BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Social Warfare WordPress Plugin 3.5.2 - Remote Code Execution (RCE)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
- [remote] Microsoft Excel 2024 Use after free - Remote Code Execution (RCE)
- [webapps] Sitecore 10.4 - Remote Code Execution (RCE)
- [local] Microsoft Excel LTSC 2024 - Remote Code Execution (RCE)
- [remote] FortiOS SSL-VPN 7.4.4 - Insufficient Session Expiration & Cookie Reuse
Ivanti Endpoint Manager Flaw Actively Targeted, CISA Warns Agencies to Patch
/in General NewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a security flaw impacting Endpoint Manager (EPM) that the company patched in May to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The vulnerability, tracked as CVE-2024-29824, carries a CVSS score of 9.6 out of a maximum of 10.0, indicating critical severity.
“An
The Hacker News – Read More
China-Backed APT Group Culling Thai Government Data
/in General NewsCeranaKeeper is bombarding Southeast Asia with data exfiltration attacks via file-sharing services such as Pastebin, OneDrive, and GitHub, researchers say.
darkreading – Read More
NSA Releases 6 Principles of OT Cybersecurity
/in General NewsOrganizations can use this guide to make decisions for designing, implementing, and managing OT environments to ensure they are both safe and secure, as well as enable business continuity for critical services.
darkreading – Read More
4 Ways to Fight AI-Based Fraud
/in General NewsGenerative AI is being used to make cyberscams more believable. Here’s how organizations can counter that using newly emerging tools and reliable methods.
darkreading – Read More
North Korea’s ‘Stonefly’ APT Swarms US Private Co’s. for Profit
/in General NewsDespite a $10 million bounty on one member, APT45 is not slowing down, pivoting from intelligence gathering to extorting funds for Kim Jong-Un’s regime.
darkreading – Read More
Unix Printing Vulnerabilities Enable Easy DDoS Attacks
/in General NewsAll an attacker needs to exploit flaws in the Common Unix Printing System is a few seconds and less than 1 cent in computing costs.
darkreading – Read More
Experts warn of DDoS attacks using linux printing vulnerability
/in General NewsA set of bugs that has caused alarm among cybersecurity experts may enable threat actors to launch powerful attacks designed to knock systems offline.
The Record from Recorded Future News – Read More
Exclusive: Google Cloud Updates Confidential Computing Portfolio
/in General NewsUsers of Google Cloud’s virtual machines can now get in-house attestation for VMs that offer AMD encrypted virtualization.
Security | TechRepublic – Read More
Hackers pose as British postal carrier to deliver Prince ransomware in destructive campaign
/in General NewsResearchers have identified a new campaign in which hackers impersonated the British postal carrier Royal Mail to target victims in the U.S. and the U.K. with Prince ransomware.
The Record from Recorded Future News – Read More
Zero-Day Breach at Rackspace Sparks Vendor Blame Game
/in General NewsA breach at Rackspace exposes the fragility of the software supply chain, triggering a blame game among vendors over an exploited zero-day.
The post Zero-Day Breach at Rackspace Sparks Vendor Blame Game appeared first on SecurityWeek.
SecurityWeek RSS Feed – Read More