Threat actors are attempting to exploit a recently disclosed security flaw impacting Apache Struts that could pave the way for remote code execution.
The issue, tracked as CVE-2024-53677, carries a CVSS score of 9.5 out of 10.0, indicating critical severity. The vulnerability shares similarities with another critical bug the project maintainers addressed in December 2023 (CVE-2023-50164, CVSS
Hackers are abusing legitimate Windows utilities to target Thai law enforcement with a novel malware that is a mix of sophistication and amateurishness.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-12-18 02:07:182024-12-18 02:07:18Thai Police Systems Under Fire From ‘Yokai’ Backdoor
The Cybersecurity and Infrastructure Security Agency (CISA) issued a binding directive on Tuesday giving federal agencies a series of deadlines to identify cloud systems, implement assessment tools and abide by the agency’s Secure Cloud Business Applications (SCuBA) secure configuration baselines.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-12-18 02:07:182024-12-18 02:07:18CISA orders federal agencies to secure Microsoft cloud systems after ‘recent’ intrusions
EU privacy watchdogs hit Facebook owner Meta with fines totaling 251 million euros after an investigation into a 2018 data breach that exposed millions of accounts.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-12-18 00:06:572024-12-18 00:06:57Facebook Owner Hit With 251 Million Euros in Fines for 2018 Data Breach
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-12-17 21:07:232024-12-17 21:07:23CrowdStrike Survey Highlights Security Challenges in AI Adoption
The 29-page filing alleges violations of Nebraska’s consumer protection and data security laws and says Change Healthcare — which is owned by UnitedHealth Group (UHG) — failed to implement proper security measures that exacerbated the data breach, disrupting critical healthcare services across the state.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-12-17 21:07:222024-12-17 21:07:22Nebraska AG sues Change Healthcare, UnitedHealth for data theft after ransomware attack
The cyberattack impacts at least 1.4 million patients, as tranches of highly sensitive personal, medical, and financial data fall into the hands of cyber crooks who have everything they need to carry out convincing social engineering and fraud attacks.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-12-17 21:07:222024-12-17 21:07:22Texas Tech Fumbles Medical Data in Massive Breach
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-12-17 19:07:222024-12-17 19:07:22CISA Directs Federal Agencies to Secure Cloud Environments
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-12-17 19:07:212024-12-17 19:07:21Hackers Leak Partial Cisco Data from 4.5TB of Exposed Records
A new social engineering campaign has leveraged Microsoft Teams as a way to facilitate the deployment of a known malware called DarkGate.
“An attacker used social engineering via a Microsoft Teams call to impersonate a user’s client and gain remote access to their system,” Trend Micro researchers Catherine Loveria, Jovit Samaniego, and Gabriel Nicoleta said.
“The attacker failed to install a
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-12-17 18:07:062024-12-17 18:07:06Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware
BackBox.org offers a range of Penetration Testing services to simulate an attack on your network or application. If you are interested in our services, please contact us and we will provide you with further information as well as an initial consultation.
Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected
/in General NewsThreat actors are attempting to exploit a recently disclosed security flaw impacting Apache Struts that could pave the way for remote code execution.
The issue, tracked as CVE-2024-53677, carries a CVSS score of 9.5 out of 10.0, indicating critical severity. The vulnerability shares similarities with another critical bug the project maintainers addressed in December 2023 (CVE-2023-50164, CVSS
The Hacker News – Read More
Thai Police Systems Under Fire From ‘Yokai’ Backdoor
/in General NewsHackers are abusing legitimate Windows utilities to target Thai law enforcement with a novel malware that is a mix of sophistication and amateurishness.
darkreading – Read More
CISA orders federal agencies to secure Microsoft cloud systems after ‘recent’ intrusions
/in General NewsThe Cybersecurity and Infrastructure Security Agency (CISA) issued a binding directive on Tuesday giving federal agencies a series of deadlines to identify cloud systems, implement assessment tools and abide by the agency’s Secure Cloud Business Applications (SCuBA) secure configuration baselines.
The Record from Recorded Future News – Read More
Facebook Owner Hit With 251 Million Euros in Fines for 2018 Data Breach
/in General NewsEU privacy watchdogs hit Facebook owner Meta with fines totaling 251 million euros after an investigation into a 2018 data breach that exposed millions of accounts.
The post Facebook Owner Hit With 251 Million Euros in Fines for 2018 Data Breach appeared first on SecurityWeek.
SecurityWeek – Read More
CrowdStrike Survey Highlights Security Challenges in AI Adoption
/in General NewsIdeally, generative AI should augment, not replace, cybersecurity workers. But ROI still proves a challenge.
Security | TechRepublic – Read More
Nebraska AG sues Change Healthcare, UnitedHealth for data theft after ransomware attack
/in General NewsThe 29-page filing alleges violations of Nebraska’s consumer protection and data security laws and says Change Healthcare — which is owned by UnitedHealth Group (UHG) — failed to implement proper security measures that exacerbated the data breach, disrupting critical healthcare services across the state.
The Record from Recorded Future News – Read More
Texas Tech Fumbles Medical Data in Massive Breach
/in General NewsThe cyberattack impacts at least 1.4 million patients, as tranches of highly sensitive personal, medical, and financial data fall into the hands of cyber crooks who have everything they need to carry out convincing social engineering and fraud attacks.
darkreading – Read More
CISA Directs Federal Agencies to Secure Cloud Environments
/in General NewsActions direct agencies to deploy specific security configurations to reduce cyber-risk.
darkreading – Read More
Hackers Leak Partial Cisco Data from 4.5TB of Exposed Records
/in General NewsYet another day, yet another data leak tied to Cisco!
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware
/in General NewsA new social engineering campaign has leveraged Microsoft Teams as a way to facilitate the deployment of a known malware called DarkGate.
“An attacker used social engineering via a Microsoft Teams call to impersonate a user’s client and gain remote access to their system,” Trend Micro researchers Catherine Loveria, Jovit Samaniego, and Gabriel Nicoleta said.
“The attacker failed to install a
The Hacker News – Read More