BackBox.org offers a range of Penetration Testing services to simulate an attack on your network or application. If you are interested in our services, please contact us and we will provide you with further information as well as an initial consultation.
Botnet of 190,000 BadBox-Infected Android Devices Discovered
/in General NewsBitsight has discovered a BadBox botnet consisting of over 190,000 Android devices, mainly Yandex smart TVs and Hisense smartphones.
The post Botnet of 190,000 BadBox-Infected Android Devices Discovered appeared first on SecurityWeek.
SecurityWeek – Read More
Rockwell PowerMonitor Vulnerabilities Allow Remote Hacking of Industrial Systems
/in General NewsRockwell’s PowerMonitor is affected by critical vulnerabilities that can enable remote access to industrial systems for disruption or further attacks.
The post Rockwell PowerMonitor Vulnerabilities Allow Remote Hacking of Industrial Systems appeared first on SecurityWeek.
SecurityWeek – Read More
Sophos Issues Hotfixes for Critical Firewall Flaws: Update to Prevent Exploitation
/in General NewsSophos has released hotfixes to address three security flaws in Sophos Firewall products that could be exploited to achieve remote code execution and allow privileged system access under certain conditions.
Of the three, two are rated Critical in severity. There is currently no evidence that the shortcomings have been exploited in the wild. The list of vulnerabilities is as follows –
The Hacker News – Read More
Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack
/in General NewsThe developers of Rspack have revealed that two of their npm packages, @rspack/core and @rspack/cli, were compromised in a software supply chain attack that allowed a malicious actor to publish malicious versions to the official package registry with cryptocurrency mining malware.
Following the discovery, versions 1.1.7 of both libraries have been unpublished from the npm registry. The latest
The Hacker News – Read More
Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools
/in General NewsA now-patched critical security flaw impacting Fortinet FortiClient EMS is being exploited by malicious actors as part of a cyber campaign that installed remote desktop software such as AnyDesk and ScreenConnect.
The vulnerability in question is CVE-2023-48788 (CVSS score: 9.3), an SQL injection bug that allows attackers to execute unauthorized code or commands by sending specially crafted
The Hacker News – Read More
CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List
/in General NewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.
The vulnerability, tracked as CVE-2024-12356 (CVSS score: 9.8), is a command injection flaw that
The Hacker News – Read More
India’s Rapido exposed user and driver data through leaky website feedback form
/in General NewsRapido restricted access to the exposed portal soon after TechCrunch contacted the company.
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
Play Ransomware Claims Krispy Kreme Breach, Threatens Data Leak
/in General NewsKEY SUMMARY POINTS Krispy Kreme, the beloved doughnut chain, disclosed a data breach on December 11, 2024, in…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Fortinet Addresses Unpatched Critical RCE Vector
/in General NewsFortinet has patched CVE-2023-34990 in its Wireless LAN Manager (FortiWLM), which combined with CVE-2023-48782 could allow for unauthenticated remote code execution (RCE) and the ability to read all log files.
darkreading – Read More
OT/ICS Engineering Workstations Face Barrage of Fresh Malware
/in General NewsCyberattacks against OT/ICS engineering workstations are widely underestimated, according to researchers who discovered malware designed to shut down Siemens workstation engineering processes.
darkreading – Read More