BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Campcodes Online Hospital Management System 1.0 - SQL Injection
- [webapps] WordPress Digits Plugin 8.4.6.1 - Authentication Bypass via OTP Bruteforcing
- [remote] Fortra GoAnywhere MFT 7.4.1 - Authentication Bypass
- [remote] Automic Agent 24.3.0 HF4 - Privilege Escalation
- [remote] SolarWinds Serv-U 15.4.2 HF1 - Directory Traversal
- [remote] Windows File Explorer Windows 11 (23H2) - NTLM Hash Disclosure
- [remote] Grandstream GSD3710 1.0.11.13 - Stack Buffer Overflow
- [webapps] WordPress User Registration & Membership Plugin 4.1.2 - Authentication Bypass
- [local] Microsoft Windows Server 2016 - Win32k Elevation of Privilege
- [remote] Windows 2024.15 - Unauthenticated Desktop Screenshot Capture
5 Steps to Boost Detection and Response in a Multi-Layered Cloud
/in General NewsThe link between detection and response (DR) practices and cloud security has historically been weak. As global organizations increasingly adopt cloud environments, security strategies have largely focused on “shift-left” practices—securing code, ensuring proper cloud posture, and fixing misconfigurations. However, this approach has led to an over-reliance on a multitude of DR tools spanning
The Hacker News – Read More
Nation-State Attackers Exploiting Ivanti CSA Flaws for Network Infiltration
/in General NewsA suspected nation-state adversary has been observed weaponizing three security flaws in Ivanti Cloud Service Appliance (CSA) a zero-day to perform a series of malicious actions.
That’s according to findings from Fortinet FortiGuard Labs, which said the vulnerabilities were abused to gain unauthenticated access to the CSA, enumerate users configured in the appliance, and attempt to access the
The Hacker News – Read More
Recent Firefox Zero-Day Exploited Against Tor Browser Users
/in General NewsTor browser version 13.5.7 is rolling out with patches for an exploited zero-day vulnerability recently addressed in Firefox.
The post Recent Firefox Zero-Day Exploited Against Tor Browser Users appeared first on SecurityWeek.
SecurityWeek – Read More
From Cloud to Home: Is Self-Hosting Right for You?
/in General NewsThere are many reasons nowadays to consider getting rid of cloud storage completely. In one recent example, Google Cloud wiped out a customer account and its backups. At stake were millions of Australians’ pension funds, and the affected party was UniSuper, a $135 billion pension account. Without getting into technical details, when the news hit it turned out it was a misconfiguration or human…
Source
TechSplicer – Read More
Juniper Networks Patches Dozens of Vulnerabilities
/in General NewsJuniper Networks has announced patches for dozens of vulnerabilities in Junos OS, Junos OS Evolved, and third-party components.
The post Juniper Networks Patches Dozens of Vulnerabilities appeared first on SecurityWeek.
SecurityWeek – Read More
Casio Confirms Data Breach as Ransomware Group Leaks Files
/in General NewsCasio has shared more information on the recent cyberattack, for which a ransomware group has now taken credit.
The post Casio Confirms Data Breach as Ransomware Group Leaks Files appeared first on SecurityWeek.
SecurityWeek – Read More
Critical Veeam Vulnerability Exploited to Spread Akira and Fog Ransomware
/in General NewsThreat actors are actively attempting to exploit a now-patched security flaw in Veeam Backup & Replication to deploy Akira and Fog ransomware.
Cybersecurity vendor Sophos said it has been tracking a series of attacks in the past month leveraging compromised VPN credentials and CVE-2024-40711 to create a local account and deploy the ransomware.
CVE-2024-40711, rated 9.8 out of 10.0 on the
The Hacker News – Read More
America First Policy Institute, a Group Advising Trump, Says Its Systems Were Breached
/in General NewsA group helping to lay the groundwork for a future Donald Trump administration said its computer systems were breached.
The post America First Policy Institute, a Group Advising Trump, Says Its Systems Were Breached appeared first on SecurityWeek.
SecurityWeek – Read More
Teraleak: Pokémon Developer Game Freak Hacked; Decades of Data Leaked
/in General NewsGame Freak’s “Teraleak” appears to expose nearly 1 terabyte of sensitive Pokémon data, including source code, cancelled games,…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Meet the Chinese ‘Typhoon’ hackers preparing for war
/in General NewsOf the cybersecurity risks facing the United States today, few loom larger than the potential sabotage capabilities posed by China-backed hackers, which top U.S. officials have described as an “epoch-defining threat.” In recent months, U.S. intelligence officials said Chinese government-backed hackers have been burrowing deep into the networks of U.S. critical infrastructure, including water, energy […]
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More