BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Stacks Mobile App Builder 5.2.3 - Authentication Bypass via Account Takeover
- [remote] Microsoft PowerPoint 2019 - Remote Code Execution (RCE)
- [remote] ScriptCase 9.12.006 (23) - Remote Command Execution (RCE)
- [local] Sudo chroot 1.9.17 - Local Privilege Escalation
- [local] Sudo 1.9.17 Host Option - Elevation of Privilege
- [local] Microsoft Defender for Endpoint (MDE) - Elevation of Privilege
- [webapps] Discourse 3.2.x - Anonymous Cache Poisoning
- [remote] Microsoft Outlook - Remote Code Execution (RCE)
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
CISOs Becoming More Comfortable With Risk Levels
/in General NewsThe cyber threats landscape has led to changes in the way CISOs evaluate their business’s risk appetite, causing tensions with CEO and C-suite members, according to Netskope.
Cyware News – Latest Cyber News – Read More
Google Thwarts Over 10,000 Attempts by Chinese Influence Operator
/in General NewsGoogle has revealed that it blocked over 10,000 instances of Dragon Bridge activity in the first quarter of 2024, labeling it the most prolific influence operator it tracks.
Cyware News – Latest Cyber News – Read More
Sanctioned and Exposed, Predator Spyware Maker Group Has Gone Awfully Quiet
/in General NewsThe group behind the Predator spyware, Intellexa Alliance, has significantly reduced its operations, indicating that it has been impacted by recent sanctions and exposure.
Cyware News – Latest Cyber News – Read More
Brighton Park Capital Invests $112 Million in PortSwigger to Fuel Innovation and Product Development
/in General NewsThe investment will fuel PortSwigger’s growth and enable the company to accelerate product development, expand research initiatives, strengthen its international presence, and continue driving innovation.
Cyware News – Latest Cyber News – Read More
National Australia Bank Raises Alarm About Cyber Threats to Major Banks
/in General NewsAustralia’s four major banks, including ANZ Bank, Commonwealth Bank, National Australia Bank (NAB), and Westpac, are constantly under attack from threat actors seeking to steal sensitive information and money from unsuspecting customers.
Cyware News – Latest Cyber News – Read More
Industrial cyberattacks fuel surge in OT cybersecurity spending
/in General NewsEnterprise spending on OT cybersecurity is predicted to increase by almost 70% to $21.6 billion globally by 2028, up from $12.75 billion in 2023, driven by attacks and regulation, according to ABI Research.
Cyware News – Latest Cyber News – Read More
China’s ‘Velvet Ant’ Hackers Caught Exploiting New Zero-Day in Cisco Devices
/in General NewsThe vulnerability, known as CVE-2024-20399, affects Cisco NX-OS software used for Nexus-series switches. Sygnia discovered the vulnerability during an investigation into the threat group Velvet Ant.
Cyware News – Latest Cyber News – Read More
Cisco Patches NX-OS Zero-Day Exploited by Chinese Cyberspies
/in General NewsCisco has patched an NX-OS command injection zero-day exploited by China-linked cyberespionage group Velvet Ant.
The post Cisco Patches NX-OS Zero-Day Exploited by Chinese Cyberspies appeared first on SecurityWeek.
SecurityWeek – Read More
Critical Flaw in PTC License Server Can Allow Lateral Movement in Industrial Organizations
/in General NewsPTC has patched a critical vulnerability in the Creo Elements/Direct License Server that can be exploited for unauthenticated command execution.
The post Critical Flaw in PTC License Server Can Allow Lateral Movement in Industrial Organizations appeared first on SecurityWeek.
SecurityWeek – Read More
Korean ERP Vendor’s Update Systems Subverted to Spew Malware
/in General NewsA South Korean ERP vendor’s product update server was breached by attackers who used it to distribute malware instead of legitimate updates, according to AhnLab, a local cybersecurity firm.
Cyware News – Latest Cyber News – Read More