BackBox.org offers a range of Penetration Testing services to simulate an attack on your network or application. If you are interested in our services, please contact us and we will provide you with further information as well as an initial consultation.
Info Stealing Packages Hidden in PyPI
/in General NewsMalicious Python packages on PyPI, such as nigpal, figflix, and seGMM, have been identified, with payloads designed to steal sensitive information from victims’ devices, particularly targeting Windows users.
Cyware News – Latest Cyber News – Read More
Outlook Vulnerability Discovery and New Ways to Leak NTLM Hashes
/in General NewsAttackers can use stolen NTLM v2 hashes for offline brute-force attacks or authentication relay attacks, potentially compromising user accounts and gaining unauthorized access.
Cyware News – Latest Cyber News – Read More
Update: Hackers Start Exploiting Critical Atlassian Confluence RCE Flaw
/in General NewsOrganizations with outdated Confluence instances should treat them as potentially compromised, look for signs of exploitation, perform a thorough cleanup, and update to a safe version to mitigate the risk.
Cyware News – Latest Cyber News – Read More
Microsoft Falls Victim to Russia-Backed ‘Midnight Blizzard’ Cyberattack
/in General NewsRussian state-sponsored threat actor Nobelium used a basic password-spray attack to breach Microsoft corporate email accounts, including for execs.
darkreading – Read More
National Cybersecurity Alliance Announces 2024 Data Privacy Week
/in General NewsPost Content
darkreading – Read More
Godzilla Web Shell Attacks Stomp on Critical Apache ActiveMQ Flaw
/in General NewsThousands of vulnerable servers may be open to cyberattacks exploiting the max-severity CVE-2023-46604 bug.
darkreading – Read More
Chinese Spies Exploited Critical VMware Bug for Nearly 2 Years
/in General NewsEven the most careful VMware customers may need to go back and double check that they weren’t compromised by a zero-day exploit for CVE-2023-34048.
darkreading – Read More
Apple Issues Patch for Critical Zero-Day in iPhones, Macs – Update Now
/in General NewsApple on Monday released security updates for iOS, iPadOS, macOS, tvOS, and Safari web browser to address a zero-day flaw that has come under active exploitation in the wild.
The issue, tracked as CVE-2024-23222, is a type confusion bug that could be exploited by a threat actor to achieve arbitrary code execution when processing maliciously crafted web content. The tech giant said the problem
The Hacker News – Read More
Amy Farrow Joins Infoblox As Chief Information Officer
/in General NewsPost Content
darkreading – Read More
F5 Welcomes Samir Sherif As New Chief Information Security Officer
/in General NewsPost Content
darkreading – Read More