BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Moodle 4.4.0 - Authenticated Remote Code Execution
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
- [webapps] Sitecore 10.4 - Remote Code Execution (RCE)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
Google Warns of Pixel Firmware Zero-Day Under Limited, Targeted Exploitation
/in General NewsThe zero-day is tagged as CVE-2024-32896 and described as an elevation of privilege issue in Pixel Firmware.
The post Google Warns of Pixel Firmware Zero-Day Under Limited, Targeted Exploitation appeared first on SecurityWeek.
SecurityWeek – Read More
Black Basta Ransomware Suspected of Exploiting Windows 0-day Before Patch
/in General NewsThe cybersecurity researchers at Symantec have found “strong evidence” suggesting that the Black Basta ransomware gang exploited a critical Windows vulnerability (CVE-2024-26169) before it was patched by Microsoft on March 12, 2024, through its regular Patch Tuesday updates.
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
TellYouthePass Ransomware Group Exploits Critical PHP Flaw
/in General NewsAn RCE vulnerability that affects the Web scripting language on Windows systems is easy to exploit and can provide a broad attack surface.
darkreading – Read More
Businesses’ cloud security fails are ‘concerning’ – as AI threats accelerate
/in General NewsNot enough organizations are conducting regular audits to ensure their cloud environments are secured.
Latest stories for ZDNET in Security – Read More
Microsoft Patches Zero-Click Outlook Vulnerability That Could Soon Be Exploited
/in General NewsMicrosoft’s June 2024 Patch Tuesday updates resolve a zero-click Outlook vulnerability leading to remote code execution.
The post Microsoft Patches Zero-Click Outlook Vulnerability That Could Soon Be Exploited appeared first on SecurityWeek.
SecurityWeek – Read More
Why CIO & CISO Collaboration Is Key to Organizational Resilience
/in General NewsAlignment between these domains is quickly becoming a strategic imperative.
darkreading – Read More
Cryptojacking Campaign Targets Misconfigured Kubernetes Clusters
/in General NewsCybersecurity researchers have warned of an ongoing cryptojacking campaign targeting misconfigured Kubernetes clusters to mine Dero cryptocurrency.
Cloud security firm Wiz, which shed light on the activity, said it’s an updated variant of a financially motivated operation that was first documented by CrowdStrike in March 2023.
“In this incident, the threat actor abused anonymous access to an
The Hacker News – Read More
Verizon exec reveals responsible AI strategy amid ‘Wild West’ landscape
/in General NewsVerizon’s exec leading AI for network enablement, Michael Raj, said that the field of AI auditing is still in its early stages and that companies need to accelerate their efforts. The steady drumbeat of big mistakes by customer support AI agents, for example from big names like Chevy, Air Canada, and even New York City, or even by leading LLM providers like Google, which featured black Nazis, has brought a renewed focus on the need for more reliability.Read More
Security News | VentureBeat – Read More
Fortinet Patches Code Execution Vulnerability in FortiOS
/in General NewsFortinet has patched multiple vulnerabilities in FortiOS, including a high-severity code execution security flaw.
The post Fortinet Patches Code Execution Vulnerability in FortiOS appeared first on SecurityWeek.
SecurityWeek – Read More
Ransomware Group May Have Exploited Windows Vulnerability as Zero-Day
/in General NewsThe Black Basta ransomware gang may have exploited the Windows privilege escalation flaw CVE-2024-26169 before it was patched.
The post Ransomware Group May Have Exploited Windows Vulnerability as Zero-Day appeared first on SecurityWeek.
SecurityWeek – Read More