BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Bytesrevealer - Online Reverse Enginerring Viewer
- CentralizedFirewall - Provides A Firewall Manager API Designed To Centralize And Streamline The Management Of Firewall Configurations
- Maryam - Open-source Intelligence(OSINT) Framework
- TruffleHog Explorer - A User-Friendly Web-Based Tool To Visualize And Analyze Data Extracted Using TruffleHog
- PANO - Advanced OSINT Investigation Platform Combining Graph Visualization, Timeline Analysis, And AI Assistance To Uncover Hidden Connections In Data
- Wappalyzer-Next - Python library that uses Wappalyzer extension (and its fingerprints) to detect technologies
- Telegram-Checker - A Python Tool For Checking Telegram Accounts Via Phone Numbers Or Usernames
- Torward - An Improved Version Based On The Torghost-Gn And Darktor Scripts, Designed To Enhance Anonymity On The Internet
- Instagram-Brute-Force-2024 - Instagram Brute Force 2024 Compatible With Python 3.13 / X64 Bit / Only Chrome Browser
- QuickResponseC2 - A Command & Control Server That Leverages QR Codes To Send Commands And Receive Results From Remote Systems
Exploit DB
- [webapps] FoxCMS 1.2.5 - Remote Code Execution (RCE)
- [webapps] Drupal 11.x-dev - Full Path Disclosure
- [webapps] Apache Commons Text 1.10.0 - Remote Code Execution
- [webapps] Hunk Companion Plugin 1.9.0 - Unauthenticated Plugin Installation
- [webapps] Tatsu 3.3.11 - Unauthenticated RCE
- [remote] Langflow 1.3.0 - Remote Code Execution (RCE)
- [webapps] UJCMS 9.6.3 - User Enumeration via IDOR
- [webapps] Inventio Lite 4 - SQL Injection
- [webapps] KiviCare Clinic & Patient Management System (EHR) 3.6.4 - Unauthenticated SQL Injection
- [hardware] ABB Cylon Aspect 3.08.02 (deployStart.php) - Unauthenticated Command Execution
Google Fixes Eighth Actively Exploited Chrome Zero-Day This Year
/in General NewsThe security issue was discovered internally by Google’s Clément Lecigne and is tracked as CVE-2024-5274. It is a high-severity ‘type confusion’ in V8, Chrome’s JavaScript engine responsible for executing JS code.
Cyware News – Latest Cyber News – Read More
Machine Identities Lack Essential Security Controls, Pose Major Threat
/in General NewsSiloed approaches to securing human and machine identities are driving identity-based attacks across enterprises and their ecosystems, according to a new report by CyberArk.
Cyware News – Latest Cyber News – Read More
Cyber Force Provision Gets House Committee’s Approval
/in General NewsA requirement for the Pentagon to commission an independent study on the creation of a U.S. Cyber Force was added late Wednesday to the House version of the defense policy bill.
Cyware News – Latest Cyber News – Read More
When ‘No’ & ‘Good Enough’ Challenge Cybersecurity
/in General NewsAs the digital landscape evolves, these words must become an impetus for innovation and dialogue, not insurmountable barriers.
darkreading – Read More
White House Seeks Critical Cyber Assistance for Water Utilities, Healthcare
/in General NewsNational Cyber Director Harry Coker Jr. said the administration is taking actions to strengthen key critical infrastructure sectors, including healthcare and water utilities, and will pursue additional steps to fight ransomware and boost resilience.
Cyware News – Latest Cyber News – Read More
Averlon Emerges From Stealth Mode With $8 Million in Funding
/in General NewsAverson secures seed funding to build technology that uses AI to identify cloud security weaknesses and counter cyberattacks.
The post Averlon Emerges From Stealth Mode With $8 Million in Funding appeared first on SecurityWeek.
SecurityWeek – Read More
Courtroom Recording Software Compromised With Backdoor Installer
/in General News“Through ongoing monitoring and collaboration with cyber authorities, we identified attempts to replace our Viewer 8.3.7 software with a compromised file,” the company said in a statement on Thursday.
Cyware News – Latest Cyber News – Read More
JAVS Courtroom Audio-Visual Software Installer Serves Backdoor
/in General NewsBackdoored JAVS courtroom recording and management software installer puts thousands at risk of complete takeover.
The post JAVS Courtroom Audio-Visual Software Installer Serves Backdoor appeared first on SecurityWeek.
SecurityWeek – Read More
Future-Proof Your Cybersecurity AI Strategy
/in General NewsAn effective, long-term XDR strategy will address the ongoing need for rapid analysis and continual vetting of the latest threat intelligence.
darkreading – Read More
In Other News: China’s Undersea Spying, Hotel Spyware, Iran’s Disruptive Attacks
/in General NewsNoteworthy stories that might have slipped under the radar: Chinese repair ships might be spying on undersea communications, spyware found at hotel check-ins, UK not ready for China threat.
The post In Other News: China’s Undersea Spying, Hotel Spyware, Iran’s Disruptive Attacks appeared first on SecurityWeek.
SecurityWeek – Read More