BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
- Uro - Declutters Url Lists For Crawling/Pentesting
- Wshlient - A Simple Tool To Interact With Web Shells And Command Injection Vulnerabilities
Exploit DB
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
- [webapps] Casdoor 1.901.0 - Cross-Site Request Forgery (CSRF)
- [webapps] Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference (IDOR)
- [local] Daikin Security Gateway 14 - Remote Password Reset
- [local] ZTE ZXV10 H201L - RCE via authentication bypass
Young people’s data feared stolen in cyberattack on French government contractor
/in General NewsThe French government said an incident directly impacted an unnamed service provider used by the network of “Local Missions” — places that offer advice and support to people between the ages of 16 and 25 about work and training.
The Record from Recorded Future News – Read More
US, Israel Describe Iranian Hackers’ Targeting of Olympics, Surveillance Cameras
/in General NewsThe US and Israel have published an advisory describing the latest activities of Iranian cyber firm Emennet Pasargad, now called Aria Sepehr Ayandehsazan.
The post US, Israel Describe Iranian Hackers’ Targeting of Olympics, Surveillance Cameras appeared first on SecurityWeek.
SecurityWeek – Read More
Massive Git Config Breach Exposes 15,000 Credentials; 10,000 Private Repos Cloned
/in General NewsCybersecurity researchers have flagged a “massive” campaign that targets exposed Git configurations to siphon credentials, clone private repositories, and even extract cloud credentials from the source code.
The activity, codenamed EMERALDWHALE, is estimated to have collected over 10,000 private repositories and stored in an Amazon S3 storage bucket belonging to a prior victim. The bucket,
The Hacker News – Read More
Microsoft Warns of Chinese Botnet Exploiting Router Flaws for Credential Theft
/in General NewsMicrosoft has revealed that a Chinese threat actor it tracks as Storm-0940 is leveraging a botnet called Quad7 to orchestrate highly evasive password spray attacks.
The tech giant has given the botnet the name CovertNetwork-1658, stating the password spray operations are used to steal credentials from multiple Microsoft customers.
“Active since at least 2021, Storm-0940 obtains initial access
The Hacker News – Read More
Passkeys are more popular than ever. This research explains why
/in General NewsSome 57% of people surveyed this year for a FIDO Alliance report are aware of passkeys, up from 39% just two years ago.
Latest stories for ZDNET in Security – Read More
Zero-Click Flaw Exposes Potentially Millions of Popular Storage Devices to Attack
/in General NewsA vulnerability categorized as “critical” in a photo app installed by default on Synology network-attached storage devices could give attackers the ability to steal data and worse.
Security Latest – Read More
Lottie-Player Supply Chain Attack Targets Cryptocurrency Wallets
/in General NewsLottieFiles has confirmed that Lottie-Player has been compromised in a supply chain attack whose goal is cryptocurrency theft.
The post Lottie-Player Supply Chain Attack Targets Cryptocurrency Wallets appeared first on SecurityWeek.
SecurityWeek – Read More
Microsoft Delays Windows Copilot+ Recall Release Over Privacy Concerns
/in General NewsMicrosoft is further delaying the release of its controversial Recall feature for Windows Copilot+ PCs, stating it’s taking the time to improve the experience.
The development was first reported by The Verge. The artificial intelligence-powered tool was initially slated for a preview release starting in October.
“We are committed to delivering a secure and trusted experience with Recall,” the
The Hacker News – Read More
Bug Bounty Platform Bugcrowd Secures $50 Million in Growth Capital
/in General NewsBugcrowd has secured $50 million in growth capital facility from Silicon Valley Bank for expansion and innovation.
The post Bug Bounty Platform Bugcrowd Secures $50 Million in Growth Capital appeared first on SecurityWeek.
SecurityWeek – Read More
Major Security Update: Chrome Patches Critical Out-of-Bounds Vulnerability
/in General NewsNot too long ago, we discovered a critical security flaw in Firefox. This week, Chrome is addressing fixes for yet more critical vulnerabilities. Google recently patched vulnerabilities in its Chrome browser, one of which was marked as critical, tracked as CVE-2024-10487. The vulnerability allowed remote attackers to perform out-of-bounds memory access via a crafted HTML page.
Source
TechSplicer – Read More