https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-09-03 10:06:422024-09-03 10:06:42Intel Responds to SGX Hacking Research
A North Korean APT used a Google Chrome zero-day flaw, CVE-2024-7971, to deploy the FudModule rootkit. Microsoft researchers linked these attacks to Citrine Sleet (AppleJeus, Labyrinth Chollima, UNC4736, or Hidden Cobra) with medium confidence.
Roblox developers are being targeted by a new malicious npm campaign. Cybercriminals have created fake Roblox npm packages with the aim of deploying a remote access trojan called Quasar.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-09-03 09:06:492024-09-03 09:06:49Roblox Developers Under Attack by New Malicious NPM Campaign
The malicious DLL implant for the Cobalt Strike attack toolkit gets injected into the Windows binary “runonce.exe,” giving total control to the attackers. The campaign further deploys various malicious tools for reconnaissance and data exfiltration.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-09-03 09:06:492024-09-03 09:06:49Novel Attack on Windows Spotted in Chinese Phishing Campaign
In the digital realm, secrets (API keys, private keys, username and password combos, etc.) are the keys to the kingdom. But what if those keys were accidentally left out in the open in the very tools we use to collaborate every day?
A Single Secret Can Wreak Havoc
Imagine this: It’s a typical Tuesday in June 2024. Your dev team is knee-deep in sprints, Jira tickets are flying, and Slack is
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-09-03 08:06:422024-09-03 08:06:42Secrets Exposed: Why Your CISO Should Worry About Slack
Eight vulnerabilities have been uncovered in Microsoft applications for macOS that an adversary could exploit to gain elevated privileges or access sensitive data by circumventing the operating system’s permissions-based model, which revolves around the Transparency, Consent, and Control (TCC) framework.
“If successful, the adversary could gain any privileges already granted to the affected
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-09-03 05:06:352024-09-03 05:06:35New Flaws in Microsoft macOS Apps Could Allow Hackers to Gain Unrestricted Access
A 57-year-old man from the U.S. state of Missouri has been arrested in connection with a failed data extortion campaign that targeted his former employer.
Daniel Rhyne of Kansas City, Missouri, has been charged with one count of extortion in relation to a threat to cause damage to a protected computer, one count of intentional damage to a protected computer, and one count of wire fraud.
He was
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-09-03 02:06:432024-09-03 02:06:43Hacker Leaks Data of 390 Million Users from VK, a Russian Social Network
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-09-02 19:07:142024-09-02 19:07:14Cybersecurity Tips For Businesses Using Remote Workers
BackBox.org offers a range of Penetration Testing services to simulate an attack on your network or application. If you are interested in our services, please contact us and we will provide you with further information as well as an initial consultation.
Intel Responds to SGX Hacking Research
/in General NewsIntel has shared some clarifications on claims made by a researcher regarding the hacking of its SGX security technology.
The post Intel Responds to SGX Hacking Research appeared first on SecurityWeek.
SecurityWeek – Read More
North Korea-linked APT Citrine Sleet Exploit Chrome Zero-Day to Deliver FudModule Rootkit
/in General NewsA North Korean APT used a Google Chrome zero-day flaw, CVE-2024-7971, to deploy the FudModule rootkit. Microsoft researchers linked these attacks to Citrine Sleet (AppleJeus, Labyrinth Chollima, UNC4736, or Hidden Cobra) with medium confidence.
Cyware News – Latest Cyber News – Read More
Roblox Developers Under Attack by New Malicious NPM Campaign
/in General NewsRoblox developers are being targeted by a new malicious npm campaign. Cybercriminals have created fake Roblox npm packages with the aim of deploying a remote access trojan called Quasar.
Cyware News – Latest Cyber News – Read More
Novel Attack on Windows Spotted in Chinese Phishing Campaign
/in General NewsThe malicious DLL implant for the Cobalt Strike attack toolkit gets injected into the Windows binary “runonce.exe,” giving total control to the attackers. The campaign further deploys various malicious tools for reconnaissance and data exfiltration.
Cyware News – Latest Cyber News – Read More
Secrets Exposed: Why Your CISO Should Worry About Slack
/in General NewsIn the digital realm, secrets (API keys, private keys, username and password combos, etc.) are the keys to the kingdom. But what if those keys were accidentally left out in the open in the very tools we use to collaborate every day?
A Single Secret Can Wreak Havoc
Imagine this: It’s a typical Tuesday in June 2024. Your dev team is knee-deep in sprints, Jira tickets are flying, and Slack is
The Hacker News – Read More
Chrome 128 Updates Patch High-Severity Vulnerabilities
/in General NewsGoogle has released two Chrome 128 updates to address six high-severity vulnerabilities reported by external researchers.
The post Chrome 128 Updates Patch High-Severity Vulnerabilities appeared first on SecurityWeek.
SecurityWeek – Read More
New Flaws in Microsoft macOS Apps Could Allow Hackers to Gain Unrestricted Access
/in General NewsEight vulnerabilities have been uncovered in Microsoft applications for macOS that an adversary could exploit to gain elevated privileges or access sensitive data by circumventing the operating system’s permissions-based model, which revolves around the Transparency, Consent, and Control (TCC) framework.
“If successful, the adversary could gain any privileges already granted to the affected
The Hacker News – Read More
Ex-Engineer Charged in Missouri for Failed $750,000 Bitcoin Extortion Attempt
/in General NewsA 57-year-old man from the U.S. state of Missouri has been arrested in connection with a failed data extortion campaign that targeted his former employer.
Daniel Rhyne of Kansas City, Missouri, has been charged with one count of extortion in relation to a threat to cause damage to a protected computer, one count of intentional damage to a protected computer, and one count of wire fraud.
He was
The Hacker News – Read More
Hacker Leaks Data of 390 Million Users from VK, a Russian Social Network
/in General NewsHacker ‘HikkI-Chan’ leaks personal data of over 390 million VK users on Breach Forums, including city, country, full…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Cybersecurity Tips For Businesses Using Remote Workers
/in General NewsRemote work offers benefits like reduced costs and wider recruitment but also increases cybersecurity risks. To protect your…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More