BackBox News
Latest news and insights on Security
- GitGuardian Raises $44 Million to Create Code Security Platformby Eduard Kovacs on December 7, 2021 at 1:30 pm
Code security company GitGuardian on Tuesday announced raising $44 million in a Series B funding round, which brings the total raised by the company to $56 million. The latest funding round was led by Eurazeo, with participation from Sapphire, Balderton, BPI and Fly Ventures. read more
- SolarWinds Attackers Spotted Using New Tactics, Malwareby Elizabeth Montalbano on December 7, 2021 at 1:24 pm
One year after the disruptive supply-chain attacks, researchers have observed two new clusters of activity from the Russia-based actors that signal a significant threat may be brewing.
- Microsoft Seizes Domains Used by China-Linked APT 'Nickel'by Ionut Arghire on December 7, 2021 at 1:04 pm
Microsoft says it has seized control of domains that China-linked threat actor Nickel has been employing in malicious attacks targeting organizations in the United States and worldwide. read more
- Identity verification startup Incode raises $220Mby Kyle Wiggers on December 7, 2021 at 1:00 pm
Incode, a company developing an AI-powered identity verification product, has raised $220 million in venture capital.
- GitGuardian raises $44M to offer ‘comprehensive’ code securityby Kyle Alspach on December 7, 2021 at 1:00 pm
GitGuardian, which offers a secrets detector for GitHub, aims to expand into a broader provider of code security and enabler of DevSecOps.
- Aruba rolls out "Microbranch" networking to level up home officeson December 7, 2021 at 1:00 pm
The new EdgeConnect Microbranch solution promises to bring office-level networking capabilities to home offices via a single Wi-Fi access point.
- Firefox 95 Rolls Out With New 'RLBox' Isolation Featureby Ionut Arghire on December 7, 2021 at 12:11 pm
Mozilla on Monday released Firefox 95 to the stable channel with a new isolation feature in tow, designed to keep untrusted code at bay and better protect users from web attacks that attempt to escape the sandbox. read more
- Eltima SDK Contain Multiple Vulnerabilities Affecting Several Cloud Service Providesby noreply@blogger.com (Ravie Lakshmanan) on December 7, 2021 at 12:06 pm
Cybersecurity researchers have disclosed multiple vulnerabilities in a third-party driver software developed by Eltima that have been "unwittingly inherited" by cloud desktop solutions like Amazon Workspaces, Accops, and NoMachine and could provide attackers a path to perform an array of malicious […]
- SolarWinds Hackers Use New Malware in Attacks That Serve Russian Interestsby Eduard Kovacs on December 7, 2021 at 11:38 am
The threat group believed to be responsible for the attack on IT management company SolarWinds has developed new malware as it continues to target organizations that possess data relevant to Russian interests. read more
- SolarWinds Hackers Targeting Government and Business Entities Worldwideby noreply@blogger.com (Ravie Lakshmanan) on December 7, 2021 at 11:07 am
Nobelium, the threat actor attributed to the massive SolarWinds supply chain compromise, has been once again linked to a series of attacks targeting multiple cloud solution providers, services, and reseller companies, as the hacking group continues to refine and retool its tactics at an alarming […]
Stories
- You can learn coding, 3D animation, cybersecurity and more with this e-learning bundleon December 7, 2021 at 11:00 am
Get access to certification trainings, tech classes, art lessons and much more. You'll get lifetime access, so you can learn whenever you have the time.
- How to write YARA rules for improving your security and malware detectionon December 6, 2021 at 4:57 pm
YARA won't replace antivirus software, but it can help you detect problems more efficiently and allows more customization. Learn how to write YARA rules to improve security and incident response .
- Cryptocurrency startup fails to subtract before adding, loses $31mby Paul Ducklin on December 6, 2021 at 3:50 pm
Think of a number, any number. Take away 42. Add 42 back in. Then pretend you didn't take away 42. How much is left?
- How to lock a Zoom meeting to keep out unwanted guestson December 6, 2021 at 3:17 pm
One good way to prevent unwelcome participants or late arrivals from joining your Zoom meetings is to lock those meetings. Here's a look at how it's done.
- What are buffer overflow attacks and how are they thwarted?by Rene Holt on December 6, 2021 at 10:30 am
Ever since the Morris worm, buffer overflows have become notorious fare in the world of vulnerabilities The post What are buffer overflow attacks and how are they thwarted? appeared first on WeLiveSecurity
Updated Packages: apktool, binwalk, bully, dirsearch, knockpy, sqlmap, wireshark https://t.co/qVJUW0YWxY
Updated Packages: sqlmap v.1.4.7, wireshark v.3.2.5 https://t.co/qVJUW0YWxY
Exploit
- [webapps] Online Learning System 2.0 - Remote Code Execution (RCE)
- [webapps] CMDBuild 3.3.2 - 'Multiple' Cross Site Scripting (XSS)
- [webapps] WordPress Plugin WPSchoolPress 2.1.16 - 'Multiple' Cross Site Scripting (XSS)
- [webapps] KONGA 0.14.9 - Privilege Escalation
- [webapps] Simple Subscription Website 1.0 - SQLi Authentication Bypass
- [webapps] Fuel CMS 1.4.13 - 'col' Blind SQL Injection (Authenticated)
- [webapps] WordPress Plugin Contact Form to Email 1.3.24 - Stored Cross Site Scripting (XSS) (Authenticated)
- [webapps] PHP Laravel 8.70.1 - Cross Site Scripting (XSS) to Cross Site Request Forgery (CSRF)
- [webapps] WordPress Plugin WP Symposium Pro 2021.10 - 'wps_admin_forum_add_name' Stored Cross-Site Scripting (XSS)
- [webapps] Mumara Classic 2.93 - 'license' SQL Injection (Unauthenticated)
Tools
- Fhex - A Full-Featured HexEditor
- EXOCET - AV-evading, Undetectable, Payload Delivery Tool
- Cumulus - Web Application Weakness Monitoring, It Would Be Working By Add Just 3 Codelines
- Clash - A Rule-Based Tunnel In Go
- ChopChop - ChopChop Is A CLI To Help Developers Scanning Endpoints And Identifying Exposition Of Sensitive Services/Files/Folders