BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [local] TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
- [webapps] WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
- [webapps] Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)
- [local] RDPGuard 9.9.9 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
Chrome bug hunters can earn up to $250,000 for serious vulnerabilities now – how’s how
/in General NewsGoogle is bumping up the cash prizes for its Vulnerability Reward Program across all of its current categories.
Latest stories for ZDNET in Security – Read More
BlackByte Targets ESXi Bug With Ransomware to Access Virtual Assets
/in General NewsThe pivot is one of several changes the groups using the malware have used in recent attacks.
darkreading – Read More
CCTV Zero-Day Exposes Critical Infrastructure to Mirai Botnet Campaign
/in General NewsCISA warned about the RCE zero-day vulnerability in AVTECH IP cameras in early August, and now vulnerable systems are being used to spread malware.
darkreading – Read More
Attackers Exploit Critical Atlassian Confluence Flaw for Cryptojacking
/in General NewsNovel attack vectors leverage the CVE-2023-22527 RCE flaw discovered in January, which is still under active attack, to turn targeted cloud environments into cryptomining networks.
darkreading – Read More
Fortra Issues Patch for High-Risk FileCatalyst Workflow Security Vulnerability
/in General NewsFortra has addressed a critical security flaw impacting FileCatalyst Workflow that could be abused by a remote attacker to gain administrative access.
The vulnerability, tracked as CVE-2024-6633, carries a CVSS score of 9.8, and stems from the use of a static password to connect to a HSQL database.
“The default credentials for the setup HSQL database (HSQLDB) for FileCatalyst Workflow are
The Hacker News – Read More
Google’s Gemini AI gets major upgrade with ‘Gems’ assistants and Imagen 3
/in General NewsGoogle introduces “Gems” AI assistants and Imagen 3 model to Gemini platform, enhancing personalized AI experiences and image generation capabilities.Read More
Security News | VentureBeat – Read More
Google Now Offering Up to $250,000 for Chrome Vulnerabilities
/in General NewsGoogle has significantly increased the rewards for Chrome browser vulnerabilities, offering up to $250,000 for remote code execution bugs.
The post Google Now Offering Up to $250,000 for Chrome Vulnerabilities appeared first on SecurityWeek.
SecurityWeek – Read More
Notorious Iranian Hackers Have Been Targeting the Space Industry With a New Backdoor
/in General NewsIn addition to its long-standing password spraying attacks, Microsoft says Iran-backed hacker group Peach Sandstorm—or APT 33—has developed custom malware dubbed “Tickler.”
Security Latest – Read More
Censys Finds Hundreds of Exposed Servers as Volt Typhoon APT Targets ISPs, MSPs
/in General NewsAmidst Volt Typhoon zero-day exploitation, Censys finds hundreds of exposed servers presenting ripe attack surface for attackers.
The post Censys Finds Hundreds of Exposed Servers as Volt Typhoon APT Targets ISPs, MSPs appeared first on SecurityWeek.
SecurityWeek – Read More
Manufacturing Sector Under Fire From Microsoft Credential Thieves
/in General NewsThe emails impersonate well-known companies in the industry, fooling the victim into thinking they are communicating with a legitimate entity.
darkreading – Read More