BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Stacks Mobile App Builder 5.2.3 - Authentication Bypass via Account Takeover
- [remote] Microsoft PowerPoint 2019 - Remote Code Execution (RCE)
- [remote] ScriptCase 9.12.006 (23) - Remote Command Execution (RCE)
- [local] Sudo chroot 1.9.17 - Local Privilege Escalation
- [local] Sudo 1.9.17 Host Option - Elevation of Privilege
- [local] Microsoft Defender for Endpoint (MDE) - Elevation of Privilege
- [webapps] Discourse 3.2.x - Anonymous Cache Poisoning
- [remote] Microsoft Outlook - Remote Code Execution (RCE)
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
UnitedHealth Says It Has Made Progress on Recovering From Massive Cyberattack
/in General NewsUnitedHealth is testing the last major system it must restore from last month’s Change Healthcare cyberattack, but it has no date yet for finishing the recovery.
The post UnitedHealth Says It Has Made Progress on Recovering From Massive Cyberattack appeared first on SecurityWeek.
SecurityWeek – Read More
NVIDIA GTC Keynote: Blackwell Architecture Will Accelerate AI Products in Late 2024
/in General NewsDevelopers can now take advantage of NVIDIA NIM packages to deploy enterprise generative AI, said NVIDIA CEO Jensen Huang.
Security | TechRepublic – Read More
Chinese APT ‘Earth Krahang’ Compromises 48 Gov’t Orgs on 5 Continents
/in General NewsThe group uses pretty standard open source tooling and social engineering to burrow into high-level government agencies across the globe.
darkreading – Read More
North Korea-Linked Group Levels Multistage Cyberattack on South Korea
/in General NewsKimsuky-attributed campaign uses eight steps to compromise systems — from initial execution to downloading additional code from Dropbox, and executing code to establish stealth and persistence.
darkreading – Read More
ML Model Repositories: The Next Big Supply Chain Attack Target
/in General NewsMachine-learning model platforms like Hugging Face are suspectible to the same kind of attacks that threat actors have executed successfully for years via npm, PyPI, and other open source repos.
darkreading – Read More
Fujitsu Scrambles After Malware Attack: Customer Data Potentially Breached
/in General NewsBy Deeba Ahmed
While Fujitsu did not disclose in-depth details, the company confirmed investigating a cyberattack that may have led to a data breach.
This is a post from HackRead.com Read the original post: Fujitsu Scrambles After Malware Attack: Customer Data Potentially Breached
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
New AcidRain Linux Malware Variant “AcidPour” Found Targeting Ukraine
/in General NewsBy Waqas
Another day, another malware threat emerges in a country already at war.
This is a post from HackRead.com Read the original post: New AcidRain Linux Malware Variant “AcidPour” Found Targeting Ukraine
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
New DEEP#GOSU Malware Campaign Targets Windows Users with Advanced Tactics
/in General NewsA new elaborate attack campaign has been observed employing PowerShell and VBScript malware to infect Windows systems and harvest sensitive information.
Cybersecurity company Securonix, which dubbed the campaign DEEP#GOSU, said it’s likely associated with the North Korean state-sponsored group tracked as Kimsuky.
“The malware payloads used in the DEEP#GOSU represent a
The Hacker News – Read More
Fujitsu Found Malware on IT Systems, Confirms Data Breach
/in General NewsAn announcement published late last week on the firm’s news portal discloses a major cybersecurity incident that has compromised systems and data, including sensitive information of customers.
Cyware News – Latest Cyber News – Read More
UK: NCSC Releases Cloud SCADA Security Guidance
/in General NewsThe NCSC released guidance for operational technology (OT) organizations on migrating their SCADA systems to the cloud. This guidance aims to help organizations assess the benefits and risks of cloud-hosted SCADA to make informed decisions.
Cyware News – Latest Cyber News – Read More