Researchers have released technical details about CVE-2024-45488, a critical authentication bypass vulnerability affecting One Identity’s Safeguard for Privileged Passwords (SPP), which could allow attackers to gain full administrative access.
These exchanges allowed users to trade cryptocurrencies anonymously, creating a safe environment for cybercriminals to launder their proceeds without fear of prosecution.
These vulnerabilities can lead to remote code execution and privilege escalation, posing a significant risk to affected systems. For example, the Oracle JDeveloper vulnerability can allow attackers to compromise the software and take over the system.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-09-21 08:08:232024-09-21 08:08:23CISA Adds Windows, Apache HugeGraph-Server, Oracle JDeveloper, Oracle WebLogic Server, and MSSQL Server Bugs to its KEV Catalog
A sophisticated campaign is using GitHub repositories to spread the Lumma Stealer malware, targeting users interested in open-source projects or receiving email notifications from them.
Datadog Security Labs recently revealed a security risk within Microsoft Entra ID, showing how its administrative units (AUs) can be weaponized by attackers to create persistent backdoor access.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-09-21 07:07:192024-09-21 07:07:19Microsoft Entra ID’s Administrative Units Weaponized to Gain Stealthy Persistence
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-09-21 01:06:452024-09-21 01:06:45Adversarial attacks on AI models are rising: what should you do now?
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-09-20 21:08:532024-09-20 21:08:53Ivanti’s Cloud Service Appliance Attacked via Second Vuln
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-09-20 21:08:532024-09-20 21:08:53Citrine Sleet Poisons PyPI Packages With Mac & Linux Malware
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-09-20 20:10:262024-09-20 20:10:26More than $44 million in cryptocurrency stolen from Singaporean platform BingX
BackBox.org offers a range of Penetration Testing services to simulate an attack on your network or application. If you are interested in our services, please contact us and we will provide you with further information as well as an initial consultation.
Patch this Critical Safeguard for Privileged Passwords Authentication Bypass Flaw
/in General NewsResearchers have released technical details about CVE-2024-45488, a critical authentication bypass vulnerability affecting One Identity’s Safeguard for Privileged Passwords (SPP), which could allow attackers to gain full administrative access.
Cyware News – Latest Cyber News – Read More
Germany Seizes 47 Crypto Exchanges Used by Ransomware Gangs
/in General NewsThese exchanges allowed users to trade cryptocurrencies anonymously, creating a safe environment for cybercriminals to launder their proceeds without fear of prosecution.
Cyware News – Latest Cyber News – Read More
CISA Adds Windows, Apache HugeGraph-Server, Oracle JDeveloper, Oracle WebLogic Server, and MSSQL Server Bugs to its KEV Catalog
/in General NewsThese vulnerabilities can lead to remote code execution and privilege escalation, posing a significant risk to affected systems. For example, the Oracle JDeveloper vulnerability can allow attackers to compromise the software and take over the system.
Cyware News – Latest Cyber News – Read More
Clever ‘GitHub Scanner’ Campaign Abusing Repositories to Push Malware
/in General NewsA sophisticated campaign is using GitHub repositories to spread the Lumma Stealer malware, targeting users interested in open-source projects or receiving email notifications from them.
Cyware News – Latest Cyber News – Read More
Microsoft Entra ID’s Administrative Units Weaponized to Gain Stealthy Persistence
/in General NewsDatadog Security Labs recently revealed a security risk within Microsoft Entra ID, showing how its administrative units (AUs) can be weaponized by attackers to create persistent backdoor access.
Cyware News – Latest Cyber News – Read More
Adversarial attacks on AI models are rising: what should you do now?
/in General NewsWith AI’s growing influence across industries, malicious attackers continue to sharpen their tradecraft to exploit ML models.Read More
Security News | VentureBeat – Read More
Ivanti’s Cloud Service Appliance Attacked via Second Vuln
/in General NewsThe critical bug, CVE-2024-8963, can be used in conjunction with the prior known flaw to achieve remote code execution (RCE).
darkreading – Read More
Citrine Sleet Poisons PyPI Packages With Mac & Linux Malware
/in General NewsA North Korean advanced persistent threat (APT) actor (aka Gleaming Pisces) tried to sneak simple backdoors into public software packages.
darkreading – Read More
More than $44 million in cryptocurrency stolen from Singaporean platform BingX
/in General NewsSingaporean crypto platform BingX said Friday that more than $44 million was stolen from their platform in a cyberattack.
The Record from Recorded Future News – Read More
Zero-Click MediaTek Bug Opens Phones, Wi-Fi to Takeover
/in General NewsCritical-rated CVE-2024-20017 allows remote code execution (RCE) on a range of phones and Wi-Fi access points from a variety of OEMs.
darkreading – Read More