BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [remote] CrushFTP 11.3.1 - Authentication Bypass
- [remote] Invision Community 5.0.6 - Remote Code Execution (RCE)
- [local] Zyxel USG FLEX H series uOS 1.31 - Privilege Escalation
- [local] RDPGuard 9.9.9 - Privilege Escalation
- [webapps] Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)
- [local] TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
- [webapps] WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [local] VirtualBox 7.0.16 - Privilege Escalation
Malicious use of Cobalt Strike down 80% after crackdown, Fortra says
/in General NewsAn effort launched in 2023 to curb the longstanding issue of pirated Cobalt Strike software being used by cybercriminals appears to have borne fruit.
The Record from Recorded Future News – Read More
Static Scans, Red Teams and Frameworks Aim to Find Bad AI Models
/in General NewsWith hundreds of AI models found to harbor malicious code, cybersecurity firms are releasing technology to help companies manage their AI development and deployment efforts.
darkreading – Read More
Women in Cyber Security on the Rise, But Facing More Layoffs and Budget Cuts Than Men
/in General NewsIn 2024, women accounted for 22% of global security teams on average, compared to 17% in 2023, according to ISC2.
Security | TechRepublic – Read More
Zero-Days Put Tens of 1,000s of Orgs at Risk for VM Escape Attacks
/in General NewsMore than 41,000 ESXi instances remain vulnerable to a critical VMware vulnerability, one of three that Broadcom disclosed earlier this week.
darkreading – Read More
Cybercrime’s Cobalt Strike Use Plummets 80% Worldwide
/in General NewsFortra, Microsoft, and Health-ISAC have combined forces to claw back one of hackers’ most prized attack tools, with massive takedowns.
darkreading – Read More
Taylor Swift Ticket Thieves Charged in Court for Resale Operation
/in General NewsThe pair found a loophole through StubHub’s services, allowing them to steal tickets and resell them for personal profit, amassing hundreds of thousands of dollars.
darkreading – Read More
US Seize Garantex in Cryptocurrency Money Laundering Bust
/in General NewsTwo men linked to Garantex are accused of facilitating multi-billion dollar money laundering and sanctions violations.
The post US Seize Garantex in Cryptocurrency Money Laundering Bust appeared first on SecurityWeek.
SecurityWeek – Read More
Home appliance company Presto says cyberattack causing delivery delays
/in General NewsIn a filing with federal regulators, Wisconsin-based National Presto Industries — known for appliances like air fryers and pressure cookers — said a cyberattack had disrupted operations.
The Record from Recorded Future News – Read More
In Other News: EntrySign AMD Flaw, Massive Attack Targets ISPs, ENISA Report
/in General NewsNoteworthy stories that might have slipped under the radar: Google discloses AMD CPU flaw named EntrySign, ISPs in the US and China targeted in massive attack, ENISA report on NIS2 Directive.
The post In Other News: EntrySign AMD Flaw, Massive Attack Targets ISPs, ENISA Report appeared first on SecurityWeek.
SecurityWeek – Read More
US charges admins of Garantex for allegedly facilitating crypto money laundering for terrorists and hackers
/in General NewsThe administrators of Garantex, Aleksej Besciokov and Aleksandr Mira Serda, allegedly knew their crypto exchange was used to launder money, according to U.S. prosecutors.
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More