BackBox News
Latest news and insights on Security
- President Biden’s Peloton exercise equipment under scrutinyby Pierluigi Paganini on January 18, 2021 at 12:58 am
President Joe Biden can’t bring his Peloton exercise equipment to the White House due to security reasons. According to a Popular Mechanics report, President Joe Biden is going to move to the White House and likely he will have to give up his Peloton exercise equipment for security reasons. […]
- Xiaomi denies any ties with Chinese militaryon January 18, 2021 at 12:31 am
The device maker has released a statement saying that it is not a Communist Chinese military company.
- WhatsApp delays take it or leave it privacy terms update until Mayon January 17, 2021 at 11:07 pm
Meanwhile, Signal has so many new users that it fell over on the weekend.
- Ransomware reveals the hidden weakness of our big tech worldon January 17, 2021 at 11:00 pm
The flaws we have long overlooked are the ones that ransomware has exploited to brutal impact.
- EMA said that hackers manipulated stolen documents before leaking themby Pierluigi Paganini on January 17, 2021 at 10:29 pm
The European Medicines Agency (EMA) revealed Friday that COVID-19 vaccine documents stolen from its servers have been manipulated before the leak. The European Medicines Agency (EMA) declared that COVID-19 vaccine documents stolen from its servers in a recent cyber attack have been manipulated. In […]
- Critical flaws in Orbit Fox WordPress plugin allows site takeoverby Pierluigi Paganini on January 17, 2021 at 1:46 pm
Two vulnerabilities in the Orbit Fox WordPress plugin, a privilege-escalation issue and a stored XSS bug, can allow site takeover. Security experts from Wordfence have discovered two security vulnerabilities in the Orbit Fox WordPress plugin. The flaws are a privilege-escalation vulnerability and a […]
- Security Affairs newsletter Round 297by Pierluigi Paganini on January 17, 2021 at 11:20 am
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. It is time to re-evaluate Cyber-defence solutions New Zealand central bank hit by a cyber attack TeamTNT botnet now steals Docker API and AWS […]
- Two kids found a screensaver bypass in Linux Mintby Pierluigi Paganini on January 16, 2021 at 10:52 pm
The development team behind the Linux Mint distro has fixed a security flaw that could have allowed users to bypass the OS screensaver. The maintainers of the Linux Mint project have addressed a security bug that could have allowed attackers to bypass the OS screensaver. The curious aspect of this […]
- UK Police mistakenly deleted 150,000 arrest records in software glitchby Waqas on January 16, 2021 at 7:20 pm
By Waqas Reportedly, a software glitch wiped DNA and fingerprint data from the police computer. This is a post from HackRead.com Read the original post: UK Police mistakenly deleted 150,000 arrest records in software glitch
- DuckDuckGo surpasses 100 million daily search queries for the first timeon January 16, 2021 at 6:26 pm
DuckDuckGo reaches historic milestone in a week when both Signal and Telegram saw a huge influx of new users.
Stories
- Former DOD Head: The US Needs a New Plan to Beat China on AIby Nicholas Thompson on January 17, 2021 at 12:00 pm
In an interview with WIRED, former secretary of defense Ash Carter discussed how to build morality into AI—and make sure other countries do too.
- The FBI Has Made Over 100 Arrests Related to the Capitol Riotby Brian Barrett on January 16, 2021 at 2:00 pm
Plus: A dark web takedown, a bitcoin scam, and more of the week's top security news.
- The Race Is On to Identify and Stop Inauguration Riotersby Matt Burgess, WIRED UK on January 16, 2021 at 1:00 pm
As tech companies scramble to tackle the extreme far-right, police and law enforcement are encasing Washington, DC, in a ring of steel.
- Big Tech Can’t Ban Its Way Out of Thisby Gilad Edelman on January 16, 2021 at 12:00 pm
Platforms are scrambling to avoid being used by right-wing extremists targeting the inauguration. But the seeds of this crisis were sown long ago.
- Telegram security and privacy tipsby Kaspersky Team on January 15, 2021 at 7:26 pm
We explain why secret chats in Telegram are a must, and how to configure security and privacy.
The BackBox Team, ten years after its first release, is happy to announce the new major release of BackBox Linux, version 7.
https://t.co/JupE3qDRtP
Exploit
- [webapps] GitLab 11.4.7 - RCE (Authenticated)
- [webapps] Apartment Visitors Management System 1.0 - Authentication Bypass
- [webapps] WordPress Plugin Adning Advertising 1.5.5 - Arbitrary File Upload
- [webapps] WordPress Plugin WP-PostRatings 1.86 - 'postratings_image' Cross-Site Scripting
- [webapps] Online Learning Management System 1.0 - Authentication Bypass
- [webapps] Online Learning Management System 1.0 - Multiple Stored XSS
- [webapps] Online Learning Management System 1.0 - 'id' SQL Injection
- [webapps] Wordpress Epsilon Framework Multiple Themes - Unauthenticated Function Injection
- [webapps] Sales and Inventory System for Grocery Store 1.0 - Multiple Stored XSS
- [webapps] TerraMaster TOS 4.2.06 - Unauthenticated Remote Code Execution (Metasploit)
Tools
- Proxify - Swiss Army Knife Proxy Tool For HTTP/HTTPS Traffic Capture, Manipulation, And Replay On The Go
- Social-Analyzer - API And Web App For Analyzing And Finding A Person Profile Across +300 Social Media Websites (Detections Are Updated Regularly)
- ApkLeaks - Scanning APK File For URIs, Endpoints And Secrets
- Aura - Python Source Code Auditing And Static Analysis On A Large Scale
- Vulmap - Web Vulnerability Scanning And Verification Tools