A researcher found a vulnerability that would let hackers strategically downgrade a target’s Windows version to reexpose patched vulnerabilities. Microsoft is working on fixes for the issue.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-08-07 18:06:382024-08-07 18:06:38A Flaw in Windows Update Opens the Door to Zombie Exploits
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-08-07 17:07:042024-08-07 17:07:04GhostWrite Vulnerability Facilitates Attacks on Devices With RISC-V CPU
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-08-07 16:06:342024-08-07 16:06:34Critical Solar Power Grid Vulnerabilities Risk Global Blackouts
According to Acronis, ransomware remains a top threat for SMBs, especially in critical sectors like government and healthcare, where 10 new ransomware groups conducted 84 cyberattacks globally in Q1 2024.
Cybersecurity researchers have disclosed details of security flaws in the Roundcube webmail software that could be exploited to execute malicious JavaScript in a victim’s web browser and steal sensitive information from their account under specific circumstances.
“When a victim views a malicious email in Roundcube sent by an attacker, the attacker can execute arbitrary JavaScript in the victim’s
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-08-07 15:06:562024-08-07 15:06:56Implement MFA or Risk Non-Compliance With GDPR
The U.S. Government Accountability Office is urging the Environmental Protection Agency (EPA) to develop a comprehensive strategy to protect the nation’s drinking and wastewater systems from cyber threats.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-08-07 15:06:562024-08-07 15:06:56Federal Watchdog Urges EPA to Develop Comprehensive Cyber Strategy to Protect Water Systems
Cybersecurity researchers have shed light on a novel Linux kernel exploitation technique dubbed SLUBStick that could be exploited to elevate a limited heap vulnerability to an arbitrary memory read-and-write primitive.
“Initially, it exploits a timing side-channel of the allocator to perform a cross-cache attack reliably,” a group of academics from the Graz University of Technology said [PDF]. ”
BackBox.org offers a range of Penetration Testing services to simulate an attack on your network or application. If you are interested in our services, please contact us and we will provide you with further information as well as an initial consultation.
A Flaw in Windows Update Opens the Door to Zombie Exploits
/in General NewsA researcher found a vulnerability that would let hackers strategically downgrade a target’s Windows version to reexpose patched vulnerabilities. Microsoft is working on fixes for the issue.
Security Latest – Read More
Over 40,000 Internet-Exposed ICS Devices Found in US: Censys
/in General NewsCensys has found more than 40,000 internet-exposed ICS devices in the US, and notifying owners is in many cases impossible.
The post Over 40,000 Internet-Exposed ICS Devices Found in US: Censys appeared first on SecurityWeek.
SecurityWeek – Read More
GhostWrite Vulnerability Facilitates Attacks on Devices With RISC-V CPU
/in General NewsResearchers disclose the details of GhostWrite, a RISC-V CPU vulnerability that can be exploited to gain full access to targeted devices.
The post GhostWrite Vulnerability Facilitates Attacks on Devices With RISC-V CPU appeared first on SecurityWeek.
SecurityWeek – Read More
Critical Solar Power Grid Vulnerabilities Risk Global Blackouts
/in General NewsCybersecurity firm Bitdefender reveals critical vulnerabilities in solar power management platforms, putting 20% of global solar production at…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Report: Email Attacks Skyrocket 293%
/in General NewsAccording to Acronis, ransomware remains a top threat for SMBs, especially in critical sectors like government and healthcare, where 10 new ransomware groups conducted 84 cyberattacks globally in Q1 2024.
Cyware News – Latest Cyber News – Read More
Roundcube Webmail Flaws Allow Hackers to Steal Emails and Passwords
/in General NewsCybersecurity researchers have disclosed details of security flaws in the Roundcube webmail software that could be exploited to execute malicious JavaScript in a victim’s web browser and steal sensitive information from their account under specific circumstances.
“When a victim views a malicious email in Roundcube sent by an attacker, the attacker can execute arbitrary JavaScript in the victim’s
The Hacker News – Read More
Researcher Sounds Alarm on Windows Update Flaws Allowing Undetectable Downgrade Attacks
/in General NewsResearcher showcases hack against Microsoft Windows Update architecture, turning fixed vulnerabilities into zero-days.
The post Researcher Sounds Alarm on Windows Update Flaws Allowing Undetectable Downgrade Attacks appeared first on SecurityWeek.
SecurityWeek – Read More
Implement MFA or Risk Non-Compliance With GDPR
/in General NewsThe UK Information Commissioner’s Office announced its intention to fine Advanced Computer Software Group £6.09 million.
The post Implement MFA or Risk Non-Compliance With GDPR appeared first on SecurityWeek.
SecurityWeek – Read More
Federal Watchdog Urges EPA to Develop Comprehensive Cyber Strategy to Protect Water Systems
/in General NewsThe U.S. Government Accountability Office is urging the Environmental Protection Agency (EPA) to develop a comprehensive strategy to protect the nation’s drinking and wastewater systems from cyber threats.
Cyware News – Latest Cyber News – Read More
New Linux Kernel Exploit Technique ‘SLUBStick’ Discovered by Researchers
/in General NewsCybersecurity researchers have shed light on a novel Linux kernel exploitation technique dubbed SLUBStick that could be exploited to elevate a limited heap vulnerability to an arbitrary memory read-and-write primitive.
“Initially, it exploits a timing side-channel of the allocator to perform a cross-cache attack reliably,” a group of academics from the Graz University of Technology said [PDF]. ”
The Hacker News – Read More