Server-Side Template Injection (SSTI) vulnerabilities are a growing concern in web applications, allowing attackers to inject malicious code into templates and gain control over servers.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-08-17 07:06:362024-08-17 07:06:36Server-Side Template Injection: Transforming Web Applications from Assets to Liabilities – Check Point Research
The malware masquerades as legitimate applications like Microsoft Office and creates an empty file to lure users. It also checks for virtual machines and uses sleep obfuscation to evade memory scanners.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-08-17 07:06:352024-08-17 07:06:35A Deep Dive Into a New ValleyRAT Campaign Targeting Chinese Speakers
These vulnerabilities could allow attackers to execute arbitrary code, disclose sensitive information, or disrupt device functionality, posing a significant threat to industrial and commercial networks relying on these devices.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-08-17 06:06:352024-08-17 06:06:35CISA Warns Critical Vulnerabilities in Vonets WiFi Bridge Devices, No Patch Available
A recent investigation uncovered a credit card skimmer using a web socket connection to steal credit card details from an infected PrestaShop website. Attackers use web sockets for obfuscation, making it difficult to analyze traffic.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-08-16 22:06:552024-08-16 22:06:55Iran Reportedly Grapples With Major Cyberattack on Banking Systems
Social Security numbers, physical addresses, and more—all available online. After months of confusion, leaked information from a background-check firm underscores the long-term risks of data breaches.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-08-16 19:06:402024-08-16 19:06:40The Slow-Burn Nightmare of the National Public Data Breach
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-08-16 19:06:402024-08-16 19:06:40Are 2024 US Political Campaigns Prepared for the Coming Cyber Threats?
European hosting companies were found to be supporting the Kremlin-linked disinformation campaign, prompting Doppelgänger operators to quickly back up their systems and data.
BackBox.org offers a range of Penetration Testing services to simulate an attack on your network or application. If you are interested in our services, please contact us and we will provide you with further information as well as an initial consultation.
Server-Side Template Injection: Transforming Web Applications from Assets to Liabilities – Check Point Research
/in General NewsServer-Side Template Injection (SSTI) vulnerabilities are a growing concern in web applications, allowing attackers to inject malicious code into templates and gain control over servers.
Cyware News – Latest Cyber News – Read More
A Deep Dive Into a New ValleyRAT Campaign Targeting Chinese Speakers
/in General NewsThe malware masquerades as legitimate applications like Microsoft Office and creates an empty file to lure users. It also checks for virtual machines and uses sleep obfuscation to evade memory scanners.
Cyware News – Latest Cyber News – Read More
CISA Warns Critical Vulnerabilities in Vonets WiFi Bridge Devices, No Patch Available
/in General NewsThese vulnerabilities could allow attackers to execute arbitrary code, disclose sensitive information, or disrupt device functionality, posing a significant threat to industrial and commercial networks relying on these devices.
Cyware News – Latest Cyber News – Read More
PrestaShop GTAG Websocket Skimmer
/in General NewsA recent investigation uncovered a credit card skimmer using a web socket connection to steal credit card details from an infected PrestaShop website. Attackers use web sockets for obfuscation, making it difficult to analyze traffic.
Cyware News – Latest Cyber News – Read More
Sophos X-Ops: Ransomware gangs escalating tactics, going to ‘chilling’ lengths
/in General NewsWhether targeting executives’ family members or snitching on those that don’t pay, ransomware gangs are taking their tactics to new heights.Read More
Security News | VentureBeat – Read More
Iran Reportedly Grapples With Major Cyberattack on Banking Systems
/in General NewsThe last known cyberattack waged against Iranian infrastructure took place last December with the blame placed on Israel and the US.
darkreading – Read More
The Slow-Burn Nightmare of the National Public Data Breach
/in General NewsSocial Security numbers, physical addresses, and more—all available online. After months of confusion, leaked information from a background-check firm underscores the long-term risks of data breaches.
Security Latest – Read More
Are 2024 US Political Campaigns Prepared for the Coming Cyber Threats?
/in General NewsWhen it comes to this year’s candidates and political campaigns fending off major cyberattacks, a lot has changed since the 2016 election cycle.
darkreading – Read More
Doppelgänger Operation Rushes to Secure Itself Amid Ongoing Detections, German Agency Says
/in General NewsEuropean hosting companies were found to be supporting the Kremlin-linked disinformation campaign, prompting Doppelgänger operators to quickly back up their systems and data.
Cyware News – Latest Cyber News – Read More
Threat Actors Increasingly Target macOS, Report Finds
/in General NewsA new report from cyber threat intelligence company Intel471 reveals that threat actors are infiltrating macOS.
Security | TechRepublic – Read More