The vulnerabilities, tracked as CVE-2023-846805 and CVE-2024-21887, were used in an attack last month to steal configuration data, modify files, and gain unauthorized access to systems.
Atomic Stealer, a popular malware among criminals, has recently been updated with payload encryption to evade detection and has been distributed through malvertising campaigns and cracked software.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-01-11 09:06:312024-01-11 09:06:31Atomic Stealer Rings in the New Year With Updated Version
Cisco has released software updates to address a critical security flaw impacting Unity Connection that could permit an adversary to execute arbitrary commands on the underlying system.
Tracked as CVE-2024-20272 (CVSS score: 7.3), the vulnerability is an arbitrary file upload bug residing in the web-based management interface and is the result of a lack of authentication in a specific
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-01-11 08:09:302024-01-11 08:09:30CES 2024: Will the Coolest New AI Gadgets Protect Your Privacy?
The compromise of Mandiant’s X (formerly Twitter) account last week was likely the result of a “brute-force password attack,” attributing the hack to a drainer-as-a-service (DaaS) group.
“Normally, [two-factor authentication] would have mitigated this, but due to some team transitions and a change in X’s 2FA policy, we were not adequately protected,” the threat intelligence firm said
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-01-11 08:09:292024-01-11 08:09:29Mandiant’s X Account Was Hacked Using Brute-Force Attack
A pair of zero-day flaws identified in Ivanti Connect Secure (ICS) and Policy Secure have been chained by suspected China-linked nation-state actors to breach less than 10 customers.
Cybersecurity firm Volexity, which identified the activity on the network of one of its customers in the second week of December 2023, attributed it to a hacking group it tracks under the name UTA0178
There’s a growing disconnect between the reality of finding a new job in cybersecurity and the double-digit growth rates that typify cybersecurity job forecasts that predict a hiring crisis.Read More
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-01-10 22:09:522024-01-10 22:09:52Job hunter’s guide to the top cybersecurity companies hiring in 2024
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-01-10 22:09:522024-01-10 22:09:52Bitcoin Prices Spike After SEC X Account Hack
BackBox.org offers a range of Penetration Testing services to simulate an attack on your network or application. If you are interested in our services, please contact us and we will provide you with further information as well as an initial consultation.
Actively Exploited Zero-Days in Ivanti VPN are Letting Hackers Backdoor Networks
/in General NewsThe vulnerabilities, tracked as CVE-2023-846805 and CVE-2024-21887, were used in an attack last month to steal configuration data, modify files, and gain unauthorized access to systems.
Cyware News – Latest Cyber News – Read More
Atomic Stealer Rings in the New Year With Updated Version
/in General NewsAtomic Stealer, a popular malware among criminals, has recently been updated with payload encryption to evade detection and has been distributed through malvertising campaigns and cracked software.
Cyware News – Latest Cyber News – Read More
Cisco Fixes High-Risk Vulnerability Impacting Unity Connection Software
/in General NewsCisco has released software updates to address a critical security flaw impacting Unity Connection that could permit an adversary to execute arbitrary commands on the underlying system.
Tracked as CVE-2024-20272 (CVSS score: 7.3), the vulnerability is an arbitrary file upload bug residing in the web-based management interface and is the result of a lack of authentication in a specific
The Hacker News – Read More
Attacker Targets Hadoop YARN, Flint Servers in Stealthy Campaign
/in General NewsThe adversary is exploiting two known misconfigurations in the big data technologies to drop a Monero cryptominer.
darkreading – Read More
CES 2024: Will the Coolest New AI Gadgets Protect Your Privacy?
/in General NewsConsumer electronics manufacturers are innovating fast. Regulators are slow to keep up. Data privacy is in the balance.
darkreading – Read More
Mandiant’s X Account Was Hacked Using Brute-Force Attack
/in General NewsThe compromise of Mandiant’s X (formerly Twitter) account last week was likely the result of a “brute-force password attack,” attributing the hack to a drainer-as-a-service (DaaS) group.
“Normally, [two-factor authentication] would have mitigated this, but due to some team transitions and a change in X’s 2FA policy, we were not adequately protected,” the threat intelligence firm said
The Hacker News – Read More
Chinese Hackers Exploit Zero-Day Flaws in Ivanti Connect Secure and Policy Secure
/in General NewsA pair of zero-day flaws identified in Ivanti Connect Secure (ICS) and Policy Secure have been chained by suspected China-linked nation-state actors to breach less than 10 customers.
Cybersecurity firm Volexity, which identified the activity on the network of one of its customers in the second week of December 2023, attributed it to a hacking group it tracks under the name UTA0178
The Hacker News – Read More
Mullvad VPN Review (2023): Features, Pricing, Security & Speed
/in General NewsWhile its small server suite may be a dealbreaker, Mullvad VPN’s strong focus on privacy sets it apart from other VPNs on the market. Read more below.
Security | TechRepublic – Read More
Job hunter’s guide to the top cybersecurity companies hiring in 2024
/in General NewsThere’s a growing disconnect between the reality of finding a new job in cybersecurity and the double-digit growth rates that typify cybersecurity job forecasts that predict a hiring crisis.Read More
Security News | VentureBeat – Read More
Bitcoin Prices Spike After SEC X Account Hack
/in General NewsA fraudulent post was taken down in less than 20 minutes, but that didn’t stop it from gaining over 1 million views in that short period of time.
darkreading – Read More