BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
No feed items found.
Exploit DB
- [remote] Microsoft Windows - NTLM Hash Leak Malicious Windows Theme
- [webapps] Jasmin Ransomware - SQL Injection Login Bypass
- [webapps] FluxBB 1.5.11 - Stored Cross-Site Scripting (XSS)
- [webapps] JUX Real Estate 3.4.0 - SQL Injection
- [webapps] Loaded Commerce 6.6 - Client-Side Template Injection(CSTI) (AngularJS)
- [webapps] Extensive VC Addons for WPBakery page builder 1.9.0 - Remote Code Execution (RCE)
- [webapps] TranzAxis 3.2.41.10.26 - Stored Cross-Site Scripting (XSS) (Authenticated)
- [webapps] Gitea 1.24.0 - HTML Injection
- [local] VeeVPN 1.6.1 - Unquoted Service Path
- [webapps] Chamilo LMS 1.11.24 - Remote Code Execution (RCE)
US Treasury removes sanctions on Tornado Cash after appellate court loss
/in General NewsTornado Cash, which the U.S. sanctioned in 2022, was dropped from that list by the Trump administration following a court decision favoring the cryptocurrency mixer in November.
The Record from Recorded Future News – Read More
Google Maps yanks over 10,000 fake business listings – how to spot the scam
/in General NewsThe fake listings were part of a scam that used the old bait-and-switch tactic to prey on people – and there may be more lurking out there.
Latest stories for ZDNET in Security – Read More
Ransomware Group Claims Attack on Virginia Attorney General’s Office
/in General NewsThe Cloak ransomware group has claimed responsibility for a February cyberattack on Virginia Attorney General’s Office.
The post Ransomware Group Claims Attack on Virginia Attorney General’s Office appeared first on SecurityWeek.
SecurityWeek – Read More
Medusa Ransomware Uses Malicious Driver to Disable Anti-Malware with Stolen Certificates
/in General NewsThe threat actors behind the Medusa ransomware-as-a-service (RaaS) operation have been observed using a malicious driver dubbed ABYSSWORKER as part of a bring your own vulnerable driver (BYOVD) attack designed to disable anti-malware tools.
Elastic Security Labs said it observed a Medusa ransomware attack that delivered the encryptor by means of a loader packed using a packer-as-a-service (PaaS
The Hacker News – Read More
Why Cyber Quality Is the Key to Security
/in General NewsThe time to secure foundations, empower teams, and make cyber resilience the standard is now — because the cost of waiting is far greater than the investment in proactive security.
darkreading – Read More
New Attacks Exploit Year-Old ServiceNow Flaws – Israel Hit Hardest
/in General NewsServiceNow vulnerability alert: Hackers are actively exploiting year-old flaws (CVE-2024-4879, CVE-2024-5217, CVE-2024-5178) for database access. Learn how to…
Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – Read More
Russian zero-day seller is offering up to $4 million for Telegram exploits
/in General NewsTwo sources in the zero-day industry say Operation Zero’s prices for exploits against the popular messaging app Telegram will depend on different factors.
Security News | TechCrunch – Read More
Industry Reactions to Google Buying Wiz: Feedback Friday
/in General NewsIndustry professionals comment on Google acquiring cloud security giant Wiz for $32 billion in cash.
The post Industry Reactions to Google Buying Wiz: Feedback Friday appeared first on SecurityWeek.
SecurityWeek – Read More
China-Linked APT Aquatic Panda: 10-Month Campaign, 7 Global Targets, 5 Malware Families
/in General NewsThe China-linked advanced persistent threat (APT) group. known as Aquatic Panda has been linked to a “global espionage campaign” that took place in 2022 targeting seven organizations.
These entities include governments, catholic charities, non-governmental organizations (NGOs), and think tanks across Taiwan, Hungary, Turkey, Thailand, France, and the United States. The activity, which took place
The Hacker News – Read More
Chinese I-Soon Hackers Hit 7 Organizations in Operation FishMedley
/in General NewsThe FishMonger APT group, a subdivision of Chinese cybersecurity firm I-Soon, compromised seven organizations in a 2022 campaign.
The post Chinese I-Soon Hackers Hit 7 Organizations in Operation FishMedley appeared first on SecurityWeek.
SecurityWeek – Read More