BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [remote] Ingress-NGINX 4.11.0 - Remote Code Execution (RCE)
- [local] Microsoft Excel LTSC 2024 - Remote Code Execution (RCE)
- [remote] FortiOS SSL-VPN 7.4.4 - Insufficient Session Expiration & Cookie Reuse
- [remote] Windows 11 SMB Client - Privilege Escalation & Remote Code Execution (RCE)
- [remote] PCMan FTP Server 2.0.7 - Buffer Overflow
- [webapps] Litespeed Cache WordPress Plugin 6.3.0.1 - Privilege Escalation
- [local] Parrot and DJI variants Drone OSes - Kernel Panic Exploit
- [webapps] PHP CGI Module 8.3.4 - Remote Code Execution (RCE)
- [remote] AirKeyboard iOS App 1.0.5 - Remote Input Injection
- [webapps] Skyvern 0.1.85 - Remote Code Execution (RCE) via SSTI
MITRE ATT&CKED: InfoSec’s Most Trusted Name Falls to Ivanti Bugs
/in General NewsThe irony is lost on few, as a Chinese threat actor used eight MITRE techniques to breach MITRE itself — including exploiting the Ivanti bugs that attackers have been swarming on for months.
darkreading – Read More
Zero-Trust Takes Over: 63% of Orgs Implementing Globally
/in General NewsThough organizations are increasingly incorporating zero-trust strategies, for many, these strategies fail to address the entirety of an operation, according to Gartner.
darkreading – Read More
Dependency Confusion Vulnerability Found in Apache Project
/in General NewsThe exploit occurs when referencing a private/local package, which inadvertently fetches a malicious package similarly named from the public registry due to misconfigurations in package managers.
Cyware News – Latest Cyber News – Read More
Malicious PyPI Package Attacking Discord Users to Steal Credentials
/in General NewsA malicious PyPI package named “discordpy_bypass-1.7” was detected on March 12, 2024. This package is designed to extract sensitive information from user systems using a blend of persistence techniques, browser data extraction, and token harvesting.
Cyware News – Latest Cyber News – Read More
The Next US President Will Have Troubling New Surveillance Powers
/in General NewsOver the weekend, president Joe Biden signed legislation not only reauthorizing a major FISA spy program but expanding it in ways that could have major implications for privacy rights in the US.
Security Latest – Read More
From Water to Wine: An Analysis of WINELOADER
/in General NewsA recent malware campaign used weaponized ZIP files to distribute the WINELOADER malware. The attackers send phishing emails with ZIP attachments that, when extracted, execute a PowerShell script to download and install the malware.
Cyware News – Latest Cyber News – Read More
Tinder’s ‘Share My Date’ feature will let you share date plans with friends and family
/in General NewsThe upcoming feature will help you more easily share the location, date, and time of your date and a photo of your online match.
Latest stories for ZDNET in Security – Read More
The 7 Best iPhone VPNs (Recommended for 2024)
/in General NewsWhich VPN works best on iPhones? Use our guide to compare the pricing and features of the 7 best VPNs for iPhone.
Security | TechRepublic – Read More
Russian Hacker Group ToddyCat Uses Advanced Tools for Industrial-Scale Data Theft
/in General NewsThe threat actor known as ToddyCat has been observed using a wide range of tools to retain access to compromised environments and steal valuable data.
Russian cybersecurity firm Kaspersky characterized the adversary as relying on various programs to harvest data on an “industrial scale” from primarily governmental organizations, some of them defense related, located in
The Hacker News – Read More
Rural Texas Towns Report Cyberattacks That Caused One Water System to Overflow
/in General NewsA hack that caused a small Texas town’s water system to overflow in January has been linked to a shadowy Russian hacktivist group, the latest case of a U.S. public utility becoming a target of foreign cyberattacks.
The post Rural Texas Towns Report Cyberattacks That Caused One Water System to Overflow appeared first on SecurityWeek.
SecurityWeek – Read More