BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [local] TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
- [webapps] WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
- [webapps] Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)
- [local] RDPGuard 9.9.9 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
National Australia Bank Raises Alarm About Cyber Threats to Major Banks
/in General NewsAustralia’s four major banks, including ANZ Bank, Commonwealth Bank, National Australia Bank (NAB), and Westpac, are constantly under attack from threat actors seeking to steal sensitive information and money from unsuspecting customers.
Cyware News – Latest Cyber News – Read More
Industrial cyberattacks fuel surge in OT cybersecurity spending
/in General NewsEnterprise spending on OT cybersecurity is predicted to increase by almost 70% to $21.6 billion globally by 2028, up from $12.75 billion in 2023, driven by attacks and regulation, according to ABI Research.
Cyware News – Latest Cyber News – Read More
China’s ‘Velvet Ant’ Hackers Caught Exploiting New Zero-Day in Cisco Devices
/in General NewsThe vulnerability, known as CVE-2024-20399, affects Cisco NX-OS software used for Nexus-series switches. Sygnia discovered the vulnerability during an investigation into the threat group Velvet Ant.
Cyware News – Latest Cyber News – Read More
Cisco Patches NX-OS Zero-Day Exploited by Chinese Cyberspies
/in General NewsCisco has patched an NX-OS command injection zero-day exploited by China-linked cyberespionage group Velvet Ant.
The post Cisco Patches NX-OS Zero-Day Exploited by Chinese Cyberspies appeared first on SecurityWeek.
SecurityWeek – Read More
Critical Flaw in PTC License Server Can Allow Lateral Movement in Industrial Organizations
/in General NewsPTC has patched a critical vulnerability in the Creo Elements/Direct License Server that can be exploited for unauthenticated command execution.
The post Critical Flaw in PTC License Server Can Allow Lateral Movement in Industrial Organizations appeared first on SecurityWeek.
SecurityWeek – Read More
Korean ERP Vendor’s Update Systems Subverted to Spew Malware
/in General NewsA South Korean ERP vendor’s product update server was breached by attackers who used it to distribute malware instead of legitimate updates, according to AhnLab, a local cybersecurity firm.
Cyware News – Latest Cyber News – Read More
Poland to Probe Russia-Linked Cyberattack on State News Agency
/in General NewsPolish prosecutors are investigating a suspected Russian attack on the country’s state news agency, the Polish Press Agency (PAP). The attack, which occurred in May, aimed to spread disinformation and cause disruptions in Poland’s system or economy.
Cyware News – Latest Cyber News – Read More
AuthZed Raises $12 Million to Accelerate Permissions Systems in Series A Funding
/in General NewsThe new funding will accelerate a strategic expansion for small–to mid-market-sized organizations, providing a fully managed and easy-to-deploy permissions system that is simple to maintain for their current and future authorization needs.
Cyware News – Latest Cyber News – Read More
Meta’s ‘Pay or Consent’ Approach Faces E.U. Competition Rules Scrutiny
/in General NewsMeta’s decision to offer an ad-free subscription in the European Union (E.U.) has faced a new setback after regulators accused the social media behemoth of breaching the bloc’s competition rules by forcing users to choose between seeing ads or paying to avoid them.
The European Commission said the company’s “pay or consent” advertising model is in contravention of the Digital Markets Act (DMA).
The Hacker News – Read More
Chinese Hackers Exploiting Cisco Switches Zero-Day to Deliver Malware
/in General NewsA China-nexus cyber espionage group named Velvet Ant has been observed exploiting a zero-day flaw in Cisco NX-OS Software used in its switches to deliver malware.
The vulnerability, tracked as CVE-2024-20399 (CVSS score: 6.0), concerns a case of command injection that allows an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected
The Hacker News – Read More