BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [local] TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
- [webapps] WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
- [webapps] Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)
- [local] RDPGuard 9.9.9 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
UK: City Cyber Task Force Launches to Secure Corporate Finance
/in General NewsThe Institute of Chartered Accountants in England and Wales (ICAEW) and the National Cyber Security Centre (NCSC) are leading a task force with other organizations to improve the security of corporate finance deals.
Cyware News – Latest Cyber News – Read More
Protect AI Acquires Laiyer AI to Better Secure AI Models
/in General NewsThe acquisition will enable organizations to benefit from Laiyer AI’s LLM Guard software, which detects, redacts, and sanitizes inputs and outputs from LLMs with lower latency, while also supporting open source contributions.
Cyware News – Latest Cyber News – Read More
Does CVSS 4.0 Solve the Exploitability Problem?
/in General NewsThe new system introduces changes such as splitting attack complexity into two parameters and categorizing user interaction into three levels, offering a more nuanced and comprehensive assessment of vulnerabilities.
Cyware News – Latest Cyber News – Read More
The Imperative for Robust Security Design in the Health Industry
/in General NewsIt is imperative that healthcare and health-tech companies move beyond reactive measures and adopt a proactive stance in safeguarding sensitive patient information.
darkreading – Read More
Zero-Day Vulnerability can Blind Defenses Relying on Windows Event Logs
/in General NewsThe vulnerability can be leveraged by an attacker with local network access, and until Microsoft issues a patch, users can implement micropatches provided by Acros to mitigate the risk.
Cyware News – Latest Cyber News – Read More
Exploit Released for Android Local Elevation Flaw Impacting Seven OEMs
/in General NewsA local privilege elevation flaw (CVE-2023-45779) affecting several Android OEMs was discovered and addressed in the December 2023 security update, highlighting weaknesses in APEX module signing using test keys.
Cyware News – Latest Cyber News – Read More
Hackers Obtain Confidential Information on Romanian Officials After Cyberattack at Parliament
/in General NewsHackers breached the Romanian Chamber of Deputies’ database and obtained confidential information, including the prime minister’s identity documents and medical analyses. They threatened to release the data unless they received a ransom of $34,000.
Cyware News – Latest Cyber News – Read More
The Rise of Python-Scripted Ransomware
/in General NewsThe ransomware, named “grinchv3,” self-copies itself to the startup folder for persistence, encrypts user data using the Fernet symmetric key encryption algorithm, and adds a pop-up message after encryption.
Cyware News – Latest Cyber News – Read More
Man Sentenced to Prison for Stealing Millions in Cryptocurrency via SIM Swapping
/in General NewsDaniel James Junk sentenced to six years in prison for stealing millions in cryptocurrency through SIM swapping.
The post Man Sentenced to Prison for Stealing Millions in Cryptocurrency via SIM Swapping appeared first on SecurityWeek.
SecurityWeek – Read More
Football Australia Data Leak Exposes Players’ Contracts, Fans’ Personal Details
/in General NewsThe leak included passports, player contracts, and personal data, potentially affecting every Australian football fan. Cybersecurity experts believe the breach was likely due to human error, and the FA is investigating the matter.
Cyware News – Latest Cyber News – Read More