BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
No feed items found.
Exploit DB
- [webapps] FluxBB 1.5.11 - Stored Cross-Site Scripting (XSS)
- [webapps] JUX Real Estate 3.4.0 - SQL Injection
- [webapps] Loaded Commerce 6.6 - Client-Side Template Injection(CSTI) (AngularJS)
- [webapps] Extensive VC Addons for WPBakery page builder 1.9.0 - Remote Code Execution (RCE)
- [webapps] TranzAxis 3.2.41.10.26 - Stored Cross-Site Scripting (XSS) (Authenticated)
- [webapps] Gitea 1.24.0 - HTML Injection
- [local] VeeVPN 1.6.1 - Unquoted Service Path
- [webapps] Chamilo LMS 1.11.24 - Remote Code Execution (RCE)
CISA, FBI, Europol Say Akira Ransomware Raked in $42 Million From Over 250 Victims
/in General NewsAccording to a joint advisory from the FBI, CISA, Europol’s EC3, and the Netherlands’ NCSC-NL, the Akira ransomware operation has breached the networks of over 250 organizations and raked in roughly $42 million in ransom payments.
Cyware News – Latest Cyber News – Read More
Ransomware Victims Who Pay a Ransom Drops to Record Low
/in General NewsThat downward trend comes thanks to “enterprises large and small” being “increasingly able to withstand an encryption attack, and restore their operations without the need for a threat actor decryption key,” Coveware said.
Cyware News – Latest Cyber News – Read More
Google Ad Impersonates Whales Market to Push Wallet Drainer Malware
/in General NewsA legitimate-looking Google Search advertisement for the crypto trading platform ‘Whales Market’ redirects visitors to a wallet-draining phishing site that steals all of your assets.
Cyware News – Latest Cyber News – Read More
Quishing Attacks Jump Tenfold, Attachment Payloads Halve
/in General NewsThe figures come from the latest Egress report, which also suggests a notable decrease in attachment-based payloads, which halved from 72.7% to 35.7% over the same period.
Cyware News – Latest Cyber News – Read More
Cybercriminals Pose as LastPass Staff to Hack Password Vaults
/in General NewsThe attacker combines multiple social engineering techniques that involve contacting the potential victim (voice phishing) and pretending to be a LastPass employee trying to help with securing the account following unauthorized access.
Cyware News – Latest Cyber News – Read More
92% of Enterprises Unprepared for AI Security Challenges
/in General NewsMost industries continue to run almost two or more months behind in patching software vulnerabilities, endpoints remain vulnerable to threats, and most enterprise PCs must be replaced to support AI-based technologies, according to a new report.
Cyware News – Latest Cyber News – Read More
‘MagicDot’ Windows Weakness Allows Unprivileged Rootkit Activity
/in General NewsMalformed DOS paths in file-naming nomenclature in Windows could be used to conceal malicious content, files, and processes.
darkreading – Read More
OpenMetadata Vulnerabilities Exploited to Abuse Kubernetes Clusters for Cryptomining
/in General NewsMicrosoft warns that several OpenMetadata vulnerabilities are being exploited to deploy cryptomining malware to Kubernetes environments.
The post OpenMetadata Vulnerabilities Exploited to Abuse Kubernetes Clusters for Cryptomining appeared first on SecurityWeek.
SecurityWeek – Read More
Novel Android Malware Targets Korean Banking Users
/in General NewsA new banking Trojan is targeting Korean users using obfuscation techniques that target the Android manifest, exploit vulnerabilities and take advantage of weaknesses in how Android apps interpret this file.
Cyware News – Latest Cyber News – Read More
Damn Vulnerable RESTaurant: Open-Source API Service Designed for Learning
/in General NewsDamn Vulnerable RESTaurant is an open-source project that allows developers to learn to identify and fix security vulnerabilities in their code through an interactive game.
Cyware News – Latest Cyber News – Read More