BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Maryam - Open-source Intelligence(OSINT) Framework
- TruffleHog Explorer - A User-Friendly Web-Based Tool To Visualize And Analyze Data Extracted Using TruffleHog
- PANO - Advanced OSINT Investigation Platform Combining Graph Visualization, Timeline Analysis, And AI Assistance To Uncover Hidden Connections In Data
- Wappalyzer-Next - Python library that uses Wappalyzer extension (and its fingerprints) to detect technologies
- Telegram-Checker - A Python Tool For Checking Telegram Accounts Via Phone Numbers Or Usernames
- Torward - An Improved Version Based On The Torghost-Gn And Darktor Scripts, Designed To Enhance Anonymity On The Internet
- Instagram-Brute-Force-2024 - Instagram Brute Force 2024 Compatible With Python 3.13 / X64 Bit / Only Chrome Browser
- QuickResponseC2 - A Command & Control Server That Leverages QR Codes To Send Commands And Receive Results From Remote Systems
- Telegram-Scraper - A Powerful Python Script That Allows You To Scrape Messages And Media From Telegram Channels Using The Telethon Library
- Moukthar - Android Remote Administration Tool
Exploit DB
- [webapps] FoxCMS 1.2.5 - Remote Code Execution (RCE)
- [webapps] Drupal 11.x-dev - Full Path Disclosure
- [webapps] Apache Commons Text 1.10.0 - Remote Code Execution
- [webapps] Hunk Companion Plugin 1.9.0 - Unauthenticated Plugin Installation
- [webapps] Tatsu 3.3.11 - Unauthenticated RCE
- [remote] Langflow 1.3.0 - Remote Code Execution (RCE)
- [webapps] UJCMS 9.6.3 - User Enumeration via IDOR
- [webapps] Inventio Lite 4 - SQL Injection
- [webapps] KiviCare Clinic & Patient Management System (EHR) 3.6.4 - Unauthenticated SQL Injection
- [hardware] ABB Cylon Aspect 3.08.02 (deployStart.php) - Unauthenticated Command Execution
Bogus ‘BianLian’ Gang Sends Snail-Mail Extortion Letters
/in General NewsThe letters mimic typical ransom notes and threaten to delete or leak compromised data if payments aren’t made, though none of the organizations that received them had active ransomware attacks.
darkreading – Read More
Organizations Still Not Patching OT Due to Disruption Concerns: Survey
/in General NewsCyber-physical systems security company TXOne Networks has published its 2024 Annual OT/ICS Cybersecurity Report.
The post Organizations Still Not Patching OT Due to Disruption Concerns: Survey appeared first on SecurityWeek.
SecurityWeek – Read More
Apple Taking Legal Action Against UK Over Backdoor Demands
/in General NewsApple told TechRepublic it is “gravely disappointed” to remove Advanced Data Protection in the U.K., as it fights government demands for an iCloud backdoor.
Security | TechRepublic – Read More
Former NSA official says federal worker cuts will have ‘devastating impact’ on cyber and national security
/in General NewsFormer top U.S. cybersecurity official Rob Joyce told lawmakers on Wednesday that cuts to federal probationary employees will have a “devastating impact” on U.S. national security. Joyce, who was the director of cybersecurity for the National Security Agency until retiring in 2024, was providing testimony to the U.S. House Committee on the Chinese Communist Party, […]
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
Chinese Silk Typhoon Group Targets IT Tools for Network Breaches
/in General NewsMicrosoft warns that Chinese espionage group Silk Typhoon now exploits IT tools like remote management apps and cloud services to breach networks.
Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – Read More
SpecterOps Scores $75M Series B to Scale BloodHound Enterprise Platform
/in General NewsSpecterOps has raised an unusually large $75 million Series B funding round to accelerate the growth of its BloodHound Enterprise platform.
The post SpecterOps Scores $75M Series B to Scale BloodHound Enterprise Platform appeared first on SecurityWeek.
SecurityWeek – Read More
Justice Department charges Chinese hackers-for-hire linked to Treasury breach
/in General NewsThe individuals are accused of hacking over 100 U.S. organizations over the course of a decade
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
Why Security Leaders Are Opting for Consulting Gigs
/in General NewsMany CISOs are weighing the benefits of going virtual as a consultant. Can the pendulum swing in the other direction?
darkreading – Read More
China-Linked Silk Typhoon Expands Cyber Attacks to IT Supply Chains for Initial Access
/in General NewsThe China-lined threat actor behind the zero-day exploitation of security flaws in Microsoft Exchange servers in January 2021 has shifted its tactics to target the information technology (IT) supply chain as a means to obtain initial access to corporate networks.
That’s according to new findings from the Microsoft Threat Intelligence team, which said the Silk Typhoon (formerly Hafnium) hacking
The Hacker News – Read More
China Hackers Behind US Treasury Breach Caught Targeting IT Supply Chain
/in General NewsSilk Typhoon APT caught using IT supply chain entry points to conduct reconnaissance, siphon data, and move laterally on victim networks.
The post China Hackers Behind US Treasury Breach Caught Targeting IT Supply Chain appeared first on SecurityWeek.
SecurityWeek – Read More