BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
Exploit DB
- [webapps] Reservit Hotel 2.1 - Stored Cross-Site Scripting (XSS)
- [webapps] DataEase 2.4.0 - Database Configuration Information Exposure
- [webapps] Palo Alto Networks Expedition 1.2.90.1 - Admin Account Takeover
- [webapps] Watcharr 1.43.0 - Remote Code Execution (RCE)
- [webapps] WBCE CMS 1.6.3 - Authenticated Remote Code Execution (RCE)
- [webapps] Backup and Staging by WP Time Capsule 1.22.21 - Unauthenticated Arbitrary File Upload
- [webapps] Next.js Middleware 15.2.2 - Authorization Bypass
- [webapps] IBM Security Verify Access 10.0.0 - Open Redirect during OAuth Flow
- [remote] Microchip TimeProvider 4100 Grandmaster (Data plot modules) 2.4.6 - SQL Injection
- [webapps] Royal Elementor Addons and Templates 1.3.78 - Unauthenticated Arbitrary File Upload
Novel TunnelVision Attack Against Impacts Virtually All VPN Apps Through DHCP Server Manipulation
/in General NewsThe TunnelVision attack is a newly discovered method that can compromise the security of most Virtual Private Network (VPN) applications by diverting traffic away from the encrypted tunnel, exposing it to potential interception.
Cyware News – Latest Cyber News – Read More
Russian Operator of BTC-e Crypto Exchange Pleads Guilty to Money Laundering
/in General NewsA Russian operator of a now-dismantled BTC-e cryptocurrency exchange has pleaded guilty to money laundering charges from 2011 to 2017.
Alexander Vinnik, 44, was charged in January 2017 and taken into custody in Greece in July 2017. He was subsequently extradited to the U.S. in August 2022. Vinnik and his co-conspirators have been accused of owning and managing
The Hacker News – Read More
WordPress Plugin Exploit Impacts Over 90,000 Websites
/in General NewsThe vulnerability, which has a CVSS score of 9.8, is a SQL injection flaw that allows attackers to execute unauthorized SQL queries and potentially compromise the integrity and confidentiality of the WordPress database.
Cyware News – Latest Cyber News – Read More
Mastodon Delays Firm Fix to Solve Link Preview DDoS Issue
/in General NewsMastodon delayed a firm fix for link preview DDoS issues, pushing it back to version 4.4.0 from the expected 4.3.0 release. The issue arises from the decentralized nature of Mastodon, where link previews generate excessive traffic on host servers.
Cyware News – Latest Cyber News – Read More
Citrix Addresses High-Severity NetScaler Servers Flaw
/in General NewsCitrix appears to have quietly addressed a vulnerability in its NetScaler ADC and Gateway appliances that gave remote, unauthenticated attackers a way to obtain potentially sensitive information from the memory of affected systems.
Cyware News – Latest Cyber News – Read More
MITRE Hack: China-Linked Group Breached Systems in December 2023
/in General NewsMITRE has shared more details on the recent hack, including the new malware involved in the attack and a timeline of the attacker’s activities.
The post MITRE Hack: China-Linked Group Breached Systems in December 2023 appeared first on SecurityWeek.
SecurityWeek – Read More
NATO and the EU Formally Condemned APT28 Cyber Espionage
/in General NewsThe nation-state actor APT28 exploited the zero-day flaw CVE-2023-23397 in attacks against European entities since April 2022. The Russia-linked APT also targeted NATO entities and Ukrainian government agencies.
Cyware News – Latest Cyber News – Read More
Anetac Raises $16M in Funding
/in General NewsAnetac, a startup protecting companies from blind spots of service accounts in hybrid environments, raised $16M in funding. The round was led by Liberty Global with participation from Shield Capital, GP Ventures, Anetac CEO Tim Eades and Jason Witty.
Cyware News – Latest Cyber News – Read More
Citrix Addresses High-Severity Flaw in NetScaler ADC and Gateway
/in General NewsThe flaw was nearly identical to last year’s CitrixBleed flaw, though not as severe.
darkreading – Read More
Supply Chain Breaches Up 68% Year Over Year, According to DBIR
/in General NewsAs Verizon Business redefines “supply chain breach,” it could either help organizations address third-party risk holistically or just conflate and confuse.
darkreading – Read More