BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Moodle 4.4.0 - Authenticated Remote Code Execution
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
- [webapps] Sitecore 10.4 - Remote Code Execution (RCE)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
Windows Zero-Day Exploited by Russia Triggered With File Drag-and-Drop, Delete Actions
/in General NewsThe exploit for a new zero-day vulnerability in Windows is executed by deleting files, drag-and-dropping them, or right clicking on them.
The post Windows Zero-Day Exploited by Russia Triggered With File Drag-and-Drop, Delete Actions appeared first on SecurityWeek.
SecurityWeek – Read More
NIST Explains Why It Failed to Clear CVE Backlog
/in General NewsNIST says all known exploited CVEs in the backlog have been addressed, but admitted that clearing the entire backlog by October was optimistic.
The post NIST Explains Why It Failed to Clear CVE Backlog appeared first on SecurityWeek.
SecurityWeek – Read More
Cybereason and Trustwave Announce Merger
/in General NewsCybereason Chairman & CEO Eric Gan believes the merger could help its existing success in some international markets.
The post Cybereason and Trustwave Announce Merger appeared first on SecurityWeek.
SecurityWeek – Read More
New RustyAttr Malware Targets macOS Through Extended Attribute Abuse
/in General NewsThreat actors have been found leveraging a new technique that abuses extended attributes for macOS files to smuggle a new malware called RustyAttr.
The Singaporean cybersecurity company has attributed the novel activity with moderate confidence to the infamous North Korea-linked Lazarus Group, citing infrastructure and tactical overlaps observed in connection with prior campaigns, including
The Hacker News – Read More
US confirms China-backed hackers breached telecom providers to steal wiretap data
/in General NewsCISA and the FBI say they have uncovered a ‘broad and significant’ PRC-linked cyberespionage campaign
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
Unpatched Flaw in Legacy D-Link NAS Devices Exploited Days After Disclosure
/in General NewsExploitation attempts targeting CVE-2024-10914, a recently disclosed ‘won’t fix’ vulnerability affecting outdated D-Link NAS devices.
The post Unpatched Flaw in Legacy D-Link NAS Devices Exploited Days After Disclosure appeared first on SecurityWeek.
SecurityWeek – Read More
Hamas Hackers Spy on Mideast Gov’ts, Disrupt Israel
/in General NewsAPT Wirte is doing double duty, adding all manner of supplemental malware to gain access, eavesdrop, and wipe data, depending on the target.
darkreading – Read More
Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails
/in General NewsA newly patched security flaw impacting Windows NT LAN Manager (NTLM) was exploited as a zero-day by a suspected Russia-linked actor as part of cyber attacks targeting Ukraine.
The vulnerability in question, CVE-2024-43451 (CVSS score: 6.5), refers to an NTLM hash disclosure spoofing vulnerability that could be exploited to steal a user’s NTLMv2 hash. It was patched by Microsoft earlier this
The Hacker News – Read More
Teen Behind Hundreds of Swatting Attacks Pleads Guilty to Federal Charges
/in General NewsAlan Filion, believed to have operated under the handle “Torswats,” admitted to making more than 375 fake threats against schools, places of worship, and government buildings around the United States.
Security Latest – Read More
US agencies confirm Beijing-linked telecom breach involving call records of politicians, wiretaps
/in General NewsIn a statement late on Wednesday, the FBI and Cybersecurity and Infrastructure Security Agency (CISA) said an investigation that began in late October has revealed a “broad and significant cyber espionage campaign.”
The Record from Recorded Future News – Read More