BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [local] TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
- [webapps] WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
- [webapps] Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)
- [local] RDPGuard 9.9.9 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
Vulnerabilities in Microsoft’s PlayReady DRM Could Enable Illegal Movie Downloads From Streaming Services
/in General NewsThe research identified deficiencies in various PMP components that could be exploited to gain access to plaintext content keys guarded by PlayReady DRM in Windows 10/11 environments.
Cyware News – Latest Cyber News – Read More
ArcaneDoor Hackers Exploit Cisco Zero-Days to Breach Government Networks
/in General NewsThe hackers, identified as UAT4356 by Cisco Talos and STORM-1849 by Microsoft, began infiltrating vulnerable edge devices in early November 2023 in a cyber-espionage campaign tracked as ArcaneDoor.
Cyware News – Latest Cyber News – Read More
Report: Security Leaders Braced for Daily AI-Driven Attacks by Year-End
/in General NewsMost businesses are concerned about AI-enabled cyber-threats, with 93% of security leaders expecting to face daily AI-driven attacks by the end of 2024, according to a new report by Netacea.
Cyware News – Latest Cyber News – Read More
IBM Acquiring HashiCorp for $6.4 Billion
/in General NewsIBM is acquiring HashiCorp for $6.4 billion for its infrastructure lifecycle management and security lifecycle management capabilities.
The post IBM Acquiring HashiCorp for $6.4 Billion appeared first on SecurityWeek.
SecurityWeek – Read More
Get a Lifetime Subscription of FastestVPN for just $40
/in General NewsIn the market for a new VPN? The top-rated FastestVPN has been reduced to just $39.99 for a lifetime subscription at TechRepublic Academy.
Security | TechRepublic – Read More
Feds Accuse Founders of Cryptocurrency Mixer of ‘Large-Scale Money Laundering’
/in General NewsThe two founders of a cryptocurrency mixing service that allegedly obfuscated the origins of at least $100 million in criminal proceeds have been arrested, the Department of Justice announced Wednesday.
Cyware News – Latest Cyber News – Read More
State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionage
/in General NewsA new malware campaign leveraged two zero-day flaws in Cisco networking gear to deliver custom malware and facilitate covert data collection on target environments.
Cisco Talos, which dubbed the activity ArcaneDoor, attributing it as the handiwork of a previously undocumented sophisticated state-sponsored actor it tracks under the name UAT4356 (aka Storm-1849 by Microsoft).
”
The Hacker News – Read More
Google Postpones Third-Party Cookie Deprecation Amid U.K. Regulatory Scrutiny
/in General NewsGoogle has once again pushed its plans to deprecate third-party tracking cookies in its Chrome web browser as it works to address outstanding competition concerns from U.K. regulators over its Privacy Sandbox initiative.
The tech giant said it’s working closely with the U.K. Competition and Markets Authority (CMA) and hopes to achieve an agreement by the end of the year.
As part of the
The Hacker News – Read More
Maximum Severity Flowmon Bug has a Public Exploit, Patch Now
/in General NewsFlowon developer Progress Software first alerted about the flaw on April 4, warning that it impacts versions of the product v12.x and v11.x. The company urged system admins to upgrade to the latest releases, v12.3.4 and 11.1.14.
Cyware News – Latest Cyber News – Read More
CISA Warns of Cisco and CrushFTP Vulnerabilities Being Actively Exploited
/in General NewsOn Wednesday, the Cybersecurity and Infrastructure Security Agency (CISA) added two Cisco product vulnerabilities — CVE-2024-20353 and CVE-2024-20359 — as well as one vulnerability affecting popular file transfer tool CrushFTP.
Cyware News – Latest Cyber News – Read More