BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [local] TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
- [webapps] WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
- [webapps] Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)
- [local] RDPGuard 9.9.9 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console
/in General NewsVeeam has released security updates to address a critical flaw impacting Service Provider Console (VSPC) that could pave the way for remote code execution on susceptible instances.
The vulnerability, tracked as CVE-2024-42448, carries a CVSS score of 9.9 out of a maximum of 10.0. The company noted that the bug was identified during internal testing.
“From the VSPC management agent machine, under
The Hacker News – Read More
Critical SailPoint IdentityIQ Vulnerability Exposes Files to Unauthorized Access
/in General NewsA critical security vulnerability has been disclosed in SailPoint’s IdentityIQ identity and access management (IAM) software that allows unauthorized access to content stored within the application directory.
The flaw, tracked as CVE-2024-10905, has a CVSS score of 10.0, indicating maximum severity. It affects IdentityIQ versions 8.2. 8.3, 8.4, and other previous versions.
IdentityIQ “allows
The Hacker News – Read More
FBI Tells Telecom Firms to Boost Security Following Wide-Ranging Chinese Hacking Campaign
/in General NewsGuidance issued by the FBI and CISA is intended to help root out the hackers and prevent similar cyberespionage.
The post FBI Tells Telecom Firms to Boost Security Following Wide-Ranging Chinese Hacking Campaign appeared first on SecurityWeek.
SecurityWeek – Read More
15 SpyLoan Apps Found on Play Store Targeting Millions
/in General NewsSUMMARY Cybercriminals are exploiting SpyLoan, or predatory loan apps, to target unsuspecting users globally. McAfee cybersecurity researchers report…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
The Role of Salesforce Implementation in Digital Transformation
/in General NewsCompanies today constantly look for ways to improve their work with customers and perform better overall. The transition…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
US says Chinese hackers are still lurking in American phone networks
/in General NewsThe China-backed hackers are reportedly still inside the networks of some of America’s largest phone and internet companies, weeks after the hacks were disclosed.
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
Decade-Old Cisco Vulnerability Under Active Exploit
/in General NewsCisco encourages users to update to an unaffected version of its Adaptive Security Appliance (ASA) software since there are no workarounds for the 2014 vulnerability.
darkreading – Read More
With Threats to Encryption Looming, Signal’s Meredith Whittaker Says ‘We’re Not Changing’
/in General NewsAt WIRED’s The Big Interview event, the president of the Signal Foundation talked about secure communications as critical infrastructure and the need for a new funding paradigm for tech.
Security Latest – Read More
I deleted thousands of tweets from X with this new tool – for free
/in General NewsNow you can easily migrate from X with this powerful tool that deletes tweets, likes, and DMs, while backing up your data for a fresh start elsewhere.
Latest stories for ZDNET in Security – Read More
FTC Says Data Brokers Unlawfully Tracked Protesters and US Military Personnel
/in General NewsThe FTC is targeting data brokers that monitored people’s movements during protests and around US military installations. But signs suggest the Trump administration will be far more lenient.
Security Latest – Read More