BackBox News
Latest news and insights on Security
- Web Trackers Caught Intercepting Online Forms Even Before Users Hit Submitby noreply@blogger.com (Ravie Lakshmanan) on May 19, 2022 at 6:34 am
A new research published by academics from KU Leuven, Radboud University, and the University of Lausanne has revealed that users' email addresses are exfiltrated to tracking, marketing, and analytics domains before such is submitted and without prior consent. The study involved crawling 2.8 […]
- CISA orders federal agencies to fix VMware CVE-2022-22972 and CVE-2022-22973 flawsby Pierluigi Paganini on May 19, 2022 at 6:13 am
CISA orders federal agencies to fix VMware CVE-2022-22972 and CVE-2022-22973 vulnerabilities by May 23, 2022. The Cybersecurity and Infrastructure Security Agency (CISA) issued the Emergency Directive 22-03 to order federal agencies to fix VMware CVE-2022-22972 and CVE-2022-22973 flaws or to remove […]
- VMware Releases Patches for New Vulnerabilities Affecting Multiple Productsby noreply@blogger.com (Ravie Lakshmanan) on May 19, 2022 at 5:48 am
VMware has issued patches to contain two security flaws impacting Workspace ONE Access, Identity Manager, and vRealize Automation that could be exploited to backdoor enterprise networks. The first of the two flaws, tracked as CVE-2022-22972 (CVSS score: 9.8), concerns an authentication bypass […]
- VMware fixed a critical auth bypass issue in some of its productsby Pierluigi Paganini on May 18, 2022 at 9:29 pm
VMware addressed a critical authentication bypass vulnerability “affecting local domain users” in multiple products. The virtualization giant warns that a threat actor can exploit the flaw, tracked as CVE-2022-22972 (CVSSv3 base score of 9.8), to obtain admin privileges and urges customers to […]
- MITRE Creates Framework for Supply Chain Securityby Kelly Jackson Higgins, Editor-in-Chief, Dark Reading on May 18, 2022 at 9:29 pm
System of Trust includes data-driven metrics for evaluating the integrity of software, services, and suppliers.
- Report: 88% of business leaders would pay the ransom if hit by a cyberattackby VB Staff on May 18, 2022 at 9:20 pm
Experts urge victims to not pay ransoms, since it encourages criminals to continue attacking. Businesses, however, have a different mindset.
- CISA to Federal Agencies: Patch VMWare Products Now or Take Them Offlineby Dark Reading Staff, Dark Reading on May 18, 2022 at 9:05 pm
Last month attackers quickly reverse-engineered VMWare patches to launch RCE attacks. CISA warns it's going to happen again.
- How Pwn2Own Made Bug Hunting a Real Sportby Andrada Fiscutean, Contributing Writer, Dark Reading on May 18, 2022 at 8:19 pm
From a scrappy contest where hackers tried to win laptops, Pwn2Own has grown into a premier event that has helped normalize bug hunting.
- How weaponized ransomware is quickly becoming more lethalby Louis Columbus on May 18, 2022 at 8:08 pm
Ivanti’s Ransomware Index Report Q1 2022, released today, helps to explain why ransomware is becoming more lethal.
- Microsoft warns of attacks targeting MSSQL servers using the tool sqlpsby Pierluigi Paganini on May 18, 2022 at 8:04 pm
Microsoft warns of brute-forcing attacks targeting Microsoft SQL Server (MSSQL) database servers exposed online. Microsoft warns of a new hacking campaign aimed at MSSQL servers, threat actors are launching brute-forcing attacks against poorly protected instances. The attacks are using the […]
Stories
- Bitdefender vs Kaspersky: EDR software comparisonby James La Forte on May 18, 2022 at 9:21 pm
Kaspersky excels with its easy to use interface and automation features, while Bitdefender gets the edge on overall detection rates and laboratory test results, but with a slightly more difficult learning curve. The post Bitdefender vs Kaspersky: EDR software comparison appeared first on […]
- Higher education institutions being targeted for ransomware attacksby Brian Stone on May 18, 2022 at 9:12 pm
Three colleges have been victims of cyberattacks in the last three months alone. The post Higher education institutions being targeted for ransomware attacks appeared first on TechRepublic.
- CrowdStrike vs McAfee: EDR software comparisonby Kaylyn McKenna on May 18, 2022 at 8:25 pm
Endpoint detection and response software protects against a variety of threats and attacks. Learn about two of the most popular EDR options, CrowdStrike and McAfee, and how to protect your network. The post CrowdStrike vs McAfee: EDR software comparison appeared first on TechRepublic.
- Sponsored: Helping organizations automate cybersecurity across their digital terrainsby Forescout on May 18, 2022 at 7:17 pm
The digital world is changing, and you need cybersecurity solutions that change with it. Forescout Continuum can help. The post Sponsored: Helping organizations automate cybersecurity across their digital terrains appeared first on TechRepublic.
- CISA issues advisory on top-10 attack vectors, finds hackers exploiting poor cyber practicesby Brian Stone on May 18, 2022 at 3:36 pm
The agency touches on the most popular ways hackers are finding ways into victims’ networks, and issues tips on how to reduce risk. The post CISA issues advisory on top-10 attack vectors, finds hackers exploiting poor cyber practices appeared first on TechRepublic.
Updated Packages: ettercap, wireshark https://t.co/BADkmZZHlG
Updated Packages: apktool, binwalk, bully, dirsearch, knockpy, sqlmap, wireshark https://t.co/qVJUW0YWxY
Exploit
- [remote] SolarView Compact 6.0 - OS Command Injection
- [webapps] Showdoc 2.10.3 - Stored Cross-Site Scripting (XSS)
- [webapps] Survey Sparrow Enterprise Survey Software 2022 - Stored Cross-Site Scripting (XSS)
- [webapps] T-Soft E-Commerce 4 - 'UrunAdi' Stored Cross-Site Scripting (XSS)
- [remote] SDT-CW3B1 1.1.0 - OS Command Injection
- [webapps] T-Soft E-Commerce 4 - SQLi (Authenticated)
- [remote] F5 BIG-IP 16.0.x - Remote Code Execution (RCE)
- [webapps] Royal Event Management System 1.0 - 'todate' SQL Injection (Authenticated)
- [webapps] College Management System 1.0 - 'course_code' SQL Injection (Authenticated)
- [webapps] TLR-2005KSH - Arbitrary File Delete
Tools
- Cyph - Cryptographically Secure Messaging And Social Networking Service
- ShadowClone - Unleash The Power Of Cloud
- Grafiki - Threat Hunting Tool About Sysmon And Graphs
- Vaas - Verdict-as-a-Service SDKs: Analyze Files For Malicious Content
- Kali Linux 2022.2 - Penetration Testing and Ethical Hacking Linux Distribution