BackBox News
Latest news and insights on Security
-
Support for Adobe Acrobat, Reader 2015 Will End on April 7, 2020
by Eduard Kovacs on November 19, 2019 at 1:13 pm
Adobe on Monday informed customers that support for Acrobat 2015 and Reader 2015 will end on April 7, 2020. Adobe provides up to five years of support for its products and the time is nearly up for Acrobat and Reader 2015. After April 7, 2020, these products will no longer receive any updates, […]
-
How to prepare for the U.S. Census to move online
by Doug Olenick on November 19, 2019 at 1:00 pm
History will be made on April 1, 2020. For the first time, the United States Census will offer a full internet response option, in addition to traditional paper responses. The digitization of the census is meant to address the challenges of counting an increasingly large and diverse population, […]
-
Antivirus vendors and non-profits join to form 'Coalition Against Stalkerware'
on November 19, 2019 at 1:00 pm
New cross-industry initiative forms to bring an end to commodity stalkerware apps and victim abuse.
-
Android flaw lets rogue apps take photos, record video even if your phone is locked
on November 19, 2019 at 12:26 pm
Millions of Google and Samsung devices were vulnerable to exploit.
-
Ransomware Attack Hits Louisiana State Servers
by Ionut Arghire on November 19, 2019 at 12:20 pm
Louisiana Governor John Bel Edwards on Monday revealed that a ransomware attack hit state servers, prompting a response from the state’s cyber-security team. read more
-
Hacking and cyber espionage: The countries that are going to emerge as major threats in the 2020s
on November 19, 2019 at 11:30 am
Nation-state backed cyber groups have been responsible for major incidents over the last decade. And now more countries want the same power.
-
Macy’s suffers online Magecart card-skimming attack, data breach
on November 19, 2019 at 10:32 am
The department store detected malicious code in its online payment portal.
-
Payment Card Skimmer Found on Macy's Website
by Eduard Kovacs on November 19, 2019 at 9:51 am
Macy’s has started informing some of its customers that their personal and financial information may have been stolen by cybercriminals. read more
-
Ransomware infected systems at state government of Louisiana
by Pierluigi Paganini on November 19, 2019 at 8:50 am
Another ransomware attack made the headlines, the victim is the state government of Louisiana, numerous services have been impacted. The state government of Louisiana was hit by a ransomware attack that affected multiple state services including the Office of Motor Vehicles, the Department of […]
-
Adobe announces end of support for Acrobat, Reader 2015
on November 19, 2019 at 7:47 am
After the deadline, customers will no longer receive any security patches for their software.
Stories
-
Brand new Android smartphones shipped with 146 security flaws
by John E Dunn on November 19, 2019 at 1:16 pm
If you think brand new, just-out-of-the-box Android smartphones are immune from security vulnerabilities - think again.
-
DuckDuckGo Will Automatically Encrypt More Sites You Visit
by Lily Hay Newman on November 19, 2019 at 1:00 pm
If a site offers HTTPS, DuckDuckGo's Smarter Encryption will take you there.
-
Ho Ho OUCH! There are 4x more fake retailer sites than real ones
by Lisa Vaas on November 19, 2019 at 12:17 pm
Beware, holiday shoppers! The phishers hiding under typosquatting domains are waiting for your keyboard fumbles.
-
Sophos 2020 Threat Report: AI is the new battleground
by Danny Bradbury on November 19, 2019 at 11:41 am
The SophosLabs 2020 Threat Report highlights a growing battle as smart automation technologies continue to evolve.
-
Booter boss behind millions of DDoS-for-hire attacks jailed
by Lisa Vaas on November 19, 2019 at 10:52 am
The US is also juicing him for over half a million in profits from multiple DDoS-for-hire services.
https://t.co/o5dY1HyfEB is proud to introduce https://t.co/ZMMG8EDPIm, a professional OSINT tool designed to promptly notify the customer about any data leak found while crawling all kind of sources on the Internet, the Darkweb and the Deepweb.
https://t.co/uRSVBDnU9i
Exploit
- [local] Emerson PAC Machine Edition 9.70 Build 8595 - 'FxControlRuntime' Unquoted Service Path
- [local] ASUS HM Com Service 1.00.31 - 'asHMComSvc' Unquoted Service Path
- [dos] iSmartViewPro 1.3.34 - Denial of Service (PoC)
- [remote] nipper-ng 0.11.10 - Remote Buffer Overflow (PoC)
- [webapps] Lexmark Services Monitor 2.27.4.0.39 - Directory Traversal
- [webapps] Crystal Live HTTP Server 6.01 - Directory Traversal
- [dos] Open Proficy HMI-SCADA 5.0.0.25920 - 'Password' Denial of Service (PoC)
- [local] NCP_Secure_Entry_Client 9.2 - Unquoted Service Paths
- [local] MobileGo 8.5.0 - Insecure File Permissions
- [webapps] Centova Cast 3.2.11 - Arbitrary File Download
Tools
- SQL Injection Payload List
- Andor - Blind SQL Injection Tool With Golang
- DetectionLab - Vagrant And Packer Scripts To Build A Lab Environment Complete With Security Tooling And Logging Best Practices
- RedPeanut - A Small RAT Developed In .Net Core 2 And Its Agent In .Net 3.5/4.0
- Seeker v1.1.9 - Accurately Locate Smartphones Using Social Engineering