BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [remote] CrushFTP 11.3.1 - Authentication Bypass
- [remote] Invision Community 5.0.6 - Remote Code Execution (RCE)
- [local] Zyxel USG FLEX H series uOS 1.31 - Privilege Escalation
- [local] RDPGuard 9.9.9 - Privilege Escalation
- [webapps] Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)
- [local] TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
- [webapps] WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [local] VirtualBox 7.0.16 - Privilege Escalation
Hackers Hijack 22,000 Removed PyPI Packages, Spreading Malicious Code to Developers
/in General NewsA new supply chain attack technique targeting the Python Package Index (PyPI) registry has been exploited in the wild in an attempt to infiltrate downstream organizations.
It has been codenamed Revival Hijack by software supply chain security firm JFrog, which said the attack method could be used to hijack 22,000 existing PyPI packages and result in “hundreds of thousands” of malicious package
The Hacker News – Read More
Criminal IP Secures PCI DSS v4.0 Certification, Enhancing Payment Security with Top-Level Compliance
/in General NewsTorrance, United States / California, 4th September 2024, CyberNewsWire
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
How CISOs Can Effectively Communicate Cyber-Risk
/in General NewsA proximity resilience graph offers a more accurate representation of risk than heat maps and risk registers, and allows CISOs to tell a complex story in a single visualization.
darkreading – Read More
HHS Drops Appeal of Hospital Web Tracking Decision
/in General NewsThe Biden administration has dropped its appeal of a court decision that rejected new regulations restricting hospitals’ use of web-tracking tools. A Texas judge ruled the administration’s efforts illegal in June.
Cyware News – Latest Cyber News – Read More
Worried about the YubiKey 5 vulnerability? Here’s why I’m not
/in General NewsI’m a big fan of YubiKeys and the fact that some of them are vulnerable to being cloned doesn’t change that. Let me explain.
Latest stories for ZDNET in Security – Read More
Crypto Vulnerability Allows Cloning of YubiKey Security Keys
/in General NewsYubiKey security keys can be cloned via a side-channel attack that leverages a vulnerability in a cryptographic library.
The post Crypto Vulnerability Allows Cloning of YubiKey Security Keys appeared first on SecurityWeek.
SecurityWeek – Read More
Zyxel Patches Critical OS Command Injection Flaw in Access Points and Routers
/in General NewsZyxel has released software updates to address a critical security flaw impacting certain access point (AP) and security router versions that could result in the execution of unauthorized commands.
Tracked as CVE-2024-7261 (CVSS score: 9.8), the vulnerability has been described as a case of operating system (OS) command injection.
“The improper neutralization of special elements in the
The Hacker News – Read More
FBI: North Korea Aggressively Hacking Cryptocurrency Firms
/in General NewsThe FBI warns of North Korean threat actors conducting social engineering campaigns targeting employees in the cryptocurrency industry.
The post FBI: North Korea Aggressively Hacking Cryptocurrency Firms appeared first on SecurityWeek.
SecurityWeek – Read More
CEO’s Arrest Will Likely Not Dampen Cybercriminal Interest in Telegram
/in General NewsIn recent years, the platform has become a go-to tool for executing almost all conceivable cybercriminal activity.
darkreading – Read More
Damn Vulnerable UEFI: Simulate Real-world Firmware Attacks
/in General NewsDVUEFI was created to assist ethical hackers, security researchers, and firmware enthusiasts in beginning their journey into UEFI firmware security by providing examples to explore potential vulnerabilities.
Cyware News – Latest Cyber News – Read More