BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [local] TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
- [webapps] WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
- [webapps] Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)
- [local] RDPGuard 9.9.9 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
Cyber Insurance Provider Cowbell Raises $60 Million
/in General NewsZurich Insurance Group has invested $60 million in cyber insurance firm Cowbell to help it scale operations and deliver new products.
The post Cyber Insurance Provider Cowbell Raises $60 Million appeared first on SecurityWeek.
SecurityWeek – Read More
Attackers Bypassed Google’s Email Verification to Create Workspace Accounts, Access Third-Party Services
/in General NewsThe issue, which began in late June, affected a few thousand Workspace accounts that were created without domain verification. Google has since fixed the problem and added more security measures to prevent similar bypasses in the future.
Cyware News – Latest Cyber News – Read More
Apple Rolls Out Security Updates for iOS, macOS
/in General NewsApple has released security patches for dozens of vulnerabilities in iOS, macOS, tvOS, visionOS, watchOS, and Safari.
The post Apple Rolls Out Security Updates for iOS, macOS appeared first on SecurityWeek.
SecurityWeek – Read More
New SideWinder Cyber Attacks Target Maritime Facilities in Multiple Countries
/in General NewsThe nation-state threat actor known as SideWinder has been attributed to a new cyber espionage campaign targeting ports and maritime facilities in the Indian Ocean and Mediterranean Sea.
The BlackBerry Research and Intelligence Team, which discovered the activity, said targets of the spear-phishing campaign include countries like Pakistan, Egypt, Sri Lanka, Bangladesh, Myanmar, Nepal, and the
The Hacker News – Read More
Microsoft 365 Users Targeted by Phishers Abusing Microsoft Forms
/in General NewsThe phishing campaigns involve sending fake emails that appear to be from Microsoft, leading recipients to malicious Microsoft Forms impersonating Microsoft 365 or Adobe login pages.
Cyware News – Latest Cyber News – Read More
5 Bitwarden features that make it my favorite password manager
/in General NewsBitwarden is the password manager I recommend to everyone. Here are five reasons why.
Latest stories for ZDNET in Security – Read More
Malware Campaign Lures Users With Fake W2 Form
/in General NewsA malicious campaign targeting users searching for W2 forms began on June 21, 2024, with a JavaScript file dropping a Brute Ratel Badger DLL into the user’s AppData. This initiated the installation of a Latrodectus backdoor.
Cyware News – Latest Cyber News – Read More
RaspAP Flaw Let Hackers Escalate Privileges with Raspberry Pi Devices
/in General NewsThe flaw, identified as CVE-2024-41637, affects RaspAP versions before 3.1.5 and has a severity score of 9.9. The vulnerability stems from improper access controls, enabling attackers to escalate privileges from www-data to root.
Cyware News – Latest Cyber News – Read More
OneDrive Phishing Scam Tricks Users into Running Malicious PowerShell Script
/in General NewsCybersecurity researchers are warning about a new phishing campaign that targets Microsoft OneDrive users with the aim of executing a malicious PowerShell script.
“This campaign heavily relies on social engineering tactics to deceive users into executing a PowerShell script, thereby compromising their systems,” Trellix security researcher Rafael Pena said in a Monday analysis.
The cybersecurity
The Hacker News – Read More
ZeroTier Raises $13.5 Million in Series A Funding
/in General NewsVirtual networking provider ZeroTier has raised $13.5 million in a Series A funding round led by Battery Ventures.
The post ZeroTier Raises $13.5 Million in Series A Funding appeared first on SecurityWeek.
SecurityWeek – Read More