BackBox News
Latest news and insights on Security
- Pindrop: Only 34% of call centers are prepared to fight fraudstersby VB Staff on June 13, 2021 at 11:40 pm
Fraud at the agent level decreased during the pandemic, but 57% of survey participants told Pindrop they were seeing more fraud attacks.
- A question no one is asking about the Colonial Pipeline ransom attackby Slava Gomzin on June 13, 2021 at 11:40 pm
Why did the Colonial Pipeline hackers allow themselves to be traced?
- Frequent run-ins with Indian government complicates tech giants’ plansby Reuters on June 13, 2021 at 9:20 pm
(Reuters) — Another spat between India’s government and U.S. big tech has exacerbated disillusion among firms which have spent billions to build hubs in their largest growth market, to the extent some are rethinking expansion plans, people close to the matter said. The government on Saturday […]
- BackdoorDiplomacy APT targets diplomats from Africa and the Middle Eastby Pierluigi Paganini on June 13, 2021 at 8:27 pm
ESET researchers discovered an advanced persistent threat (APT) group, tracked as BackdoorDiplomacy, that is targeting diplomats across Africa and the Middle East. ESET researchers spotted a new state-sponsored group, dubbed BackdoorDiplomacy, that was behind a series of cyberattacks against […]
- APWG: Phishing maintained near-record levels in the first quarter of 2021by Pierluigi Paganini on June 13, 2021 at 2:05 pm
The Anti-Phishing Working Group (APWG) revealed that the number of phishing websites peaked at record levels in the first quarter of 2021. The Anti-Phishing Working Group (APWG) has published its new Phishing Activity Trends Report related to the first quarter of 2021. The document revealed that […]
- Security Affairs newsletter Round 318by Pierluigi Paganini on June 13, 2021 at 12:23 pm
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. REvil Ransomware spokesman releases an interview on recent attacks […]
- Endpoint security is a double-edge sword: protected systems can still be breachedby Louis Columbus on June 12, 2021 at 5:20 pm
Protected endpoints are overloaded with clients, fall behind on patches, and lack reliable visibility, raising the risks of a data breach.
- McDonald’s discloses data breach in US, Taiwan and South Koreaby Pierluigi Paganini on June 12, 2021 at 4:37 pm
McDonald’s fast-food chain disclosed a data breach, hackers have stolen information belonging to customers and employees from the US, South Korea, and Taiwan. McDonald’s, the world’s largest restaurant chain by revenue, has disclosed a data breach that impacted customers and employees from […]
- Volkswagen discloses data breach, 3.3 million customers impactedby Pierluigi Paganini on June 12, 2021 at 1:39 pm
Volkswagen America discloses a data breach at a third-party vendor that exposed the personal details of more than 3.3 million of its customers. Volkswagen America discloses a data breach suffered by a third-party vendor used by the car vendor for sales and marketing purposes. The security breach […]
- Game giant Electronic Arts is the latest victim of massive data breachby Deeba Ahmed on June 12, 2021 at 12:19 pm
By Deeba Ahmed Electronic Arts (EA) has confirmed that hackers have stolen valuable information from the company, and around 780GB of data was compromised. This is a post from HackRead.com Read the original post: Game giant Electronic Arts is the latest victim of massive data breach
Stories
- All the New Privacy Features Coming to iOS and macOSby David Nield on June 13, 2021 at 11:00 am
Improvements designed to keep your email private, crack down on data stealing apps, and help you find lost devices are on their way.
- Google Won't Kill the URL After Allby Brian Barrett on June 12, 2021 at 1:47 pm
Plus: A Colonial Pipeline update, inside details of the FBI's Anom caper, and more of the week's top security news.
- What You Should Know About Voilá, the Latest Viral Selfie Appby Eric Ravenscraft on June 12, 2021 at 12:00 pm
Before you use it to cartoonify your face, consider the risks to your data.
- As Ransomware Demands Boom, Insurance Keeps Paying Outby Josephine Wolff on June 12, 2021 at 11:00 am
While major carriers like AXA have backed away from covering ransoms, don't expect the industry at large to break the vicious cycle.
- McDonald's suffers cyberattack in US, South Korea and Taiwanon June 11, 2021 at 7:55 pm
The restaurant chain reportedly said no U.S. customer data was exposed and the attack did not involve ransomware.
Updated Packages: apktool, binwalk, bully, dirsearch, knockpy, sqlmap, wireshark https://t.co/qVJUW0YWxY
Exploit
- [webapps] Simple Student Information System 1.0 - SQL Injection (Authentication Bypass)
- [webapps] Blitar Tourism 1.0 - Authentication Bypass SQLi
- [webapps] ExpressVPN VPN Router 1.0 - Router Login Panel's Integer Overflow
- [remote] vsftpd 2.3.4 - Backdoor Command Execution
- [webapps] PrestaShop 1.7.6.7 - 'location' Blind Sql Injection
- [webapps] DMA Radius Manager 4.4.0 - Cross-Site Request Forgery (CSRF)
- [webapps] Composr 10.0.36 - Remote Code Execution
- [remote] Linux Kernel 5.4 - 'BleedingTooth' Bluetooth Zero-Click Remote Code Execution
- [webapps] CMSimple 5.2 - 'External' Stored XSS
- [webapps] Atlassian Jira Service Desk 4.9.1 - Unrestricted File Upload to XSS
Tools
- Ronin - A Ruby Platform For Vulnerability Research And Exploit Development
- Dwn - D(Ockerp)Wn - A Docker Pwn Tool Manager
- SYNwall - A Zero-Configuration (IoT) Firewall
- Cpufetch - Simplistic Yet Fancy CPU Architecture Fetching Tool
- AzureC2Relay - An Azure Function That Validates And Relays Cobalt Strike Beacon Traffic By Verifying The Incoming Requests Based On A Cobalt Strike Malleable C2 Profile