As it pushes to renew a cornerstone law that authorizes major surveillance programs, the Biden administration faces an American public that’s broadly skeptical of common intelligence practices and of the need to sacrifice civil liberties for security. The post Democrats and Republicans Are […]
- Stealth Soldier backdoor used is targeted espionage attacks in Libyaby Pierluigi Paganini on June 9, 2023 at 7:52 am
Researchers detected a cyberespionage campaign in Libya that employs a new custom, modular backdoor dubbed Stealth Soldier. Experts at the Check Point Research team uncovered a series of highly-targeted espionage attacks in Libya that employ a new custom modular backdoor dubbed Stealth Soldier. […]
Stories
- How to set up a VPN on a router | Kaspersky official blogby Stan Kaminsky on June 9, 2023 at 11:17 am
Get all the benefits of a VPN on all your home devices by enabling VPN on your router
- Transatlantic Cable podcast, episode 302 | Kaspersky official blogby David Buxton on June 9, 2023 at 8:31 am
Is the Metaverse dead, students scammed on social media and Ring fined by FTC
- Best VPNs for small business in 2023by Cedric Pernet on June 8, 2023 at 8:00 pm
Looking for the best VPN services for SMBs? Here's a comprehensive guide covering the top options for secure remote access and data protection on a budget. The post Best VPNs for small business in 2023 appeared first on TechRepublic.
- S3 Ep138: I like to MOVEit, MOVEitby Paul Ducklin on June 8, 2023 at 4:56 pm
Backdoors, exploits, and Little Bobby Tables. Listen now! (Full transcript available...)
- Cisco LIVE 2023: AI and security platforms innovations take center stage by Karl Greenberg on June 8, 2023 at 2:27 pm
At its annual customer event in Las Vegas, Cisco introduced AI-powered, cloud-based products that are designed to snap into its new Security Cloud platform like LEGO. The post Cisco LIVE 2023: AI and security platforms innovations take center stage appeared first on TechRepublic.
[fts_twitter twitter_name=backbox_org tweets_count=3 cover_photo=no stats_bar=no show_retweets=no show_replies=no]
Exploit
- [local] USB Flash Drives Control 4.1.0.0 - Unquoted Service Path
- [local] Macro Expert 4.9 - Unquoted Service Path
- [webapps] Tree Page View Plugin 1.6.7 - Cross Site Scripting (XSS)
- [webapps] File Manager Advanced Shortcode 2.3.2 - Unauthenticated Remote Code Execution (RCE)
- [webapps] Total CMS 1.7.4 - Remote Code Execution (RCE)
- [webapps] MotoCMS Version 3.4.3 - SQL Injection
- [webapps] Enrollment System Project v1.0 - SQL Injection Authentication Bypass (SQLI)
- [webapps] Barebones CMS v2.0.2 - Stored Cross-Site Scripting (XSS) (Authenticated)
- [webapps] STARFACE 7.3.0.10 - Authentication with Password Hash Possible
- [webapps] Online Security Guards Hiring System 1.0 - Reflected XSS
Tools
[social_icons_group id="1409"]