BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Campcodes Online Hospital Management System 1.0 - SQL Injection
- [webapps] WordPress Digits Plugin 8.4.6.1 - Authentication Bypass via OTP Bruteforcing
- [remote] Fortra GoAnywhere MFT 7.4.1 - Authentication Bypass
- [remote] Automic Agent 24.3.0 HF4 - Privilege Escalation
- [remote] SolarWinds Serv-U 15.4.2 HF1 - Directory Traversal
- [remote] Windows File Explorer Windows 11 (23H2) - NTLM Hash Disclosure
- [remote] Grandstream GSD3710 1.0.11.13 - Stack Buffer Overflow
- [webapps] WordPress User Registration & Membership Plugin 4.1.2 - Authentication Bypass
- [local] Microsoft Windows Server 2016 - Win32k Elevation of Privilege
- [remote] Windows 2024.15 - Unauthenticated Desktop Screenshot Capture
Critical Vulnerability Patched in 101 Releases of WordPress Plugin Jetpack
/in General NewsAutomattic has rolled out updates for 101 Jetpack versions released over the past eight years to resolve a critical vulnerability.
The post Critical Vulnerability Patched in 101 Releases of WordPress Plugin Jetpack appeared first on SecurityWeek.
SecurityWeek – Read More
It Seemed Like an AI Crime-Fighting Super Tool. Then Defense Attorneys Started Asking Questions
/in General NewsGlobal Intelligence claims its Cybercheck technology can help cops find key evidence to nail a case. But a WIRED investigation reveals the smoking gun often appears far less solid.
Security Latest – Read More
Millions of People Are Using Abusive AI ‘Nudify’ Bots on Telegram
/in General NewsBots that “remove clothes” from images have run rampant on the messaging app, allowing people to create nonconsensual deepfake images even as lawmakers and tech companies try to crack down.
Security Latest – Read More
New CounterSEVeillance and TDXDown Attacks Target AMD and Intel TEEs
/in General NewsIntel and AMD respond to new attack methods named TDXDown and CounterSEVeillance that can be used against TDX and SEV technology.
The post New CounterSEVeillance and TDXDown Attacks Target AMD and Intel TEEs appeared first on SecurityWeek.
SecurityWeek – Read More
Open Source Package Entry Points May Lead to Supply Chain Attacks
/in General NewsEntry points in packages across multiple programming languages are susceptible to exploitation in supply chain attacks.
The post Open Source Package Entry Points May Lead to Supply Chain Attacks appeared first on SecurityWeek.
SecurityWeek – Read More
China Accuses U.S. of Fabricating Volt Typhoon to Hide Its Own Hacking Campaigns
/in General NewsChina’s National Computer Virus Emergency Response Center (CVERC) has doubled down on claims that the threat actor known as the Volt Typhoon is a fabrication of the U.S. and its allies.
The agency, in collaboration with the National Engineering Laboratory for Computer Virus Prevention Technology, went on to accuse the U.S. federal government, intelligence agencies, and Five Eyes countries of
The Hacker News – Read More
Researchers Uncover Hijack Loader Malware Using Stolen Code-Signing Certificates
/in General NewsCybersecurity researchers have disclosed a new malware campaign that delivers Hijack Loader artifacts that are signed with legitimate code-signing certificates.
French cybersecurity company HarfangLab, which detected the activity at the start of the month, said the attack chains aim to deploy an information stealer known as Lumma.
Hijack Loader, also known as DOILoader, IDAT Loader, and
The Hacker News – Read More
Recurring Risks: Analyzing Fidelity Investments’ Latest Data Breach and Its Implications
/in General NewsIn a recent notification from the Maine Attorney General, Fidelity Investments disclosed another data breach affecting over 77,000 individuals. This marks the second significant incident for the company in 2024 for one of the world’s largest financial services providers. The breach, occurring between August 17-19, 2024, exposed sensitive information including names, Social Security numbers…
Source
TechSplicer – Read More
European cyber insurance startup Stoïk secures $27 million
/in General NewsCyber risk has become an increasingly important issue for small companies around the world. While many companies try to avoid and mitigate cyber risks, they rarely discuss transferring those risks to a third party. That’s why Stoïk is stepping in with a cyber insurance product specifically designed for small and medium-sized businesses. The French startup […]
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
WordPress Plugin Jetpack Patches Major Vulnerability Affecting 27 Million Sites
/in General NewsThe maintainers of the Jetpack WordPress plugin have released a security update to remediate a critical vulnerability that could allow logged-in users to access forms submitted by others on a site.
Jetpack, owned by WordPress maker Automattic, is an all-in-one plugin that offers a comprehensive suite of tools to improve site safety, performance, and traffic growth. It’s used on 27 million
The Hacker News – Read More