BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
- Uro - Declutters Url Lists For Crawling/Pentesting
- Wshlient - A Simple Tool To Interact With Web Shells And Command Injection Vulnerabilities
Exploit DB
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
- [webapps] Casdoor 1.901.0 - Cross-Site Request Forgery (CSRF)
- [webapps] Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference (IDOR)
- [local] Daikin Security Gateway 14 - Remote Password Reset
- [local] ZTE ZXV10 H201L - RCE via authentication bypass
New RustyAttr Malware Targets macOS Through Extended Attribute Abuse
/in General NewsThreat actors have been found leveraging a new technique that abuses extended attributes for macOS files to smuggle a new malware called RustyAttr.
The Singaporean cybersecurity company has attributed the novel activity with moderate confidence to the infamous North Korea-linked Lazarus Group, citing infrastructure and tactical overlaps observed in connection with prior campaigns, including
The Hacker News – Read More
US confirms China-backed hackers breached telecom providers to steal wiretap data
/in General NewsCISA and the FBI say they have uncovered a ‘broad and significant’ PRC-linked cyberespionage campaign
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
Unpatched Flaw in Legacy D-Link NAS Devices Exploited Days After Disclosure
/in General NewsExploitation attempts targeting CVE-2024-10914, a recently disclosed ‘won’t fix’ vulnerability affecting outdated D-Link NAS devices.
The post Unpatched Flaw in Legacy D-Link NAS Devices Exploited Days After Disclosure appeared first on SecurityWeek.
SecurityWeek – Read More
Hamas Hackers Spy on Mideast Gov’ts, Disrupt Israel
/in General NewsAPT Wirte is doing double duty, adding all manner of supplemental malware to gain access, eavesdrop, and wipe data, depending on the target.
darkreading – Read More
Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails
/in General NewsA newly patched security flaw impacting Windows NT LAN Manager (NTLM) was exploited as a zero-day by a suspected Russia-linked actor as part of cyber attacks targeting Ukraine.
The vulnerability in question, CVE-2024-43451 (CVSS score: 6.5), refers to an NTLM hash disclosure spoofing vulnerability that could be exploited to steal a user’s NTLMv2 hash. It was patched by Microsoft earlier this
The Hacker News – Read More
Teen Behind Hundreds of Swatting Attacks Pleads Guilty to Federal Charges
/in General NewsAlan Filion, believed to have operated under the handle “Torswats,” admitted to making more than 375 fake threats against schools, places of worship, and government buildings around the United States.
Security Latest – Read More
US agencies confirm Beijing-linked telecom breach involving call records of politicians, wiretaps
/in General NewsIn a statement late on Wednesday, the FBI and Cybersecurity and Infrastructure Security Agency (CISA) said an investigation that began in late October has revealed a “broad and significant cyber espionage campaign.”
The Record from Recorded Future News – Read More
Microsoft brings AI to the farm and factory floor, partnering with industry giants
/in General NewsMicrosoft collaborates with Siemens, Bayer, and Rockwell Automation to launch industry-specific AI models designed to boost efficiency in manufacturing, agriculture, and finance through tailored AI solutions available via Azure AI.Read More
Security News | VentureBeat – Read More
Toolkit Vastly Expands APT41’s Surveillance Powers
/in General NewsThe China-affiliated group is using the highly modular DeepData framework to target organizations in South Asia.
darkreading – Read More
Lacoste First to Use AI-Powered Anti-counterfeiting Solution
/in General NewsPost Content
darkreading – Read More