BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
- Uro - Declutters Url Lists For Crawling/Pentesting
- Wshlient - A Simple Tool To Interact With Web Shells And Command Injection Vulnerabilities
Exploit DB
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
- [webapps] Casdoor 1.901.0 - Cross-Site Request Forgery (CSRF)
- [webapps] Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference (IDOR)
- [local] Daikin Security Gateway 14 - Remote Password Reset
- [local] ZTE ZXV10 H201L - RCE via authentication bypass
Kaspersky Study: Devices Infected With Data-Stealing Malware Increased by 7 Times Since 2020
/in General NewsNearly 10 million devices were infected with data-stealing malware in 2023, with criminals stealing an average of 50.9 credentials per device.
Security | TechRepublic – Read More
US Government and OpenSSF Partner on New SBOM Management Tool
/in General NewsProtobom, the new open source software tool, will help all organizations read and generate SBOMs and file data, as well as translate this data across standard industry SBOM formats.
Cyware News – Latest Cyber News – Read More
Global Police Operation Disrupts ‘LabHost’ Phishing Service, Over 30 Arrested Worldwide
/in General NewsAs many as 37 individuals have been arrested as part of an international crackdown on a cybercrime service called LabHost that has been used by criminal actors to steal personal credentials from victims around the world.
Cyware News – Latest Cyber News – Read More
SAP Applications Increasingly in Attacker Crosshairs, Report Shows
/in General NewsMalicious hackers are targeting SAP applications at an alarming pace, according to warnings from Onapsis and Flashpoint.
The post SAP Applications Increasingly in Attacker Crosshairs, Report Shows appeared first on SecurityWeek.
SecurityWeek – Read More
OfflRouter Malware Evades Detection in Ukraine for Almost a Decade
/in General NewsSelect Ukrainian government networks have remained infected with a malware called OfflRouter since 2015.
Cisco Talos said its findings are based on an analysis of over 100 confidential documents that were infected with the VBA macro virus and uploaded to the VirusTotal malware scanning platform.
“The documents contained VBA code to drop and run an executable with the name ‘ctrlpanel.exe,'”
The Hacker News – Read More
United Nations Agency Investigating Ransomware Attack Involving Data Theft
/in General NewsUnited Nations Development Programme (UNDP) investigating a ransomware attack in which hackers stole sensitive data.
The post United Nations Agency Investigating Ransomware Attack Involving Data Theft appeared first on SecurityWeek.
SecurityWeek – Read More
Multi-Data Platform SIEM Anvilogic Raises $45 Million
/in General NewsSilicon Valley startup Anvilogic has raised $45 million in a Series C funding round led by Evolution Equity Partners.
The post Multi-Data Platform SIEM Anvilogic Raises $45 Million appeared first on SecurityWeek.
SecurityWeek – Read More
IT and Security Professionals Demand More Workplace Flexibility
/in General NewsThe concept of Everywhere Work is now much broader, encompassing where, when, and how professionals get their work done — and flexibility has become a key workplace priority, according to Ivanti.
Cyware News – Latest Cyber News – Read More
FIN7 Targets American Automaker’s IT Staff in Phishing Attacks
/in General NewsThe financially motivated threat actor FIN7 targeted a large U.S. car maker with spear-phishing emails for employees in the IT department to infect systems with the Anunak backdoor.
Cyware News – Latest Cyber News – Read More
FIN7 Cybercrime Group Targeting U.S. Auto Industry with Carbanak Backdoor
/in General NewsThe infamous cybercrime syndicate known as FIN7 has been linked to a spear-phishing campaign targeting the U.S. automotive industry to deliver a known backdoor called Carbanak (aka Anunak).
“FIN7 identified employees at the company who worked in the IT department and had higher levels of administrative rights,” the BlackBerry research and intelligence team said in a new write-up.
“They
The Hacker News – Read More