BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Stacks Mobile App Builder 5.2.3 - Authentication Bypass via Account Takeover
- [remote] Microsoft PowerPoint 2019 - Remote Code Execution (RCE)
- [remote] ScriptCase 9.12.006 (23) - Remote Command Execution (RCE)
- [local] Sudo chroot 1.9.17 - Local Privilege Escalation
- [local] Sudo 1.9.17 Host Option - Elevation of Privilege
- [local] Microsoft Defender for Endpoint (MDE) - Elevation of Privilege
- [webapps] Discourse 3.2.x - Anonymous Cache Poisoning
- [remote] Microsoft Outlook - Remote Code Execution (RCE)
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
Fake IT Support Sites Push Malicious PowerShell Scripts as Windows Fixes
/in General NewsThese sites are promoted through compromised YouTube channels, lending them credibility. One particular error, the 0x80070643 error, which appeared after a Microsoft security update, has been exploited by threat actors.
Cyware News – Latest Cyber News – Read More
AVG Secure VPN vs Surfshark (2024): Which VPN Is Better?
/in General NewsIs Surfshark better than AVG? Is AVG Secure VPN worth it? Find out which VPN is better with our guide.
Security | TechRepublic – Read More
Prudential Financial Data Breach Impacts 2.5 Million
/in General NewsPrudential Financial has updated the February data breach impact estimate to 2.5 million individuals.
The post Prudential Financial Data Breach Impacts 2.5 Million appeared first on SecurityWeek.
SecurityWeek – Read More
Update: Polyfill.io, BootCDN, Bootcss, Staticfile Attack Traced to one Operator
/in General NewsResearchers found a public GitHub repo where the operators of Polyfill.io accidentally exposed their Cloudflare secret keys. By using these leaked API keys, they were able to confirm that a single entity was behind the attack on all four domains.
Cyware News – Latest Cyber News – Read More
Meet Brain Cipher — The New Ransomware Behind Indonesia’s Data Center Attack
/in General NewsBrain Cipher ransomware has been uploaded to various malware-sharing sites, created using the leaked LockBit 3.0 builder. The encryptor used by Brain Cipher appends an extension and encrypts the file name of the encrypted files.
Cyware News – Latest Cyber News – Read More
Juniper Networks Warns of Critical Authentication Bypass Vulnerability
/in General NewsJuniper Networks warns of a critical authentication bypass flaw impacting Session Smart routers and conductors.
The post Juniper Networks Warns of Critical Authentication Bypass Vulnerability appeared first on SecurityWeek.
SecurityWeek – Read More
Threat Actors Actively Exploit D-Link DIR-859 Router Flaw
/in General NewsThe flaw, which has a CVSS score of 9.8, allows threat actors to perform path traversal attacks and gain unauthorized access to sensitive information, including user passwords.
Cyware News – Latest Cyber News – Read More
Juniper Releases Out-of-Cycle Fix for Max Severity Authentication Bypass Flaw
/in General NewsJuniper Networks has released an emergency update to address a severe vulnerability in Session Smart Router (SSR), Session Smart Conductor, and WAN Assurance Router products.
Cyware News – Latest Cyber News – Read More
TeamViewer Hack Officially Attributed to Russian Cyberspies
/in General NewsTeamViewer has confirmed that the Russian cyberespionage group APT29 appears to be behind the recent hack.
The post TeamViewer Hack Officially Attributed to Russian Cyberspies appeared first on SecurityWeek.
SecurityWeek – Read More
Juniper Networks Releases Critical Security Update for Routers
/in General NewsJuniper Networks has released out-of-band security updates to address a critical security flaw that could lead to an authentication bypass in some of its routers.
The vulnerability, tracked as CVE-2024-2973, carries a CVSS score of 10.0, indicating maximum severity.
“An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or Conductor
The Hacker News – Read More