BackBox News
Latest news and insights on Security
- China-linked TA413 group target Tibetan organizationsby Pierluigi Paganini on February 26, 2021 at 12:15 am
The Chinese hacking group, tracked as TA413, used a malicious Firefox add-on in a cyberespionage campaign aimed at Tibetans. China-linked cyberespionage group TA413 targeted Tibetan organizations across the world using a malicious Firefox add-on, dubbed FriarFox, that allowed them to steal Gmail […]
- Old foe or new enemy? Here’s how researchers handle APT attributionby Bradley Barth on February 25, 2021 at 10:53 pm
Identifying a new actor is the first step in creating a defense, but attribution is hard to confirm due to use of common toolsets. The post Old foe or new enemy? Here’s how researchers handle APT attribution appeared first on SC Media.
- So far, ransomware attacks way down at schools, hospitals in 2021by Steve Zurier on February 25, 2021 at 10:28 pm
Ramsonware incidents against healthcare and government organizations have been few and far between in 2021, but experts say that could change as the year goes on. The post So far, ransomware attacks way down at schools, hospitals in 2021 appeared first on SC Media.
- ThreatNeedle malware tied to year-long North Korean espionage campaign against global defense...by Derek B. Johnson on February 25, 2021 at 10:24 pm
Researchers at Kasperksy have tied a piece of malware used by Lazarus Group last seen targeting security vulnerability researchers earlier this year to another campaign by the North Korean hacking group focused on pilfering sensitive data from defense contractors. The post ThreatNeedle malware tied […]
- Inside Strata's Plans to Solve the Cloud Identity Puzzleby Kelly Sheridan Staff Editor, Dark Reading on February 25, 2021 at 10:20 pm
Strata Identity was founded to change businesses' approach to identity management as multicloud environments become the norm.
- Microsoft Releases Free Tool for Hunting SolarWinds Malwareby Kelly Jackson Higgins Executive Editor at Dark Reading on February 25, 2021 at 10:15 pm
Meanwhile, researchers at SecurityScorecard say the "fileless" malware loader in the attack - Teardrop - actually dates back to 2017.
- Cisco fixes three critical bugs in ACI Multi-Site Orchestrator, Application Services Engine, and...by Pierluigi Paganini on February 25, 2021 at 9:41 pm
Cisco addressed over a dozen vulnerabilities in its products, including three critical bugs in ACI Multi-Site Orchestrator, Application Services Engine, and NX-OS software. Cisco released security updates to address over a dozen vulnerabilities affecting multiple products, including three critical […]
- North Korea's Lazarus Group Expands to Stealing Defense Secretsby Jai Vijayan Contributing Writer on February 25, 2021 at 9:20 pm
Several gigabytes of sensitive data stolen from one restricted network, with organizations in more than 12 countries impacted, Kaspersky says.
- What is database encryption?by Peter Wayner on February 25, 2021 at 8:58 pm
Database encryption protects sensitive information by scrambling the data when it's stored, or as it has become popular to say, "is at rest."
- Ransomware, Phishing Will Remain Primary Risks in 2021by Robert Lemos Contributing Writer on February 25, 2021 at 8:35 pm
Attackers have doubled down on ransomware and phishing -- with some tweaks -- while deepfakes and disinformation will become more major threats in the future, according to a trio of threat reports.
Stories
- Firewalla is a solid entry to beef up the security of your work-from-home networkon February 25, 2021 at 6:09 pm
Jack Wallen tries out the Firewalla Gold to see if it's worthy of serving as your work-from-home security device.
- North Korean hackers find another new target: The defense industryon February 25, 2021 at 4:49 pm
The Lazarus group had a busy 2020, and 2021 is shaping up to be another devastatingly productive year for one of the most dangerous hacking groups on the planet.
- VMware patches bug that put many large networks at riskon February 25, 2021 at 4:29 pm
The now-patched vulnerability could have allowed attackers to scan a company's internal network and gain access to sensitive data, says Positive Technologies.
- Security concerns arise over popular Clubhouse app after ties to China-based company revealedon February 25, 2021 at 3:35 pm
The Stanford Internet Observatory alleged that the Chinese government may have had access to audio data from Clubhouse. Here's what users should know.
- Google: We're funding developers to work full-time on Linux securityon February 25, 2021 at 12:15 pm
Two developers, sponsored by Google, will dedicate their time to addressing vulnerabilities in the Linux kernel as part of a wider effort to improve the security of open-source software.
The BackBox Team, ten years after its first release, is happy to announce the new major release of BackBox Linux, version 7.
https://t.co/JupE3qDRtP
Exploit
- [webapps] WordPress Plugin WP-PostRatings 1.86 - 'postratings_image' Cross-Site Scripting
- [webapps] GitLab 11.4.7 - RCE (Authenticated)
- [webapps] Apartment Visitors Management System 1.0 - Authentication Bypass
- [webapps] WordPress Plugin Adning Advertising 1.5.5 - Arbitrary File Upload
- [webapps] Class Scheduling System 1.0 - Multiple Stored XSS
- [webapps] Online Learning Management System 1.0 - Authentication Bypass
- [webapps] Online Learning Management System 1.0 - Multiple Stored XSS
- [webapps] Online Learning Management System 1.0 - 'id' SQL Injection
- [webapps] Wordpress Epsilon Framework Multiple Themes - Unauthenticated Function Injection
- [webapps] Sales and Inventory System for Grocery Store 1.0 - Multiple Stored XSS
Tools
- Proxify - Swiss Army Knife Proxy Tool For HTTP/HTTPS Traffic Capture, Manipulation, And Replay On The Go
- Social-Analyzer - API And Web App For Analyzing And Finding A Person Profile Across +300 Social Media Websites (Detections Are Updated Regularly)
- ApkLeaks - Scanning APK File For URIs, Endpoints And Secrets
- Aura - Python Source Code Auditing And Static Analysis On A Large Scale
- Vulmap - Web Vulnerability Scanning And Verification Tools