BackBox News
Latest news and insights on Security
- ACIC believes there's no legitimate reason to use an encrypted communication platformon May 6, 2021 at 6:33 am
The Australian Criminal Intelligence Commission has said an encrypted communication platform is not something a law-abiding member of the community would use.
- Cisco fixes critical flaws in SD-WAN vManage and HyperFlex HX softwareby Pierluigi Paganini on May 6, 2021 at 6:25 am
Cisco fixed critical flaws in SD-WAN vManage and HyperFlex HX software that could allow creating admin accounts, and executing commands as root. Cisco has addressed critical vulnerabilities affecting SD-WAN vManage and HyperFlex HX software that could allow creating admin accounts and executing […]
- States Push Back Against Use of Facial Recognition by Policeby Associated Press on May 6, 2021 at 2:07 am
Law enforcement agencies across the U.S. have used facial recognition technology to solve homicides and bust human traffickers, but concern about its accuracy and the growing pervasiveness of video surveillance is leading some state lawmakers to hit the pause button. read more
- Facebook blocks Signal from using ads to show Instagram data collectionby Habiba Rashid on May 6, 2021 at 1:07 am
By Habiba Rashid Signal attempted to use the Facebook ad program to show how much data is being collected by Instagram to push targeted ads and got banned. This is a post from HackRead.com Read the original post: Facebook blocks Signal from using ads to show Instagram data collection
- How Internet can get smarter by combining AI and MLby Uzair Amir on May 5, 2021 at 11:09 pm
By Uzair Amir AI has been through many changes in recent years, and it will become even more prevalent and useful for us all shortly. This is a post from HackRead.com Read the original post: How Internet can get smarter by combining AI and ML
- REvil ransomware to blame for UnitingCare Queensland's April attackon May 5, 2021 at 10:54 pm
The healthcare organisation has confirmed the cyber incident it experienced last month was the result of a hit from REvil ransomware.
- Justice Department seizes fake COVID-19 vaccine website stealing info from visitorson May 5, 2021 at 10:45 pm
“Freevaccinecovax.org” was being used for fraud, phishing attacks, and/or deployment of malware, according to The U.S. Attorney’s Office.
- IoT is critical to enterprise digital transformation, Omdia saysby Damon Poeter on May 5, 2021 at 10:40 pm
IoT platform growth set to boom, as industry survey discloses uptick in critical IoT deployments.
- Attackers Seek New Strategies to Improve Macros' Effectivenessby Robert Lemos Contributing Writer on May 5, 2021 at 10:40 pm
The ubiquity of Microsoft Office document formats means attackers will continue to use them to spread malware and infect systems.
- Does Multifactor Authentication Keep Your Remote Workers Safe?by Jennifer Gregory on May 5, 2021 at 10:00 pm
Your eight-character password can be cracked in about eight hours, using brute force attacks — even if you add in numbers, mix up the cases and throw in a special character or three. Odds are high that eight-hour window will soon be even shorter. To combat this, many companies added multifactor […]
Stories
- How a Former Netflix Exec Built a Brazen Bribery Schemeby Jon Brodkin, Ars Technica on May 5, 2021 at 9:00 pm
The company’s ex-vice president of IT faces 20 years in prison for creating a pay-to-play environment with technology vendors.
- Security teams plan a new pandemic quarantine for BYOD devices headed back to the officeon May 5, 2021 at 8:59 pm
A survey from Blackberry finds that IT departments are worried about unpatched devices connecting to corporate networks as offices reopen.
- World Password Day: How to keep yourself and your company data secureon May 5, 2021 at 6:23 pm
The first Thursday in May is World Password Day. Learn some tips for what your organization should do to foster good password management techniques.
- How one phony vaccine website tried to capture your personal informationon May 5, 2021 at 6:04 pm
Recently seized by the government, the site spoofed an actual company developing a coronavirus vaccine in an effort to steal personal data for malicious purposes.
- QR code fraud | Kaspersky official blogby Hugh Aver on May 5, 2021 at 5:00 pm
How QR codes can be dangerous and why you should scan them with caution.
Updated Packages: apktool, binwalk, bully, dirsearch, knockpy, sqlmap, wireshark https://t.co/qVJUW0YWxY
Exploit
- [webapps] ExpressVPN VPN Router 1.0 - Router Login Panel's Integer Overflow
- [webapps] Simple Student Information System 1.0 - SQL Injection (Authentication Bypass)
- [webapps] Blitar Tourism 1.0 - Authentication Bypass SQLi
- [remote] vsftpd 2.3.4 - Backdoor Command Execution
- [webapps] PrestaShop 1.7.6.7 - 'location' Blind Sql Injection
- [remote] Linux Kernel 5.4 - 'BleedingTooth' Bluetooth Zero-Click Remote Code Execution
- [webapps] CMSimple 5.2 - 'External' Stored XSS
- [webapps] DMA Radius Manager 4.4.0 - Cross-Site Request Forgery (CSRF)
- [webapps] Composr 10.0.36 - Remote Code Execution
- [webapps] Atlassian Jira Service Desk 4.9.1 - Unrestricted File Upload to XSS
Tools
- Ronin - A Ruby Platform For Vulnerability Research And Exploit Development
- Dwn - D(Ockerp)Wn - A Docker Pwn Tool Manager
- SYNwall - A Zero-Configuration (IoT) Firewall
- Cpufetch - Simplistic Yet Fancy CPU Architecture Fetching Tool
- AzureC2Relay - An Azure Function That Validates And Relays Cobalt Strike Beacon Traffic By Verifying The Incoming Requests Based On A Cobalt Strike Malleable C2 Profile