BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [local] TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
- [webapps] WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
- [webapps] Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)
- [local] RDPGuard 9.9.9 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
Critical Flaws Leave 92,000 D-Link NAS Devices Vulnerable to Malware Attacks
/in General NewsThreat actors are actively scanning and exploiting a pair of security flaws that are said to affect as many as 92,000 internet-exposed D-Link network-attached storage (NAS) devices.
Tracked as CVE-2024-3272 (CVSS score: 9.8) and CVE-2024-3273 (CVSS score: 7.3), the vulnerabilities impact legacy D-Link products that have reached end-of-life (EoL) status. D-Link, in
The Hacker News – Read More
Vietnamese Cybercrime Group CoralRaider Nets Financial Data
/in General NewsWith a complex attack chain and using Telegram for its command and control, CoralRaider targets victims in Asian countries — and appears to have accidentally infected itself as well.
darkreading – Read More
Software-Defined Vehicle Fleets Face a Twisty Road on Cybersecurity
/in General NewsAs manufacturers sprint to add software-defined features for vehicles, the ability for third-party maintenance and repair falls behind, leaving businesses with few choices to manage their cybersecurity.
darkreading – Read More
StrikeReady Raises $12M for AI Security Command Platform
/in General NewsPost Content
darkreading – Read More
Home Depot Hammered by Supply Chain Data Breach
/in General NewsSaaS vendor to blame for exposing employee data that was ultimately leaked on Dark Web forum, according to the home improvement retailer.
darkreading – Read More
Round 2: Change Healthcare Targeted in Second Ransomware Attack
/in General NewsRansomHub, which is speculated to have some connection to ALPHV, has stolen 4TB of sensitive data from the beleaguered healthcare company.
darkreading – Read More
Wyden Releases Draft Legislation to End Federal Dependence on Insecure, Proprietary Software
/in General NewsPost Content
darkreading – Read More
Australian IT Skills Shortage: 2024 Is The Year To Self-Upskill
/in General NewsFind out why IT pros in Australia need to take the initiative to self-upskill, and learn how this could lead to salary increases and promotions.
Security | TechRepublic – Read More
XZ Utils Supply Chain Attack: A Threat Actor Spent Two Years to Implement a Linux Backdoor
/in General NewsRead about a supply chain attack that involves XZ Utils, a data compressor widely used in Linux systems, and learn how to protect from this threat.
Security | TechRepublic – Read More
All eyes on cyberdefense as elections enter the generative AI era
/in General NewsHumans are easier to breach than IT systems, and errant actors will use generative AI to exploit this opportunity.
Latest stories for ZDNET in Security – Read More