BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [local] TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
- [webapps] WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
- [webapps] Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)
- [local] RDPGuard 9.9.9 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
Fidelity says data breach exposed personal data of 77,000 customers
/in General NewsFidelity Investments, one of the world’s largest asset managers, has confirmed that 77,000 customers had personal information compromised during an August data breach. The Boston, Mass.-based investment firm said in a filing with Maine’s attorney general on Wednesday that an unnamed third party accessed information from its systems between August 17 and August 19 “using […]
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
Relyance lands $32M to help companies comply with data regulations
/in General NewsAs the demand for AI surges, AI vendors are devoting greater bandwidth to data security issues. Not only are they being compelled to comply with emerging data privacy regulations (e.g. the EU Data Act), but they’re finding themselves under the microscope of clients skeptical about how their data is being used and processed. The trouble […]
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
Microsoft’s Take on Kernel Access and Safe Deployment Practices Following CrowdStrike Incident
/in General NewsSecurityWeek talked to David Weston, VP enterprise and OS security at Microsoft, to discuss Windows kernel access and safe deployment practices.
The post Microsoft’s Take on Kernel Access and Safe Deployment Practices Following CrowdStrike Incident appeared first on SecurityWeek.
SecurityWeek – Read More
Vulnerability Prioritization & the Magic 8 Ball
/in General NewsVulnerability prioritization has evolved over the years. Several frameworks exist to help organizations make the right decisions when it comes to deciding which patches to apply and when. But are these better than a Magic 8 Ball?
darkreading – Read More
Microsoft: BYOD, QR Codes Lead Rampant Education Attacks
/in General NewsThe average higher education institution is getting hit once a week now, and as one University of Oregon attack shows, the sector often lacks the resources to keep pace.
darkreading – Read More
Firefox 131 Update Patches Exploited Zero-Day Vulnerability
/in General NewsMozilla has released a Firefox 131 update to resolve CVE-2024-9680, a code execution vulnerability exploited in the wild as a zero-day.
The post Firefox 131 Update Patches Exploited Zero-Day Vulnerability appeared first on SecurityWeek.
SecurityWeek – Read More
Attack Surface Management Startup WatchTowr Raises $19 Million
/in General NewsContinuous automated red teaming platform provider WatchTowr has raised $19 million in a Series A funding round.
The post Attack Surface Management Startup WatchTowr Raises $19 Million appeared first on SecurityWeek.
SecurityWeek – Read More
Organizations Warned of Exploited Fortinet FortiOS Vulnerability
/in General NewsCISA has added a FortinetFortiOS vulnerability tracked as CVE-2024-23113 to its Known Exploited Vulnerabilities (KEV) catalog.
The post Organizations Warned of Exploited Fortinet FortiOS Vulnerability appeared first on SecurityWeek.
SecurityWeek – Read More
Cybercriminals Use Unicode to Hide Mongolian Skimmer in E-Commerce Platforms
/in General NewsCybersecurity researchers have shed light on a new digital skimmer campaign that leverages Unicode obfuscation techniques to conceal a skimmer dubbed Mongolian Skimmer.
“At first glance, the thing that stood out was the script’s obfuscation, which seemed a bit bizarre because of all the accented characters,” Jscrambler researchers said in an analysis. “The heavy use of Unicode characters, many
The Hacker News – Read More
The Internet Archive slammed by DDoS attack and data breach
/in General NewsThe Internet Archive, the nonprofit organization that digitizes and archives materials like web pages, came under attack Wednesday. Several users – including over at The Verge – confronted a pop-up when visiting the site, reading, “Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a […]
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More