BackBox.org offers a range of Penetration Testing services to simulate an attack on your network or application. If you are interested in our services, please contact us and we will provide you with further information as well as an initial consultation.
New DLL Search Order Hijacking Technique Targets WinSxS folder
/in General NewsAttackers can abuse a new DLL search order hijacking technique to execute code in applications within the WinSxS folder.
The post New DLL Search Order Hijacking Technique Targets WinSxS folder appeared first on SecurityWeek.
SecurityWeek – Read More
Iranian Food Delivery Giant Snappfood Cyber Attack: 3TB of Data Stolen
/in General NewsBy Waqas
Snappfood has acknowledged the cyber attack, leading to a massive data breach.
This is a post from HackRead.com Read the original post: Iranian Food Delivery Giant Snappfood Cyber Attack: 3TB of Data Stolen
Hackread – Latest Cybersecurity News, Press Releases & Technology Today – Read More
Hackers Attack UK’s Nuclear Waste Services Through LinkedIn
/in General NewsThe United Kingdom’s Radioactive Waste Management (RWM) company recently experienced a cyberattack attempt through LinkedIn. Although the attack was unsuccessful, concerns have been raised about the security of critical nuclear infrastructure.
Cyware News – Latest Cyber News – Read More
What It’s Like to Use Apple’s Lockdown Mode
/in General NewsIf you’re at high risk of being targeted by mercenary spyware, or just don’t mind losing iOS features for extra security, the company’s restricted mode is surprisingly usable.
Security Latest – Read More
Pro-Palestinian Operation Claims Dozens of Data Breaches Against Israeli Firms
/in General NewsPro-Palestinian hackers belonging to the group Cyber Toufan have successfully breached and leaked data from numerous Israeli entities, including foreign companies doing business with Israel.
Cyware News – Latest Cyber News – Read More
Spotify Music Converter TuneFab Puts Users at Risk Due to Misconfigured MongoDB Instance
/in General NewsTuneFab converter, a tool used to convert copyrighted music from streaming platforms, exposed over 151 million records of users’ private data due to a misconfiguration on MongoDB.
Cyware News – Latest Cyber News – Read More
Hospitals Ask Courts to Force Cloud Storage Firm to Return Stolen Data
/in General NewsTwo New York hospitals are seeking a court order to retrieve stolen data stored on a cloud storage company’s servers after a ransomware attack. The stolen data includes sensitive information such as patients’ personal and health information.
Cyware News – Latest Cyber News – Read More
Researchers Crack Tesla Autopilot with ‘Elon Mode,’ Access Critical Data
/in General NewsBy Deeba Ahmed
German cybersecurity researchers from Technische Universität Berlin employed a €600 (£520 – $660) tool to gain root access to the ARM64-based circuit board of Tesla’s autopilot.
This is a post from HackRead.com Read the original post: Researchers Crack Tesla Autopilot with ‘Elon Mode,’ Access Critical Data
Hackread – Latest Cybersecurity News, Press Releases & Technology Today – Read More
New Variant of DLL Search Order Hijacking Bypasses Windows 10 and 11 Protections
/in General NewsSecurity researchers have detailed a new variant of a dynamic link library (DLL) search order hijacking technique that could be used by threat actors to bypass security mechanisms and achieve execution of malicious code on systems running Microsoft Windows 10 and Windows 11.
The approach “leverages executables commonly found in the trusted WinSxS folder and exploits them via the classic DLL
The Hacker News – Read More
New Terrapin Flaw Could Let Attackers Downgrade SSH Protocol Security
/in General NewsSecurity researchers from Ruhr University Bochum have discovered a vulnerability in the Secure Shell (SSH) cryptographic network protocol that could allow an attacker to downgrade the connection’s security by breaking the integrity of the secure channel.
Called Terrapin (CVE-2023-48795, CVSS score: 5.9), the exploit has been described as the “first ever practically exploitable prefix
The Hacker News – Read More