Events like the recent massive CDK ransomware attack – which shuttered car dealerships across the U.S. in late June 2024 – barely raise public eyebrows anymore.
Yet businesses, and the people that lead them, are justifiably jittery. Every CISO knows that cybersecurity is an increasingly hot topic for executives and board members alike. And when the inevitable CISO/Board briefing rolls
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-07-08 12:06:552024-07-08 12:06:555 Key Questions CISOs Must Ask Themselves About Their Cybersecurity Strategy
A new variation of WordFence evasion malware has been discovered, concealing backdoors in infected WordPress environments. A suspicious plugin named “wp-engine-fast-action” was found tampering with the popular WordFence security plugin.
Financial institutions in Latin America are being threatened by a banking trojan called Mekotio (aka Melcoz).
That’s according to findings from Trend Micro, which said it recently observed a surge in cyber attacks distributing the Windows malware.
Mekotio, known to be actively put to use since 2015, is known to target Latin American countries like Brazil, Chile, Mexico, Spain, Peru, and Portugal
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-07-08 11:07:042024-07-08 11:07:04Experts Warn of Mekotio Banking Trojan Targeting Latin American Countries
With Living Off the Cloud (LOTC) attacks, hackers abuse APIs of trusted cloud services to remotely control botnets but also to make malicious traffic appear as trusted cloud traffic.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-07-08 11:07:032024-07-08 11:07:03Cloudy with a Chance of Cyberattack: Understanding LOTC Attacks and How ZTNA Can Prevent Them
Europol is proposing solutions to address challenges posed by privacy-enhancing technologies in Home Routing that impede law enforcement’s ability to intercept communications in criminal investigations.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-07-08 11:07:032024-07-08 11:07:03Europol Says Home Routing Mobile Encryption Feature Aids Criminals
Exploiting these flaws could allow attackers to execute arbitrary commands, read source code, and gain unauthorized access. The vulnerabilities require authentication, with one flaw specifically requiring the built-in SSH server to be enabled.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-07-08 10:06:402024-07-08 10:06:40Gogs Vulnerabilities May Put Your Source Code at Risk
Vinted, a prominent online platform for second-hand sales, has been fined €2,385,276 ($2,582,730) for violating the EU’s General Data Protection Regulation (GDPR) by not properly handling personal data deletion requests.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-07-08 10:06:402024-07-08 10:06:40Vinted Fined $2.6m Over Data Protection Failure
The expanding attack surface, with over 15 billion connected devices worldwide, raises concerns about privacy breaches for users. The average home now has 21 connected devices, facing more than 10 daily cyberattacks.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-07-08 10:06:402024-07-08 10:06:40Report: 99% of IoT Exploitation Attempts Rely on Previously Known CVEs
Cloud resources are increasingly targeted by cyberattacks, with SaaS applications, cloud storage, and cloud management infrastructure being the top categories of attack, according to Thales.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-07-08 10:06:392024-07-08 10:06:39Report: 47% of Corporate Data Stored in the Cloud Is Sensitive
BackBox.org offers a range of Penetration Testing services to simulate an attack on your network or application. If you are interested in our services, please contact us and we will provide you with further information as well as an initial consultation.
5 Key Questions CISOs Must Ask Themselves About Their Cybersecurity Strategy
/in General NewsEvents like the recent massive CDK ransomware attack – which shuttered car dealerships across the U.S. in late June 2024 – barely raise public eyebrows anymore.
Yet businesses, and the people that lead them, are justifiably jittery. Every CISO knows that cybersecurity is an increasingly hot topic for executives and board members alike. And when the inevitable CISO/Board briefing rolls
The Hacker News – Read More
New Variation of WordFence Evasion Malware Discovered
/in General NewsA new variation of WordFence evasion malware has been discovered, concealing backdoors in infected WordPress environments. A suspicious plugin named “wp-engine-fast-action” was found tampering with the popular WordFence security plugin.
Cyware News – Latest Cyber News – Read More
Experts Warn of Mekotio Banking Trojan Targeting Latin American Countries
/in General NewsFinancial institutions in Latin America are being threatened by a banking trojan called Mekotio (aka Melcoz).
That’s according to findings from Trend Micro, which said it recently observed a surge in cyber attacks distributing the Windows malware.
Mekotio, known to be actively put to use since 2015, is known to target Latin American countries like Brazil, Chile, Mexico, Spain, Peru, and Portugal
The Hacker News – Read More
Attackers Exploiting Remote Code Execution Vulnerability in Ghostscript
/in General NewsVulnerability in Ghostscript (CVE-2024-29510) allows attackers to bypass sandbox for remote code execution.
The post Attackers Exploiting Remote Code Execution Vulnerability in Ghostscript appeared first on SecurityWeek.
SecurityWeek – Read More
Cloudy with a Chance of Cyberattack: Understanding LOTC Attacks and How ZTNA Can Prevent Them
/in General NewsWith Living Off the Cloud (LOTC) attacks, hackers abuse APIs of trusted cloud services to remotely control botnets but also to make malicious traffic appear as trusted cloud traffic.
The post Cloudy with a Chance of Cyberattack: Understanding LOTC Attacks and How ZTNA Can Prevent Them appeared first on SecurityWeek.
SecurityWeek – Read More
Europol Says Home Routing Mobile Encryption Feature Aids Criminals
/in General NewsEuropol is proposing solutions to address challenges posed by privacy-enhancing technologies in Home Routing that impede law enforcement’s ability to intercept communications in criminal investigations.
Cyware News – Latest Cyber News – Read More
Gogs Vulnerabilities May Put Your Source Code at Risk
/in General NewsExploiting these flaws could allow attackers to execute arbitrary commands, read source code, and gain unauthorized access. The vulnerabilities require authentication, with one flaw specifically requiring the built-in SSH server to be enabled.
Cyware News – Latest Cyber News – Read More
Vinted Fined $2.6m Over Data Protection Failure
/in General NewsVinted, a prominent online platform for second-hand sales, has been fined €2,385,276 ($2,582,730) for violating the EU’s General Data Protection Regulation (GDPR) by not properly handling personal data deletion requests.
Cyware News – Latest Cyber News – Read More
Report: 99% of IoT Exploitation Attempts Rely on Previously Known CVEs
/in General NewsThe expanding attack surface, with over 15 billion connected devices worldwide, raises concerns about privacy breaches for users. The average home now has 21 connected devices, facing more than 10 daily cyberattacks.
Cyware News – Latest Cyber News – Read More
Report: 47% of Corporate Data Stored in the Cloud Is Sensitive
/in General NewsCloud resources are increasingly targeted by cyberattacks, with SaaS applications, cloud storage, and cloud management infrastructure being the top categories of attack, according to Thales.
Cyware News – Latest Cyber News – Read More