BackBox News
Latest news and insights on Security
- Ransomware hits helicopter maker Kopteron December 5, 2020 at 7:15 am
Data from Kopter's internal network has been published on the LockBit gang's blog, hosted on the dark web.
- Hackers Targeting Companies Involved in Covid-19 Vaccine Distributionby noreply@blogger.com (Ravie Lakshmanan) on December 5, 2020 at 6:58 am
A global spear-phishing campaign has been targeting organizations associated with the distribution of COVID-19 vaccines since September 2020, according to new research. Attributing the operation to a nation-state actor, IBM Security X-Force researchers said the attacks took aim at the vaccine […]
- Ransomware gangs are now cold-calling victims if they restore from backups without payingon December 5, 2020 at 1:37 am
Tactic used since August by ransomware gangs like Sekhmet, Maze, Conti, and Ryuk.
- Iranian hackers access unsecured HMI at Israeli Water Facilityby Pierluigi Paganini on December 4, 2020 at 11:42 pm
A group of Iranian hackers gained access to a un unprotected ICS at an Israeli Water Facility and posted a video as proof of the hack. Researchers from industrial cybersecurity firm OTORIO revealed that a group of Iranian hackers gained access to a un unprotected ICS at the Israeli Water Facility. […]
- Kmart, a vulnerable target, among those hit in Egregor ransomware attack spreeby Steve Zurier on December 4, 2020 at 11:42 pm
Kmart stores have dwindled in number since the company filed for bankruptcy in 2018. Some argue that makes the one-time retail giant a logical target. The post Kmart, a vulnerable target, among those hit in Egregor ransomware attack spree appeared first on SC Media.
- Microsoft Cloud Security Exec Talks New Tech, WFH, Gamificationby Kelly Sheridan Staff Editor, Dark Reading on December 4, 2020 at 9:50 pm
Gunter Ollman explains the benefits of CPSM technology, how IT security teams have evolved, and how the pandemic has shaped security.
- Making Sense of the Security Sensor Landscapeby Chris Calvert on December 4, 2020 at 9:33 pm
Chris Calvert of Respond Software (now part of FireEye) outlines the challenges that reduce the efficacy of network security sensors.
- Kmart Hit by Egregor Ransomwareby Dark Reading Staff on December 4, 2020 at 9:20 pm
Egregor is also behind recent attacks on UbiSoft and Barnes & Noble.
- High-Severity Chrome Bugs Allow Browser Hacksby Tom Spring on December 4, 2020 at 8:40 pm
Desktop versions of the browser received a total of eight fixes, half rated high-severity.
- Johnson & Johnson CISO: Healthcare orgs are seeing nation-state attacks every single minute of...on December 4, 2020 at 8:33 pm
Johnson & Johnson is one of six COVID-19 research companies that have been recently targeted by North Korean state-sponsored hackers.
Stories
- Most used passwords for 2020: The internet's favorite curse word, name, food, and teamon December 4, 2020 at 5:38 pm
CyberNews analyzed more than 15 billion passwords; if your favorite one is at the top of the list, it's time to change right now.
- How to avert an evil-maid attackby Bender the Robot on December 4, 2020 at 3:25 pm
Protect your corporate computer from unauthorized physical access.
- Cybersecurity Advent Calendar: Let Santa in, keep hackers out!by Gabrielle Ladouceur Despins on December 4, 2020 at 10:30 am
Santa will soon come down the chimney, but there are potential entry points into your home and digital life that you should never leave open The post Cybersecurity Advent Calendar: Let Santa in, keep hackers out! appeared first on WeLiveSecurity
- A ‘Magical Bug’ Exposed Any iPhone in a Hacker's Wi-Fi Rangeby Lily Hay Newman on December 3, 2020 at 10:27 pm
A Google researcher found flaws in Apple's AWDL protocol that would have allowed for a complete device takeover.
- Phishing campaign threatens coronavirus vaccine supply chainon December 3, 2020 at 8:47 pm
The emails impersonate a member company of the COVID-19 vaccine supply chain to harvest account credentials, says IBM Security X-Force.
The BackBox Team, ten years after its first release, is happy to announce the new major release of BackBox Linux, version 7.
https://t.co/JupE3qDRtP
Exploit
- [webapps] TypeSetter 5.1 - CSRF (Change admin e-mail)
- [webapps] Joomla! Component GMapFP 3.5 - Unauthenticated Arbitrary File Upload
- [webapps] Wordpress Plugin EventON Calendar 3.0.5 - Reflected Cross-Site Scripting
- [webapps] Rejetto HttpFileServer 2.3.x - Remote Command Execution (3)
- [webapps] Intelbras Router RF 301K 1.1.2 - Authentication Bypass
- [remote] YATinyWinFTP - Denial of Service (PoC)
- [webapps] ATX MiniCMTS200a Broadband Gateway 2.0 - Credential Disclosure
- [webapps] Ruckus IoT Controller (Ruckus vRIoT) 1.5.1.0.21 - Remote Code Execution
- [webapps] ElkarBackup 1.3.3 - 'Policy[name]' and 'Policy[Description]' Stored Cross-site Scripting
- [local] SAP Lumira 1.31 - Stored Cross-Site Scripting
Tools
- GG-AESY - Hide Cool Stuff In Images
- Fortiscan - A High Performance FortiGate SSL-VPN Vulnerability Scanning And Exploitation Tool
- Admin-Scanner - This Tool Is Design To Find Admin Panel Of Any Website By Using Custom Wordlist Or Default Wordlist Easily
- Talon - A Password Guessing Tool That Targets The Kerberos And LDAP Services Within The Windows Active Directory Environment
- Webscan - Browser-based Network Scanner And local-IP Detection