Monocle is an open-source tool powered by an LLM for searching natural language in compiled binaries. It can analyze binaries based on criteria like authentication code or password strings, using Ghidra headless for decompilation.
The cybersecurity arm of the UK government, RITICS, has released a new guide to assist companies in enhancing the security of their operational technology (OT) and industrial control system (ICS) hardware.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-07-10 10:08:252024-07-10 10:08:25UK Government Advises Best Practices for Embedded Device Security
Approximately 68 malicious packages were created between May 26 and June 23, 2024, with deceptive names like cdnjquery and jquertyi. These packages were manually crafted, unlike automated attacks, allowing the threat actor to steal website form data.
Hackers are targeting a vulnerability in the Modern Events Calendar WordPress plugin found on over 150,000 websites to upload files and execute code remotely. The plugin by Webnus is used to manage events.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-07-10 10:08:232024-07-10 10:08:23Google Is Adding Passkey Support for Its Most Vulnerable Users
The tech giant has rolled out passkey support for account authentication within its Advanced Protection Program to complement existing compatibility with FIDO2 hardware keys.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-07-10 10:08:232024-07-10 10:08:23Google Targets Passkey Support to High-Risk Execs, Civil Society
Cryptocurrency analysts have shed light on an online marketplace called HuiOne Guarantee that’s widely used by cybercriminals in Southeast Asia, particularly those linked to pig butchering scams.
“Merchants on the platform offer technology, data, and money laundering services, and have engaged in transactions totaling at least $11 billion,” Elliptic said in a report shared with The Hacker News.
Deepfake scam services. Victim data. Electrified shackles for human trafficking. Crypto tracing firm Elliptic found all were available for sale on an online marketplace linked to Cambodia’s ruling family.
The sophisticated malware known as ViperSoftX has been observed being distributed as eBooks over torrents.
“A notable aspect of the current variant of ViperSoftX is that it uses the Common Language Runtime (CLR) to dynamically load and run PowerShell commands, thereby creating a PowerShell environment within AutoIt for operations,” Trellix security researchers Mathanraj Thangaraju and Sijo Jacob
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-07-10 07:07:252024-07-10 07:07:25ViperSoftX Malware Disguises as eBooks on Torrents to Spread Stealthy Attacks
BackBox.org offers a range of Penetration Testing services to simulate an attack on your network or application. If you are interested in our services, please contact us and we will provide you with further information as well as an initial consultation.
Monocle: Open-Source LLM for Binary Analysis Search
/in General NewsMonocle is an open-source tool powered by an LLM for searching natural language in compiled binaries. It can analyze binaries based on criteria like authentication code or password strings, using Ghidra headless for decompilation.
Cyware News – Latest Cyber News – Read More
UK Government Advises Best Practices for Embedded Device Security
/in General NewsThe cybersecurity arm of the UK government, RITICS, has released a new guide to assist companies in enhancing the security of their operational technology (OT) and industrial control system (ICS) hardware.
Cyware News – Latest Cyber News – Read More
Persistent npm Campaign Shipping Trojanized jQuery
/in General NewsApproximately 68 malicious packages were created between May 26 and June 23, 2024, with deceptive names like cdnjquery and jquertyi. These packages were manually crafted, unlike automated attacks, allowing the threat actor to steal website form data.
Cyware News – Latest Cyber News – Read More
Unsecured Database Exposed 39 Million Sensitive Legal Records Online
/in General NewsMillions of Legal Documents Exposed Online! Sensitive data leak raises security concerns for the legal industry. Learn how…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Hackers Target WordPress Calendar Plugin Used by 150,000 Sites
/in General NewsHackers are targeting a vulnerability in the Modern Events Calendar WordPress plugin found on over 150,000 websites to upload files and execute code remotely. The plugin by Webnus is used to manage events.
Cyware News – Latest Cyber News – Read More
Google Is Adding Passkey Support for Its Most Vulnerable Users
/in General NewsGoogle is bringing the password-killing “passkey” tech to its Advanced Protection Program users more than a year after rolling them out broadly.
Security Latest – Read More
Google Targets Passkey Support to High-Risk Execs, Civil Society
/in General NewsThe tech giant has rolled out passkey support for account authentication within its Advanced Protection Program to complement existing compatibility with FIDO2 hardware keys.
darkreading – Read More
Crypto Analysts Expose HuiOne Guarantee’s $11 Billion Cybercrime Transactions
/in General NewsCryptocurrency analysts have shed light on an online marketplace called HuiOne Guarantee that’s widely used by cybercriminals in Southeast Asia, particularly those linked to pig butchering scams.
“Merchants on the platform offer technology, data, and money laundering services, and have engaged in transactions totaling at least $11 billion,” Elliptic said in a report shared with The Hacker News.
The Hacker News – Read More
The $11 Billion Marketplace Enabling the Crypto Scam Economy
/in General NewsDeepfake scam services. Victim data. Electrified shackles for human trafficking. Crypto tracing firm Elliptic found all were available for sale on an online marketplace linked to Cambodia’s ruling family.
Security Latest – Read More
ViperSoftX Malware Disguises as eBooks on Torrents to Spread Stealthy Attacks
/in General NewsThe sophisticated malware known as ViperSoftX has been observed being distributed as eBooks over torrents.
“A notable aspect of the current variant of ViperSoftX is that it uses the Common Language Runtime (CLR) to dynamically load and run PowerShell commands, thereby creating a PowerShell environment within AutoIt for operations,” Trellix security researchers Mathanraj Thangaraju and Sijo Jacob
The Hacker News – Read More