BackBox.org offers a range of Penetration Testing services to simulate an attack on your network or application. If you are interested in our services, please contact us and we will provide you with further information as well as an initial consultation.
Cryptominers Targeting Misconfigured Apache Hadoop and Flink with Rootkit in New Attacks
/in General NewsCybersecurity researchers have identified a new attack that exploits misconfigurations in Apache Hadoop and Flink to deploy cryptocurrency miners within targeted environments.
“This attack is particularly intriguing due to the attacker’s use of packers and rootkits to conceal the malware,” Aqua security researchers Nitzan Yaakov and Assaf Morag said in an analysis published earlier
The Hacker News – Read More
Android’s January 2024 Security Update Patches 58 Vulnerabilities
/in General NewsGoogle has released patches for 58 vulnerabilities in the Android platform, including high-severity issues in the Framework and System components. Users are advised to update their devices promptly to protect against potential exploits.
Cyware News – Latest Cyber News – Read More
Ivanti Researchers Report Two Critical Zero-Day Vulnerabilities
/in General NewsPatches will be available in late January and February, but until then, customers must take mitigation measures.
darkreading – Read More
The Future of IT: Info-Tech LIVE 2024 Conference Announced for September
/in General NewsInfo-Tech Research Group has announced the return of Info-Tech LIVE for 2024, an event for IT leaders, exhibitors, and media to explore emerging technology trends and innovative insights.
darkreading – Read More
Volt Typhoon Ramps Up Malicious Activity Against Critical Infrastructure
/in General NewsThe Chinese state-sponsored APT has compromised as many as 30% of Cisco legacy routers on a SOHO botnet that multiple threat groups use.
darkreading – Read More
OpenAI’s New GPT Store May Carry Data Security Risks
/in General NewsThird-party developers of custom GPTs (mostly) aren’t able to see your chats, but they can access, store, and potentially utilize some other kinds of personal data you share.
darkreading – Read More
Move Over, APTs: Cybercriminals Now Target Critical Infrastructure Too
/in General NewsDanish energy sector attacks attributed to Russia’s Sandworm APT turn out to be the work of a new concern: cyber opportunists.
darkreading – Read More
Act Now: CISA Flags Active Exploitation of Microsoft SharePoint Vulnerability
/in General NewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security vulnerability impacting Microsoft SharePoint Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
The issue, tracked as CVE-2023-29357 (CVSS score: 9.8), is a privilege escalation flaw that could be exploited by an attacker to gain
The Hacker News – Read More
Mandiant, SEC Lose Control of X Accounts Without 2FA
/in General NewsCrypto hacks on Mandiant and SEC X accounts are the predictable result of the social media platform’s upcharge for basic cybersecurity protections, experts say.
darkreading – Read More
Researchers Flag FBot Hacking Tool Hijacking Cloud, Payment Services
/in General NewsThe tool, called FBot, is capable of credential harvesting for spamming attacks, and AWS, PayPal and SaaS account hijacking.
The post Researchers Flag FBot Hacking Tool Hijacking Cloud, Payment Services appeared first on SecurityWeek.
SecurityWeek – Read More