BackBox.org News – Page 348 – Latest news and insights on Security

200k Impacted by East Valley Institute of Technology Data Breach

August 12, 2024/in General News

The personal and health information of students, staff, faculty, and parents was compromised in a data breach at East Valley Institute of Technology.

The post 200k Impacted by East Valley Institute of Technology Data Breach appeared first on SecurityWeek.

SecurityWeek – Read More

Black Hat USA 2024 – Summary of Vendor Announcements

August 12, 2024/in General News

Hundreds of companies and organizations showcased their products and services last week at the 2024 edition of the Black Hat conference in Las Vegas.

The post Black Hat USA 2024 – Summary of Vendor Announcements appeared first on SecurityWeek.

SecurityWeek – Read More

Critical 1Password Flaws May Allow Hackers to Snatch Users’ Passwords

August 12, 2024/in General News

The first vulnerability, CVE-2024-42219, allows bypassing inter-process communication protections and impersonation of trusted 1Password integrations. The second, CVE-2024-42218, lets attackers bypass security mechanisms using outdated app versions.

Cyware News – Latest Cyber News – Read More

Common Business-Related Phishing Scams Include Fake HR and IT Subject Lines

August 12, 2024/in General News

KnowBe4 Security Awareness Advocate Erich Kron talked to TechRepublic about the importance of assessing a seemingly urgent email before clicking any links.

Security | TechRepublic – Read More

Google Patches Critical Vulnerabilities in Quick Share After Researchers’ Warning

August 12, 2024/in General News

Discover how researchers exploited vulnerabilities in Google’s Quick Share to achieve remote code execution (RCE). Learn about the…

Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More

Microsoft Found OpenVPN Bugs That can be Chained to Achieve RCE and LPE

August 12, 2024/in General News

The vulnerabilities affect all versions of OpenVPN prior to 2.6.10 and 2.5.10. Attackers could gain full control over targeted endpoints by exploiting these vulnerabilities.

Cyware News – Latest Cyber News – Read More

CrowdStrike Pursuing Deal to Buy Patch Management Specialist Action1

August 12, 2024/in General News

CrowdStrike is looking to acquire patch management specialist Action1 in a deal worth nearly $1 billion. Action1’s Co-Founder and CEO confirmed the discussions with CrowdStrike employees in a memo.

Cyware News – Latest Cyber News – Read More

SSHamble: Open-Source Security Testing of SSH Services

August 12, 2024/in General News

RunZero recently released SSHamble, an open-source tool for testing the security of SSH services. This tool helps security teams detect dangerous misconfigurations and software bugs in SSH implementations.

Cyware News – Latest Cyber News – Read More

FreeBSD Releases Urgent Patch for High-Severity OpenSSH Vulnerability

August 12, 2024/in General News

The maintainers of the FreeBSD Project have released security updates to address a high-severity flaw in OpenSSH that attackers could potentially exploit to execute arbitrary code remotely with elevated privileges.
The vulnerability, tracked as CVE-2024-7589, carries a CVSS score of 7.4 out of a maximum of 10.0, indicating high severity.
“A signal handler in sshd(8) may call a logging function

The Hacker News – Read More

Worried about the Windows BitLocker recovery bug? 6 things you need to know

August 12, 2024/in General News

Microsoft alerted its customers to a frightening bug in Windows 11. What are the chances you’ll encounter that bug, and what should you do to prepare? I have the answers here.

Latest stories for ZDNET in Security – Read More

BackBox News

200k Impacted by East Valley Institute of Technology Data Breach

Black Hat USA 2024 – Summary of Vendor Announcements

Critical 1Password Flaws May Allow Hackers to Snatch Users’ Passwords

Common Business-Related Phishing Scams Include Fake HR and IT Subject Lines

Google Patches Critical Vulnerabilities in Quick Share After Researchers’ Warning

Microsoft Found OpenVPN Bugs That can be Chained to Achieve RCE and LPE

CrowdStrike Pursuing Deal to Buy Patch Management Specialist Action1

SSHamble: Open-Source Security Testing of SSH Services

FreeBSD Releases Urgent Patch for High-Severity OpenSSH Vulnerability

Worried about the Windows BitLocker recovery bug? 6 things you need to know

Company Blogs

Weekly Vulnerability Insights Report: Critical Vulnerabilities Highlighted from December 25-31, 2024

Weekly Vulnerability Roundup: Highlights from SingCERT’s Security Bulletin

Predictions for cyberthreats and trends in 2025 from Kaspersky experts | Kaspersky official blog

Cyble Research Reports Critical Vulnerabilities Exposing Routers, Firewalls, and Web Servers

CERT-In Issues Alert on WPForms Vulnerability That Can Disrupt Payment and Subscription Services

Ukraine Takes Steps to Strengthen its Cybersecurity Framework with Policy Advancements and Strategic Initiatives

CISA Adds CVE-2024-3393 to Vulnerabilities Catalog: Palo Alto Networks PAN-OS DNS Packet Flaw Threatens Firewalls

VibeBP WordPress Plugin Security Flaws Expose Sites to RCE and Privilege Escalation

Cyber Security Agency of Singapore Warns of Exploited Apache Vulnerabilities in 2024

Attack Surface Management (ASM) in 2025: Key Trends to Watch

Hacking Tools

Exploit DB