BackBox.org offers a range of Penetration Testing services to simulate an attack on your network or application. If you are interested in our services, please contact us and we will provide you with further information as well as an initial consultation.
In Other News: Secure Use of AI, HHS Hacking, CISA Director Swatting
/in General NewsNoteworthy stories that might have slipped under the radar: guidance on secure use of AI, HHS grant money stolen by hackers, CISA director target of swatting.
The post In Other News: Secure Use of AI, HHS Hacking, CISA Director Swatting appeared first on SecurityWeek.
SecurityWeek – Read More
Westermo Switch Vulnerabilities Can Facilitate Attacks on Industrial Organizations
/in General NewsCISA informs organizations that Westermo Lynx switches are affected by eight vulnerabilities and some devices are reportedly exposed to the internet.
The post Westermo Switch Vulnerabilities Can Facilitate Attacks on Industrial Organizations appeared first on SecurityWeek.
SecurityWeek – Read More
Critical Jenkins Vulnerability Leads to Remote Code Execution
/in General NewsA critical vulnerability in Jenkins’ built-in CLI allows remote attackers to obtain cryptographic keys and execute arbitrary code.
The post Critical Jenkins Vulnerability Leads to Remote Code Execution appeared first on SecurityWeek.
SecurityWeek – Read More
Local Governments in Colorado, Pennsylvania, and Missouri Dealing with Ransomware Incidents
/in General NewsThe cyber incidents have affected emergency communication systems, court services, public transit agencies, and library operations, prompting responses from state and federal agencies as well as cybersecurity professionals.
Cyware News – Latest Cyber News – Read More
US Regulators Have Done Little to Address Firmware Vulnerabilities, Think Tank Argues
/in General NewsFirmware connects the hardware and software of a device, but efforts to protect it have been absent in many of the government’s recent cybersecurity initiatives, according to a new report by the Foundation for Defense of Democracies.
Cyware News – Latest Cyber News – Read More
Tesla Hacked, 24 Zero-Days Demoed at Pwn2Own Automotive 2024
/in General NewsThe Synacktiv Team earned $100,000 for chaining three zero-day bugs to gain root permissions on a Tesla Modem and an additional $120,000 for hacking other EV charging stations.
Cyware News – Latest Cyber News – Read More
Hackers Earn $1.3M for Tesla, EV Charger, Infotainment Exploits at Pwn2Own Automotive
/in General NewsParticipants have earned more than $1.3 million for hacking Teslas, EV chargers and infotainment systems at Pwn2Own Automotive.
The post Hackers Earn $1.3M for Tesla, EV Charger, Infotainment Exploits at Pwn2Own Automotive appeared first on SecurityWeek.
SecurityWeek – Read More
Microsoft Warns of Widening APT29 Espionage Attacks Targeting Global Orgs
/in General NewsMicrosoft on Thursday said the Russian state-sponsored threat actors responsible for a cyber attack on its systems in late November 2023 have been targeting other organizations and that it’s currently beginning to notify them.
The development comes a day after Hewlett Packard Enterprise (HPE) revealed that it had been the victim of an attack perpetrated by a hacking crew
The Hacker News – Read More
Russian TrickBot Mastermind Gets 5-Year Prison Sentence for Cybercrime Spree
/in General News40-year-old Russian national Vladimir Dunaev has been sentenced to five years and four months in prison for his role in creating and distributing the TrickBot malware, the U.S. Department of Justice (DoJ) said.
The development comes nearly two months after Dunaev pleaded guilty to committing computer fraud and identity theft and conspiracy to commit wire fraud and bank fraud.
”
The Hacker News – Read More
Critical Cisco Flaw Lets Hackers Remotely Take Over Unified Comms Systems
/in General NewsCisco has released patches to address a critical security flaw impacting Unified Communications and Contact Center Solutions products that could permit an unauthenticated, remote attacker to execute arbitrary code on an affected device.
Tracked as CVE-2024-20253 (CVSS score: 9.9), the issue stems from improper processing of user-provided data that a threat actor could abuse to send a
The Hacker News – Read More