BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
- Uro - Declutters Url Lists For Crawling/Pentesting
- Wshlient - A Simple Tool To Interact With Web Shells And Command Injection Vulnerabilities
Exploit DB
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
- [webapps] Casdoor 1.901.0 - Cross-Site Request Forgery (CSRF)
- [webapps] Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference (IDOR)
- [local] Daikin Security Gateway 14 - Remote Password Reset
- [local] ZTE ZXV10 H201L - RCE via authentication bypass
GitLab Releases Critical Security Patch for CVE-2024-45409 (CVSS 10) Vulnerability
/in General NewsGitLab has released a critical security patch for the CVE-2024-45409 vulnerability (CVSS 10). It impacts both GitLab Community Edition (CE) and Enterprise Edition (EE) and originates from the Ruby-SAML library used for SAML authentication.
Cyware News – Latest Cyber News – Read More
GitLab Patches Critical SAML Authentication Bypass Flaw in CE and EE Editions
/in General NewsGitLab has released patches to address a critical flaw impacting Community Edition (CE) and Enterprise Edition (EE) that could result in an authentication bypass.
The vulnerability is rooted in the ruby-saml library (CVE-2024-45409, CVSS score: 10.0), which could allow an attacker to log in as an arbitrary user within the vulnerable system. It was addressed by the maintainers last week.
The
The Hacker News – Read More
Craig Newmark pledges $100M to fight hacking by foreign governments
/in General NewsCraigslist founder Craig Newmark plans to donate $100 million to further strengthen U.S. cybersecurity, addressing what he sees as a growing threat from foreign governments, he tells the WSJ. Half the funds will focus on protecting power grids and other infrastructure from cyberattacks; half will be earmarked to educate people about so-called cybersecurity hygiene. Newmark, […]
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
FBI Dismantles Chinese-Linked Botnet of 260,000 IoT Devices
/in General NewsThe FBI, in collaboration with U.S. government agencies, dismantled a Chinese state-backed botnet known as Flax Typhoon, comprising…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Everything you need to know about VPN tracking
/in General NewsA VPN (Virtual Private Network) adds privacy and security to your browsing. But does this make your internet…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Fal.Con 2024: CrowdStrike unveils resilient-by-design framework to bolster global cybersecurity
/in General News“It’s not only about bouncing back – it’s about staying ahead through a culture of resilience,” Kurtz emphasized during his keynote.Read More
Security News | VentureBeat – Read More
Contractor Software Targeted via Microsoft SQL Server Loophole
/in General NewsBy accessing the MSSQL, threat actors gain admin-level access to the application, allowing them to automate their attacks.
darkreading – Read More
Packed With Features, ‘SambaSpy’ RAT Delivers Hefty Punch
/in General NewsThought to be Brazilian in origin, the remote access Trojan is the “perfect tool for a 21st-century James Bond.”
darkreading – Read More
Global Crime Hit as Europol Shuts Down Encrypted Chat App Ghost
/in General NewsEuropol, alongside global law enforcement, dismantled the encrypted chat app Ghost, widely used by criminal networks for drug…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
FCC: AT&T Didn’t Adequately Protect Customers’ Cloud Data
/in General NewsRegulators fine AT&T $13 million for failing to protect customer information held by a third-party vendor, and extend consumer data protections to the cloud.
darkreading – Read More