BackBox News
Latest news and insights on Security
- Apple fixes recently disclosed CVE-2023-23529 zero-day on older devicesby Pierluigi Paganini on March 27, 2023 at 9:35 pm
Apple released updates to backport security patches that address actively exploited CVE-2023-23529 WebKit zero-day for older iPhones and iPads. Apple released security updates to backport patches that address an actively exploited zero-day flaw (CVE-2023-23529) for older iPhones and iPads. The […]
- New MacStealer macOS malware appears in the cybercrime undergroundby Pierluigi Paganini on March 27, 2023 at 8:31 pm
A new MacStealer macOS malware allows operators to steal iCloud Keychain data and passwords from infected systems. Uptycs researchers team discovered a new macOS information stealer, called MacStealer, which allows operators to steal iCloud Keychain data and passwords from infected systems. The […]
- Microsoft: No-Interaction Outlook Zero Day Exploited Since Last Aprilby Ryan Naraine on March 27, 2023 at 8:19 pm
Microsoft says it has evidence that Russian APT actors were exploiting a nasty Outlook zero-day as far back as April 2022, upping the stakes on organizations to start hunting for signs of compromise. The post Microsoft: No-Interaction Outlook Zero Day Exploited Since Last April appeared first on […]
- How to prepare for a world without passwordsby JD Sherman, Dashlane on March 27, 2023 at 8:07 pm
Passkey technology will soon be ubiquitous. Until then, a combination of good password hygiene and MFA is our safest bet.
- It's time to update all of your Apple devices again. Here's whyon March 27, 2023 at 7:57 pm
Apple just released iOS 16.4 with over 30 security fixes iPhone, alongside updates for Mac, iPad and more.
- Portion of Twitter’s proprietary source code leaked on GitHubby Deeba Ahmed on March 27, 2023 at 7:41 pm
By Deeba Ahmed Twitter had to file a DMCA request after its source code was found on GitHub. This is a post from HackRead.com Read the original post: Portion of Twitter’s proprietary source code leaked on GitHub
- US to Adopt New Restrictions on Using Commercial Spywareby Associated Press on March 27, 2023 at 7:02 pm
Executive order will require the head of any U.S. agency using commercial spyware programs to certify that the program doesn’t pose a significant counterintelligence or other security risk. The post US to Adopt New Restrictions on Using Commercial Spyware appeared first on SecurityWeek.
- Hackers Earn Over $1 Million at Pwn2Own Exploit Contestby Ionut Arghire on March 27, 2023 at 6:13 pm
Security researchers raked in more than $1 million in prizes at this year's CanSecWest Pwn2Own software exploitation contest. The post Hackers Earn Over $1 Million at Pwn2Own Exploit Contest appeared first on SecurityWeek.
- How shift left security and DevSecOps can protect the software supply chain by Tim Keary on March 27, 2023 at 6:12 pm
When used alongside DevSecOps, shift left security can help secure the software development lifecycle as early as possible.
- Pwn2Own 2023: Tesla Model 3, Windows 11, Ubuntu and more Pwnedby Deeba Ahmed on March 27, 2023 at 5:16 pm
By Deeba Ahmed This year's Pwn2Own 2023 was held in Vancouver between March 22nd and 24th, 2023. This is a post from HackRead.com Read the original post: Pwn2Own 2023: Tesla Model 3, Windows 11, Ubuntu and more Pwned
Stories
- Apple patches everything, including a zero-day fix for iOS 15 usersby Paul Ducklin on March 28, 2023 at 12:23 am
Got an older iPhone that can't run iOS 16? You've got a zero-day to deal with! That super-cool Studio Display monitor needs patching, too.
- Microsoft assigns CVE to Snipping Tool bug, pushes patch to Storeby Paul Ducklin on March 27, 2023 at 7:59 pm
Microsoft says "successful exploitation requires uncommon user interaction", but it's the innocent and accidental leakage of private data you should be concerned about.
- How to secure your GitHub account with two-factor authenticationby Lance Whitney on March 27, 2023 at 6:15 pm
GitHub wants you to protect your account with the right type of authentication. The post How to secure your GitHub account with two-factor authentication appeared first on TechRepublic.
- In Memoriam – Gordon Moore, who put the more in “Moore’s Law”by Paul Ducklin on March 27, 2023 at 6:05 pm
His prediction was called a "Law", though it was an exhortation to engineering excellence as much it was an estimate.
- 5 Best Password Managers (2022): Features, Pricing, and Tipsby Scott Gilbertson on March 27, 2023 at 3:00 pm
Keep your logins locked down with our favorite apps for PC, Mac, Android, iPhone, and web browsers.
[fts_twitter twitter_name=backbox_org tweets_count=3 cover_photo=no stats_bar=no show_retweets=no show_replies=no]
Exploit
- [webapps] Aero CMS v0.0.1 - SQL Injection (no auth)
- [dos] Sysax Multi Server 6.95 - 'Password' Denial of Service (PoC)
- [local] Tftpd32_SE 4.60 - 'Tftpd32_svc' Unquoted Service Path
- [webapps] Atom CMS v2.0 - SQL Injection (no auth)
- [local] Gestionale Open 12.00.00 - 'DB_GO_80' Unquoted Service Path
- [local] Explorer32++ v1.3.5.531 - Buffer overflow
- [webapps] WebTareas 2.4 - SQL Injection (Unauthorised)
- [webapps] eXtplorer<= 2.1.14 - Authentication Bypass & Remote Code Execution (RCE)
- [remote] WiFi Mouse 1.8.3.2 - Remote Code Execution (RCE)
- [dos] Scdbg 1.0 - Buffer overflow DoS
Tools
- ThunderCloud - Cloud Exploit Framework
- Waf-Bypass - Check Your WAF Before An Attacker Does
- QRExfiltrate - Tool That Allows You To Convert Any Binary File Into A QRcode Movie. The Data Can Then Be Reassembled Visually Allowing Exfiltration Of Data In Air Gapped Systems
- Mimicry - Security Tool For Active Deception In Exploitation And Post-Exploitation
- APCLdr - Payload Loader With Evasion Features