BackBox.org offers a range of Penetration Testing services to simulate an attack on your network or application. If you are interested in our services, please contact us and we will provide you with further information as well as an initial consultation.
Iranian MuddyWater Hackers Adopt New C2 Tool ‘DarkBeatC2’ in Latest Campaign
/in General NewsThe Iranian threat actor known as MuddyWater has been attributed to a new command-and-control (C2) infrastructure called DarkBeatC2, becoming the latest such tool in its arsenal after SimpleHarm, MuddyC3, PhonyC2, and MuddyC2Go.
“While occasionally switching to a new remote administration tool or changing their C2 framework, MuddyWater’s methods remain constant,” Deep
The Hacker News – Read More
Zero-Day Alert: Critical Palo Alto Networks PAN-OS Flaw Under Active Attack
/in General NewsPalo Alto Networks is warning that a critical flaw impacting its PAN-OS software used in its GlobalProtect gateways is being exploited in the wild.
Tracked as CVE-2024-3400, the issue has a CVSS score of 10.0, indicating maximum severity.
“A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature
The Hacker News – Read More
CISA Alerts Organizations Regarding Cyber Incident at Global Data Analytics Company
/in General NewsCISA is taking an active role in collaborating with private industry partners to respond to this incident, especially as it relates to impacted critical infrastructure sector organizations.
Cyware News – Latest Cyber News – Read More
Palo Alto Networks Warns of Exploited Firewall Vulnerability
/in General NewsPalo Alto Networks warns of limited exploitation of a critical command injection vulnerability leading to code execution on firewalls.
The post Palo Alto Networks Warns of Exploited Firewall Vulnerability appeared first on SecurityWeek.
SecurityWeek – Read More
Credit Card Skimmer Hidden in Fake Facebook Pixel Tracker
/in General NewsIn recent months, Sucuri researchers encountered a number of cases where attackers inject malware into website software that allows for custom or miscellaneous code, such as the Magento admin panel or WordPress plugins.
Cyware News – Latest Cyber News – Read More
‘BatBadBut’ Command Injection Vulnerability Affects Multiple Programming Languages
/in General NewsA critical vulnerability in multiple programming languages allows attackers to inject commands in Windows applications.
The post ‘BatBadBut’ Command Injection Vulnerability Affects Multiple Programming Languages appeared first on SecurityWeek.
SecurityWeek – Read More
Cyberespionage Group Earth Hundun’s Continuous Refinement of Waterbear and Deuterbear
/in General NewsIn 2022, Earth Hundun began using the latest version of Waterbear (aka Deuterbear) which has several changes, including anti-memory scanning and decryption routines, that distinguish it from the original Waterbear.
Cyware News – Latest Cyber News – Read More
Threat Actors Manipulate GitHub Search to Deliver Malware
/in General NewsCheckmarx warns of a new attack relying on GitHub search manipulation to deliver malicious code.
The post Threat Actors Manipulate GitHub Search to Deliver Malware appeared first on SecurityWeek.
SecurityWeek – Read More
IT Pros Targeted with Malicious Google Ads for PuTTY, FileZilla
/in General NewsAn ongoing malvertising campaign is targeting IT administrators looking to download system utilities such as PuTTY (a free SSH and Telnet client) and FileZilla (a free cross-platform FTP application).
Cyware News – Latest Cyber News – Read More
LastPass Employee Targeted With Deepfake Calls
/in General NewsLastPass this week revealed that one of its employees was targeted in a phishing attack involving deepfake technology.
The post LastPass Employee Targeted With Deepfake Calls appeared first on SecurityWeek.
SecurityWeek – Read More