BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
- Uro - Declutters Url Lists For Crawling/Pentesting
- Wshlient - A Simple Tool To Interact With Web Shells And Command Injection Vulnerabilities
Exploit DB
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
- [webapps] Casdoor 1.901.0 - Cross-Site Request Forgery (CSRF)
- [webapps] Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference (IDOR)
- [local] Daikin Security Gateway 14 - Remote Password Reset
- [local] ZTE ZXV10 H201L - RCE via authentication bypass
Apple Patches Over 70 Vulnerabilities Across iOS, macOS, Other Products
/in General NewsApple has released security updates for iOS 18 and macOS Sequoia 15 to address dozens of vulnerabilities.
The post Apple Patches Over 70 Vulnerabilities Across iOS, macOS, Other Products appeared first on SecurityWeek.
SecurityWeek – Read More
U.S. Government Issues New TLP Guidance for Cross-Sector Threat Intelligence Sharing
/in General NewsThe U.S. government (USG) has issued new guidance governing the use of the Traffic Light Protocol (TLP) to handle the threat intelligence information shared between the private sector, individual researchers, and Federal Departments and Agencies.
“The USG follows TLP markings on cybersecurity information voluntarily shared by an individual, company, or other any organization, when not in
The Hacker News – Read More
New Research Reveals Spectre Vulnerability Persists in Latest AMD and Intel Processors
/in General NewsMore than six years after the Spectre security flaw impacting modern CPU processors came to light, new research has found that the latest AMD and Intel processors are still susceptible to speculative execution attacks.
The attack, disclosed by ETH Zürich researchers Johannes Wikner and Kaveh Razavi, aims to undermine the Indirect Branch Predictor Barrier (IBPB) on x86 chips, a crucial mitigation
The Hacker News – Read More
Armis Raises $200M at $4.2B Valuation, Eyes IPO
/in General NewsArmis raised an additional $200 million in funding at valuation of $4.2 billion as the company aims for an IPO.
The post Armis Raises $200M at $4.2B Valuation, Eyes IPO appeared first on SecurityWeek.
SecurityWeek – Read More
China’s Elite Cyber Corps Hone Skills on Virtual Battlefields
/in General NewsThe nation leads in the number of capture-the-flag tournaments sponsored by government and industry — a strategy from which Western nations could learn.
darkreading – Read More
Sophos-SecureWorks Deal Focuses on Building Advanced MDR, XDR Platform
/in General NewsSophos CEO Joe Levy says $859 million deal to acquire SecureWorks from majority owner Dell Technologies will put the Taegis platform — with network detection and response, vulnerability detection and response, and identity threat detection and response capabilities — at the core.
darkreading – Read More
2024 Startup Battlefield Top 20 Finalists: DGLegacy
/in General NewsEnsures that in the case of an unforeseen event, your assets won’t be lost and your loved ones would be able to claim their rightful ownership with a digital legacy planning and inheritance app. Subscribe for more on YouTube: https://tcrn.ch/youtube Follow TechCrunch on Instagram: http://tcrn.ch/instagram TikTok: https://tcrn.ch/tiktok X: tcrn.ch/x Threads: https://tcrn.ch/threads Facebook: https://tcrn.ch/facebook Bluesky: https://tcrn.ch/bluesky […]
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
Windows ‘Downdate’ Attack Reverts Patched PCs to a Vulnerable State
/in General NewsWindows 11 machines remain open to downgrade attacks, where attackers can abuse the Windows Update process to revive a patched driver signature enforcement (DSE) bypass.
darkreading – Read More
Delta Launches $500M Lawsuit Against CrowdStrike
/in General NewsDelta argues that it lost hundreds of million of dollars in downtime and other costs in the aftermath of the incident, while CrowdStrike says it isn’t liable for more than $10 million.
darkreading – Read More
Apple Launches ‘Apple Intelligence’ and Offers $1M Bug Bounty for Security
/in General NewsApple unveils ‘Apple Intelligence’ for iPhone, iPad, and Mac devices while offering a $1 million bug bounty for…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More