BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [local] TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
- [webapps] WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
- [webapps] Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)
- [local] RDPGuard 9.9.9 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
UK Enacts IoT Cybersecurity Law
/in General NewsThe Product Security and Telecommunications Infrastructure (PSTI) Act has come into effect, requiring manufacturers of consumer-grade IoT products sold in the UK to stop using guessable default passwords and have a vulnerability disclosure policy.
Cyware News – Latest Cyber News – Read More
Prompt Fuzzer: Open-Source Tool for Strengthening GenAI Apps
/in General NewsPrompt Fuzzer is interactive and user-friendly, allowing users to repeat the process as many times as needed to harden their system prompts and see their security score increase as the prompt becomes more resilient.
Cyware News – Latest Cyber News – Read More
Why Using Microsoft Copilot Could Amplify Existing Data Quality and Privacy Issues
/in General NewsMicrosoft provides an easy and logical first step into GenAI for many organizations, but beware of the pitfalls.
The post Why Using Microsoft Copilot Could Amplify Existing Data Quality and Privacy Issues appeared first on SecurityWeek.
SecurityWeek – Read More
U.S. Government Releases New AI Security Guidelines for Critical Infrastructure
/in General NewsThe U.S. government has unveiled new security guidelines aimed at bolstering critical infrastructure against artificial intelligence (AI)-related threats.
“These guidelines are informed by the whole-of-government effort to assess AI risks across all sixteen critical infrastructure sectors, and address threats both to and from, and involving AI systems,” the Department of Homeland Security (DHS)&
The Hacker News – Read More
Muddling Meerkat Hackers Manipulate DNS Using China’s Great Firewall
/in General NewsDiscovered by Infoblox, the threat activity does not have a clear goal or motivation but demonstrates sophistication and advanced capabilities to manipulate global DNS systems.
Cyware News – Latest Cyber News – Read More
FCC Imposes $200 Million in Fines on Four US Carriers
/in General NewsThe FCC has fined four major U.S. wireless carriers – AT&T, Sprint, T-Mobile, and Verizon – a total of nearly $200 million for unlawfully selling access to their customers’ real-time location data without consent.
Cyware News – Latest Cyber News – Read More
Google Rejected 2.28 Million Risky Android Apps From Play Store in 2023
/in General NewsAdditionally, the tech giant reports that it identified and blocked 333,000 Google Play accounts that uploaded malware, fraudulent apps, or engaged in repeated grave policy violations.
Cyware News – Latest Cyber News – Read More
Thoma Bravo to take UK cybersecurity company Darktrace private in $5B deal
/in General NewsThoma Bravo, a private equity firm, is set to acquire the U.K.-based cybersecurity company Darktrace in a deal valued at around $5 billion. The deal is pending shareholder approval and is expected to be finalized by the end of 2024.
Cyware News – Latest Cyber News – Read More
The Darkgate Menace: Leveraging Autohotkey & Attempt to Evade SmartScreen
/in General NewsResearchers found a novel infection chain associated with the DarkGate malware, which is a Remote Access Trojan (RAT) developed using Borland Delphi and marketed as a Malware-as-a-Service (MaaS) offering on a Russian-language cybercrime forum.
Cyware News – Latest Cyber News – Read More
Security Flaws in IRS Systems Pose Risk to Financial Statements, GAO Says
/in General NewsIn its report, the GAO highlighted “new and continuing” shortcomings with information systems and the safeguarding of assets, issues that increase the likelihood of unauthorized access to sensitive IRS data.
Cyware News – Latest Cyber News – Read More