BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Moodle 4.4.0 - Authenticated Remote Code Execution
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
- [webapps] Sitecore 10.4 - Remote Code Execution (RCE)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
Mailcow Mail Server Flaws Expose Servers to Remote Code Execution
/in General NewsTwo security vulnerabilities have been disclosed in the Mailcow open-source mail server suite that could be exploited by malicious actors to achieve arbitrary code execution on susceptible instances.
Both shortcomings impact all versions of the software prior to version 2024-04, which was released on April 4, 2024. The issues were responsibly disclosed by SonarSource on March 22, 2024.
The flaws
The Hacker News – Read More
Singapore Extradites Suspected Cybercrime Scammers from Malaysia
/in General NewsCops decimate cybercrime infrastructure used to steal data from nearly 2,000 people in Singapore last year.
darkreading – Read More
Hackers Derail Amtrak Guest Rewards Accounts in Breach
/in General NewsThe US passenger rail giant said attackers used previously compromised credentials to crack accounts and access a freight train of personal data.
darkreading – Read More
Critical VMware Bugs Open Swaths of VMs to RCE, Data Theft
/in General NewsA trio of bugs could allow hackers to escalate privileges and remotely execute code on virtual machines deployed across cloud environments.
darkreading – Read More
Blackbaud Fined $6.75M After 2020 Ransomware Attack
/in General NewsThreat actors were able to breach Blackbaud’s systems and compromise sensitive data, largely because of the company’s poor cybersecurity practices and lack of encrypted data, the AG said.
darkreading – Read More
Cut & Paste Tactics Import Malware to Unwitting Victims
/in General News“ClearFake” and “ClickFix” attackers are tricking people into cutting and pasting malicious PowerShell scripts to infect their own machines with RATs and infostealers.
darkreading – Read More
Internet Computer Protocol Launches Walletless Verified Credentials for Public Trust
/in General NewsInternet Computer Protocol (ICP) introduces Verified Credentials (VCs), a walletless solution enhancing data sharing privacy. Unveiled at DICE 2024, VCs help combat bots and fake accounts on social media, ensuring secure and efficient verification.
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
BlackSuit Ransomware Leaks Kansas City Police Data in Failed Ransom Plot
/in General NewsBlackSuit Ransomware, known as the rebrand of the Conti ransomware gang, has leaked a trove of Kansas City Police data, including evidence records, investigation files, crime scene phones, and much more, after the department refused to pay the ransom.
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Signal Foundation Warns Against EU’s Plan to Scan Private Messages for CSAM
/in General NewsA controversial proposal put forth by the European Union to scan users’ private messages for detection child sexual abuse material (CSAM) poses severe risks to end-to-end encryption (E2EE), warned Meredith Whittaker, president of the Signal Foundation, which maintains the privacy-focused messaging service of the same name.
“Mandating mass scanning of private communications fundamentally
The Hacker News – Read More
Cybercriminals Exploit Free Software Lures to Deploy Hijack Loader and Vidar Stealer
/in General NewsThreat actors are luring unsuspecting users with free or pirated versions of commercial software to deliver a malware loader called Hijack Loader, which then deploys an information stealer known as Vidar Stealer.
“Adversaries had managed to trick users into downloading password-protected archive files containing trojanized copies of a Cisco Webex Meetings App (ptService.exe),” Trellix security
The Hacker News – Read More