BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
- Uro - Declutters Url Lists For Crawling/Pentesting
- Wshlient - A Simple Tool To Interact With Web Shells And Command Injection Vulnerabilities
Exploit DB
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
- [webapps] Casdoor 1.901.0 - Cross-Site Request Forgery (CSRF)
- [webapps] Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference (IDOR)
- [local] Daikin Security Gateway 14 - Remote Password Reset
- [local] ZTE ZXV10 H201L - RCE via authentication bypass
North Korea-linked hackers accounted for 61% of all crypto stolen in 2024
/in General NewsWith the rising adoption and value of crypto assets, the potential for theft is also on the rise. This year, the total value of cryptocurrency stolen surged 21%, reaching a substantial $2.2 billion. And according to a Chainalysis report released on Thursday, more than half of this amount was stolen by North Korea-affiliated hacking groups. […]
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
Fortinet Patches Critical FortiWLM Vulnerability
/in General NewsFortinet has released patches for a critical-severity path traversal vulnerability in FortiWLM that was reported last year.
The post Fortinet Patches Critical FortiWLM Vulnerability appeared first on SecurityWeek.
SecurityWeek – Read More
Juniper Warns of Mirai Botnet Targeting Session Smart Routers
/in General NewsJuniper Networks says a Mirai botnet is ensnaring session smart router devices that are using default passwords.
The post Juniper Warns of Mirai Botnet Targeting Session Smart Routers appeared first on SecurityWeek.
SecurityWeek – Read More
This VPN Lets Anyone Use Your Internet Connection. What Could Go Wrong?
/in General NewsA free VPN app called Big Mama is selling access to people’s home internet networks. Kids are using it to cheat in a VR game while researchers warn of bigger security risks.
Security Latest – Read More
Dutch DPA Fines Netflix €4.75 Million for GDPR Violations Over Data Transparency
/in General NewsThe Dutch Data Protection Authority (DPA) on Wednesday fined video on-demand streaming service Netflix €4.75 million ($4.93 million) for not giving consumers enough information about how it used their data between 2018 and 2020.
An investigation launched by the DPA in 2019 found that the tech giant did not inform customers clearly enough in its privacy statement about what it does with the data
The Hacker News – Read More
CISA Mandates Cloud Security for Federal Agencies by 2025 Under Binding Directive 25-01
/in General NewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued Binding Operational Directive (BOD) 25-01, ordering federal civilian agencies to secure their cloud environments and abide by Secure Cloud Business Applications (SCuBA) secure configuration baselines.
“Recent cybersecurity incidents highlight the significant risks posed by misconfigurations and weak security controls,
The Hacker News – Read More
CISA Releases Draft of National Cyber Incident Response Plan
/in General NewsThe draft of the long-awaited update to the NCIRP outlines the efforts, mechanisms, involved parties, and decisions the US government will use in response to a large-scale cyber incident.
darkreading – Read More
India Sees Surge in API Attacks, Especially in Banking, Utilities
/in General NewsThe number of DDoS-related incidents targeting APIs have jumped by 30x compared with traditional Web assets, suggesting that attackers see the growing API landscape as the more attractive target.
darkreading – Read More
Biggest Crypto Scam Tactics in 2024 and How to Avoid Them
/in General NewsStay alert to crypto scams with our guide to 2024’s top threats, including phishing, malware, Ponzi schemes, and…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Slack is becoming an AI workplace: Here’s what that means for your job
/in General NewsSlack is evolving from a simple messaging app into an AI-powered workplace platform where digital agents work alongside humans.Read More
Security News | VentureBeat – Read More