BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
- Uro - Declutters Url Lists For Crawling/Pentesting
- Wshlient - A Simple Tool To Interact With Web Shells And Command Injection Vulnerabilities
Exploit DB
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
- [webapps] Casdoor 1.901.0 - Cross-Site Request Forgery (CSRF)
- [webapps] Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference (IDOR)
- [local] Daikin Security Gateway 14 - Remote Password Reset
- [local] ZTE ZXV10 H201L - RCE via authentication bypass
Update: 133k+ Fortinet Appliances Still Vulnerable to CVE-2024-21762
/in General NewsThe wide geographic distribution of vulnerable SSL VPNs highlights the extensive attack surface for the critical vulnerability, with Asia having the highest number of exposed appliances.
Cyware News – Latest Cyber News – Read More
Crafting and Communicating Your Cybersecurity Strategy for Board Buy-In
/in General NewsIn an era where digital transformation drives business across sectors, cybersecurity has transcended its traditional operational role to become a cornerstone of corporate strategy and risk management. This evolution demands a shift in how cybersecurity leaders—particularly Chief Information Security Officers (CISOs)—articulate the value and urgency of cybersecurity investments to their boards.&
The Hacker News – Read More
PoC Exploit for Critical RCE in Fortra FileCatalyst Tool Released
/in General NewsThe critical vulnerability, tracked as CVE-2024-25153 with a CVSS score of 9.8, allows remote attackers to upload files outside the intended directory and execute arbitrary code.
Cyware News – Latest Cyber News – Read More
Aiohttp Vulnerability in Attacker Crosshairs
/in General NewsA recently patched Aiohttp vulnerability tracked as CVE-2024-23334 is being targeted by threat actors, including by a ransomware group.
The post Aiohttp Vulnerability in Attacker Crosshairs appeared first on SecurityWeek.
SecurityWeek – Read More
UK Defence Secretary Jet Hit by Electronic Warfare Attack in Poland
/in General NewsRussian hackers launched an electronic warfare attack that disabled the GPS and communications systems of UK Defence Secretary Grant Shapps’ RAF Dassault Falcon 900 jet while flying near Kaliningrad.
Cyware News – Latest Cyber News – Read More
E-Root Marketplace Admin Sentenced to 42 Months for Selling 350K Stolen Credentials
/in General NewsA 31-year-old Moldovan national has been sentenced to 42 months in prison in the U.S. for operating an illicit marketplace called E-Root Marketplace that offered for sale hundreds of thousands of compromised credentials, the Department of Justice (DoJ) announced.
Sandu Boris Diaconu was charged with conspiracy to commit access device and computer fraud and possession of 15 or more unauthorized
The Hacker News – Read More
New Phishing Attack Uses Clever Microsoft Office Trick to Deploy NetSupport RAT
/in General NewsA new phishing campaign is targeting U.S. organizations with the intent to deploy a remote access trojan called NetSupport RAT.
Israeli cybersecurity company Perception Point is tracking the activity under the moniker Operation PhantomBlu.
“The PhantomBlu operation introduces a nuanced exploitation method, diverging from NetSupport RAT’s typical delivery mechanism by leveraging OLE (Object
The Hacker News – Read More
UnitedHealth Says It Has Made Progress on Recovering From Massive Cyberattack
/in General NewsUnitedHealth is testing the last major system it must restore from last month’s Change Healthcare cyberattack, but it has no date yet for finishing the recovery.
The post UnitedHealth Says It Has Made Progress on Recovering From Massive Cyberattack appeared first on SecurityWeek.
SecurityWeek – Read More
NVIDIA GTC Keynote: Blackwell Architecture Will Accelerate AI Products in Late 2024
/in General NewsDevelopers can now take advantage of NVIDIA NIM packages to deploy enterprise generative AI, said NVIDIA CEO Jensen Huang.
Security | TechRepublic – Read More
Chinese APT ‘Earth Krahang’ Compromises 48 Gov’t Orgs on 5 Continents
/in General NewsThe group uses pretty standard open source tooling and social engineering to burrow into high-level government agencies across the globe.
darkreading – Read More