BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
- Uro - Declutters Url Lists For Crawling/Pentesting
Exploit DB
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
- [webapps] Casdoor 1.901.0 - Cross-Site Request Forgery (CSRF)
- [webapps] Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference (IDOR)
- [local] Daikin Security Gateway 14 - Remote Password Reset
- [local] ZTE ZXV10 H201L - RCE via authentication bypass
Singapore mandates face authentication for ‘higher risk’ bank transactions
/in General NewsThe move comes amid growing phishing attacks targeting the financial services sector; most impacted by brand impersonation scams.
Latest stories for ZDNET in Security – Read More
QR Phishing Scams Gain Motorized Momentum in UK
/in General NewsCriminal actors are finding their niche in utilizing QR phishing codes, otherwise known as “quishing,” to victimize unsuspecting tourists in Europe and beyond.
darkreading – Read More
Thousands of ServiceNow KB Instances Expose Sensitive Corporate Data
/in General NewsDespite security updates to protect data, 45% of total enterprise instances of the cloud-based IT management platform leaked PII, internal system details, and active credentials over the past year.
darkreading – Read More
Censys Uncovers Hidden Infrastructure of Iranian Fox Kitten Group
/in General NewsCensys uncovers the hidden infrastructure of Fox Kitten, an Iranian cyberespionage group. It reveals unique patterns, potential new…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Two-Thirds of Security Leaders Consider Banning AI-Generated Code, Report Finds
/in General NewsSecurity leaders don’t believe developers check the quality of the AI-generated code with as much rigour as they do their own, according to a report from Venafi.
Security | TechRepublic – Read More
Chrome Introduces One-Time Permissions and Enhanced Safety Check for Safer Browsing
/in General NewsGoogle Chrome has (finally) introduced new privacy features, these include automatic Safety Check and one-time permissions. Safety Check now runs in the background, evaluating and revoking site permissions, while also flagging suspicious activity. Meanwhile, one-time permissions allow users to grant temporary access to their camera or microphone, automatically revoking it once they leave the…
Source
TechSplicer Blog – Read More
U.S. government ‘took control’ of a botnet run by Chinese government hackers, says FBI director
/in General NewsThe FBI, NSA and other U.S. government agencies detailed a Chinese-government operation that used 260,000 of internet-connected devices to launch cyberattacks.
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
Chinese Spies Built Massive Botnet of IoT Devices to Target US, Taiwan Military
/in General NewsBlack Lotus Labs estimates that more than 200,000 routers, network-attached storage servers, and IP cameras have been ensnared in the botnet.
The post Chinese Spies Built Massive Botnet of IoT Devices to Target US, Taiwan Military appeared first on SecurityWeek.
SecurityWeek – Read More
Server Misconfiguration at Fuel Industry Software Provider Exposes SSNs, PII Data
/in General NewsA server misconfiguration exposed a trove of documents belonging to FleetPanda, a leading petroleum and fuel industry software…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Chinese Engineer Charged in U.S. for Years-Long Cyber Espionage Targeting NASA and Military
/in General NewsA Chinese national has been indicted in the U.S. on charges of conducting a “multi-year” spear-phishing campaign to obtain unauthorized access to computer software and source code created by the National Aeronautics and Space Administration (NASA), research universities, and private companies.
Song Wu, 39, has been charged with 14 counts of wire fraud and 14 counts of aggravated identity theft.
The Hacker News – Read More