BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [local] TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
- [webapps] WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
- [webapps] Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)
- [local] RDPGuard 9.9.9 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
Belarus Secret Service Website Still Down After Hackers Claim the Breach
/in General NewsThe hackers, known as the Belarusian Cyber-Partisans, announced their operation against the KGB late last week. The agency has not commented on the attack, but on Monday its website says that it is “in the process of development.”
Cyware News – Latest Cyber News – Read More
Verizon DBIR: Basic Security Gaffes Underpin Bumper Crop of Breaches
/in General NewsMOVEit drove a big chunk of the increase, but human vulnerability to social engineering and failure to patch known bugs led to a doubling of breaches since 2023, said Verizon Business.
darkreading – Read More
UnitedHealth CEO Says Hackers Lurked in Network for Nine Days Before Ransomware Strike
/in General NewsUnitedHealth Group’s CEO Andrew Witty shares details on the damaging cyberattack in testimony before a US Congress committee set for May 1, 2024.
The post UnitedHealth CEO Says Hackers Lurked in Network for Nine Days Before Ransomware Strike appeared first on SecurityWeek.
SecurityWeek – Read More
Canadian Drug Chain in Temporary Lockdown Mode After Cyber Incident
/in General NewsLondon Drugs offered no details about the nature of the incident, nor when its pharmacies would be functioning normally again.
darkreading – Read More
Attackers Planted Millions of Imageless Repositories on Docker Hub
/in General NewsThe purported metadata for each these containers had embedded links to malicious files.
darkreading – Read More
China Has a Controversial Plan for Brain-Computer Interfaces
/in General NewsChina’s brain-computer interface technology is catching up to the US. But it envisions a very different use case: cognitive enhancement.
Security Latest – Read More
Finnish Hacker Gets Prison for Accessing Thousands of Psychotherapy Records and Demanding Ransoms
/in General NewsIn February 2023, French police arrested well-known Finnish hacker Aleksanteri Kivimäki, who was living under a false identity near Paris. He was deported to Finland. His trial ended last month.
The post Finnish Hacker Gets Prison for Accessing Thousands of Psychotherapy Records and Demanding Ransoms appeared first on SecurityWeek.
SecurityWeek – Read More
Docker Hub Users Targeted With Imageless, Malicious Repositories
/in General NewsJFrog raises an alarm after finding three large-scale malware campaigns targeting Docker Hub with imageless repositories.
The post Docker Hub Users Targeted With Imageless, Malicious Repositories appeared first on SecurityWeek.
SecurityWeek – Read More
To Damage OT Systems, Hackers Tap USBs, Old Bugs & Malware
/in General NewsUSBs have something the newest, hottest attack techniques lack: the ability to bridge air gaps.
darkreading – Read More
The Dangerous Rise of GPS Attacks
/in General NewsThousands of planes and ships are facing GPS jamming and spoofing. Experts warn these attacks could potentially impact critical infrastructure, communication networks, and more.
Security Latest – Read More