BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] WP Publications WordPress Plugin 1.2 - Stored XSS
- [local] Microsoft Graphics Component Windows 11 Pro (Build 26100+) - Local Elevation of Privileges
- [remote] Keras 2.15 - Remote Code Execution (RCE)
- [local] Microsoft Brokering File System Windows 11 Version 22H2 - Elevation of Privilege
- [webapps] PivotX 3.0.0 RC3 - Remote Code Execution (RCE)
- [hardware] TOTOLINK N300RB 8.54 - Command Execution
- [webapps] SugarCRM 14.0.0 - SSRF/Code Injection
- [webapps] Langflow 1.2.x - Remote Code Execution (RCE)
- [remote] NodeJS 24.x - Path Traversal
- [remote] MikroTik RouterOS 7.19.1 - Reflected XSS
BetterHelp to Pay $7.8 Million to 800,000 in Health Data Sharing Settlement
/in General NewsFollowing an investigation into BetterHelp’s handling of customer data, the FTC revealed in March 2023 that the service collected data without consent from its app users or website visitors, even from people who had not signed up for counseling.
Cyware News – Latest Cyber News – Read More
Android Update Patches Critical Vulnerability
/in General NewsAndroid’s May 2024 security update patches 38 vulnerabilities, including a critical bug in the System component.
The post Android Update Patches Critical Vulnerability appeared first on SecurityWeek.
SecurityWeek – Read More
The Fundamentals of Cloud Security Stress Testing
/in General News״Defenders think in lists, attackers think in graphs,” said John Lambert from Microsoft, distilling the fundamental difference in mindset between those who defend IT systems and those who try to compromise them.
The traditional approach for defenders is to list security gaps directly related to their assets in the network and eliminate as many as possible, starting with the most critical.
The Hacker News – Read More
Hijack Loader Malware Employs Process Hollowing, UAC Bypass in Latest Version
/in General NewsA newer version of a malware loader called Hijack Loader has been observed incorporating an updated set of anti-analysis techniques to fly under the radar.
“These enhancements aim to increase the malware’s stealthiness, thereby remaining undetected for longer periods of time,” Zscaler ThreatLabz researcher Muhammed Irfan V A said in a technical report.
“Hijack
The Hacker News – Read More
Report: Log4J Still Among Top Exploited Vulnerabilities
/in General NewsIn a new report, Cato observed that the Log4J exploit represented 30% of the outbound vulnerability exploitations and 18% of the inbound vulnerability exploitations detected in the first quarter of 2024.
Cyware News – Latest Cyber News – Read More
Combatting Deepfakes in Australia: Content Credentials is the Start
/in General NewsThe production of deepfakes is accelerating at more than 1,500% in Australia, forcing organisations to create and adopt standards like Content Credentials.
Security | TechRepublic – Read More
Update: MITRE Attributes the Recent Attack to China-linked UNC5221
/in General NewsThe attackers exploited two zero-day vulnerabilities in Ivanti Connect Secure to gain initial access to MITRE’s Networked Experimentation, Research, and Virtualization Environment (NERVE) in late December 2023.
Cyware News – Latest Cyber News – Read More
Scattered Spider Group a Unique Challenge for Cyber Cops, FBI Leader Says
/in General NewsIdentified by analysts in 2022, the hackers use social engineering to lure users into giving up their login credentials or one-time password codes to bypass multifactor authentication.
Cyware News – Latest Cyber News – Read More
Ransomware Operations are Becoming Less Profitable
/in General NewsRansomware operations are experiencing a decline in profitability due to various factors such as increased cyber resilience of organizations, the availability of decryptors, and more frequent law enforcement actions.
Cyware News – Latest Cyber News – Read More
A (Strange) Interview the Russian-Military-Linked Hackers Targeting US Water Utilities
/in General NewsDespite Cyber Army of Russia’s claims of swaying US “minds and hearts,” experts say the cyber sabotage group appears to be hyping its hacking for a domestic audience.
Security Latest – Read More