BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
- Uro - Declutters Url Lists For Crawling/Pentesting
- Wshlient - A Simple Tool To Interact With Web Shells And Command Injection Vulnerabilities
Exploit DB
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
- [webapps] Casdoor 1.901.0 - Cross-Site Request Forgery (CSRF)
- [webapps] Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference (IDOR)
- [local] Daikin Security Gateway 14 - Remote Password Reset
- [local] ZTE ZXV10 H201L - RCE via authentication bypass
Law Enforcement Dismantles Phishing Platform Used for Unlocking Stolen Phones
/in General NewsThe iServer phishing-as-a-service platform was used by Spanish-speaking criminals to harvest credentials and unlock stolen and lost phones.
The post Law Enforcement Dismantles Phishing Platform Used for Unlocking Stolen Phones appeared first on SecurityWeek.
SecurityWeek – Read More
Where’s your BitLocker recovery key? How and why to save a copy before the next Windows meltdown
/in General NewsBitLocker encryption is a tremendous way to stop a thief from accessing your business and personal secrets. But don’t let the tool lock you out of your PC. Here’s how to save a secure backup copy of your encryption key for panic-free recovery.
Latest stories for ZDNET in Security – Read More
Ivanti Warns of Second CSA Vulnerability Exploited in Attacks
/in General NewsIn addition to the Ivanti CSA flaw CVE-2024-8190, another vulnerability affecting the same product, tracked as CVE-2024-8963, has been exploited.
The post Ivanti Warns of Second CSA Vulnerability Exploited in Attacks appeared first on SecurityWeek.
SecurityWeek – Read More
Chrome Users Can Now Sync Passkeys Across Devices with New Google PIN Feature
/in General NewsGoogle on Thursday unveiled a Password Manager PIN to let Chrome web users sync their passkeys across Windows, macOS, Linux, ChromeOS, and Android devices.
“This PIN adds an additional layer of security to ensure your passkeys are end-to-end encrypted and can’t be accessed by anyone, not even Google,” Chrome product manager Chirag Desai said.
The PIN is a six-digit code by default, although it’s
The Hacker News – Read More
Critical Ivanti Cloud Appliance Vulnerability Exploited in Active Cyberattacks
/in General NewsIvanti has revealed that a critical security flaw impacting Cloud Service Appliance (CSA) has come under active exploitation in the wild.
The new vulnerability, assigned the CVE identifier CVE-2024-8963, carries a CVSS score of 9.4 out of a maximum of 10.0. It was “incidentally addressed” by the company as part of CSA 4.6 Patch 519 and CSA 5.0.
“Path Traversal in the Ivanti CSA before 4.6 Patch
The Hacker News – Read More
North Korean APT Bypasses DMARC Email Policies in Cyber-Espionage Attacks
/in General NewsHow the Kimsuky nation-state group and other threat actors are exploiting poor email security — and what organizations can do to defend themselves.
darkreading – Read More
DOJ charges hackers for stealing $230 million in crypto from individual
/in General NewsThe Justice Department arrested two people on Wednesday and unsealed an indictment accusing the pair of stealing more than $230 million worth of cryptocurrency from a victim in Washington, D.C.
The Record from Recorded Future News – Read More
Chipmaker Qualcomm lays off hundreds of workers in San Diego
/in General NewsThis is the chipmaker’s second round of layoffs over the past year, while the company recorded billions in revenue.
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
Abstract Security Expands Multi-Cloud Security Operations
/in General NewsPost Content
darkreading – Read More
GitLab Warns of Max Severity Authentication Bypass Bug
/in General NewsCompany urges organizations using self-hosting GitLab instances to apply updates for CVE-2024-45409 as soon as possible.
darkreading – Read More