BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [local] TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
- [webapps] WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
- [webapps] Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)
- [local] RDPGuard 9.9.9 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
How Business Owners Can Evolve with a Changing Technological Landscape
/in General NewsCheck out these five course bundles breaking down the most important IT, development, and cybersecurity skills that a business owner can master.
Security | TechRepublic – Read More
Kali Linux 2024.3 Released: 11 New Tools, Qualcomm Snapdragon SDM845 SoC Support
/in General NewsKali Linux 2024. 3 has been released with 11 new tools and added support for Qualcomm Snapdragon SDM845 SoC devices. This release emphasizes behind-the-scenes updates and optimization.
Cyware News – Latest Cyber News – Read More
The 6 Best Penetration Testing Companies for 2024
/in General NewsDiscover the top six penetration testing companies for businesses of all sizes. Learn the pros and cons of pentesting providers like Astra, BreachLock, and Acunetix.
Security | TechRepublic – Read More
New RansomHub Attack Uses TDSSKiller and LaZagne, Disables EDR
/in General NewsThe RansomHub ransomware gang has been found using Kaspersky’s TDSSKiller tool to disable EDR software on target systems, allowing for credential harvesting with LaZagne.
Cyware News – Latest Cyber News – Read More
Hackers Proxyjack & Cryptomine Selenium Grid Servers
/in General NewsA vendor honeypot caught two attacks intended to leverage the tens of thousands of exposed Selenium Grid Web app testing servers.
darkreading – Read More
Apple Vision Pro’s Eye Tracking Exposed What People Type
/in General NewsThe Vision Pro uses 3D avatars on calls and for streaming. These researchers used eye tracking to work out the passwords and PINs people typed with their avatars.
Security Latest – Read More
Microsoft Discloses Four Zero-Days in September Update
/in General NewsMicrosoft recently revealed four zero-day vulnerabilities in its September update, part of the Patch Tuesday release containing 79 vulnerabilities, making it the fourth-largest release of the year.
Cyware News – Latest Cyber News – Read More
ToneShell Backdoor Targets IISS Defence Summit Attendees in Latest Espionage Campaign
/in General NewsThe ToneShell backdoor, attributed to the Mustang Panda cyber espionage group, has resurfaced in a new attack targeting attendees of the 2024 IISS Defence Summit in Prague.
Cyware News – Latest Cyber News – Read More
Healthcare Provider to Pay $65M Settlement Following Ransomware Attack
/in General NewsLehigh Valley Health Network has agreed to pay a $65 million settlement in a class-action suit filed over a 2023 data breach.
The post Healthcare Provider to Pay $65M Settlement Following Ransomware Attack appeared first on SecurityWeek.
SecurityWeek – Read More
Exploiting CI/CD Pipelines for Fun and Profit
/in General NewsOn September 8, 2024, a significant exploit chain was discovered, starting from a publicly exposed . git directory, leading to a full server takeover. The vulnerabilities stem from websites exposing their . git folders.
Cyware News – Latest Cyber News – Read More