BackBox.org offers a range of Penetration Testing services to simulate an attack on your network or application. If you are interested in our services, please contact us and we will provide you with further information as well as an initial consultation.
Microsoft Bug Bounty Payouts Increased to $16.6 Million in Past Year
/in General NewsMicrosoft paid out $16.6 million to over 340 security researchers through its bug bounty programs over the past year.
The post Microsoft Bug Bounty Payouts Increased to $16.6 Million in Past Year appeared first on SecurityWeek.
SecurityWeek – Read More
CrowdStrike and Delta Fight Over Who’s to Blame for the Airline Canceling Thousands of Flights
/in General NewsCrowdStrike and Delta are fighting over who is to blame for the airline canceling thousands of flights following the massive outage.
The post CrowdStrike and Delta Fight Over Who’s to Blame for the Airline Canceling Thousands of Flights appeared first on SecurityWeek.
SecurityWeek – Read More
New Android Spyware LianSpy Evades Detection Using Yandex Cloud
/in General NewsUsers in Russia have been the target of a previously undocumented Android post-compromise spyware called LianSpy since at least 2021.
Cybersecurity vendor Kaspersky, which discovered the malware in March 2024, noted its use of Yandex Cloud, a Russian cloud service, for command-and-control (C2) communications as a way to avoid having a dedicated infrastructure and evade detection.
“This threat is
The Hacker News – Read More
Mint Stealer: New MaaS Malware Threatens Confidential Data
/in General NewsA new MaaS malware known as Mint Stealer has emerged, threatening confidential data. This malware, identified by experts from Cyfirma, is designed to steal a wide range of information by employing advanced encryption and obfuscation techniques.
Cyware News – Latest Cyber News – Read More
Researchers Warn of a New Critical Apache OFBiz Flaw
/in General NewsThe vulnerability allows unauthenticated users to execute screen rendering code under certain conditions in versions up to 18.12.14, with version 18.12.15 addressing the issue.
Cyware News – Latest Cyber News – Read More
Google Fixes Android Kernel Zero-Day Exploited in Targeted Attacks
/in General NewsGoogle has patched a zero-day vulnerability in the Android kernel that was being exploited in targeted attacks. The vulnerability, tracked as CVE-2024-36971, allows for arbitrary code execution without user interaction on unpatched devices.
Cyware News – Latest Cyber News – Read More
Google Patches Android Zero-Day Exploited in Targeted Attacks
/in General NewsGoogle has patched CVE-2024-36971, a high-severity kernel zero-day vulnerability in Android that has been exploited in targeted attacks.
The post Google Patches Android Zero-Day Exploited in Targeted Attacks appeared first on SecurityWeek.
SecurityWeek – Read More
Google Patches New Android Kernel Vulnerability Exploited in the Wild
/in General NewsGoogle has addressed a high-severity security flaw impacting the Android kernel that it has been actively exploited in the wild.
The vulnerability, tracked as CVE-2024-36971, has been described as a case of remote code execution impacting the kernel.
“There are indications that CVE-2024-36971 may be under limited, targeted exploitation,” the tech giant noted in its monthly Android security
The Hacker News – Read More
New Zero-Day Flaw in Apache OFBiz ERP Allows Remote Code Execution
/in General NewsA new zero-day pre-authentication remote code execution vulnerability has been disclosed in the Apache OFBiz open-source enterprise resource planning (ERP) system that could allow threat actors to achieve remote code execution on affected instances.
Tracked as CVE-2024-38856, the flaw has a CVSS score of 9.8 out of a maximum of 10.0. It affects Apache OFBiz versions prior to 18.12.15.
“The
The Hacker News – Read More
Elon Musk sues OpenAI again, alleging ‘Shakespearean’ betrayal of AI mission
/in General NewsElon Musk sues OpenAI and Sam Altman in federal court, alleging betrayal of AI’s founding mission, raising crucial questions about ethics, profit, and the future of artificial intelligence development.Read More
Security News | VentureBeat – Read More