BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Social Warfare WordPress Plugin 3.5.2 - Remote Code Execution (RCE)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
- [remote] Microsoft Excel 2024 Use after free - Remote Code Execution (RCE)
- [webapps] Sitecore 10.4 - Remote Code Execution (RCE)
- [local] Microsoft Excel LTSC 2024 - Remote Code Execution (RCE)
- [remote] FortiOS SSL-VPN 7.4.4 - Insufficient Session Expiration & Cookie Reuse
Pktstat: Open-Source Ethernet Interface Traffic Monitor
/in General NewsPktstat is an open-source tool that is a straightforward alternative to ncurses-based Pktstat. On Linux, it utilizes AF_PACKET, while on other platforms, it employs generic PCAP live wire capture.
Cyware News – Latest Cyber News – Read More
F5 Patches Dangerous Vulnerabilities in BIG-IP Next Central Manager
/in General NewsF5 has patched two potentially serious vulnerabilities in BIG-IP Next that could allow an attacker to take full control of a device.
The post F5 Patches Dangerous Vulnerabilities in BIG-IP Next Central Manager appeared first on SecurityWeek.
SecurityWeek – Read More
Report Shows AI Fraud, Deepfakes are Top Challenges for Banks
/in General NewsA report by Mitek Systems reveals that banks are facing a significant challenge with fraud, including traditional issues like money laundering and account takeover, as well as newer threats such as AI-generated fraud and deepfakes.
Cyware News – Latest Cyber News – Read More
Ransomware Criminals SIM Swap Executives’ Kids to Pressure Parents
/in General NewsRansomware infections have morphed into “a psychological attack against the victim organization,” as criminals use increasingly personal and aggressive tactics to force victims to pay up, according to Google-owned Mandiant.
Cyware News – Latest Cyber News – Read More
RSA Conference 2024 – Announcements Summary (Day 3)
/in General NewsHundreds of companies are showcasing their products and services this week at the 2024 edition of the RSA Conference in San Francisco.
The post RSA Conference 2024 – Announcements Summary (Day 3) appeared first on SecurityWeek.
SecurityWeek – Read More
Two-Thirds of Organizations Failing to Address AI Risks, ISACA Finds
/in General NewsOnly a third of organizations are adequately addressing security, privacy and ethical risks with AI, despite surging use of these technologies in the workplace, according to new ISACA research.
Cyware News – Latest Cyber News – Read More
Veeam Fixes RCE Flaw in Backup Management Platform
/in General NewsThe vulnerability exists due to an unsafe deserialization method used by the Veeam Service Provider Console (VSPC) server during communication between the management agent and its components.
Cyware News – Latest Cyber News – Read More
US Advances on Cyber Goals Amid Rapidly Changing Threat Environment, White House Says
/in General NewsDespite the progress in improving cybersecurity posture, the United States still faces various threats, including ransomware attacks, cyberattacks on critical infrastructure, and the growing use of artificial intelligence in malicious activities.
Cyware News – Latest Cyber News – Read More
Zscaler Investigates Hacking Claims After Data Offered for Sale
/in General NewsZscaler says its customer, production and corporate environments are not impacted after a notorious hacker offers to sell access.
The post Zscaler Investigates Hacking Claims After Data Offered for Sale appeared first on SecurityWeek.
SecurityWeek – Read More
Undetectable Threats Found in F5 BIG-IP Next Central Manager
/in General NewsThe two vulnerabilities, an SQL injection flaw (CVE-2024-26026) and an OData injection vulnerability (CVE-2024-21793), could allow attackers to gain admin control and create hidden rogue accounts on managed assets.
Cyware News – Latest Cyber News – Read More