The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has placed a security flaw impacting Versa Director to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation.
The medium-severity vulnerability, tracked as CVE-2024-39717 (CVSS score: 6.6), is case of file upload bug impacting the “Change Favicon” feature that could allow a threat actor to
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-08-24 08:07:082024-08-24 08:07:08CISA Urges Federal Agencies to Patch Versa Director Vulnerability by September
DataDome researchers found that major UK political parties lack critical security features to protect against bot and credential stuffing attacks on their donation platforms.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-08-24 07:06:332024-08-24 07:06:33Security Flaws in UK Political Party Donation Platforms Exposed
Hackers are now using AppDomain Injection to drop Cobalt Strike beacons in a series of attacks that began in July 2024. This technique, known as AppDomain Manager Injection, can weaponize any Microsoft .NET application on Windows.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-08-24 07:06:332024-08-24 07:06:33Hackers Now Use AppDomain Injection to Drop Cobalt Strike Beacons
This vulnerability allows local attackers to escalate privileges to SYSTEM level through a heap-based buffer overflow. With a CVSS score of 7.8, CVE-2024-38054 is a critical flaw patched by Microsoft in July.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-08-24 06:06:332024-08-24 06:06:33Exploit for CVE-2024-38054 Released: Elevation of Privilege Flaw in Windows Kernel Streaming WOW Thunk
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-08-24 02:10:362024-08-24 02:10:36Scammers are increasingly using messaging and social media apps to attack
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-08-23 21:06:462024-08-23 21:06:46Liverpool Fans Take English Premier League Title for Ticket Scams
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-08-23 21:06:452024-08-23 21:06:45Pluralsight Releases Courses to Help Cyber Pros Defend Against Volt Typhoon Hacker Group
The release of new NIST quantum-proof cryptography standards signals it’s time for cybersecurity teams to get serious about preparing for the rise of quantum threats.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-08-23 21:06:452024-08-23 21:06:45NIST Hands Off Post-Quantum Cryptography Work to Cyber Teams
The disclosure of CVE-2024-28987 means that, in two weeks, there have been two critical bugs and corresponding patches for SolarWinds’ less-often-discussed IT help desk software.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-08-23 21:06:452024-08-23 21:06:45Patch Now: Second SolarWinds Critical Bug in Web Help Desk
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-08-23 21:06:442024-08-23 21:06:44Constantly Evolving MoonPeak RAT Linked to North Korean Spying
BackBox.org offers a range of Penetration Testing services to simulate an attack on your network or application. If you are interested in our services, please contact us and we will provide you with further information as well as an initial consultation.
CISA Urges Federal Agencies to Patch Versa Director Vulnerability by September
/in General NewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has placed a security flaw impacting Versa Director to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation.
The medium-severity vulnerability, tracked as CVE-2024-39717 (CVSS score: 6.6), is case of file upload bug impacting the “Change Favicon” feature that could allow a threat actor to
The Hacker News – Read More
Security Flaws in UK Political Party Donation Platforms Exposed
/in General NewsDataDome researchers found that major UK political parties lack critical security features to protect against bot and credential stuffing attacks on their donation platforms.
Cyware News – Latest Cyber News – Read More
Hackers Now Use AppDomain Injection to Drop Cobalt Strike Beacons
/in General NewsHackers are now using AppDomain Injection to drop Cobalt Strike beacons in a series of attacks that began in July 2024. This technique, known as AppDomain Manager Injection, can weaponize any Microsoft .NET application on Windows.
Cyware News – Latest Cyber News – Read More
Exploit for CVE-2024-38054 Released: Elevation of Privilege Flaw in Windows Kernel Streaming WOW Thunk
/in General NewsThis vulnerability allows local attackers to escalate privileges to SYSTEM level through a heap-based buffer overflow. With a CVSS score of 7.8, CVE-2024-38054 is a critical flaw patched by Microsoft in July.
Cyware News – Latest Cyber News – Read More
Scammers are increasingly using messaging and social media apps to attack
/in General NewsMeta platforms, alongside Telegram, are among the growing number of sites used as a form of contact in 45% of scams.
Latest stories for ZDNET in Security – Read More
Liverpool Fans Take English Premier League Title for Ticket Scams
/in General NewsTicket scams are costing football fans close to £200 a season, on average, according to a report.
darkreading – Read More
Pluralsight Releases Courses to Help Cyber Pros Defend Against Volt Typhoon Hacker Group
/in General NewsPost Content
darkreading – Read More
NIST Hands Off Post-Quantum Cryptography Work to Cyber Teams
/in General NewsThe release of new NIST quantum-proof cryptography standards signals it’s time for cybersecurity teams to get serious about preparing for the rise of quantum threats.
darkreading – Read More
Patch Now: Second SolarWinds Critical Bug in Web Help Desk
/in General NewsThe disclosure of CVE-2024-28987 means that, in two weeks, there have been two critical bugs and corresponding patches for SolarWinds’ less-often-discussed IT help desk software.
darkreading – Read More
Constantly Evolving MoonPeak RAT Linked to North Korean Spying
/in General NewsThe malware is a customized variant of the powerful open source XenoRAT information stealing malware often deployed by Kimsuky and other DPRK APTs.
darkreading – Read More