BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Moodle 4.4.0 - Authenticated Remote Code Execution
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
- [webapps] Sitecore 10.4 - Remote Code Execution (RCE)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
Portugal’s Tekever raises $74M for dual-use drone platform deployed to Ukraine
/in General NewsDual-use drone startup Tekever has raised €70 million ($74 million) to develop its product and expand into new markets, specifically the U.S.. The news is part of a trend of smaller tech-driven startups moving into markets normally dominated by large ‘defense primes’. It also shows that unmanned aerial drones are becoming far more sophisticated, in […]
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
Linux Variant of Helldown Ransomware Targets VMware ESX Servers
/in General NewsCybersecurity firm Sekoia has discovered a new variant of Helldown ransomware. The article details their tactics and how…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Inside the Booming ‘AI Pimping’ Industry
/in General NewsAI-generated influencers based on stolen images of real-life adult content creators are flooding social media.
Security Latest – Read More
Cyera Raises $300 Million at $3 Billion Valuation
/in General NewsData security firm Cyera has raised $300 million in Series D funding, which brings the total investment in the company to $760 million.
The post Cyera Raises $300 Million at $3 Billion Valuation appeared first on SecurityWeek.
SecurityWeek – Read More
Ford Says Leaked Data Comes From Supplier and Is Not Sensitive
/in General NewsFord has completed its investigation into recent data breach claims and determined that its systems and customer data have not been compromised.
The post Ford Says Leaked Data Comes From Supplier and Is Not Sensitive appeared first on SecurityWeek.
SecurityWeek – Read More
Web Security 101: Understanding Cross-Origin Resource Sharing (CORS)
/in General NewsContinuing the web security headers series, after covering HSTS (Strict Transport Security), and CSP (Content Security Policy), now comes a more painful security header, so to speak. Painful, at least for web developers. And if we don’t want to generalize, CORS represented a painful header, or something that I always needed to bypass on the localhost environment when started working on a new app.
Source
TechSplicer – Read More
African Reliance on Foreign Suppliers Boosts Insecurity Concerns
/in General NewsRecent backdoor implants and cyber-espionage attacks on their supply chains have African organizations looking to diversify beyond Chinese, American tech vendors.
darkreading – Read More
China-Backed Hackers Leverage SIGTRAN, GSM Protocols to Infiltrate Telecom Networks
/in General NewsA new China-linked cyber espionage group has been attributed as behind a series of targeted cyber attacks targeting telecommunications entities in South Asia and Africa since at least 2020 with the goal of enabling intelligence collection.
Cybersecurity company CrowdStrike is tracking the adversary under the name Liminal Panda, describing it as possessing deep knowledge about telecommunications
The Hacker News – Read More
Oracle Warns of Agile PLM Vulnerability Currently Under Active Exploitation
/in General NewsOracle is warning that a high-severity security flaw impacting the Agile Product Lifecycle Management (PLM) Framework has been exploited in the wild.
The vulnerability, tracked as CVE-2024-21287 (CVSS score: 7.5), could be exploited sans authentication to leak sensitive information.
“This vulnerability is remotely exploitable without authentication, i.e., it may be exploited over a network
The Hacker News – Read More
Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities
/in General NewsApple has released security updates for iOS, iPadOS, macOS, visionOS, and its Safari web browser to address two zero-day flaws that have come under active exploitation in the wild.
The flaws are listed below –
CVE-2024-44308 – A vulnerability in JavaScriptCore that could lead to arbitrary code execution when processing malicious web content
CVE-2024-44309 – A cookie management vulnerability in
The Hacker News – Read More