BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
Exploit DB
- [webapps] GLPI GZIP(Py3) 9.4.5 - RCE
- [webapps] Shuttle-Booking-Software v1.0 - Multiple-SQLi
- [remote] Tinycontrol LAN Controller v3 (LK3) 1.58a - Remote Admin Password Change
- [remote] Tinycontrol LAN Controller v3 (LK3) 1.58a - Remote Credentials Extraction
- [webapps] Splunk 9.0.5 - admin account take over
- [dos] OpenPLC WebServer 3 - Denial of Service
- [webapps] Online ID Generator 1.0 - Remote Code Execution (RCE)
- [dos] Tinycontrol LAN Controller v3 (LK3) 1.58a - Remote Denial Of Service
- [webapps] Clcknshop 1.0.0 - SQL Injection
- [local] Microsoft Windows 11 - 'apds.dll' DLL hijacking (Forced)
Black Basta Ransomware Made Over $100 Million From Extortion
/in General NewsBlack Basta has collected over $100 million in ransom payments from over 90 victims since April 2022. High-profile victims targeted by Black Basta include the American Dental Association, Sobeys, Knauf, Yellow Pages Canada, and Rheinmetall.
Cyware News – Latest Cyber News – Read More
North Texas Water Utility Serving Two Million Hit With Cyberattack
/in General NewsNorth Texas Municipal Water District (NTMWD) has experienced a cyberattack on its business computer network, but its core water, wastewater, and solid waste services remain unaffected.
Cyware News – Latest Cyber News – Read More
Zero-Day Alert: Apple Rolls Out iOS, macOS, and Safari Patches for 2 Actively Exploited Flaws
/in General NewsApple has released software updates for iOS, iPadOS, macOS, and Safari web browser to address two security flaws that it said have come under active exploitation in the wild on older versions of its software.
The vulnerabilities, both of which reside in the WebKit web browser engine, are described below –
CVE-2023-42916 – An out-of-bounds read issue that could be exploited to
The Hacker News – Read More
Anduril’s New Drone Killer Is Locked on to AI-Powered Warfare
/in General NewsAutonomous drones are rapidly changing combat. Anduril’s new one aims to gain an edge with jet power and AI.
Security Latest – Read More
Zyxel Releases Patches to Fix 15 Flaws in NAS, Firewall, and AP Devices
/in General NewsZyxel has released patches to address 15 security issues impacting network-attached storage (NAS), firewall, and access point (AP) devices, including three critical flaws that could lead to authentication bypass and command injection.
The three vulnerabilities are listed below –
CVE-2023-35138 (CVSS score: 9.8) – A command injection vulnerability that could allow an
The Hacker News – Read More
Apple Issues Urgent Security Patches for Zero-Day Vulnerabilities
/in General NewsBy Waqas
Immediate Action Required: Update Your Apple Devices, Including iPads, MacBooks, and iPhones, NOW!
This is a post from HackRead.com Read the original post: Apple Issues Urgent Security Patches for Zero-Day Vulnerabilities
Hackread – Latest Cybersecurity News, Press Releases & Technology Today – Read More
Law Firms & Legal Departments Singled Out for Cyberattacks
/in General NewsCybercriminals use legal search terms to ensnare unwitting victims, then launch ransomware or business email compromise attacks.
darkreading – Read More
Okta Breach Widens to Affect 100% of Customer Base
/in General NewsEarly disclosures related to September compromise insisted less than 1% of Okta customers were impacted; now, the company says it was all of them.
darkreading – Read More
Google Workspace Security: DeleFriend Vulnerability Could Allow Unwanted Access to APIs
/in General NewsHunters researchers noted the vulnerability could lead to privilege escalation. Google said the report “does not identify an underlying security issue in our products.”
Security | TechRepublic – Read More
Associated Press, ESPN, CBS among top sites serving fake virus alerts
/in General NewsThreat actors dabbles in obfuscation and evasion techniques. However, as previously detailed by Confiant, they are using much more advanced tricks. Their JavaScript uses obfuscation with changing variable names, making identification harder.
Cyware News – Latest Cyber News – Read More