BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
No feed items found.
Exploit DB
- [remote] Microsoft Windows - NTLM Hash Leak Malicious Windows Theme
- [remote] Aztech DSL5005EN Router - 'sysAccess.asp' Admin Password Change (Unauthenticated)
- [webapps] TeamPass 3.0.0.21 - SQL Injection
- [webapps] Jasmin Ransomware - SQL Injection Login Bypass
- [webapps] FluxBB 1.5.11 - Stored Cross-Site Scripting (XSS)
- [webapps] JUX Real Estate 3.4.0 - SQL Injection
- [webapps] Loaded Commerce 6.6 - Client-Side Template Injection(CSTI) (AngularJS)
- [webapps] Extensive VC Addons for WPBakery page builder 1.9.0 - Remote Code Execution (RCE)
- [webapps] TranzAxis 3.2.41.10.26 - Stored Cross-Site Scripting (XSS) (Authenticated)
- [webapps] Gitea 1.24.0 - HTML Injection
Cloudy with a Chance of Cyberattack: Understanding LOTC Attacks and How ZTNA Can Prevent Them
/in General NewsWith Living Off the Cloud (LOTC) attacks, hackers abuse APIs of trusted cloud services to remotely control botnets but also to make malicious traffic appear as trusted cloud traffic.
The post Cloudy with a Chance of Cyberattack: Understanding LOTC Attacks and How ZTNA Can Prevent Them appeared first on SecurityWeek.
SecurityWeek – Read More
Europol Says Home Routing Mobile Encryption Feature Aids Criminals
/in General NewsEuropol is proposing solutions to address challenges posed by privacy-enhancing technologies in Home Routing that impede law enforcement’s ability to intercept communications in criminal investigations.
Cyware News – Latest Cyber News – Read More
Gogs Vulnerabilities May Put Your Source Code at Risk
/in General NewsExploiting these flaws could allow attackers to execute arbitrary commands, read source code, and gain unauthorized access. The vulnerabilities require authentication, with one flaw specifically requiring the built-in SSH server to be enabled.
Cyware News – Latest Cyber News – Read More
Vinted Fined $2.6m Over Data Protection Failure
/in General NewsVinted, a prominent online platform for second-hand sales, has been fined €2,385,276 ($2,582,730) for violating the EU’s General Data Protection Regulation (GDPR) by not properly handling personal data deletion requests.
Cyware News – Latest Cyber News – Read More
Report: 99% of IoT Exploitation Attempts Rely on Previously Known CVEs
/in General NewsThe expanding attack surface, with over 15 billion connected devices worldwide, raises concerns about privacy breaches for users. The average home now has 21 connected devices, facing more than 10 daily cyberattacks.
Cyware News – Latest Cyber News – Read More
Report: 47% of Corporate Data Stored in the Cloud Is Sensitive
/in General NewsCloud resources are increasingly targeted by cyberattacks, with SaaS applications, cloud storage, and cloud management infrastructure being the top categories of attack, according to Thales.
Cyware News – Latest Cyber News – Read More
GootLoader is Still Active and Efficient
/in General NewsThe malware has evolved into multiple versions, with GootLoader 3 being the latest one in use. Despite updates to the payload, the infection strategies have remained consistent since its resurgence in 2020.
Cyware News – Latest Cyber News – Read More
Critical Unpatched Flaws Disclosed in Popular Gogs Open-Source Git Service
/in General NewsFour unpatched security flaws, including three critical ones, have been disclosed in the Gogs open-source, self-hosted Git service that could enable an authenticated attacker to breach susceptible instances, steal or wipe source code, and even plant backdoors.
The vulnerabilities, according to SonarSource researchers Thomas Chauchefoin and Paul Gerste, are listed below –
CVE-2024-39930 (CVSS
The Hacker News – Read More
Pro-Bangladeshi Hacktivists Enter Global Stage with Matryoshka 424 Alliance
/in General NewsTeam ARXU gained recognition earlier this year for targeting Romania over its support for Israel. The hacker group has a history of cyberattacks against Israel and its allies.
Cyware News – Latest Cyber News – Read More
Infostealing Malware Masquerading as Generative AI Tools
/in General NewsInformation-stealing malware families have evolved to impersonate generative AI tools, with examples like GoldPickaxe stealing facial recognition data for deepfake videos.
Cyware News – Latest Cyber News – Read More