BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [remote] Ingress-NGINX 4.11.0 - Remote Code Execution (RCE)
- [local] Microsoft Excel LTSC 2024 - Remote Code Execution (RCE)
- [remote] FortiOS SSL-VPN 7.4.4 - Insufficient Session Expiration & Cookie Reuse
- [remote] Windows 11 SMB Client - Privilege Escalation & Remote Code Execution (RCE)
- [remote] PCMan FTP Server 2.0.7 - Buffer Overflow
- [webapps] Litespeed Cache WordPress Plugin 6.3.0.1 - Privilege Escalation
- [local] Parrot and DJI variants Drone OSes - Kernel Panic Exploit
- [webapps] PHP CGI Module 8.3.4 - Remote Code Execution (RCE)
- [remote] AirKeyboard iOS App 1.0.5 - Remote Input Injection
- [webapps] Skyvern 0.1.85 - Remote Code Execution (RCE) via SSTI
Ransomware attack forces high school in London to close and send students home
/in General NewsPost Content
The Record from Recorded Future News – Read More
Critical Kibana Flaws Expose Systems to Arbitrary Code Execution
/in General NewsA couple of critical vulnerabilities in Kibana, tracked as CVE-2024-37288 and CVE-2024-37285, can lead to arbitrary code execution. Elastic urges an immediate update to version 8.15.1.
Cyware News – Latest Cyber News – Read More
Two Indicted in US for Running Dark Web Marketplaces Offering Stolen Information
/in General NewsA Kazakhstani and a Russian national were indicted in the US for operating dark web sites facilitating PII, card, and banking information trading.
The post Two Indicted in US for Running Dark Web Marketplaces Offering Stolen Information appeared first on SecurityWeek.
SecurityWeek – Read More
New Veeam Vulnerability Puts Thousands of Backup Servers at Risk – PATCH NOW!
/in General NewsA critical vulnerability (CVE-2024-40711) in Veeam Backup & Replication software allows attackers to gain full control without authentication.…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Critical GeoServer Flaw Enabling Global Hack Campaigns
/in General NewsThe flaw in GeoServer, tracked as CVE-2024-36401 and with a CVSS score of 9.8, was swiftly capitalized on by hackers who launched campaigns using botnet families and cryptominers to spread malicious tools like Goreverse, a reverse proxy server.
Cyware News – Latest Cyber News – Read More
HAProxy Vulnerability CVE-2024-45506 Under Active Exploit: Urgent Patching Required
/in General NewsThis flaw in the HTTP/2 multiplexer can lead to an endless loop, system crashes, and remote denial-of-service attacks, with a CVSS score of 7. 5. The vulnerability impacts HAProxy Enterprise, ALOHA, and Kubernetes Ingress Controller products.
Cyware News – Latest Cyber News – Read More
Thousands of Avis car rental customers had personal data stolen in cyberattack
/in General NewsThe car rental giant says personal information, credit card information, and driver’s license numbers were stolen in the August cyberattack.
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
SonicWall SSLVPN Access Control Flaw is Now Exploited in Akira Ransomware Attacks
/in General NewsInitially believed to only impact SonicOS management access, it has now been confirmed to affect SSLVPN on SonicWall firewalls, including by Akira ransomware affiliates targeting accounts with disabled MFA and outdated firmware versions.
Cyware News – Latest Cyber News – Read More
Wing Security SaaS Pulse: Continuous Security & Actionable Insights — For Free
/in General NewsDesigned to be more than a one-time assessment— Wing Security’s SaaS Pulse provides organizations with actionable insights and continuous oversight into their SaaS security posture—and it’s free!
Introducing SaaS Pulse: Free Continuous SaaS Risk Management
Just like waiting for a medical issue to become critical before seeing a doctor, organizations can’t afford to overlook the constantly
The Hacker News – Read More
LummaC2 Stealer and Malicious Chrome Extension Wreak Havoc
/in General NewsThis attack begins with victims unknowingly downloading a malicious ZIP archive containing an installer file that sideloads a malicious DLL. This DLL then downloads the LummaC2 Stealer and a PowerShell script from a command-and-control server.
Cyware News – Latest Cyber News – Read More