BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [remote] Ingress-NGINX 4.11.0 - Remote Code Execution (RCE)
- [local] Microsoft Excel LTSC 2024 - Remote Code Execution (RCE)
- [remote] FortiOS SSL-VPN 7.4.4 - Insufficient Session Expiration & Cookie Reuse
- [remote] Windows 11 SMB Client - Privilege Escalation & Remote Code Execution (RCE)
- [remote] PCMan FTP Server 2.0.7 - Buffer Overflow
- [webapps] Litespeed Cache WordPress Plugin 6.3.0.1 - Privilege Escalation
- [local] Parrot and DJI variants Drone OSes - Kernel Panic Exploit
- [webapps] PHP CGI Module 8.3.4 - Remote Code Execution (RCE)
- [remote] AirKeyboard iOS App 1.0.5 - Remote Input Injection
- [webapps] Skyvern 0.1.85 - Remote Code Execution (RCE) via SSTI
Malware Campaign Locks Browser in Kiosk Mode to Steal Google Credentials
/in General NewsThe campaign specifically targets Google’s login page and prevents users from closing the window or using certain keyboard keys to escape. Once users enter and save their credentials to unlock the computer, the StealC malware steals the credentials.
Cyware News – Latest Cyber News – Read More
DoJ: Chinese Man Used Spear-Phishing to Obtain Software From NASA, Military
/in General NewsChinese national Song Wu allegedly sent spear-phishing emails to NASA, Air Force, Navy, Army, and FAA employees.
The post DoJ: Chinese Man Used Spear-Phishing to Obtain Software From NASA, Military appeared first on SecurityWeek.
SecurityWeek – Read More
How Google and Yahoo’s shift to stricter email standards proved a windfall for this Armenian startup
/in General NewsEasyDMARC, a B2B SaaS startup out of Armenia that aims to simplify email security and authentication, said it has raised $20 million in a Series A round.
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
Misconfigured ServiceNow Knowledge Bases Expose Confidential Information
/in General NewsAppOmni researchers found over a thousand instances of misconfigured Knowledge Bases where articles could be compromised through Public Widgets.
Security | TechRepublic – Read More
Recent WhatsUp Gold Vulnerabilities Possibly Exploited in Ransomware Attacks
/in General NewsTwo recently patched Progress Software WhatsUp Gold vulnerabilities may have been exploited in the wild, possibly in ransomware attacks.
The post Recent WhatsUp Gold Vulnerabilities Possibly Exploited in Ransomware Attacks appeared first on SecurityWeek.
SecurityWeek – Read More
Binance Warns of Rising Clipper Malware Attacks Targeting Cryptocurrency Users
/in General NewsCryptocurrency exchange Binance is warning of an “ongoing” global threat that’s targeting cryptocurrency users with clipper malware with the goal of facilitating financial fraud.
Clipper malware, also called ClipBankers, is a type of malware that Microsoft calls cryware, which comes with capabilities to monitor a victim’s clipboard activity and steal sensitive data a user copies, including
The Hacker News – Read More
Woo Skimmer Uses Style Tags and Image Extension to Steal Card Details
/in General NewsA recent WooCommerce skimming attack used a creative method to steal credit card details by hiding malicious code within style tags and embedding a fake payment overlay in an image file disguised as a favicon.
Cyware News – Latest Cyber News – Read More
SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks
/in General NewsSolarWinds has released fixes to address two security flaws in its Access Rights Manager (ARM) software, including a critical vulnerability that could result in remote code execution.
The vulnerability, tracked as CVE-2024-28991, is rated 9.0 out of a maximum of 10.0 on the CVSS scoring system. It has been described as an instance of deserialization of untrusted data.
“SolarWinds Access Rights
The Hacker News – Read More
DOJ indicts Chinese national for spear phishing campaign against NASA, FAA, Air Force
/in General NewsPost Content
The Record from Recorded Future News – Read More
Cambodian Tycoon Sanctioned for Forced Cyber Labor, Trafficking
/in General NewsThe sanctions are unlikely to affect the growing network of criminals who lure victims into working for cybercrime sweat shops around the world.
darkreading – Read More