BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [remote] Remote Keyboard Desktop 1.0.1 - Remote Code Execution (RCE)
- [remote] CrushFTP 11.3.1 - Authentication Bypass
- [remote] Invision Community 5.0.6 - Remote Code Execution (RCE)
- [local] Zyxel USG FLEX H series uOS 1.31 - Privilege Escalation
- [webapps] Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)
- [local] RDPGuard 9.9.9 - Privilege Escalation
- [webapps] WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
- [local] TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
Grandoreiro Banking Trojan Resurfaces, Targeting Over 1,500 Banks Worldwide
/in General NewsThe threat actors behind the Windows-based Grandoreiro banking trojan have returned in a global campaign since March 2024 following a law enforcement takedown in January.
The large-scale phishing attacks, likely facilitated by other cybercriminals via a malware-as-a-service (MaaS) model, target over 1,500 banks across the world, spanning more than 60 countries in Central and South
The Hacker News – Read More
Tracking the Progression of Earth Hundun’s Cyberespionage Campaign in 2024
/in General NewsDeuterbear, while similar to Waterbear in many ways, shows advancements in capabilities such as including support for shellcode plugins, avoiding handshakes for RAT operation, and using HTTPS for C&C communication.
Cyware News – Latest Cyber News – Read More
Kimsuky Hackers Deploy New Linux Backdoor in Attacks on South Korea
/in General NewsGomir shares many similarities with GoBear and features direct command and control (C2) communication, persistence mechanisms, and support for executing a wide range of commands.
Cyware News – Latest Cyber News – Read More
US Official Warns a Cell Network Flaw Is Being Exploited for Spying
/in General NewsPlus: Three arrested in North Korean IT workers fraud ring, Tesla staffers shared videos from owners’ cars, and more.
Security Latest – Read More
SugarGh0st RAT Variant Used in Targeted AI Industry Attacks
/in General NewsThe May 2024 campaign, dubbed UNK_SweetSpecter, employs the SugarGh0st RAT, a remote access trojan tailored from the Gh0stRAT. This variant, historically linked to Chinese-speaking threat actors, has now been repurposed to target AI-related entities.
Cyware News – Latest Cyber News – Read More
New Backdoors on a European Government’s Network Appear to be Russian
/in General NewsResearchers with the Slovak cybersecurity firm ESET published a technical analysis on Wednesday of the two backdoors by a suspected Russian threat group, which they named LunarWeb and LunarMail.
Cyware News – Latest Cyber News – Read More
New Android Banking Trojan Mimics Google Play Update App
/in General NewsA new Android banking Trojan called “Antidot” is targeting users across multiple regions by mimicking a Google Play update app and incorporating various malicious features like overlay attacks, keylogging, and remote control capabilities.
Cyware News – Latest Cyber News – Read More
CISOs Grapple With IBM's Unexpected Cybersecurity Software Exit
/in General NewsIBM’s abrupt divestiture of QRadar SaaS underscores the consolidation of SIEM, XDR, and AI technologies into unified platforms.
darkreading – Read More
CISO Corner: What Cyber Labor Shortage?; Trouble Meeting SEC Disclosure Deadlines
/in General NewsOur collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: DR’s podcast on the CISO & the SEC; breaking down CISA’s Secure by Design Pledge; Singapore puts cloud providers on notice.
darkreading – Read More
Feds Bust N. Korean Identity Theft Ring Targeting US Firms
/in General NewsBy Deeba Ahmed
North Korea targeted US companies with stolen identities in a cybercrime scheme. The Justice Department cracks down, seizes websites, and disrupts revenue streams.
This is a post from HackRead.com Read the original post: Feds Bust N. Korean Identity Theft Ring Targeting US Firms
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More