Fortra has addressed a critical security flaw impacting FileCatalyst Workflow that could be abused by a remote attacker to gain administrative access.
The vulnerability, tracked as CVE-2024-6633, carries a CVSS score of 9.8, and stems from the use of a static password to connect to a HSQL database.
“The default credentials for the setup HSQL database (HSQLDB) for FileCatalyst Workflow are
Google introduces “Gems” AI assistants and Imagen 3 model to Gemini platform, enhancing personalized AI experiences and image generation capabilities.Read More
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-08-28 17:08:122024-08-28 17:08:12Google’s Gemini AI gets major upgrade with ‘Gems’ assistants and Imagen 3
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-08-28 17:08:122024-08-28 17:08:12Google Now Offering Up to $250,000 for Chrome Vulnerabilities
In addition to its long-standing password spraying attacks, Microsoft says Iran-backed hacker group Peach Sandstorm—or APT 33—has developed custom malware dubbed “Tickler.”
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-08-28 16:06:502024-08-28 16:06:50Notorious Iranian Hackers Have Been Targeting the Space Industry With a New Backdoor
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-08-28 16:06:502024-08-28 16:06:50Censys Finds Hundreds of Exposed Servers as Volt Typhoon APT Targets ISPs, MSPs
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-08-28 16:06:502024-08-28 16:06:50Manufacturing Sector Under Fire From Microsoft Credential Thieves
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-08-28 16:06:492024-08-28 16:06:49LinkedIn Hires Former Twitter Security Chief Lea Kissner as New CISO
A South Korea-aligned cyber espionage has been linked to the zero-day exploitation of a now-patched critical remote code execution flaw in Kingsoft WPS Office to deploy a bespoke backdoor dubbed SpyGlace.
The activity has been attributed to a threat actor dubbed APT-C-60, according to cybersecurity firms ESET and DBAPPSecurity. The attacks have been found to infect Chinese and East Asian users
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-08-28 15:07:482024-08-28 15:07:48Hitachi Energy Vulnerabilities Plague SCADA Power Systems
The latest encryptor variant identified by researchers at Cisco Talos appends the file extension ‘blackbytent_h’ to encrypted files. This variant also includes the deployment of four vulnerable drivers, an increase from previous reports.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-08-28 15:07:482024-08-28 15:07:48BlackByte Blends Known Tactics With New Encryptor Variant and Vulnerability Exploits to Support Ongoing Attacks
BackBox.org offers a range of Penetration Testing services to simulate an attack on your network or application. If you are interested in our services, please contact us and we will provide you with further information as well as an initial consultation.
Fortra Issues Patch for High-Risk FileCatalyst Workflow Security Vulnerability
/in General NewsFortra has addressed a critical security flaw impacting FileCatalyst Workflow that could be abused by a remote attacker to gain administrative access.
The vulnerability, tracked as CVE-2024-6633, carries a CVSS score of 9.8, and stems from the use of a static password to connect to a HSQL database.
“The default credentials for the setup HSQL database (HSQLDB) for FileCatalyst Workflow are
The Hacker News – Read More
Google’s Gemini AI gets major upgrade with ‘Gems’ assistants and Imagen 3
/in General NewsGoogle introduces “Gems” AI assistants and Imagen 3 model to Gemini platform, enhancing personalized AI experiences and image generation capabilities.Read More
Security News | VentureBeat – Read More
Google Now Offering Up to $250,000 for Chrome Vulnerabilities
/in General NewsGoogle has significantly increased the rewards for Chrome browser vulnerabilities, offering up to $250,000 for remote code execution bugs.
The post Google Now Offering Up to $250,000 for Chrome Vulnerabilities appeared first on SecurityWeek.
SecurityWeek – Read More
Notorious Iranian Hackers Have Been Targeting the Space Industry With a New Backdoor
/in General NewsIn addition to its long-standing password spraying attacks, Microsoft says Iran-backed hacker group Peach Sandstorm—or APT 33—has developed custom malware dubbed “Tickler.”
Security Latest – Read More
Censys Finds Hundreds of Exposed Servers as Volt Typhoon APT Targets ISPs, MSPs
/in General NewsAmidst Volt Typhoon zero-day exploitation, Censys finds hundreds of exposed servers presenting ripe attack surface for attackers.
The post Censys Finds Hundreds of Exposed Servers as Volt Typhoon APT Targets ISPs, MSPs appeared first on SecurityWeek.
SecurityWeek – Read More
Manufacturing Sector Under Fire From Microsoft Credential Thieves
/in General NewsThe emails impersonate well-known companies in the industry, fooling the victim into thinking they are communicating with a legitimate entity.
darkreading – Read More
LinkedIn Hires Former Twitter Security Chief Lea Kissner as New CISO
/in General NewsLea Kissner replaces Geoff Belknap as Chief Information Security Officer (CISO) at Microsoft-owned LinkedIn.
The post LinkedIn Hires Former Twitter Security Chief Lea Kissner as New CISO appeared first on SecurityWeek.
SecurityWeek – Read More
APT-C-60 Group Exploit WPS Office Flaw to Deploy SpyGlace Backdoor
/in General NewsA South Korea-aligned cyber espionage has been linked to the zero-day exploitation of a now-patched critical remote code execution flaw in Kingsoft WPS Office to deploy a bespoke backdoor dubbed SpyGlace.
The activity has been attributed to a threat actor dubbed APT-C-60, according to cybersecurity firms ESET and DBAPPSecurity. The attacks have been found to infect Chinese and East Asian users
The Hacker News – Read More
Hitachi Energy Vulnerabilities Plague SCADA Power Systems
/in General NewsThe company has assessed four of the five disclosed vulnerabilities as being of high to critical severity.
darkreading – Read More
BlackByte Blends Known Tactics With New Encryptor Variant and Vulnerability Exploits to Support Ongoing Attacks
/in General NewsThe latest encryptor variant identified by researchers at Cisco Talos appends the file extension ‘blackbytent_h’ to encrypted files. This variant also includes the deployment of four vulnerable drivers, an increase from previous reports.
Cyware News – Latest Cyber News – Read More