BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [local] TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
- [webapps] WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
- [webapps] Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)
- [local] RDPGuard 9.9.9 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
DoJ Recovers $5M Lost in BEC Fraud Against Workers’ Union
/in General NewsThe union received a spoofed email that led to the loss of $6.4 million, much of it transferred to other accounts or to a cryptocurrency exchange.
darkreading – Read More
UK Software Firm Fined £3 Million Over Ransomware-Caused Data Breach
/in General NewsThe UK ICO has fined Advanced Computer Software Group £3 million ($3.8 million) over a 2022 data breach resulting from a ransomware attack.
The post UK Software Firm Fined £3 Million Over Ransomware-Caused Data Breach appeared first on SecurityWeek.
SecurityWeek – Read More
Russia arrests three for allegedly creating Mamont malware, tied to over 300 cybercrimes
/in General NewsRussian authorities said they arrested three people and seized hardware in an operation against Mamont malware, which specializes in stealing money from Android device users.
The Record from Recorded Future News – Read More
Signal downloads spike in the U.S. and Yemen amid government scandal
/in General NewsThe encrypted messaging app Signal is getting some unexpected attention this week. High-ranking officials in the Trump administration, including Vice President J.D. Vance and Secretary of Defense Peter Hegseth, communicated the plans for an attack on the Yemeni Houthis via a potentially unauthorized group chat on Signal. However, Atlantic editor-in-chief Jeffrey Goldberg was mistakenly added […]
Security News | TechCrunch – Read More
10 pesky Windows 11 24H2 bugs still haunting PCs despite several patches
/in General NewsBefore diving into the Windows 11 2024 update, know that you may encounter some problems. Here’s the bug report now.
Latest stories for ZDNET in Security – Read More
Hackers Repurpose RansomHub’s EDRKillShifter in Medusa, BianLian, and Play Attacks
/in General NewsA new analysis has uncovered connections between affiliates of RansomHub and other ransomware groups like Medusa, BianLian, and Play.
The connection stems from the use of a custom tool that’s designed to disable endpoint detection and response (EDR) software on compromised hosts, according to ESET. The EDR killing tool, dubbed EDRKillShifter, was first documented as used by RansomHub actors in
The Hacker News – Read More
How to protect your site from DDoS attacks – before it’s too late
/in General NewsDDoS attacks don’t take much technical expertise to launch these days. Defending against them is more complicated.
Latest stories for ZDNET in Security – Read More
Russian media, academia targeted in espionage campaign using Google Chrome zero-day exploit
/in General News“We have discovered and reported dozens of zero-day exploits actively used in attacks, but this particular exploit is certainly one of the most interesting we’ve encountered,” researchers from Kaspersky said in their analysis published Tuesday.
The Record from Recorded Future News – Read More
Two Serbian journalists reportedly targeted with Pegasus spyware
/in General NewsTwo investigative journalists in Serbia were targeted with advanced commercial spyware last month, Amnesty International said Thursday.
The Record from Recorded Future News – Read More
The Importance of Allyship For Women in Cyber
/in General NewsInterview with Taylor Pyle, a Cybersecurity Engineer at Viasat on her experience with both cyber and mentorship.
The post The Importance of Allyship For Women in Cyber appeared first on SecurityWeek.
SecurityWeek – Read More