BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
- Uro - Declutters Url Lists For Crawling/Pentesting
- Wshlient - A Simple Tool To Interact With Web Shells And Command Injection Vulnerabilities
Exploit DB
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
- [webapps] Casdoor 1.901.0 - Cross-Site Request Forgery (CSRF)
- [webapps] Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference (IDOR)
- [local] Daikin Security Gateway 14 - Remote Password Reset
- [local] ZTE ZXV10 H201L - RCE via authentication bypass
FBI and CISA Assure Public on Election Ransomware Security
/in General NewsFBI and CISA issued a PSA reassuring the public about the security of the 2024 election cycle against ransomware attacks. While attacks on government networks could cause temporary delays, voting systems’ integrity remains intact.
Cyware News – Latest Cyber News – Read More
CISA to Get New $524 Million Headquarters in DC, Backed by Inflation Reduction Act Funding
/in General NewsClark Construction has been tasked with building the 630,000 square foot sustainable state-of-the-art facility for CISA.
The post CISA to Get New $524 Million Headquarters in DC, Backed by Inflation Reduction Act Funding appeared first on SecurityWeek.
SecurityWeek – Read More
Cybercriminals Exploit Paris Olympics With Fake Domains
/in General NewsAccording to a report by cybersecurity researchers at BforeAI, threat actors used fake social media accounts, stores, ticketing systems, and fraudulent cryptocurrencies to target unsuspecting victims.
Cyware News – Latest Cyber News – Read More
Ukrainian Bank’s Service for Military Donations Targeted by ‘Massive’ DDoS Attack
/in General NewsThe attack, lasting from Friday to Monday, reached 7.5 billion requests per second, according to Monobank CEO. Despite not impacting operations, the bank collaborated with security services and specialists to manage the flood of internet traffic.
Cyware News – Latest Cyber News – Read More
F5 Patches High-Severity Vulnerabilities in BIG-IP, NGINX Plus
/in General NewsF5’s latest quarterly security notification includes nine advisories, including four for high-severity vulnerabilities in BIG-IP and NGINX Plus.
The post F5 Patches High-Severity Vulnerabilities in BIG-IP, NGINX Plus appeared first on SecurityWeek.
SecurityWeek – Read More
Blind Eagle Hackers Exploit Spear-Phishing to Deploy RATs in Latin America
/in General NewsCybersecurity researchers have shed light on a threat actor known as Blind Eagle that has persistently targeted entities and individuals in Colombia, Ecuador, Chile, Panama, and other Latin American nations.
Targets of these attacks span several sectors, including governmental institutions, financial companies, energy and oil and gas companies.
“Blind Eagle has demonstrated adaptability in
The Hacker News – Read More
CISA Warns of Critical Jenkins Vulnerability Exploited in Ransomware Attacks
/in General NewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw impacting Jenkins to its Known Exploited Vulnerabilities (KEV) catalog, following its exploitation in ransomware attacks.
The vulnerability, tracked as CVE-2024-23897 (CVSS score: 9.8), is a path traversal flaw that could lead to code execution.
“Jenkins Command Line Interface (CLI) contains a
The Hacker News – Read More
Thousands of Oracle NetSuite Sites at Risk of Exposing Customer Information
/in General NewsCybersecurity researchers are warning about the discovery of thousands of externally-facing Oracle NetSuite e-commerce sites that have been found susceptible to leaking sensitive customer information.
“A potential issue in NetSuite’s SuiteCommerce platform could allow attackers to access sensitive data due to misconfigured access controls on custom record types (CRTs),” AppOmni’s Aaron Costello
The Hacker News – Read More
US Intelligence Officials Say Iran is to Blame for Hacks Targeting Trump, Biden-Harris Campaigns
/in General NewsThe assessment from agencies was the first time the U.S. government assigned blame for hacks that have raised anew the threat of foreign election interference.
The post US Intelligence Officials Say Iran is to Blame for Hacks Targeting Trump, Biden-Harris Campaigns appeared first on SecurityWeek.
SecurityWeek – Read More
SOCI Act 2024: Thales Report Reveals Critical Infrastructure Breaches in Australia
/in General NewsThales’ 2024 Data Threat Report reveals key insights for Australian critical infrastructure under the SOCI Act 2024. Our exclusive interview with Erick Reyes reveals the security impacts.
Security | TechRepublic – Read More