BackBox News
Latest news and insights on Security
-
Security 101: SQL Injection
by Curtis Franklin Jr. Senior Editor at Dark Reading on May 27, 2020 at 7:50 pm
A carefully crafted attack can convince a database to reveal all its secrets. Understanding the basics of what the attack looks like and how to protect against it can go a long way toward limiting the threat.
-
26M LiveJournal bloggers’ credentials a hit on dark web six years later
by Teri Robinson on May 27, 2020 at 7:33 pm
Six years after blogging platform LiveJournal was hacked, the credentials of some 26 million users are being sold and traded on multiple hacker forums and the dark market. Complicating the breach’s fallout, the database’s old and/or unique passwords have allowed bad actors to launch […]
-
Grandoreiro Malware implements new features in Q2 2020
by Pierluigi Paganini on May 27, 2020 at 7:27 pm
The updated Grandoreiro Malware equipped with latenbot-C2 features in Q2 2020 now extended to Portuguese banks Grandoreiro is a Latin American banking trojan targeting Brazil, Mexico, Spain, Peru, and has now extended to Portugal. Cybercriminals attempt to compromise computers to generate […]
-
Arbonne breach of 3,500+ Calif. residents’ PII could test privacy law
by Teri Robinson on May 27, 2020 at 7:25 pm
The exposure of the PII of more than 3,500 California residents in the database of international multi-level marketing firm Arbonne following a breach on April 23 offers a glimpse into whether the state will enforce its new privacy statute that went into effect in January. Almost half of a […]
-
HackerOne Bounties Hit $100M Milestone
by Dark Reading Staff on May 27, 2020 at 7:23 pm
The bug-hunting platform has now paid more than $100 million in bounties since October 2013.
-
Execs, dignitaries call on nations to help end cyberattacks on health care orgs
by Bradley Barth on May 27, 2020 at 7:15 pm
The CyberPeace Institute and dozens of international leaders and dignitaries on Tuesday collectively urged the world’s governments in an open letter to help put an end to cyberattacks on hospitals and health care institutions that are already under the incredible strain of combatting the […]
-
HackerOne Says Bug Bounty Hunters Earned $100 Million Through Its Platform
by Eduard Kovacs on May 27, 2020 at 7:07 pm
HackerOne announced on Wednesday that its bug bounty platform has helped researchers earn more than $100 million since the company started paying hackers in October 2013. read more
-
Standing Privilege: The Attacker's Advantage
by Tim Keeler Founder and CEO, Remediant on May 27, 2020 at 6:00 pm
The credential is a commodity and will continue to be breached. As a result, focus and spending must shift toward the access that the credentials provide.
-
Google’s federated analytics method could analyze end user data without invading privacy
by Kyle Wiggers on May 27, 2020 at 5:56 pm
Google's federated analytics techniques, which power features like Now Playing, could be used to analyze end user data without invading privacy.
-
IBM Named a Leader in ‘The Forrester Wave™: Risk-Based Authentication, Q2 2020’
by Michael Keane on May 27, 2020 at 5:23 pm
In today’s hybrid multicloud environment, users expect to be able to access their work and personal resources from wherever they are, whenever they need them. With this expanded security perimeter, and especially considering this year’s tectonic shift in remote work, organizations need […]
Stories
-
Majority of COVID phishing attacks coming from US IP addresses, report finds
on May 27, 2020 at 7:23 pm
An anti-phishing firm discovered that most of the malicious coronavirus emails were coming from the United States.
-
Why developed countries are more vulnerable to cybercrime
on May 27, 2020 at 6:40 pm
Developed nations have higher incomes, technology, urbanization, and digitalization, which are all factors for greater cyber risk, says VPN provider NordVPN.
-
Apple sends out 11 security alerts – get your fixes now!
by Paul Ducklin on May 27, 2020 at 4:15 pm
Apple's current round of updates have been officially anounced in the company's latest Security Advisory emails.
-
Google Chrome Is Getting a Bunch of New Privacy Features
by Matt Burgess, WIRED UK on May 27, 2020 at 3:00 pm
The next version of the browser will be more secure than ever. Here’s what you need to know.
-
Transatlantic Cable podcast, episode 144
by Jeffrey Esposito on May 27, 2020 at 2:31 pm
Dave and Jeff sit down with Marco Preuss to discuss the ethics of social ratings, masked selfies, and more.
The BackBox Team, ten years after its first release, is happy to announce the new major release of BackBox Linux, version 7.
https://t.co/JupE3qDRtP
https://t.co/o5dY1HyfEB is proud to introduce https://t.co/ZMMG8EDPIm, a professional OSINT tool designed to promptly notify the customer about any data leak found while crawling all kind of sources on the Internet, the Darkweb and the Deepweb.
https://t.co/uRSVBDnU9i
Exploit
- [webapps] ManageEngine Service Desk 10.0 - Cross-Site Scripting
- [webapps] vBulletin 5.6.1 - 'nodeId' SQL Injection
- [webapps] Netlink XPON 1GE WiFi V2801RGW - Remote Command Execution
- [local] Dameware Remote Support 12.1.1.273 - Buffer Overflow (SEH)
- [webapps] E-Commerce System 1.0 - Unauthenticated Remote Code Execution
- [webapps] Complaint Management System 1.0 - 'username' SQL Injection
- [local] Remote Desktop Audit 2.3.0.157 - Buffer Overflow (SEH)
- [webapps] Tryton 5.4 - Persistent Cross-Site Scripting
- [webapps] Sellacious eCommerce 4.6 - Persistent Cross-Site Scripting
- [webapps] TylerTech Eagle 2018.3.11 - Remote Code Execution
Tools
- DiscordRAT - Discord Remote Administration Tool Fully Written In Python
- Lockphish - A Tool For Phishing Attacks On The Lock Screen, Designed To Grab Windows Credentials, Android PIN And iPhone Passcode
- DalFox (Finder Of XSS) - Parameter Analysis And XSS Scanning Tool Based On Golang
- Saycheese - Grab Target'S Webcam Shots By Link
- Kaiten - A Undetectable Payload Generation