BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
- Uro - Declutters Url Lists For Crawling/Pentesting
Exploit DB
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
- [webapps] Casdoor 1.901.0 - Cross-Site Request Forgery (CSRF)
- [webapps] Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference (IDOR)
- [local] Daikin Security Gateway 14 - Remote Password Reset
- [local] ZTE ZXV10 H201L - RCE via authentication bypass
Research Shows IT and Construction Sectors Hardest Hit By Ransomware
/in General NewsNew research has shed light on the profound impact of ransomware attacks on the IT and construction sectors, revealing that these industries bore the brunt of nearly half of all incidents in 2023.
Cyware News – Latest Cyber News – Read More
How Companies Describe Cyber Incidents in SEC Filings
/in General NewsWhile the language businesses use in Item 1.05 filings are ultimately crafted to notify regulators and investors of potential risks, these words also signal how a company detects, mitigates, contains, and recovers from cyberattacks.
Cyware News – Latest Cyber News – Read More
Lynis: Open-Source Security Auditing Tool
/in General NewsLynis is a comprehensive open-source security auditing tool for UNIX-based systems, including Linux, macOS, and BSD. Its main objective is to evaluate security measures and recommend enhancing system hardening.
Cyware News – Latest Cyber News – Read More
Proofpoint: APAC Employees Are Choosing Convenience, Speed Over Cyber Security
/in General NewsRisky cyber security behaviours are putting employees at risk of phishing and other attacks, according to Proofpoint research, with many employees still unclear security is their responsibility, too.
Security | TechRepublic – Read More
Atlassian Patches Critical Vulnerability in Bamboo Data Center and Server
/in General NewsAtlassian releases patches for two dozen vulnerabilities, including a critical-severity bug in Bamboo Data Center and Server.
The post Atlassian Patches Critical Vulnerability in Bamboo Data Center and Server appeared first on SecurityWeek.
SecurityWeek – Read More
50,000 Vulnerabilities Discovered in DoD Systems Through Bug Bounty
/in General NewsThe DoD Cyber Crime Center (DC3) reported on March 15, 2024, that it processed its 50,000th vulnerability since introducing its crowd-sourced ethical hacking scheme in November 2016.
Cyware News – Latest Cyber News – Read More
Hackers Posing as Law Firms Phish Global Orgs in Multiple Languages
/in General NewsCompanies trust lawyers with the most sensitive information they’ve got. Attackers are aiming to exploit that bond to deliver malware.
darkreading – Read More
Pharmaceutical Development Company Investigating Cyberattack After LockBit Posting
/in General NewsA Nasdaq-listed pharmaceutical development company said it is investigating a cybersecurity incident following claims from the LockBit ransomware gang that data was stolen.
Cyware News – Latest Cyber News – Read More
FTC Warns Scammers are Impersonating its Employees to Steal Money
/in General NewsFTC staff has received numerous reports from consumers who have fallen victim to scams in which fraudsters exploited the identities of agency personnel to coerce them via phone calls, email, or text messages into transferring or wiring money.
Cyware News – Latest Cyber News – Read More
Risk Management Firm CyberSaint Raises $21 Million
/in General NewsCyber risk management company CyberSaint announced on Wednesday that it has raised $21 million in Series A funding. The latest investment, which brings the total raised by the company to $29 million, was led by Riverside Acceleration Capita (RAC), with participation from Sage Hill Investors, Audeo Capital, and BlueIO. CyberSaint said the new funding enables […]
The post Risk Management Firm CyberSaint Raises $21 Million appeared first on SecurityWeek.
SecurityWeek – Read More