BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [remote] CrushFTP 11.3.1 - Authentication Bypass
- [remote] Invision Community 5.0.6 - Remote Code Execution (RCE)
- [local] Zyxel USG FLEX H series uOS 1.31 - Privilege Escalation
- [local] RDPGuard 9.9.9 - Privilege Escalation
- [webapps] Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)
- [local] TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
- [webapps] WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [local] VirtualBox 7.0.16 - Privilege Escalation
LinkedIn Phishing Scam: Fake InMail Messages Spreading ConnectWise Trojan
/in General NewsCofense uncovers new LinkedIn phishing scam delivering ConnectWise RAT. Learn how attackers bypass security with fake InMail emails…
Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – Read More
US Sanctions Iranian Administrator of Nemesis Darknet Marketplace
/in General NewsIranian national Behrouz Parsarad sanctioned for running Nemesis, a marketplace used for narcotics trafficking and cybercrime.
The post US Sanctions Iranian Administrator of Nemesis Darknet Marketplace appeared first on SecurityWeek.
SecurityWeek – Read More
New Eleven11bot DDoS Botnet Powered by 80,000 Hacked Devices
/in General NewsThe Eleven11bot botnet has been described as one of the largest known DDoS botnets observed in recent years.
The post New Eleven11bot DDoS Botnet Powered by 80,000 Hacked Devices appeared first on SecurityWeek.
SecurityWeek – Read More
Apple is challenging U.K.’s iCloud encryption backdoor order
/in General NewsApple is challenging a U.K. Government data access order in the Investigatory Powers Tribunal (IPT), the Financial Times reports. The order targeted iCloud backups that are protected by end-to-end encryption. Last month, press leaks revealed the existence of the January order asking Apple to build a backdoor in iCloud’s encrypted backups. U.K. officials are exercising […]
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
Seven Malicious Go Packages Found Deploying Malware on Linux and macOS Systems
/in General NewsCybersecurity researchers are alerting of an ongoing malicious campaign targeting the Go ecosystem with typosquatted modules that are designed to deploy loader malware on Linux and Apple macOS systems.
“The threat actor has published at least seven packages impersonating widely used Go libraries, including one (github[.]com/shallowmulti/hypert) that appears to target financial-sector developers
The Hacker News – Read More
Google Cuts Off uBlock Origin on Chrome as Firefox Stands Firm on Ad Blockers
/in General NewsThe problem started with Manifest V3, Chrome’s new extension specification, which is supposed to improve privacy.
Security | TechRepublic – Read More
GreyNoise Intelligence Releases New Research on Cybersecurity Vulns
/in General NewsPost Content
darkreading – Read More
Rapid7 Delivers Command Platform Offerings for Exposure Management
/in General NewsPost Content
darkreading – Read More
3 VMware Zero-Day Bugs Allow Sandbox Escape
/in General NewsThe now-patched bugs are under active exploit and enable attackers to carry out a wide range of malicious activities, including escaping a virtual machine and gaining access to the underlying host.
darkreading – Read More
Threat Actor ‘JavaGhost’ Targets AWS Environments in Phishing Scheme
/in General NewsPalo Alto Networks’ Unit 42 details how a threat actor is dodging detection with careful targeting and the use of Amazon’s native email tools.
darkreading – Read More