BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [local] TightVNC 2.8.83 - Control Pipe Manipulation
- [remote] ProSSHD 1.2 20090726 - Denial of Service (DoS)
- [webapps] Laravel Pulse 1.3.1 - Arbitrary Code Injection
- [local] Microsoft Windows 11 Version 24H2 Cross Device Service - Elevation of Privilege
- [remote] ABB Cylon Aspect 3.08.04 DeploySource - Remote Code Execution (RCE)
- [remote] Grandstream GSD3710 1.0.11.13 - Stack Overflow
- [webapps] CloudClassroom PHP Project 1.0 - SQL Injection
- [remote] Microsoft Windows Server 2025 JScript Engine - Remote Code Execution (RCE)
- [local] macOS LaunchDaemon iOS 17.2 - Privilege Escalation
- [remote] Apache Tomcat 10.1.39 - Denial of Service (DoS)
VMware Discloses Exploitation of Hard-to-Fix vCenter Server Flaw
/in General NewsThe saga of VMWare’s critical CVE-2024-38812 vCenter Server bug has reached the “exploitation detected” stage.
The post VMware Discloses Exploitation of Hard-to-Fix vCenter Server Flaw appeared first on SecurityWeek.
SecurityWeek – Read More
AI company tells SEC that $250,000 stolen in cyberattack
/in General NewsAn artificial intelligence company said a hacker breached its network and stole a $250,000 wire payment in an incident likely to have a material impact on the firm’s bottom line.
The Record from Recorded Future News – Read More
New Stealthy BabbleLoader Malware Spotted Delivering WhiteSnake and Meduza Stealers
/in General NewsCybersecurity researchers have shed light on a new stealthy malware loader called BabbleLoader that has been observed in the wild delivering information stealer families such as WhiteSnake and Meduza.
BabbleLoader is an “extremely evasive loader, packed with defensive mechanisms, that is designed to bypass antivirus and sandbox environments to deliver stealers into memory,” Intezer security
The Hacker News – Read More
US Government Agencies Impersonated in Aggressive DocuSign Phishing Scams
/in General NewsDocuSign phishing scams surged by 98%, with hundreds of daily attacks impersonating US government agencies like HHS and…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Palo Alto Networks Patches Critical Zero-Day Firewall Bug
/in General NewsThe security vendor’s Expedition firewall appliance’s PAN-OS interface tool has racked up four critical security vulnerabilities under active attack in November, leading tit to advise customers to update immediately or and take them off the Internet.
darkreading – Read More
CISA director Jen Easterly to depart agency on January 20
/in General NewsCISA’s director will depart the agency after three years at the helm, as part of the “seamless transition” of government power.
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
AI training software firm iLearningEngines says it lost $250,000 in recent cyberattack
/in General NewsThe US-based firm said hackers misdirected a $250,000 wire transfer payment that it hasn’t been able to recover.
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
Cyber Resilience Act: Security Requirements in Development
/in General NewsOn October 10th, 2024, the EU Parliament mandated security standards for connected software with the enactment of the Cyber Resilience Act (CRA). The act mandates that full compliance needs to be achieved within 36 months. However, according to Article 14, vulnerability reporting obligations must be met within 21 months of enactment. Because the regulation applies to products with digital…
Source
TechSplicer – Read More
Why Custom IOCs Are Necessary for Advanced Threat Hunting and Detection
/in General NewsThe ability to internalize and operationalize customized threat intelligence as part of a holistic security system is no longer a luxury; it’s a necessity.
The post Why Custom IOCs Are Necessary for Advanced Threat Hunting and Detection appeared first on SecurityWeek.
SecurityWeek – Read More
Discontinued GeoVision Products Targeted in Botnet Attacks via Zero-Day
/in General NewsA zero-day vulnerability affecting five discontinued GeoVision product models has been exploited by a botnet.
The post Discontinued GeoVision Products Targeted in Botnet Attacks via Zero-Day appeared first on SecurityWeek.
SecurityWeek – Read More