BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
[wp-rss-aggregator feeds="kitploit" limit="10" pagination="off"]
Exploit DB
[wp-rss-aggregator feeds="exploit-db" limit="10" pagination="off"]
Latest news and insights on Security
Critical GeoServer Flaw Enabling Global Hack Campaigns
/in General NewsThe flaw in GeoServer, tracked as CVE-2024-36401 and with a CVSS score of 9.8, was swiftly capitalized on by hackers who launched campaigns using botnet families and cryptominers to spread malicious tools like Goreverse, a reverse proxy server.
Cyware News – Latest Cyber News – Read More
HAProxy Vulnerability CVE-2024-45506 Under Active Exploit: Urgent Patching Required
/in General NewsThis flaw in the HTTP/2 multiplexer can lead to an endless loop, system crashes, and remote denial-of-service attacks, with a CVSS score of 7. 5. The vulnerability impacts HAProxy Enterprise, ALOHA, and Kubernetes Ingress Controller products.
Cyware News – Latest Cyber News – Read More
Thousands of Avis car rental customers had personal data stolen in cyberattack
/in General NewsThe car rental giant says personal information, credit card information, and driver’s license numbers were stolen in the August cyberattack.
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
SonicWall SSLVPN Access Control Flaw is Now Exploited in Akira Ransomware Attacks
/in General NewsInitially believed to only impact SonicOS management access, it has now been confirmed to affect SSLVPN on SonicWall firewalls, including by Akira ransomware affiliates targeting accounts with disabled MFA and outdated firmware versions.
Cyware News – Latest Cyber News – Read More
Wing Security SaaS Pulse: Continuous Security & Actionable Insights — For Free
/in General NewsDesigned to be more than a one-time assessment— Wing Security’s SaaS Pulse provides organizations with actionable insights and continuous oversight into their SaaS security posture—and it’s free!
Introducing SaaS Pulse: Free Continuous SaaS Risk Management
Just like waiting for a medical issue to become critical before seeing a doctor, organizations can’t afford to overlook the constantly
The Hacker News – Read More
LummaC2 Stealer and Malicious Chrome Extension Wreak Havoc
/in General NewsThis attack begins with victims unknowingly downloading a malicious ZIP archive containing an installer file that sideloads a malicious DLL. This DLL then downloads the LummaC2 Stealer and a PowerShell script from a command-and-control server.
Cyware News – Latest Cyber News – Read More
Feds Warn Health Sector to Patch Apache Tomcat Flaws
/in General NewsThe Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center highlighted the ongoing discovery of vulnerabilities in Tomcat that pose a risk to organizations.
Cyware News – Latest Cyber News – Read More
Unmasking PackXOR: The FIN7 Packer Exposed
/in General NewsDespite its connection to FIN7, other threat actors have also employed PackXOR to distribute payloads like XMRig cryptominer and R77 rootkit, often in conjunction with SilentCryptoMiner.
Cyware News – Latest Cyber News – Read More
One Million US Kaspersky Customers Transferred to Pango’s UltraAV
/in General NewsKaspersky’s customers in the US are being acquired by cybersecurity firm Pango and will be offered UltraAV antimalware software.
The post One Million US Kaspersky Customers Transferred to Pango’s UltraAV appeared first on SecurityWeek.
SecurityWeek – Read More
New Android SpyAgent Malware Uses OCR to Steal Crypto Wallet Recovery Keys
/in General NewsAndroid device users in South Korea have emerged as a target of a new mobile malware campaign that delivers a new type of threat dubbed SpyAgent.
The malware “targets mnemonic keys by scanning for images on your device that might contain them,” McAfee Labs researcher SangRyol Ryu said in an analysis, adding the targeting footprint has broadened in scope to include the U.K.
The campaign makes use
The Hacker News – Read More