BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
- Uro - Declutters Url Lists For Crawling/Pentesting
- Wshlient - A Simple Tool To Interact With Web Shells And Command Injection Vulnerabilities
Exploit DB
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
- [webapps] Casdoor 1.901.0 - Cross-Site Request Forgery (CSRF)
- [webapps] Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference (IDOR)
- [local] Daikin Security Gateway 14 - Remote Password Reset
- [local] ZTE ZXV10 H201L - RCE via authentication bypass
BitSight buys dark web security specialist Cybersixgill for $115M
/in General NewsMore consolidation is afoot in the world of cybersecurity. BitSight, a cybersecurity startup last valued at $2.4 billion when ratings firm Moody’s took a majority stake in the business in 2021, is acquiring Cybersixgill for $115 million. Boston-based BitSight’s focus is cyber risk management. It works with enterprises to assess their risk profiles and specifically […]
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
Washington’s Cybersecurity Storm of Complacency
/in General NewsIf the government truly wants to protect the US’s most vital assets, it must rethink its cybersecurity policies and prioritize proactive, coordinated, and enforceable measures.
darkreading – Read More
Cybercriminals target victims in Spain, Germany, Ukraine with Strela Stealer malware
/in General NewsThe financially-motivated group tracked as Hive0145 has infected targets with Strela Stealer malware delivered through phishing emails disguised as legitimate invoice notifications.
The Record from Recorded Future News – Read More
Two Men Charged For Hacking US Tax Preparation Firms
/in General NewsTwo Nigerian nationals, one in Mexico and one in North Dakota, have been charged for hacking into the systems of US tax preparation companies.
The post Two Men Charged For Hacking US Tax Preparation Firms appeared first on SecurityWeek.
SecurityWeek – Read More
This startup’s AI platform could replace 90% of your accounting tasks—here’s how
/in General NewsPuzzle, a fintech startup, launches an AI-powered accounting platform that automates 90% of routine tasks, aiming to support accountants and streamline business finances.Read More
Security News | VentureBeat – Read More
Microsoft Power Pages Leak Millions of Private Records
/in General NewsLess experienced users of Microsoft’s website building platform may not understand all the implications of the access controls in its low- or no-code environment.
darkreading – Read More
CISA, FBI Confirm China Hacked Telecoms Providers for Spying
/in General NewsCISA and the FBI have confirmed that Chinese hackers compromised the networks of telecommunications companies to spy on specific targets.
The post CISA, FBI Confirm China Hacked Telecoms Providers for Spying appeared first on SecurityWeek.
SecurityWeek – Read More
Windows Zero-Day Exploited by Russia Triggered With File Drag-and-Drop, Delete Actions
/in General NewsThe exploit for a new zero-day vulnerability in Windows is executed by deleting files, drag-and-dropping them, or right clicking on them.
The post Windows Zero-Day Exploited by Russia Triggered With File Drag-and-Drop, Delete Actions appeared first on SecurityWeek.
SecurityWeek – Read More
NIST Explains Why It Failed to Clear CVE Backlog
/in General NewsNIST says all known exploited CVEs in the backlog have been addressed, but admitted that clearing the entire backlog by October was optimistic.
The post NIST Explains Why It Failed to Clear CVE Backlog appeared first on SecurityWeek.
SecurityWeek – Read More
Cybereason and Trustwave Announce Merger
/in General NewsCybereason Chairman & CEO Eric Gan believes the merger could help its existing success in some international markets.
The post Cybereason and Trustwave Announce Merger appeared first on SecurityWeek.
SecurityWeek – Read More