https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-08-22 17:06:492024-08-22 17:06:49Fur Affinity Website Hacked in DNS Hijacking Attack
Details have emerged about a China-nexus threat group’s exploitation of a recently disclosed, now-patched security flaw in Cisco switches as a zero-day to seize control of the appliance and evade detection.
The activity, attributed to Velvet Ant, was observed early this year and involved the weaponization of CVE-2024-20399 (CVSS score: 6.0) to deliver bespoke malware and gain extensive control
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-08-22 17:06:492024-08-22 17:06:49Chinese Hackers Exploit Zero-Day Cisco Switch Flaw to Gain System Control
As many as 15,000 applications using Amazon Web Services’ (AWS) Application Load Balancer (ALB) for authentication are potentially susceptible to a configuration-based issue that could expose them to sidestep access controls and compromise applications.
That’s according to findings from Israeli cybersecurity company Miggo, which dubbed the problem ALBeast.
“This vulnerability allows attackers to
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-08-22 15:06:382024-08-22 15:06:38Two Years On, Log4Shell Vulnerability Still Being Exploited to Deploy Malware
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-08-22 14:06:442024-08-22 14:06:44Typing just four characters could crash your iPhone
Recall was supposed to be the signature feature of Microsoft’s next-generation Copilot+ PCs – until security researchers labeled it a ‘privacy nightmare’. Now, Microsoft has an updated rollout plan for the feature. Here’s when you might see it.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-08-22 14:06:432024-08-22 14:06:43As Microsoft breaks awkward silence around its controversial Recall feature, privacy questions remain
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-08-22 14:06:432024-08-22 14:06:43Understanding the ‘Morphology’ of Ransomware: A Deeper Dive
Microchip Technology hit by cyberattack, disrupting manufacturing operations. A major disruption to semiconductor production has been reported, impacting…
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-08-22 13:06:332024-08-22 13:06:33US Microchip Giant Hit by Cyberattack, Disrupting Operations
BackBox.org offers a range of Penetration Testing services to simulate an attack on your network or application. If you are interested in our services, please contact us and we will provide you with further information as well as an initial consultation.
Fur Affinity Website Hacked in DNS Hijacking Attack
/in General NewsFur Affinity’s domain and Twitter were compromised in a major DNS hijacking on August 20, 2024. Hackers redirected…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Chinese Hackers Exploit Zero-Day Cisco Switch Flaw to Gain System Control
/in General NewsDetails have emerged about a China-nexus threat group’s exploitation of a recently disclosed, now-patched security flaw in Cisco switches as a zero-day to seize control of the appliance and evade detection.
The activity, attributed to Velvet Ant, was observed early this year and involved the weaponization of CVE-2024-20399 (CVSS score: 6.0) to deliver bespoke malware and gain extensive control
The Hacker News – Read More
New ‘ALBeast’ Vulnerability Exposes Weakness in AWS Application Load Balancer
/in General NewsAs many as 15,000 applications using Amazon Web Services’ (AWS) Application Load Balancer (ALB) for authentication are potentially susceptible to a configuration-based issue that could expose them to sidestep access controls and compromise applications.
That’s according to findings from Israeli cybersecurity company Miggo, which dubbed the problem ALBeast.
“This vulnerability allows attackers to
The Hacker News – Read More
China-Linked ‘Velvet Ant’ Hackers Exploited Zero-Day to Deploy Malware on Cisco Nexus Switches
/in General NewsHackers gained access to the switch using valid administrator credentials, and then ‘jailbroke’ from the application level into the OS level.
The post China-Linked ‘Velvet Ant’ Hackers Exploited Zero-Day to Deploy Malware on Cisco Nexus Switches appeared first on SecurityWeek.
SecurityWeek – Read More
Two Years On, Log4Shell Vulnerability Still Being Exploited to Deploy Malware
/in General NewsMore than two years after the Log4j crisis, organizations are still being hit by crypto-currency miners and backdoor scripts.
The post Two Years On, Log4Shell Vulnerability Still Being Exploited to Deploy Malware appeared first on SecurityWeek.
SecurityWeek – Read More
Typing just four characters could crash your iPhone
/in General NewsThis bug crashes iPhones running iOS 17, and causes those running the iOS 18 beta to stutter.
Latest stories for ZDNET in Security – Read More
As Microsoft breaks awkward silence around its controversial Recall feature, privacy questions remain
/in General NewsRecall was supposed to be the signature feature of Microsoft’s next-generation Copilot+ PCs – until security researchers labeled it a ‘privacy nightmare’. Now, Microsoft has an updated rollout plan for the feature. Here’s when you might see it.
Latest stories for ZDNET in Security – Read More
Understanding the ‘Morphology’ of Ransomware: A Deeper Dive
/in General NewsRansomware isn’t just about malware. It’s about brands, trust, and the shifting allegiances of cybercriminals.
The post Understanding the ‘Morphology’ of Ransomware: A Deeper Dive appeared first on SecurityWeek.
SecurityWeek – Read More
Atlassian Patches Vulnerabilities in Bamboo, Confluence, Crowd, Jira
/in General NewsAtlassian has released patches for nine high-severity vulnerabilities in Bamboo, Confluence, Crowd, and Jira products.
The post Atlassian Patches Vulnerabilities in Bamboo, Confluence, Crowd, Jira appeared first on SecurityWeek.
SecurityWeek – Read More
US Microchip Giant Hit by Cyberattack, Disrupting Operations
/in General NewsMicrochip Technology hit by cyberattack, disrupting manufacturing operations. A major disruption to semiconductor production has been reported, impacting…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More