BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Social Warfare WordPress Plugin 3.5.2 - Remote Code Execution (RCE)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
- [remote] Microsoft Excel 2024 Use after free - Remote Code Execution (RCE)
- [webapps] Sitecore 10.4 - Remote Code Execution (RCE)
- [local] Microsoft Excel LTSC 2024 - Remote Code Execution (RCE)
- [remote] FortiOS SSL-VPN 7.4.4 - Insufficient Session Expiration & Cookie Reuse
The Paper Passport Is Dying
/in General NewsSmartphones and face recognition are being combined to create new digital travel documents. The paper passport’s days are numbered—despite new privacy risks.
Security Latest – Read More
Cloud Atlas Deploys VBCloud Malware: Over 80% of Targets Found in Russia
/in General NewsThe threat actor known as Cloud Atlas has been observed using a previously undocumented malware called VBCloud as part of its cyber attack campaigns targeting “several dozen users” in 2024.
“Victims get infected via phishing emails containing a malicious document that exploits a vulnerability in the formula editor (CVE-2018-0802) to download and execute malware code,” Kaspersky researcher Oleg
The Hacker News – Read More
FICORA and Kaiten Botnets Exploit Old D-Link Vulnerabilities for Global Attacks
/in General NewsCybersecurity researchers are warning about a spike in malicious activity that involves roping vulnerable D-Link routers into two different botnets, a Mirai variant dubbed FICORA and a Kaiten (aka Tsunami) variant called CAPSAICIN.
“These botnets are frequently spread through documented D-Link vulnerabilities that allow remote attackers to execute malicious commands via a GetDeviceSettings
The Hacker News – Read More
Palo Alto Releases Patch for PAN-OS DoS Flaw — Update Immediately
/in General NewsPalo Alto Networks has disclosed a high-severity vulnerability impacting PAN-OS software that could cause a denial-of-service (DoS) condition on susceptible devices.
The flaw, tracked as CVE-2024-3393 (CVSS score: 8.7), impacts PAN-OS versions 10.X and 11.X, as well as Prisma Access running PAN-OS versions. It has been addressed in PAN-OS 10.1.14-h8, PAN-OS 10.2.10-h12, PAN-OS 11.1.5, PAN-OS
The Hacker News – Read More
RFP Templates and Guidebook
/in General NewsA request for proposal is a common method for soliciting vendor quotes and answers about potential product or service offerings. They specifically intend to gather details involving implementation, operations, and maintenance. This facilitates the decision-making process, allowing organizations to choose the RFP responses which best suit their needs. This guidebook, written by Scott Matteson for …
Security | TechRepublic – Read More
Apache MINA CVE-2024-52046: CVSS 10.0 Flaw Enables RCE via Unsafe Serialization
/in General NewsThe Apache Software Foundation (ASF) has released patches to address a maximum severity vulnerability in the MINA Java network application framework that could result in remote code execution under specific conditions.
Tracked as CVE-2024-52046, the vulnerability carries a CVSS score of 10.0. It affects versions 2.0.X, 2.1.X, and 2.2.X.
“The ObjectSerializationDecoder in Apache MINA uses Java’s
The Hacker News – Read More
Hackers Release Second Batch of Stolen Cisco Data
/in General NewsIN THIS ARTICLE: Hackers have released what they claim to be the second batch of data stolen in…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Japan Airlines resumes operations after cyberattack delays flights
/in General NewsThe company claimed that no customer information was leaked and that it suffered no damage from computer viruses. There was also no impact on flight safety, according to JAL.
The Record from Recorded Future News – Read More
UN General Assembly approves cybercrime treaty despite industry backlash
/in General NewsThe agreement provides a framework for how law enforcement agencies in different countries coordinate on cybercrime investigations and is being touted as a way to reduce the number of safe havens for cybercriminals as well as help developing nations better protect their citizens from digital crimes.
The Record from Recorded Future News – Read More
Two Californians charged in the largest NFT fraud case to date
/in General NewsSUMMARY Two California men have been arrested and charged in what is being called the largest NFT fraud…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More