BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
- [webapps] Casdoor 1.901.0 - Cross-Site Request Forgery (CSRF)
- [webapps] Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference (IDOR)
- [local] Daikin Security Gateway 14 - Remote Password Reset
- [local] ZTE ZXV10 H201L - RCE via authentication bypass
Unlocking the Front Door: Phishing Emails Remain a Top Cyber Threat Despite MFA
/in General NewsSecurityWeek spoke with Mike Britton, CISO at Abnormal Security, to understand what the company has learned about current social engineering and phishing attacks.
The post Unlocking the Front Door: Phishing Emails Remain a Top Cyber Threat Despite MFA appeared first on SecurityWeek.
SecurityWeek – Read More
Update: New Windows SmartScreen Bypass Exploited as Zero-Day Since March
/in General NewsA security loophole in Windows SmartScreen, known as CVE-2024-38213, was exploited by attackers as a zero-day to bypass protection. Microsoft patched this vulnerability during the June 2024 Patch Tuesday.
Cyware News – Latest Cyber News – Read More
Cybersecurity’s Real Challenge Is Communication, Not Just Technology
/in General NewsBy nurturing a security-centric work culture that involves everybody, organizations can overcome challenges with greater agility and confidence.
darkreading – Read More
Belarusian-Ukrainian Hacker Extradited to U.S. for Ransomware and Cybercrime Charges
/in General NewsA coalition of law enforcement agencies coordinated by the U.K. National Crime Agency (NCA) has led to the arrest and extradition of a Belarussian and Ukrainian dual-national believed to be associated with Russian-speaking cybercrime groups.
Maksim Silnikau (aka Maksym Silnikov), 38, went by the online monikers J.P. Morgan, xxx, and lansky. He was extradited to the U.S. from Poland on August 9,
The Hacker News – Read More
How to Augment Your Password Security with EASM
/in General NewsSimply relying on traditional password security measures is no longer sufficient. When it comes to protecting your organization from credential-based attacks, it is essential to lock down the basics first. Securing your Active Directory should be a priority – it is like making sure a house has a locked front door before investing in a high-end alarm system. Once the fundamentals are covered,
The Hacker News – Read More
NIST Formalizes World’s First Post-Quantum Cryptography Standards
/in General NewsThe finalized post-quantum cryptography standards are Module-Lattice-Based Key-Encapsulation Mechanism Standard (FIPS 203), Module-Lattice-Based Digital Signature Standard (FIPS 204), and Stateless Hash-Based Digital Signature Standard (FIPS 205).
Cyware News – Latest Cyber News – Read More
DARPA Awards $14m to Seven Teams in AI Cyber Challenge
/in General NewsDARPA has awarded $14 million to seven teams in the AI Cyber Challenge (AIxCC) at DEFCON 32. The competition aims to find a cyber reasoning system to identify and fix vulnerabilities in open-source software.
Cyware News – Latest Cyber News – Read More
Fortinet, Zoom Patch Multiple Vulnerabilities
/in General NewsFortinet and Zoom have released patches for multiple vulnerabilities in their products, including high-severity bugs.
The post Fortinet, Zoom Patch Multiple Vulnerabilities appeared first on SecurityWeek.
SecurityWeek – Read More
Secure Data Sharing Company Kiteworks Raises $456 Million
/in General NewsSecure data sharing solutions provider Kiteworks has raised $456 million in growth equity investment from Insight Partners and Sixth Street Growth.
The post Secure Data Sharing Company Kiteworks Raises $456 Million appeared first on SecurityWeek.
SecurityWeek – Read More
Phishing Campaign Poses as Ukraine’s Security Service to Spread ANONVNC Malware
/in General NewsCybercriminals impersonated the Security Service of Ukraine (SSU) using malicious spam emails to target and infect the systems of Ukrainian government agencies. The attackers successfully distributed AnonVNC malware to over 100 computers.
Cyware News – Latest Cyber News – Read More