BackBox News

Latest news and insights on Security

Atlassian Tightens API After Hacker Scrapes 15M Trello Profiles

Atlassian Tightens API After Hacker Scrapes 15M Trello Profiles

The company hasn’t acknowledged responsibility for the incident, although allowing scraping paves the way for dangerous follow-on attacks.

darkreading – ​Read More

Tech Giant HP Enterprise Hacked by Russian Hackers Linked to DNC Breach

Tech Giant HP Enterprise Hacked by Russian Hackers Linked to DNC Breach

Hackers with links to the Kremlin are suspected to have infiltrated information technology company Hewlett Packard Enterprise’s (HPE) cloud email environment to exfiltrate mailbox data.
“The threat actor accessed and exfiltrated data beginning in May 2023 from a small percentage of HPE mailboxes belonging to individuals in our cybersecurity, go-to-market, business segments, and other functions,”

The Hacker News – ​Read More

Ring Will Stop Giving Cops a Free Pass on Warrantless Video Requests

Ring Will Stop Giving Cops a Free Pass on Warrantless Video Requests

The Amazon-owned home surveillance company says it is shuttering a feature in its Neighbors app that allows police to request footage from users. But it’s not shutting out the cops entirely.

Security Latest – ​Read More

Cyber League: UK’s NCSC Calls on Industry Experts to Join its Fight Against Cyber Threats

The NCSC wants volunteers from the U.K.’s public and private sectors to join its new cybersecurity community.

Security | TechRepublic – ​Read More

Jason’s Deli Data Breach Exposes 344,000 Users in Credential Stuffing Attack

By Waqas

The data breach occurred a few days before Christmas on December 21, 2023, but the details have only been revealed now.

This is a post from HackRead.com Read the original post: Jason’s Deli Data Breach Exposes 344,000 Users in Credential Stuffing Attack

Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – ​Read More

Kasseika Ransomware Linked to BlackMatter in BYOVD Attack

Kasseika Ransomware Linked to BlackMatter in BYOVD Attack

An emerging actor is the latest to deploy a tactic that terminates AV processes and services before deploying its payload; the campaign is part of a bigger “bring your own vulnerable driver” trend.

darkreading – ​Read More

How the Sys:All Loophole Allowed Us To Penetrate GKE Clusters in Production

An external threat actor in possession of a Google account could misuse this misconfiguration by using their own Google OAuth 2.0 bearer token to seize control of the cluster for follow-on exploitation.

Cyware News – Latest Cyber News – ​Read More

Water Services Giant Veolia North America Hit by Ransomware Attack

The company has discovered a limited number of individuals whose personal information may have been impacted during the breach and is working with a third-party forensics firm to assess the extent of the attack’s impact on its operations and systems.

Cyware News – Latest Cyber News – ​Read More

BackBox.org offers a range of Penetration Testing services to simulate an attack on your network or application. If you are interested in our services, please contact us and we will provide you with further information as well as an initial consultation.