BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [local] TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
- [webapps] WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
- [webapps] Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)
- [local] RDPGuard 9.9.9 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
regreSSHion OpenSSH Flaw: Potential Exploitation Attempts Seen, but Mass Attacks Unlikely
/in General NewsThe critical OpenSSH vulnerability tracked as regreSSHion and CVE-2024-6387 may already be targeted by attackers, but mass exploitation is unlikely.
The post regreSSHion OpenSSH Flaw: Potential Exploitation Attempts Seen, but Mass Attacks Unlikely appeared first on SecurityWeek.
SecurityWeek – Read More
The Impossibility of “Getting Ahead” in Cyber Defense
/in General NewsThe nature of defense is inherently stacked against defenders, as cybercriminals aim to disrupt systems while defenders manage complex tech stacks. Additionally, the rapid evolution of technology means defenders are always playing catch-up.
Cyware News – Latest Cyber News – Read More
FCC Drafts Rules to Strengthen Cyber of Emergency Systems
/in General NewsThe Federal Communications Commission (FCC) has proposed draft final rules to enhance the security of public alert and warning systems in the face of emerging cybersecurity threats.
Cyware News – Latest Cyber News – Read More
US Supreme Court Ruling on Chevron Doctrine May Upend Future Cybersecurity Regulation
/in General NewsThe ruling may lead to legal challenges against recent cybersecurity regulations, including the 2023 cyber incident reporting requirements by the Securities and Exchange Commission (SEC).
Cyware News – Latest Cyber News – Read More
FakeBat Loader Malware Spreads Widely Through Drive-by Download Attacks
/in General NewsThe loader-as-a-service (LaaS) known as FakeBat has become one of the most widespread loader malware families distributed using the drive-by download technique this year, findings from Sekoia reveal.
“FakeBat primarily aims to download and execute the next-stage payload, such as IcedID, Lumma, RedLine, SmokeLoader, SectopRAT, and Ursnif,” the company said in a Tuesday analysis.
Drive-by attacks
The Hacker News – Read More
Cybersecurity is Now a Top Concern for Auto Industry, Report Finds
/in General NewsAccording to a survey by Rockwell Automation, vehicle and automotive supply manufacturers ranked cybersecurity as their biggest external concern. Cyberattacks resulted in $11.8 billion in damages during the first half of 2023 alone.
Cyware News – Latest Cyber News – Read More
Polyglot Files Enable Cyber Attack Chains and Methods for Detection & Disarmament
/in General NewsHackers are using polyglot files, which can fit into multiple file formats and evade detection by endpoint detection and response systems. Research indicates that some commercial EDR tools have a 0% detection rate for malicious polyglots.
Cyware News – Latest Cyber News – Read More
South Africa National Healthcare Lab Still Reeling from Ransomware Attack
/in General NewsThe cyberattack disrupted national laboratory services, which could slow response to disease outbreaks such as mpox, experts warn.
darkreading – Read More
Israeli Entities Targeted by Cyberattack Using Donut and Sliver Frameworks
/in General NewsCybersecurity researchers have discovered an attack campaign that targets various Israeli entities with publicly-available frameworks like Donut and Sliver.
The campaign, believed to be highly targeted in nature, “leverage target-specific infrastructure and custom WordPress websites as a payload delivery mechanism, but affect a variety of entities across unrelated verticals, and rely on
The Hacker News – Read More
South Korean ERP Vendor’s Server Hacked to Spread Xctdoor Malware
/in General NewsAn unnamed South Korean enterprise resource planning (ERP) vendor’s product update server has been found to be compromised to deliver a Go-based backdoor dubbed Xctdoor.
The AhnLab Security Intelligence Center (ASEC), which identified the attack in May 2024, did not attribute it to a known threat actor or group, but noted that the tactics overlap with that of Andariel, a sub-cluster within the
The Hacker News – Read More