BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [local] TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
- [webapps] WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
- [webapps] Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)
- [local] RDPGuard 9.9.9 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
Casio confirms customer data compromised in ransomware attack
/in General NewsA ransomware and extortion racket called Underground has claimed responsibility for the breach on its dark web leak site, which TechCrunch has seen.
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
The War on Passwords Is One Step Closer to Being Over
/in General News“Passkeys,” the secure authentication mechanism built to replace passwords, are getting more portable and easier for organizations to implement thanks to new initiatives the FIDO Alliance announced on Monday.
Security Latest – Read More
Why Your Identity Is the Key to Modernizing Cybersecurity
/in General NewsUltimately, the goal of creating a trusted environment around all digital assets and devices is about modernizing the way you do business.
darkreading – Read More
Chinese State Hackers Main Suspect in Recent Ivanti CSA Zero-Day Attacks
/in General NewsFortinet believes state-sponsored threat actors are behind the recent attacks involving exploitation of Ivanti CSA zero-days.
The post Chinese State Hackers Main Suspect in Recent Ivanti CSA Zero-Day Attacks appeared first on SecurityWeek.
SecurityWeek – Read More
Gryphon Healthcare, Tri-City Medical Center Disclose Significant Data Breaches
/in General NewsGryphon Healthcare and Tri-City Medical Center have disclosed data breaches collectively impacting over 500,000 individuals.
The post Gryphon Healthcare, Tri-City Medical Center Disclose Significant Data Breaches appeared first on SecurityWeek.
SecurityWeek – Read More
Iranian Cyberspies Exploiting Recent Windows Kernel Vulnerability
/in General NewsThe Iran-linked APT OilRig has intensified cyber operations against the United Arab Emirates and the broader Gulf region.
The post Iranian Cyberspies Exploiting Recent Windows Kernel Vulnerability appeared first on SecurityWeek.
SecurityWeek – Read More
5 Steps to Boost Detection and Response in a Multi-Layered Cloud
/in General NewsThe link between detection and response (DR) practices and cloud security has historically been weak. As global organizations increasingly adopt cloud environments, security strategies have largely focused on “shift-left” practices—securing code, ensuring proper cloud posture, and fixing misconfigurations. However, this approach has led to an over-reliance on a multitude of DR tools spanning
The Hacker News – Read More
Nation-State Attackers Exploiting Ivanti CSA Flaws for Network Infiltration
/in General NewsA suspected nation-state adversary has been observed weaponizing three security flaws in Ivanti Cloud Service Appliance (CSA) a zero-day to perform a series of malicious actions.
That’s according to findings from Fortinet FortiGuard Labs, which said the vulnerabilities were abused to gain unauthenticated access to the CSA, enumerate users configured in the appliance, and attempt to access the
The Hacker News – Read More
Recent Firefox Zero-Day Exploited Against Tor Browser Users
/in General NewsTor browser version 13.5.7 is rolling out with patches for an exploited zero-day vulnerability recently addressed in Firefox.
The post Recent Firefox Zero-Day Exploited Against Tor Browser Users appeared first on SecurityWeek.
SecurityWeek – Read More
From Cloud to Home: Is Self-Hosting Right for You?
/in General NewsThere are many reasons nowadays to consider getting rid of cloud storage completely. In one recent example, Google Cloud wiped out a customer account and its backups. At stake were millions of Australians’ pension funds, and the affected party was UniSuper, a $135 billion pension account. Without getting into technical details, when the news hit it turned out it was a misconfiguration or human…
Source
TechSplicer – Read More