BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Campcodes Online Hospital Management System 1.0 - SQL Injection
- [webapps] WordPress Digits Plugin 8.4.6.1 - Authentication Bypass via OTP Bruteforcing
- [remote] Fortra GoAnywhere MFT 7.4.1 - Authentication Bypass
- [remote] Automic Agent 24.3.0 HF4 - Privilege Escalation
- [remote] SolarWinds Serv-U 15.4.2 HF1 - Directory Traversal
- [remote] Windows File Explorer Windows 11 (23H2) - NTLM Hash Disclosure
- [remote] Grandstream GSD3710 1.0.11.13 - Stack Buffer Overflow
- [webapps] WordPress User Registration & Membership Plugin 4.1.2 - Authentication Bypass
- [local] Microsoft Windows Server 2016 - Win32k Elevation of Privilege
- [remote] Windows 2024.15 - Unauthenticated Desktop Screenshot Capture
Rebranded Knight Ransomware Targeting Healthcare and Businesses Worldwide
/in General NewsAn analysis of a nascent ransomware strain called RansomHub has revealed it to be an updated and rebranded version of Knight ransomware, itself an evolution of another ransomware known as Cyclops.
Knight (aka Cyclops 2.0) ransomware first arrived in May 2023, employing double extortion tactics to steal and encrypt victims’ data for financial gain. It’s operational across multiple platforms,
The Hacker News – Read More
Resurgence of Ransomware: Mandiant Observes Sharp Rise in Criminal Extortion Tactics
/in General NewsMandiant saw an increase in ransomware activity in 2023 compared to 2022, including a 75% increase in posts on data leak sites.
The post Resurgence of Ransomware: Mandiant Observes Sharp Rise in Criminal Extortion Tactics appeared first on SecurityWeek.
SecurityWeek – Read More
225,000 More Cybersecurity Workers Needed in US: CyberSeek
/in General NewsThere are 1.2 million cybersecurity workers in the US, but 225,000 more are needed to close the talent gap, according to new data.
The post 225,000 More Cybersecurity Workers Needed in US: CyberSeek appeared first on SecurityWeek.
SecurityWeek – Read More
Chinese Threat Clusters Triple-Team a High-Profile Asia Government Org
/in General NewsA trio of Chinese-affiliated clusters performed specialized tasks in a broader attack chain, likely under the watch of a single organization.
darkreading – Read More
‘NsaRescueAngel’ Backdoor Account Again Discovered in Zyxel Products
/in General NewsCritical vulnerabilities in discontinued Zyxel NAS products allow unauthenticated attackers to execute arbitrary code and OS commands.
The post ‘NsaRescueAngel’ Backdoor Account Again Discovered in Zyxel Products appeared first on SecurityWeek.
SecurityWeek – Read More
An American Company Enabled a North Korean Scam That Raised Money for WMDs
/in General NewsWyoming’s secretary of state has proposed ways of “preventing fraud and abuse of corporate filings by commercial registered agents” in the aftermath of the scheme’s exposure.
Security Latest – Read More
London Hospitals Cancel Operations and Appointments After Being Hit in Ransomware Attack
/in General NewsSeveral hospitals in London have canceled operations and appointments after being hit in a ransomware attack.
The post London Hospitals Cancel Operations and Appointments After Being Hit in Ransomware Attack appeared first on SecurityWeek.
SecurityWeek – Read More
The Age of the Drone Police Is Here
/in General NewsA WIRED investigation, based on more than 22 million flight coordinates, reveals the complicated truth about the first full-blown police drone program in the US—and why your city could be next.
Security Latest – Read More
Cisco Patches Webex Bugs Following Exposure of German Government Meetings
/in General NewsCisco has released a security advisory after researchers discovered that the German government’s Webex meetings were exposed.
The post Cisco Patches Webex Bugs Following Exposure of German Government Meetings appeared first on SecurityWeek.
SecurityWeek – Read More
Ransomware Gang Leaks Data From Australian Mining Company
/in General NewsThe BianLian ransomware gang has leaked data allegedly stolen from Australian mining company Northern Minerals.
The post Ransomware Gang Leaks Data From Australian Mining Company appeared first on SecurityWeek.
SecurityWeek – Read More