BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- gitGRAB - This Tool Is Designed To Interact With The GitHub API And Retrieve Specific User Details, Repository Information, And Commit Emails For A Given User
- Snoop - OSINT Tool For Research Social Media Accounts By Username
- Lazywarden - Automatic Bitwarden Backup
- Docf-Sec-Check - DockF-Sec-Check Helps To Make Your Dockerfile Commands More Secure.
Exploit DB
- [webapps] GeoVision GV-ASManager 6.1.0.0 - Information Disclosure
- [webapps] WordPress User Registration & Membership Plugin 4.1.1 - Unauthenticated Privilege Escalation
- [webapps] Nagios Xi 5.6.6 - Authenticated Remote Code Execution (RCE)
- [webapps] UNA CMS 14.0.0-RC - PHP Object Injection
- [remote] InfluxDB OSS 2.7.11 - Operator Token Privilege Escalation
- [remote] Sony XAV-AX5500 1.13 - Firmware Update Validation Remote Code Execution (RCE)
- [webapps] Jasmin Ransomware - Arbitrary File Download (Authenticated)
- [webapps] jQuery 3.3.1 - Prototype Pollution & XSS Exploit
- [webapps] XWiki Platform 15.10.10 - Remote Code Execution
- [webapps] YesWiki 4.5.1 - Unauthenticated Path Traversal
RSA Conference 2024 – Announcements Summary (Day 3)
/in General NewsHundreds of companies are showcasing their products and services this week at the 2024 edition of the RSA Conference in San Francisco.
The post RSA Conference 2024 – Announcements Summary (Day 3) appeared first on SecurityWeek.
SecurityWeek – Read More
Two-Thirds of Organizations Failing to Address AI Risks, ISACA Finds
/in General NewsOnly a third of organizations are adequately addressing security, privacy and ethical risks with AI, despite surging use of these technologies in the workplace, according to new ISACA research.
Cyware News – Latest Cyber News – Read More
Veeam Fixes RCE Flaw in Backup Management Platform
/in General NewsThe vulnerability exists due to an unsafe deserialization method used by the Veeam Service Provider Console (VSPC) server during communication between the management agent and its components.
Cyware News – Latest Cyber News – Read More
US Advances on Cyber Goals Amid Rapidly Changing Threat Environment, White House Says
/in General NewsDespite the progress in improving cybersecurity posture, the United States still faces various threats, including ransomware attacks, cyberattacks on critical infrastructure, and the growing use of artificial intelligence in malicious activities.
Cyware News – Latest Cyber News – Read More
Zscaler Investigates Hacking Claims After Data Offered for Sale
/in General NewsZscaler says its customer, production and corporate environments are not impacted after a notorious hacker offers to sell access.
The post Zscaler Investigates Hacking Claims After Data Offered for Sale appeared first on SecurityWeek.
SecurityWeek – Read More
Undetectable Threats Found in F5 BIG-IP Next Central Manager
/in General NewsThe two vulnerabilities, an SQL injection flaw (CVE-2024-26026) and an OData injection vulnerability (CVE-2024-21793), could allow attackers to gain admin control and create hidden rogue accounts on managed assets.
Cyware News – Latest Cyber News – Read More
Critical F5 Central Manager Vulnerabilities Allow Enable Full Device Takeover
/in General NewsTwo security vulnerabilities have been discovered in F5 Next Central Manager that could be exploited by a threat actor to seize control of the devices and create hidden rogue administrator accounts for persistence.
The remotely exploitable flaws “can give attackers full administrative control of the device, and subsequently allow attackers to create accounts on any F5 assets managed by the Next
The Hacker News – Read More
UK Military Data Breach a Reminder of Third-Party Risk in Defense Sector
/in General NewsAn attacker accessed personal information of over 225,000 active, reserve, and former UK military members from third-party payroll processing system.
darkreading – Read More
3-Year Iranian Influence Op Preys on Divides in Israeli Society
/in General NewsIran follows in Russia’s disinformation footsteps but with a different, more economical, and potentially higher-impact model.
darkreading – Read More
Netcraft Announces New AI-Powered Innovations to Disrupt and Expose Criminal Financial Infrastructure
/in General NewsPost Content
darkreading – Read More