BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [local] TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
- [webapps] WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
- [webapps] Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)
- [local] RDPGuard 9.9.9 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
CoralRaider Malware Campaign Exploits CDN Cache to Spread Info-Stealers
/in General NewsA new ongoing malware campaign has been observed distributing three different stealers, such as CryptBot, LummaC2, and Rhadamanthys hosted on Content Delivery Network (CDN) cache domains since at least February 2024.
Cisco Talos has attributed the activity with moderate confidence to a threat actor tracked as CoralRaider, a suspected Vietnamese-origin
The Hacker News – Read More
CompTIA Supports Department of Defense Efforts to Strengthen Cyber Knowledge and Skills
/in General NewsPost Content
darkreading – Read More
5 Hard Truths About the State of Cloud Security 2024
/in General NewsDark Reading talks cloud security with John Kindervag, the godfather of zero trust.
darkreading – Read More
Siemens Working on Fix for Device Affected by Palo Alto Firewall Bug
/in General NewsGrowing attacks targeting the flaw prompted CISA to include it in the known exploited vulnerabilities catalog earlier this month.
darkreading – Read More
Hackers Create Legit Phishing Links With Ghost GitHub, GitLab Comments
/in General NewsAn utterly innocuous feature in popular Git CDNs allows anyone to conceal malware behind brand names, without those brands being any the wiser.
darkreading – Read More
Russian APT28 Group in New “GooseEgg” Hacking Campaign
/in General NewsA notorious Russian APT group has been stealing credentials for years by exploiting a Windows Print Spooler bug and using a novel post-compromise tool known as “GooseEgg,” Microsoft has revealed.
Cyware News – Latest Cyber News – Read More
Vulnerability Exploitation on the Rise as Attackers Ditch Phishing
/in General NewsIn a move away from traditional phishing scams, attackers are increasingly exploiting vulnerabilities in computer systems to gain initial network access, according to Mandiant’s M-Trends 2024 Report.
Cyware News – Latest Cyber News – Read More
$10 Million Bounty on Iranian Hackers for Cyber Attacks on US Gov, Defense Contractors
/in General NewsFour Iranians are accused of hacking into critical systems at the Departments of Treasury and State and dozens of private US companies.
The post $10 Million Bounty on Iranian Hackers for Cyber Attacks on US Gov, Defense Contractors appeared first on SecurityWeek.
SecurityWeek – Read More
Back from the Brink: UnitedHealth Offers Sobering Post-Attack Update
/in General NewsThe company reports most systems are functioning again but that analysis of the data affected will take months to complete.
darkreading – Read More
GuptiMiner: Hijacking Antivirus Updates for Distributing Backdoors and Casual Mining
/in General NewsThe GuptiMiner malware campaign, discovered by Avast, involved hijacking an eScan antivirus update mechanism to distribute backdoors and coinminers. The campaign was orchestrated by a threat actor with possible ties to Kimsuky.
Cyware News – Latest Cyber News – Read More