BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [local] TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
- [webapps] WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
- [webapps] Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)
- [local] RDPGuard 9.9.9 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
SOAR Is Dead, Long Live SOAR
/in General NewsBusiness intelligence firm Gartner labels security orchestration, automation, and response as “obsolete,” but the fight to automate and simplify security operations is here to stay.
darkreading – Read More
PIXHELL Attack Allows Air-Gap Jumping via Noise From Screens
/in General NewsNoise generated by the pixels on a screen can be leveraged to exfiltrate data from air-gapped computers in what is called a PIXHELL attack.
The post PIXHELL Attack Allows Air-Gap Jumping via Noise From Screens appeared first on SecurityWeek.
SecurityWeek RSS Feed – Read More
Google Updates Cloud Backup, Disaster Recovery Service
/in General NewsThe combination of immutability, indelibility, centralized governance, and user empowerment provides a comprehensive backup strategy, Google said.
darkreading – Read More
Chinese ‘Crimson Palace’ Espionage Campaign Keeps Hacking Southeast Asian Governments
/in General NewsA sophisticated trio of Chinese cyberespionage groups known as Cluster Alpha, Cluster Bravo, and Cluster Charlie are behind the Crimson Palace espionage campaign targeting government organizations in Southeast Asia.
Cyware News – Latest Cyber News – Read More
Siemens Issues Critical Security Advisory for User Management Component (UMC)
/in General NewsSiemens has issued a critical security advisory for its User Management Component (UMC), revealing a heap-based buffer overflow vulnerability (CVE-2024-33698) with a 9. 3 CVSS score.
Cyware News – Latest Cyber News – Read More
CosmicBeetle Upgrades Arsenal with New ScRansom Ransomware to Target SMBs
/in General NewsCosmicBeetle has unleashed a new ransomware called ScRansom, targeting SMBs in Europe, Asia, Africa, and South America, possibly working with RansomHub. The threat actor swapped its Scarab ransomware for ScRansom, showing ongoing enhancements.
Cyware News – Latest Cyber News – Read More
OpenZiti: Secure, Open-Source Networking for Your Applications
/in General NewsOpenZiti is an open-source networking project that embeds zero-trust principles directly into applications, offering features like strong identity, mTLS, E2EE, private DNS, and smart routing.
Cyware News – Latest Cyber News – Read More
Microsoft Adds Support for Post-Quantum Algorithms in SymCrypt Library
/in General NewsMicrosoft has started introducing support for post-quantum algorithms in SymCrypt, its main cryptographic library.
The post Microsoft Adds Support for Post-Quantum Algorithms in SymCrypt Library appeared first on SecurityWeek.
SecurityWeek – Read More
Earth Preta Upgrades Attack Strategy via Removable Drives
/in General NewsThe HIUPAN worm allows Earth Preta to propagate malware into networks via removable drives, maintaining persistence by modifying registry values and creating autorun entries.
Cyware News – Latest Cyber News – Read More
FBI Report Says Cryptocurrency Scams Surged in 2023
/in General NewsAccording to an FBI report, cryptocurrency scams surged in 2023, leading to victims reporting $5. 6 billion in financial losses associated with crypto schemes, a 45% increase from the previous year.
Cyware News – Latest Cyber News – Read More