BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
- [webapps] Casdoor 1.901.0 - Cross-Site Request Forgery (CSRF)
- [webapps] Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference (IDOR)
- [local] Daikin Security Gateway 14 - Remote Password Reset
- [local] ZTE ZXV10 H201L - RCE via authentication bypass
Adobe Patches ColdFusion Flaw at High Risk of Exploitation
/in General NewsAdobe has released patches for a high-severity ColdFusion vulnerability for which proof-of-concept (PoC) code exists.
The post Adobe Patches ColdFusion Flaw at High Risk of Exploitation appeared first on SecurityWeek.
SecurityWeek – Read More
North Korean Hackers Pull Off $308M Bitcoin Heist from Crypto Firm DMM Bitcoin
/in General NewsJapanese and U.S. authorities have formerly attributed the theft of cryptocurrency worth $308 million from cryptocurrency company DMM Bitcoin in May 2024 to North Korean cyber actors.
“The theft is affiliated with TraderTraitor threat activity, which is also tracked as Jade Sleet, UNC4899, and Slow Pisces,” the agencies said. “TraderTraitor activity is often characterized by targeted social
The Hacker News – Read More
Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks
/in General NewsThe Apache Software Foundation (ASF) has released a security update to address an important vulnerability in its Tomcat server software that could result in remote code execution (RCE) under certain conditions.
The vulnerability, tracked as CVE-2024-56337, has been described as an incomplete mitigation for CVE-2024-50379 (CVSS score: 9.8), another critical security flaw in the same product that
The Hacker News – Read More
FCC ‘rip and replace’ provision for Chinese tech tops cyber provisions in defense bill
/in General NewsThe bill allocates $3 billion to a Federal Communications Commission program, commonly called “rip and replace,” to get rid of Chinese networking equipment due to national security concerns.
The Record from Recorded Future News – Read More
Neuro Nostalgia Hackathon 2024: A Retro Journey with Modern Twists
/in General NewsRelive the 90s web era! The Neuro Nostalgia Hackathon challenged teams to transform modern sites into retro masterpieces…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Non-Human Identities Gain Momentum, Requires Both Management, Security
/in General NewsThe number of Non-Human Identities (NHIs) in many organizations has exploded. Key trends, drivers, and market landscape in this fast-developing area are explored.
darkreading – Read More
Lazarus Group Targets Nuclear Industry with CookiePlus Malware
/in General NewsKEY SUMMARY POINTS Securelist by Kaspersky has published its latest threat intelligence report focused on the activities of…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
TunnelBear VPN review: An affordable, easy-to-use VPN with few a few notable pitfalls
/in General NewsTunnelBear is one of our favorite free VPNs, thanks to its secure encryption, access to over 40 servers, and access to most features with a free plan.
Latest stories for ZDNET in Security – Read More
Protect 3 Devices With This Maximum Security Software
/in General NewsTrend Micro guards desktop and mobile devices from ransomware, phishing schemes, spam, and more for one year.
Security | TechRepublic – Read More
Beware Of Shadow AI – Shadow IT’s Less Well-Known Brother
/in General NewsWhile AI tools can enable employees to be innovative and productive, significant data privacy risks can stem from their usage.
The post Beware Of Shadow AI – Shadow IT’s Less Well-Known Brother appeared first on SecurityWeek.
SecurityWeek – Read More