BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Skyvern 0.1.85 - Remote Code Execution (RCE) via SSTI
- [remote] PCMan FTP Server 2.0.7 - Buffer Overflow
- [webapps] Litespeed Cache WordPress Plugin 6.3.0.1 - Privilege Escalation
- [local] Parrot and DJI variants Drone OSes - Kernel Panic Exploit
- [remote] Windows 11 SMB Client - Privilege Escalation & Remote Code Execution (RCE)
- [remote] AirKeyboard iOS App 1.0.5 - Remote Input Injection
- [webapps] PHP CGI Module 8.3.4 - Remote Code Execution (RCE)
- [remote] WebDAV Windows 10 - Remote Code Execution (RCE)
- [local] Microsoft Excel Use After Free - Local Code Execution
- [remote] Windows File Explorer Windows 10 Pro x64 - TAR Extraction
CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog, Urges Fixes by Feb 25
/in General NewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.
The list of vulnerabilities is as follows –
CVE-2024-45195 (CVSS score: 7.5/9.8) – A forced browsing vulnerability in Apache OFBiz that allows a remote attacker to obtain unauthorized
The Hacker News – Read More
Researchers warn of risks tied to abandoned cloud storage buckets
/in General NewsCloud storage tools used by military, government and even cybersecurity organizations around the world have been left abandoned by their users, exposing them to a wide variety of security risks.
The Record from Recorded Future News – Read More
Sophos Acquires Secureworks for $859 Million
/in General NewsSophos has completed its acquisition of managed cyber security services provider Secureworks.
Security | TechRepublic – Read More
Credential Theft Becomes Cybercriminals’ Favorite Target
/in General NewsResearchers measured a threefold increase in credential stealing between 2023 and 2024, with more than 11.3 million such thefts last year.
darkreading – Read More
U.K. Announces ‘World-First’ Cyber Code of Practice for Companies Developing AI
/in General NewsThe Cyber Code of Practice applies to developers, system operators, and organisations that create, deploy, or manage AI systems.
Security | TechRepublic – Read More
Ferret Malware Added to ‘Contagious Interview’ Campaign
/in General NewsTargets are lured into a fake interview process that convinces them to download malware needed for a virtual interview.
darkreading – Read More
Spyware maker Paragon confirms U.S. government is a customer
/in General NewsIsraeli spyware maker Paragon Solutions confirmed to TechCrunch that it sells its products to the U.S. government and other unspecified allied countries. Paragon’s executive chairman John Fleming said in a statement to TechCrunch on Tuesday that, “Paragon licenses its technology to a select group of global democracies — principally, the United States and its allies.” […]
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
Sophos Completes Acquisition of Secureworks
/in General NewsSophos has completed its $859 million all-cash acquisition of SecureWorks.
The post Sophos Completes Acquisition of Secureworks appeared first on SecurityWeek.
SecurityWeek – Read More
Jailbreak Anthropic’s new AI safety system for a $15,000 reward
/in General NewsIn testing, the technique helped Claude block 95% of jailbreak attempts. But the process still needs more ‘real-world’ red-teaming.
Latest stories for ZDNET in Security – Read More
Chinese ‘Infrastructure Laundering’ Abuses AWS, Microsoft Cloud
/in General NewsFunnull CDN rents IPs from legitimate cloud service providers and uses them to host criminal websites, continuously cycling cloud resources in and out of use and acquiring new ones to stay ahead of cyber-defender detection.
darkreading – Read More