BackBox News
Latest news and insights on Security
-
Exclusive: Any Chingari App (Indian TikTok Clone) Account Can Be Hacked Easily
by noreply@blogger.com (Ravie Lakshmanan) on July 11, 2020 at 7:03 pm
Following vulnerability disclosure in the Mitron app, another viral TikTok clone in India has now been found vulnerable to a critical but easy-to-exploit authentication bypass vulnerability, allowing anyone to hijack any user account and tamper with their information, content, and even upload […]
-
Yevgeniy Nikulin, Russian hacker behind Dropbox and LinkedIn hacks found guilty
by Pierluigi Paganini on July 11, 2020 at 5:39 pm
The Russian hacker Yevgeniy Nikulin found guilty for LinkedIn, Dropbox, and Formspring data breach back in 2012 and the sale of their users’ data. A jury found Russian hacker Yevgeniy Nikulin guilty for the hack of LinkedIn, Dropbox, and Formspring back in 2012 and for the sale of the stolen […]
-
Kasa camera flaw allows enumerating usernames for credential stuffing
by Sudais Asif on July 11, 2020 at 4:56 pm
By Sudais Asif The hacker who happens to be a hobbyist farmer and Kasa camera... This is a post from HackRead.com Read the original post: Kasa camera flaw allows enumerating usernames for credential stuffing
-
Transform 2020: 4 days of deep-dive AI learning
by VB Staff on July 11, 2020 at 4:43 pm
See the full agenda of Transform 2020, July 14-17; each day is dedicated to a specific aspect of AI, from automation to conversational AI and AI at the edge.
-
Russian hacker found guilty for Dropbox, LinkedIn, and Formspring breaches
on July 11, 2020 at 8:24 am
Sentencing scheduled for September 2020.
-
Hackers are scanning the web for vulnerable Citrix systems
by Pierluigi Paganini on July 11, 2020 at 4:48 am
Threat actors are scanning the Internet for Citrix systems affected by the recently disclosed vulnerabilities. This week Citrix has addressed 11 vulnerabilities affecting the ADC, Gateway, and SD-WAN WANOP networking products. The vulnerabilities could be exploited by attackers for local […]
-
Evilnum Group targets European and British fintech companies
by Pierluigi Paganini on July 11, 2020 at 4:45 am
A threat actor tracked as Evilnum targeted financial technology companies, mainly the British and European ones, ESET researchers reported. Evilnum threat actor was first spotted in 2018 while using the homonym malware. Over the years, the group added new tools to its arsenal, including custom and […]
-
Trump commutes Roger Stone’s sentence stemming from Mueller probe
by Teri Robinson on July 11, 2020 at 1:24 am
President Trump has commuted the sentence of long-time confidante Roger Stone who was to report to prison on July 14 to serve 40 months after being found guilty of seven counts, including obstruction, witness tampering and lying to Congress. During Stone’s trial, which stemmed from Special […]
-
Biden’s new CISO must keep campaign leaders engaged while navigating strange Covid-19 world
by Bradley Barth on July 11, 2020 at 12:33 am
As the newly appointed CISO of Joe Biden’s presidential campaign, Chris DeRusha, former chief security officer with the State of Michigan, has fewer than four months to implement his cybersecurity vision before Election Day arrives — all in the midst of a pandemic that has altered the […]
-
Researchers create magstripe versions from EMV and contactless cards
on July 11, 2020 at 12:05 am
Banking industry loophole reported more than a decade ago still remains open and ripe for exploitation today.
Stories
-
15 Billion Stolen Logins Are Circulating on the Dark Web
by Brian Barrett on July 11, 2020 at 1:00 pm
Plus: Facebook's Roger Stone takedown, the BlueLeaks server seizure, and more of the week's top security news.
-
The 'Super Smash Bros.' Community Reckons With Sexual Misconduct Allegations
by Cecilia D'Anastasio on July 10, 2020 at 8:12 pm
Dozens of people have come forward over the past week, many pointing to a culture that they say enabled rampant predatory behavior.
-
Amazon Says It Didn’t Mean to Ban Employees From Using TikTok
by Louise Matsakis on July 10, 2020 at 6:28 pm
US lawmakers have repeatedly raised security concerns over the app's Chinese ownership. Are US businesses next?
-
Quantum computers and cryptography for dummies
by Egor Nashilov on July 10, 2020 at 5:28 pm
We explore how encryption protects your data and why quantum computers might shake things up.
-
Software-defined perimeters may be the solution to remote work security concerns
on July 10, 2020 at 3:16 pm
The massive remote work shift due to COVID-19 has increased interest in SDPs, with 70% of respondents polled for a new report saying they're now considering adopting one in the coming year.
The BackBox Team, ten years after its first release, is happy to announce the new major release of BackBox Linux, version 7.
https://t.co/JupE3qDRtP
https://t.co/o5dY1HyfEB is proud to introduce https://t.co/ZMMG8EDPIm, a professional OSINT tool designed to promptly notify the customer about any data leak found while crawling all kind of sources on the Internet, the Darkweb and the Deepweb.
https://t.co/uRSVBDnU9i
Exploit
- [webapps] WhatsApp Remote Code Execution - Paper
- [webapps] ZenTao Pro 8.8.2 - Command Injection
- [webapps] OCS Inventory NG 2.7 - Remote Code Execution
- [webapps] Online Shopping Portal 3.1 - Authentication Bypass
- [local] RM Downloader 2.50.60 2006.06.23 - 'Load' Local Buffer Overflow (EggHunter) (SEH) (PoC)
- [webapps] e-learning Php Script 0.1.0 - 'search' SQL Injection
- [webapps] PHP-Fusion 9.03.60 - PHP Object Injection
- [webapps] Victor CMS 1.0 - 'user_firstname' Persistent Cross-Site Scripting
- [webapps] Reside Property Management 3.0 - 'profile' SQL Injection
- [webapps] OpenEMR 5.0.1 - 'controller' Remote Code Execution