BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [local] TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
- [webapps] WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
- [webapps] Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)
- [local] RDPGuard 9.9.9 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
Recent Zyxel Firewall Vulnerability Exploited in Ransomware Attacks
/in General NewsA ransomware group has been observed exploiting a recently patched command injection vulnerability in Zyxel firewalls for initial access.
The post Recent Zyxel Firewall Vulnerability Exploited in Ransomware Attacks appeared first on SecurityWeek.
SecurityWeek – Read More
Top 5 Platforms for Identifying Smart Contract Vulnerabilities
/in General NewsHow well do you know your smart contracts’ health? This article highlights the top five platforms that DeFi…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
South Asian hackers target Pakistani entities in new espionage campaign
/in General NewsThe group, also tracked as APT-K-47, has been active since 2022 and likely originates in South Asia, according to a new report from China-based cybersecurity firm Knownsec.
The Record from Recorded Future News – Read More
Vulnerabilities Expose mySCADA myPRO Systems to Remote Hacking
/in General NewsCritical vulnerabilities patched by mySCADA in its myPRO HMI/SCADA product can allow remote and unauthenticated takeover of the system.
The post Vulnerabilities Expose mySCADA myPRO Systems to Remote Hacking appeared first on SecurityWeek.
SecurityWeek – Read More
Halcyon Raises $100 Million at $1 Billion Valuation
/in General NewsSeries C Funding round brings the total amount raised by the ransomware protection firm to $190 million.
The post Halcyon Raises $100 Million at $1 Billion Valuation appeared first on SecurityWeek.
SecurityWeek – Read More
Closing the Cybersecurity Career Diversity Gap
/in General NewsDiversity isn’t just an issue of fairness — it’s about operational excellence and ensuring we have the best possible teams defending our national security.
darkreading – Read More
Visio Trust Raises $7 Million for Third-Party Risk Management Platform
/in General NewsSan Francisco-based third-party risk management provider Visio Trust has raised $7 million in venture funding.
The post Visio Trust Raises $7 Million for Third-Party Risk Management Platform appeared first on SecurityWeek.
SecurityWeek – Read More
Cybersecurity 101: Understanding MITRE ATT&CK Framework
/in General NewsTraditional security frameworks often fail to connect with the realities of development. Usually, we see the results of them in PDFs and compliance documents, making it hard for developers to see how they relate to the actual code. As someone who tinkered with both worlds, Mitre is more valuable from a developer’s perspective than OWASP Top 10. Insisting at the same time that OWASP has its clear…
Source
TechSplicer – Read More
North Korea Deploying Fake IT Workers in China, Russia, Other Countries
/in General NewsThe North Korean fake IT workers have infiltrated businesses in China, Russia, and other countries aside from the US.
The post North Korea Deploying Fake IT Workers in China, Russia, Other Countries appeared first on SecurityWeek.
SecurityWeek – Read More
UK seeks collaboration for security research lab to counter Russia and ‘new AI arms race’
/in General NewsThe U.K. is seeking collaboration for a new AI security research lab that’s designed to counter Russia and other hostile states in what it dubs the “new AI arms race.” While the U.K. government has launched numerous funding initiatives in the past to support cybersecurity projects, the rise of AI-fueled nation-state attacks, specifically, is the […]
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More