Cryptocurrency exchange hacks and exploits are on the rise, with $1.38bn stolen in the first half of 2024, double the amount stolen in 2023. While it is lower than the record-breaking $2bn stolen in 2022, the surge may be due to higher token prices.
The Problem
The “2024 Attack Intelligence Report” from the staff at Rapid7 [1] is a well-researched, well-written report that is worthy of careful study. Some key takeaways are:
53% of the over 30 new vulnerabilities that were widely exploited in 2023 and at the start of 2024 were zero-days.
More mass compromise events arose from zero-day vulnerabilities than from n-day vulnerabilities.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-07-10 12:06:442024-07-10 12:06:44It’s Time to Reassess Your Cybersecurity Priorities
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-07-10 12:06:432024-07-10 12:06:43The best space heaters of 2024
As part of Microsoft’s July 2024 Patch Tuesday, 142 flaws were addressed, including two zero-days actively exploited and two publicly disclosed. Five critical vulnerabilities were fixed, all related to remote code execution.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-07-10 12:06:432024-07-10 12:06:43US Disrupts AI-Powered Russian Bot Farm on X
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-07-10 12:06:422024-07-10 12:06:42Can AI be Meaningfully Regulated, or is Regulation a Deceitful Fudge?
A vulnerability in certain versions of the OpenSSH secure networking suite may allow for remote code execution. The vulnerability, identified as CVE-2024-6409 with a CVSS score of 7.0, affects specific versions of OpenSSH such as 8.7p1 and 8.8p1.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-07-10 11:06:472024-07-10 11:06:47New Flaw in OpenSSH can Lead to Remote Code Execution
The CISA is developing a new framework to assess the trustworthiness of open-source software projects. The agency’s open-source software security roadmap aims to increase visibility into OSS use and risks across the federal government.
BackBox.org offers a range of Penetration Testing services to simulate an attack on your network or application. If you are interested in our services, please contact us and we will provide you with further information as well as an initial consultation.
Crypto Thefts Double to $1.4 Billion, TRM Labs Finds
/in General NewsCryptocurrency exchange hacks and exploits are on the rise, with $1.38bn stolen in the first half of 2024, double the amount stolen in 2023. While it is lower than the record-breaking $2bn stolen in 2022, the surge may be due to higher token prices.
Cyware News – Latest Cyber News – Read More
Smash-and-Grab Extortion
/in General NewsThe Problem
The “2024 Attack Intelligence Report” from the staff at Rapid7 [1] is a well-researched, well-written report that is worthy of careful study. Some key takeaways are:
53% of the over 30 new vulnerabilities that were widely exploited in 2023 and at the start of 2024 were zero-days.
More mass compromise events arose from zero-day vulnerabilities than from n-day vulnerabilities.
The Hacker News – Read More
ICS Patch Tuesday: Siemens, Schneider Electric, CISA Issue Advisories
/in General NewsSeveral ICS vendors released advisories on Tuesday to inform customers about vulnerabilities found in industrial and OT products.
The post ICS Patch Tuesday: Siemens, Schneider Electric, CISA Issue Advisories appeared first on SecurityWeek.
SecurityWeek – Read More
It’s Time to Reassess Your Cybersecurity Priorities
/in General NewsA cyber resilience strategy is vital for business continuity and can provide a range of benefits before, during, and after a cyberattack.
The post It’s Time to Reassess Your Cybersecurity Priorities appeared first on SecurityWeek.
SecurityWeek – Read More
The best space heaters of 2024
/in General NewsWe rounded up the best smart space heaters that connect to Wi-Fi, mobile apps, and voice assistants for 24/7 control.
Latest news – Read More
Microsoft July 2024 Patch Tuesday Fixes 142 Flaws, 4 Zero-Days
/in General NewsAs part of Microsoft’s July 2024 Patch Tuesday, 142 flaws were addressed, including two zero-days actively exploited and two publicly disclosed. Five critical vulnerabilities were fixed, all related to remote code execution.
Cyware News – Latest Cyber News – Read More
US Disrupts AI-Powered Russian Bot Farm on X
/in General NewsThe US and allies blame Russian state-sponsored threat actors for using Meliorator AI software to create a social media bot farm.
The post US Disrupts AI-Powered Russian Bot Farm on X appeared first on SecurityWeek.
SecurityWeek – Read More
Can AI be Meaningfully Regulated, or is Regulation a Deceitful Fudge?
/in General NewsFew people understand AI, nor how to use nor control it, nor where it is going. Yet politicians wish to regulate it.
The post Can AI be Meaningfully Regulated, or is Regulation a Deceitful Fudge? appeared first on SecurityWeek.
SecurityWeek – Read More
New Flaw in OpenSSH can Lead to Remote Code Execution
/in General NewsA vulnerability in certain versions of the OpenSSH secure networking suite may allow for remote code execution. The vulnerability, identified as CVE-2024-6409 with a CVSS score of 7.0, affects specific versions of OpenSSH such as 8.7p1 and 8.8p1.
Cyware News – Latest Cyber News – Read More
How CISA Plans to Measure Trust in Open-Source Software
/in General NewsThe CISA is developing a new framework to assess the trustworthiness of open-source software projects. The agency’s open-source software security roadmap aims to increase visibility into OSS use and risks across the federal government.
Cyware News – Latest Cyber News – Read More