BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Moodle 4.4.0 - Authenticated Remote Code Execution
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
- [webapps] Sitecore 10.4 - Remote Code Execution (RCE)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
ICE Started Ramping Up Its Surveillance Arsenal Immediately After Donald Trump Won
/in General NewsUS Immigration and Customs Enforcement put out a fresh call for contracts for surveillance technologies before an anticipated surge in the number of people it monitors ahead of deportation hearings.
Security Latest – Read More
How to add PGP support on Android for added security and privacy
/in General NewsIf you need to add encryption or digital signing to the Thunderbird email app (or other supporting apps) on Android, there’s one clear and easy route to success.
Latest stories for ZDNET in Security – Read More
Citrix, Fortinet Patch High-Severity Vulnerabilities
/in General NewsCitrix and Fortinet have released patches for multiple vulnerabilities, including high-severity bugs in NetScaler and FortiOS.
The post Citrix, Fortinet Patch High-Severity Vulnerabilities appeared first on SecurityWeek.
SecurityWeek – Read More
ICS Patch Tuesday: Security Advisories Released by CISA, Schneider, Siemens, Rockwell
/in General NewsCISA, Schneider Electric, Siemens, and Rockwell Automation have released November 2024 Patch Tuesday security advisories.
The post ICS Patch Tuesday: Security Advisories Released by CISA, Schneider, Siemens, Rockwell appeared first on SecurityWeek.
SecurityWeek – Read More
China’s Volt Typhoon Rebuilding Botnet
/in General NewsSecurity researchers say the botnet created by China’s Volt Typhoon re-emerged recently, leveraging the same core infrastructure and techniques.
The post China’s Volt Typhoon Rebuilding Botnet appeared first on SecurityWeek.
SecurityWeek – Read More
Microsoft Fixes 90 New Flaws, Including Actively Exploited NTLM and Task Scheduler Bugs
/in General NewsMicrosoft on Tuesday revealed that two security flaws impacting Windows NT LAN Manager (NTLM) and Task Scheduler have come under active exploitation in the wild.
The security vulnerabilities are among the 90 security bugs the tech giant addressed as part of its Patch Tuesday update for November 2024. Of the 90 flaws, four are rated Critical, 85 are rated Important, and one is rated Moderate in
The Hacker News – Read More
Middle East Cybersecurity Efforts Catch Up After Late Start
/in General NewsDespite having only a scant focus on cybersecurity regulations a decade ago, countries in the Middle East — led by Saudi Arabia and other Gulf nations — have adopted mature frameworks and regulations amid escalating volumes of attacks.
darkreading – Read More
2 Zero-Day Bugs in Microsoft’s Nov. Update Under Active Exploit
/in General NewsThe November 2024 Patch Tuesday update contains a substantially high percentage of remote code execution (RCE) vulnerabilities (including a critical issue in Windows Kerberos), and two other zero-day bugs that have been previously disclosed and could soon come under attack.
darkreading – Read More
Amazon Employee Data Compromised in MOVEit Breach
/in General NewsThe data leak was not actually due to a breach in Amazon’s systems but rather that of a third-party vendor; the supply chain incident affected several other clients as well.
darkreading – Read More
Microsoft’s November Patch Tuesday Fixes 91 Vulnerabilities, 4 Zero-Days
/in General NewsMicrosoft’s November 2024 Patch Tuesday update fixes 91 security vulnerabilities, including four zero-day vulnerabilities. Critical fixes address actively…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More