BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SubGPT - Find Subdomains With GPT, For Free
- Uro - Declutters Url Lists For Crawling/Pentesting
- Wshlient - A Simple Tool To Interact With Web Shells And Command Injection Vulnerabilities
- Pulsegram - Integrated Keylogger With Telegram
- Scrapling - An Undetectable, Powerful, Flexible, High-Performance Python Library That Makes Web Scraping Simple And Easy Again!
- VulnKnox - A Go-based Wrapper For The KNOXSS API To Automate XSS Vulnerability Testing
- Camtruder - Advanced RTSP Camera Discovery and Vulnerability Assessment Tool
- Frogy2.0 - An Automated External Reconnaissance And Attack Surface Management (ASM) Toolkit
- PEGASUS-NEO - A Comprehensive Penetration Testing Framework Designed For Security Professionals And Ethical Hackers. It Combines Multiple Security Tools And Custom Modules For Reconnaissance, Exploitation, Wireless Attacks, Web Hacking, And More
- Text4Shell-Exploit - A Custom Python-based Proof-Of-Concept (PoC) Exploit Targeting Text4Shell (CVE-2022-42889), A Critical Remote Code Execution Vulnerability In Apache Commons Text Versions < 1.10
Exploit DB
- [local] Microsoft - NTLM Hash Disclosure Spoofing (library-ms)
- [local] ZTE ZXV10 H201L - RCE via authentication bypass
- [local] Daikin Security Gateway 14 - Remote Password Reset
- [local] Microsoft Windows - XRM-MS File NTLM Information Disclosure Spoofing
- [local] unzip-stream 0.3.1 - Arbitrary File Write
- [remote] code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting (XSS)
- [local] Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege
- [remote] OpenSSH server (sshd) 9.8p1 - Race Condition
- [remote] WonderCMS 3.4.2 - Remote Code Execution (RCE)
- [local] tar-fs 3.0.0 - Arbitrary File Write/Overwrite
Oracle Still Denies Breach as Researchers Persist
/in General NewsEvidence suggests an attacker gained access to the company’s cloud infrastructure environment, but Oracle insists that didn’t happen.
darkreading – Read More
Harmonic Security Raises $17.5M Series A to Accelerate Zero-Touch Data Protection to Market
/in General NewsPost Content
darkreading – Read More
Traditional Data Loss Prevention Solutions Are Not Working for Most Organizations
/in General NewsPost Content
darkreading – Read More
How to Implement CMMS Software in Your Organization
/in General NewsLet’s face it: Rolling out new software across an entire organization can feel like herding cats. Between data…
Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – Read More
Again and again, NSO Group’s customers keep getting their spyware operations caught
/in General NewsDespite the stealthy nature of spyware, security researchers keep detecting Pegasus spyware attacks in part because of sloppy ‘operational security.’
Security News | TechCrunch – Read More
Signal is in the news and for the wrong reasons, yet again
/in General News“The human is the weakest link in the security chain.” Recent events in Washington have demonstrated this principle cliche with painful clarity. This week, we’ve all witnessed yet another high-profile security breach involving Signal, the messaging app. A senior member of President Trump’s national security team added Jeffrey Goldberg, the editor-in-chief of The Atlantic, to a private Signal…
Source
techsplicer – Read More
Hackers target Taiwan with malware delivered via fake messaging apps
/in General NewsHackers have been targeting users in Taiwan with PJobRAT malware delivered through malicious instant messaging apps, according to new research.
The Record from Recorded Future News – Read More
Microsoft’s passwordless future is here for Outlook, Xbox, 365, and more
/in General NewsMicrosoft’s new sign-in screens push you to finally ditch passwords – here’s how.
Latest stories for ZDNET in Security – Read More
9-Year-Old NPM Crypto Package Hijacked for Information Theft
/in General NewsNearly a dozen crypto packages on NPM, including one published 9 years ago, have been hijacked to deliver infostealers.
The post 9-Year-Old NPM Crypto Package Hijacked for Information Theft appeared first on SecurityWeek.
SecurityWeek – Read More
Critical Condition: Legacy Medical Devices Remain Easy Targets for Ransomware
/in General NewsAnalysis found that 99% of healthcare organizations are vulnerable to publicly available exploits.
The post Critical Condition: Legacy Medical Devices Remain Easy Targets for Ransomware appeared first on SecurityWeek.
SecurityWeek – Read More