BackBox News
Latest news and insights on Security
- Health care API adoption is slowed by security concerns and skills gapby George Lawton on April 19, 2021 at 4:10 pm
Health care lags behind other industries in API adoption, but digital transformation projects and regulatory requirements will spur usage.
- What COVID-19 Taught Us: Prepping Cybersecurity for the Next Crisisby Sivan Tehila on April 19, 2021 at 3:27 pm
Sivan Tehila, cybersecurity strategist at Perimeter 81, discusses climate change and the cyber-resilience lessons companies should take away from dealing with the pandemic.
- Randori probes likely attack targets for cyberdefenseby Fahmida Y. Rashid on April 19, 2021 at 3:15 pm
To give enterprise defenders insight into their attack surface, Randori tells them which assets attackers are likely to target.
- SolarWinds: A Catalyst for Change & a Cry for Collaborationby Kurt John Chief Cybersecurity Officer, Siemens USA on April 19, 2021 at 2:00 pm
Cybersecurity is more than technology or safeguards like zero trust; mostly, it's about collaboration.
- Mastercard buys digital identity firm Ekata for $850 millionon April 19, 2021 at 1:52 pm
The move will bolster Mastercard's digital identity and security platform and framework.
- 'High-level' organiser of FIN7 hacking group sentenced to ten years in prisonon April 19, 2021 at 1:51 pm
Ukranian man pleaded guilty to conspiracy to commit wire fraud and one count of conspiracy to commit computer hacking.
- XCSSET malware now targets macOS 11 and M1-based Macsby Pierluigi Paganini on April 19, 2021 at 1:28 pm
XCSSET, a Mac malware targeting Xcode developers, was now re-engineered and employed in a campaign aimed at Apple’s new M1 chips. Experts from Trend Micro have uncovered a Mac malware campaign targeting Xcode developers that employed a re-engineered version of the XCSSET malware to support […]
- Everything you need to know about the Microsoft Exchange Server hackon April 19, 2021 at 1:04 pm
Updated: Vulnerabilities are being exploited by Hafnium. Other cyberattackers are following suit.
- Malware That Spreads Via Xcode Projects Now Targeting Apple's M1-based Macsby noreply@blogger.com (Ravie Lakshmanan) on April 19, 2021 at 11:58 am
A Mac malware campaign targeting Xcode developers has been retooled to add support for Apple's new M1 chips and expand its features to steal confidential information from cryptocurrency apps. XCSSET came into the spotlight in August 2020 after it was found to spread via modified Xcode IDE […]
- Member of FIN7 Hacking Group Sentenced to US Prisonby AFP on April 19, 2021 at 11:39 am
A Ukrainian national arrested for his role in a hacking group that compromised millions of financial accounts was sentenced to a decade in prison, US prosecutors said Friday. read more
Stories
- Naked Security Live – To hack or not to hack?by Paul Ducklin on April 19, 2021 at 1:52 pm
Latest video - watch now! We look at the recent FBI "webshell hacking" controversy from both sides.
- Nonprofit provides help to hospitals battling ransomwareon April 19, 2021 at 1:48 pm
The Center for Internet Security recently launched a free tool for private U.S. hospitals to block malicious activity.
- Concerns grow over digital threats faced from former employeeson April 19, 2021 at 1:44 pm
Security experts said the recent upheaval in the job market makes it imperative to bolster separation protocols further.
- Serious Security: Rowhammer is back, but now it’s called SMASHby Paul Ducklin on April 19, 2021 at 12:26 pm
Simply put: reading from RAM in your program could write to RAM in someone else's
- Buyers of mining equipment scammed for bitcoins | Kaspersky official blogby Mikhail Sytnik on April 19, 2021 at 11:57 am
Scammers are luring victims to a clone site that appears to sell scarce cryptomining equipment but actually steals bitcoins.
Updated Packages: apktool, binwalk, bully, dirsearch, knockpy, sqlmap, wireshark https://t.co/qVJUW0YWxY
Exploit
- [webapps] Simple Student Information System 1.0 - SQL Injection (Authentication Bypass)
- [webapps] Blitar Tourism 1.0 - Authentication Bypass SQLi
- [webapps] ExpressVPN VPN Router 1.0 - Router Login Panel's Integer Overflow
- [remote] vsftpd 2.3.4 - Backdoor Command Execution
- [webapps] PrestaShop 1.7.6.7 - 'location' Blind Sql Injection
- [webapps] DMA Radius Manager 4.4.0 - Cross-Site Request Forgery (CSRF)
- [webapps] Composr 10.0.36 - Remote Code Execution
- [remote] Linux Kernel 5.4 - 'BleedingTooth' Bluetooth Zero-Click Remote Code Execution
- [webapps] CMSimple 5.2 - 'External' Stored XSS
- [webapps] Atlassian Jira Service Desk 4.9.1 - Unrestricted File Upload to XSS
Tools
- Ronin - A Ruby Platform For Vulnerability Research And Exploit Development
- Dwn - D(Ockerp)Wn - A Docker Pwn Tool Manager
- SYNwall - A Zero-Configuration (IoT) Firewall
- Cpufetch - Simplistic Yet Fancy CPU Architecture Fetching Tool
- AzureC2Relay - An Azure Function That Validates And Relays Cobalt Strike Beacon Traffic By Verifying The Incoming Requests Based On A Cobalt Strike Malleable C2 Profile