BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
- Uro - Declutters Url Lists For Crawling/Pentesting
- Wshlient - A Simple Tool To Interact With Web Shells And Command Injection Vulnerabilities
Exploit DB
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
- [webapps] Casdoor 1.901.0 - Cross-Site Request Forgery (CSRF)
- [webapps] Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference (IDOR)
- [local] Daikin Security Gateway 14 - Remote Password Reset
- [local] ZTE ZXV10 H201L - RCE via authentication bypass
Cisco Says PoC Exploit Available for Newly Patched IMC Vulnerability
/in General NewsCisco patches a high-severity Integrated Management Controller vulnerability for which PoC exploit code is available.
The post Cisco Says PoC Exploit Available for Newly Patched IMC Vulnerability appeared first on SecurityWeek.
SecurityWeek – Read More
LockBit Knockoffs and Imposters Proliferate After LockBit 3.0 Builder Leak
/in General NewsSince September 2022, anyone has been able to use the LockBit version 3.0 – aka Black – builder thanks to a key developer leaking it after he fell out with group leader LockBitSupp.
Cyware News – Latest Cyber News – Read More
The Real-Time Deepfake Romance Scams Have Arrived
/in General NewsWatch how smooth-talking scammers known as “Yahoo Boys” use widely available face-swapping tech to carry out elaborate romance scams.
Security Latest – Read More
Armis Buys Cyber Remediation Startup Silk Security for $150M
/in General NewsArmis has purchased a security prioritization and remediation vendor led by a Goldman Sachs veteran to more effectively address vulnerabilities and misconfigurations with AI and automation.
Cyware News – Latest Cyber News – Read More
Phishing Platform LabHost Shut Down by Law Enforcement
/in General NewsLabHost, a major phishing-as-a-service platform, has been shut down as part of a major law enforcement operation.
The post Phishing Platform LabHost Shut Down by Law Enforcement appeared first on SecurityWeek.
SecurityWeek – Read More
Possible Chinese Hackers Use OpenMetadata for Cryptomining
/in General NewsHackers who appear to be Chinese are exploiting vulnerabilities in the OpenMetadata platform running as workloads on Kubernetes clusters to download cryptomining software, warns Microsoft.
Cyware News – Latest Cyber News – Read More
UnitedHealth Expects Up to $1.6B Hit From Change Healthcare Cyberattack This Year
/in General NewsThe hit comes from direct response efforts like recovering Change’s clearinghouse platform and paying higher medical costs after its insurance arm suspended some utilization management processes, in addition to the loss of Change’s revenue.
Cyware News – Latest Cyber News – Read More
Cybersecurity Pros Urge US Congress to Help NIST Restore NVD Operation
/in General NewsA group of 50 cybersecurity professionals signed an open letter that was sent on April 12 to the US Secretary of Commerce, Gina Raimondo, and several members of the US Congress.
Cyware News – Latest Cyber News – Read More
Cisco Warns of a Command Injection and Privilege Escalation Flaw in Its IMC
/in General NewsA local, authenticated attacker can exploit the vulnerability, tracked as CVE-2024-20295, to conduct command injection attacks on the underlying operating system and elevate privileges to root.
Cyware News – Latest Cyber News – Read More
Food and Agriculture Sector Hit with More Than 160 Ransomware Attacks Last Year
/in General NewsIn its first annual report, the Food and Agriculture-Information Sharing and Analysis Center (Food and Ag-ISAC) said the industry was the seventh most targeted sector in the country, behind manufacturing, financial services, and others.
Cyware News – Latest Cyber News – Read More