BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [local] TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
- [webapps] WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
- [webapps] Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)
- [local] RDPGuard 9.9.9 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
Google Chrome’s uBlock Origin Purge Has Begun
/in General NewsPlus: The alleged SEC X account hacker gets charged, Kroger wriggles out of a face recognition scandal, and Microsoft deals with missing customer security logs.
Security Latest – Read More
Acronym Overdose – Navigating the Complex Data Security Landscape
/in General NewsIn the modern enterprise, data security is often discussed using a complex lexicon of acronyms—DLP, DDR, DSPM, and many others. While these acronyms represent critical frameworks, architectures, and tools for protecting sensitive information, they can also overwhelm those trying to piece together an effective security strategy. This article aims to demystify some of the most important acronyms
The Hacker News – Read More
Crypt Ghouls Targets Russian Firms with LockBit 3.0 and Babuk Ransomware Attacks
/in General NewsA nascent threat actor known as Crypt Ghouls has been linked to a set of cyber attacks targeting Russian businesses and government agencies with ransomware with the twin goals of disrupting business operations and financial gain.
“The group under review has a toolkit that includes utilities such as Mimikatz, XenAllPasswordPro, PingCastle, Localtonet, resocks, AnyDesk, PsExec, and others,”
The Hacker News – Read More
The Disinformation Warning Coming From the Edge of Europe
/in General NewsMoldova is facing a tide of disinformation unprecedented in complexity and aggression, the head of a new center meant to combat it tells WIRED. And platforms like Facebook, TikTok, Telegram and YouTube could do more.
Security Latest – Read More
Southeast Asia reiterates pledge to collaborate amid growing cyber threats in AI era
/in General NewsASEAN member states now have a physical CERT facility located in Singapore to exchange threat intel and best practices.
Latest stories for ZDNET in Security – Read More
MacOS Safari ‘HM Surf’ Exploit Exposes Camera, Mic, Browser Data
/in General NewsMicrosoft researchers toyed with app permissions to uncover CVE-2024-44133, using it to access sensitive user data. Adware merchants may have as well.
darkreading – Read More
Time to Get Strict With DMARC
/in General NewsAdoption of the email authentication and policy specification remains low, and only about a tenth of DMARC-enabled domains enforce policies. Everyone is waiting for major email providers to get strict.
darkreading – Read More
CISOs: Throwing Cash at Tools Isn’t Helping Detect Breaches
/in General NewsA survey shows three-quarters of CISOs are drowning in threat detections put out by a sprawling stack of tools, yet still lack the basic visibility necessary to identify breaches.
darkreading – Read More
ESET-Branded Wiper Attack Targets Israel; Firm Denies Compromise
/in General NewsThe security firm is denying an assessment that its systems were compromised in Israel by pro-Palestinian cyberattackers, but acknowledged an attack on one of its partners.
darkreading – Read More
Vulnerabilities, AI Compete for Software Developers’ Attention
/in General NewsThis year, the majority of developers have adopted AI assistants to help with coding and improve code output, but most are also creating more vulnerabilities that take longer to remediate.
darkreading – Read More