BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [local] TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
- [webapps] WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
- [webapps] Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)
- [local] RDPGuard 9.9.9 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
New Password Cracking Analysis Targets Bcrypt
/in General NewsHive Systems conducts another study on cracking passwords via brute-force attacks, but it’s no longer targeting MD5.
The post New Password Cracking Analysis Targets Bcrypt appeared first on SecurityWeek.
SecurityWeek – Read More
Popular Keyboard Apps Leak User Data: Billion Potentially Exposed
/in General NewsBy Waqas
Popular keyboard apps leak user data! Citizen Lab reports 8 out of 9 Android IMEs expose keystrokes. Change yours & protect passwords!
This is a post from HackRead.com Read the original post: Popular Keyboard Apps Leak User Data: Billion Potentially Exposed
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
North Korean Hackers Targeted Dozens of South Korean Defense Companies
/in General NewsLocal reports claimed that the hackers targeted as many as 83 defense contractors and subcontractors, and managed to steal sensitive information from 10 of them between October 2022 and July 2023, although the campaign lasted over a year.
Cyware News – Latest Cyber News – Read More
Major Security Flaws Expose Keystrokes of Over 1 Billion Chinese Keyboard App Users
/in General NewsSecurity vulnerabilities uncovered in cloud-based pinyin keyboard apps could be exploited to reveal users’ keystrokes to nefarious actors.
The findings come from the Citizen Lab, which discovered weaknesses in eight of nine apps from vendors like Baidu, Honor, iFlytek, OPPO, Samsung, Tencent, Vivo, and Xiaomi. The only vendor whose keyboard app did not have any security
The Hacker News – Read More
People Doubt Their Own Ability to Spot AI-Generated Deepfakes
/in General NewsThe actual number of people exposed to political and other deepfakes is expected to be much higher given many Americans are not able to decipher what is real versus fake, thanks to the sophistication of AI technologies.
Cyware News – Latest Cyber News – Read More
Swedish Signals Intelligence Agency to Take Over National Cybersecurity Center
/in General NewsAfter failing to achieve “expected results,” Sweden’s National Cyber Security Center (NCSC) is facing a range of reforms, including being brought under the control of the country’s cyber and signals intelligence agency.
Cyware News – Latest Cyber News – Read More
ShotSpotter Keeps Listening for Gunfire After Contracts Expire
/in General NewsInternal emails suggest that the company continued to provide gunshot data to police in cities where its contracts had been canceled.
Security Latest – Read More
Pentagon Launches DIB Vulnerability Disclosure Program
/in General NewsThe DIB Vulnerability Disclosure Program (DIB-VDP), a joint venture between the DoD Cyber Crime Center (DC3), the Defense Counterintelligence and Security Agency (DCSA), and HackerOne, will bring better vulnerability disclosure practices to the DIB.
Cyware News – Latest Cyber News – Read More
eScan Antivirus Update Mechanism Exploited to Spread Backdoors and Miners
/in General NewsA new malware campaign has been exploiting the updating mechanism of the eScan antivirus software to distribute backdoors and cryptocurrency miners like XMRig through a long-standing threat codenamed GuptiMiner targeting large corporate networks.
Cybersecurity firm Avast said the activity is the work of a threat actor with possible connections to a North Korean hacking group dubbed
The Hacker News – Read More
Study: GPT-4 Agent can Exploit Unpatched Vulnerabilities
/in General NewsAcademics at a U.S. university found that if you feed a GPT-4 artificial intelligence agent public security advisories, it can exploit unpatched “real-world” vulnerabilities without precise technical information.
Cyware News – Latest Cyber News – Read More